diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-11-12 11:43:52 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-05 13:14:40 +0200 |
commit | 2391181625208d92788162f3ea04d768c2a622dd (patch) | |
tree | 7a8a160008d6cf3b6b4121cf6f5f098488700247 | |
parent | e81869fbd3d139ae9d9cf2c2d61518acfd3a8e3a (diff) | |
download | gnutls-2391181625208d92788162f3ea04d768c2a622dd.tar.gz |
Added gnutls_x509_crt_set_issuer_unique_id() and gnutls_x509_crt_set_subject_unique_id()
-rw-r--r-- | lib/includes/gnutls/x509.h | 8 | ||||
-rw-r--r-- | lib/libgnutls.map | 2 | ||||
-rw-r--r-- | lib/x509/x509_write.c | 106 |
3 files changed, 98 insertions, 18 deletions
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 3a6e3aad46..bd14cba687 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -511,6 +511,14 @@ int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca); int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, unsigned int ca, int pathLenConstraint); + +int +gnutls_x509_crt_set_subject_unique_id(gnutls_x509_crt_t cert, const void *id, + size_t id_size); +int +gnutls_x509_crt_set_issuer_unique_id(gnutls_x509_crt_t cert, const void *id, + size_t id_size); + int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 98b04929c0..d0e5cac95f 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1025,6 +1025,8 @@ GNUTLS_3_1_0 { gnutls_x509_ext_print; gnutls_x509_othername_to_virtual; _gnutls_global_init_skip; + gnutls_x509_crt_set_subject_unique_id; + gnutls_x509_crt_set_issuer_unique_id; } GNUTLS_3_0_0; GNUTLS_FIPS140 { diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index ea510f0e55..74d539f7c6 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -1005,31 +1005,101 @@ gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial, } +/** + * gnutls_x509_crt_set_issuer_unique_id: + * @cert: a certificate of type #gnutls_x509_crt_t + * @id: The unique ID + * @id_size: Holds the size of the unique ID. + * + * This function will set the X.509 certificate's issuer unique ID field. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + **/ +int +gnutls_x509_crt_set_issuer_unique_id(gnutls_x509_crt_t cert, const void *id, + size_t id_size) +{ + int ret; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = + asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", + id, id_size*8); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(ret); + } + + return 0; +} + +/** + * gnutls_x509_crt_set_subject_unique_id: + * @cert: a certificate of type #gnutls_x509_crt_t + * @id: The unique ID + * @id_size: Holds the size of the unique ID. + * + * This function will set the X.509 certificate's subject unique ID field. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + **/ +int +gnutls_x509_crt_set_subject_unique_id(gnutls_x509_crt_t cert, const void *id, + size_t id_size) +{ + int ret; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = + asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", + id, id_size*8); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(ret); + } + + return 0; +} + /* If OPTIONAL fields have not been initialized then * disable them. */ static void disable_optional_stuff(gnutls_x509_crt_t cert) { - int ret; - gnutls_datum_t t = {NULL, 0}; + asn1_data_node_st n; + asn1_node node; + unsigned remove_subject_unique_id = 1; + unsigned remove_issuer_unique_id = 1; - ret = - _gnutls_x509_read_value(cert->cert, - "tbsCertificate.subjectUniqueID", - &t); - if (ret < 0) { - asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0); - } else - gnutls_free(t.data); + node = asn1_find_node(cert->cert, "tbsCertificate.issuerUniqueID"); + if (node) { + if (asn1_read_node_value(node, &n) == ASN1_SUCCESS && n.value_len != 0) + remove_issuer_unique_id = 0; + } - ret = - _gnutls_x509_read_value(cert->cert, - "tbsCertificate.issuerUniqueID", - &t); - if (ret < 0) { - asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0); - } else - gnutls_free(t.data); + node = asn1_find_node(cert->cert, "tbsCertificate.subjectUniqueID"); + if (node) { + if (asn1_read_node_value(node, &n) == ASN1_SUCCESS && n.value_len != 0) + remove_subject_unique_id = 0; + } + + if (remove_issuer_unique_id) + asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL, + 0); + + if (remove_subject_unique_id) + asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", + NULL, 0); if (cert->use_extensions == 0) { _gnutls_debug_log("Disabling X.509 extensions.\n"); |