diff options
author | Simon Josefsson <simon@josefsson.org> | 2011-09-21 17:23:35 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2011-09-21 17:29:25 +0200 |
commit | 6d967fd54ecd1cb7e5034a60e50bb91cf2381667 (patch) | |
tree | e3bd0de47c61b2ead3307a99c3d130d6d053c1dc | |
parent | 4c49931e8794b3f7d49fb1d1cc24c7a58f8aa3e0 (diff) | |
download | gnutls-6d967fd54ecd1cb7e5034a60e50bb91cf2381667.tar.gz |
libgnutls: gnutls_x509_crt_print supports printing AIA fields. Support caIssuers.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | lib/includes/gnutls/x509.h | 5 | ||||
-rw-r--r-- | lib/x509/output.c | 68 | ||||
-rw-r--r-- | lib/x509/x509.c | 22 | ||||
-rw-r--r-- | tests/infoaccess.c | 1 |
6 files changed, 92 insertions, 10 deletions
diff --git a/.gitignore b/.gitignore index 53b2c2c8d4..1d31f67823 100644 --- a/.gitignore +++ b/.gitignore @@ -517,3 +517,4 @@ doc/latex/gnutls.lot tests/x509cert-tl doc/enums.texi doc/enums/ +tests/infoaccess @@ -5,13 +5,16 @@ See the end for copying conditions. * Version 3.0.4 (unreleased) ** libgnutls: Added gnutls_x509_crt_get_authority_info_access. -Used to get the PKIX Authority Information Access field. +Used to get the PKIX Authority Information Access (AIA) field. + +** libgnutls: gnutls_x509_crt_print supports printing AIA fields. ** API and ABI modifications: gnutls_x509_crt_get_authority_info_access (x509.h): Added function. gnutls_info_access_what_t (x509.h): Added enum. GNUTLS_OID_AIA (x509.h): Added symbol. GNUTLS_OID_AD_OCSP (x509.h): Added symbol. +GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol. * Version 3.0.3 (released 2011-09-18) diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 2c65448cda..55fdd317c9 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -80,6 +80,7 @@ extern "C" #define GNUTLS_OID_AIA "1.3.6.1.5.5.7.1.1" #define GNUTLS_OID_AD_OCSP "1.3.6.1.5.5.7.48.1" +#define GNUTLS_OID_AD_CAISSUERS "1.3.6.1.5.5.7.48.2" #define GNUTLS_FSAN_SET 0 #define GNUTLS_FSAN_APPEND 1 @@ -171,6 +172,7 @@ extern "C" * @GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: Get accessLocation name type. * @GNUTLS_IA_URI: Get accessLocation URI value. * @GNUTLS_IA_OCSP_URI: get accessLocation URI value for OCSP. + * @GNUTLS_IA_CAISSUERS_URI: get accessLocation URI value for caIssuers. * * Enumeration of types for the @what parameter of * gnutls_x509_crt_get_authority_info_access(). @@ -182,7 +184,8 @@ extern "C" /* use 100-108 for the generalName types, populate as needed */ GNUTLS_IA_URI = 106, /* quick-access variants that match both OID and name type. */ - GNUTLS_IA_OCSP_URI = 10006 + GNUTLS_IA_OCSP_URI = 10006, + GNUTLS_IA_CAISSUERS_URI = 10106 } gnutls_info_access_what_t; int gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt, diff --git a/lib/x509/output.c b/lib/x509/output.c index 39b0ea7b52..78ac29d19f 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + * Copyright (C) 2007-2011 Free Software Foundation, Inc. * * Author: Simon Josefsson * @@ -171,6 +171,63 @@ print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t cert) } static void +print_aia (gnutls_buffer_st * str, gnutls_x509_crt_t cert) +{ + int err; + int seq = 0; + gnutls_datum_t data; + + for (;;) + { + err = gnutls_x509_crt_get_authority_info_access + (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL); + if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + return; + if (err < 0) + { + addf (str, "error: get_aia: %s\n", gnutls_strerror (err)); + return; + } + + addf (str, _("\t\t\tAccess Method: %.*s"), data.size, data.data); + if (data.size == sizeof (GNUTLS_OID_AD_OCSP) && + memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0) + adds (str, " (id-ad-ocsp)\n"); + else if (data.size == sizeof (GNUTLS_OID_AD_CAISSUERS) && + memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0) + adds (str, " (id-ad-caIssuers)\n"); + else + adds (str, " (UNKNOWN)\n"); + + err = gnutls_x509_crt_get_authority_info_access + (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL); + if (err < 0) + { + addf (str, "error: get_aia type: %s\n", gnutls_strerror (err)); + return; + } + + if (data.size == sizeof ("uniformResourceIdentifier") && + memcmp (data.data, "uniformResourceIdentifier", data.size) == 0) + { + adds (str, "\t\t\tAccess Location URI: "); + err = gnutls_x509_crt_get_authority_info_access + (cert, seq, GNUTLS_IA_URI, &data, NULL); + if (err < 0) + { + addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err)); + return; + } + addf (str, "%.*s\n", data.size, data.data); + } + else + adds (str, "\t\t\tUnsupported accessLocation type\n"); + + seq++; + } +} + +static void print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert) { char *buffer = NULL; @@ -958,6 +1015,15 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type, proxy_idx++; } + else if (strcmp (oid, "1.3.6.1.5.5.7.1.1") == 0) + { + addf (str, _("%s\t\tAuthority Information " + "Access Information (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); + + if (type == TYPE_CRT) + print_aia (str, cert.crt); + } else { char *buffer; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 611adcf835..25de5ae641 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -3400,6 +3400,7 @@ _gnutls_parse_aia (ASN1_TYPE src, char nptr[ASN1_MAX_NAME_SIZE]; int result; gnutls_datum_t d; + const char *oid = NULL; seq++; /* 0->1, 1->2 etc */ switch (what) @@ -3412,7 +3413,13 @@ _gnutls_parse_aia (ASN1_TYPE src, snprintf (nptr, sizeof (nptr), "?%u.accessLocation", seq); break; + case GNUTLS_IA_CAISSUERS_URI: + oid = GNUTLS_OID_AD_CAISSUERS; + /* fall through */ + case GNUTLS_IA_OCSP_URI: + if (oid == NULL) + oid = GNUTLS_OID_AD_OCSP; { char *tmpoid[20]; snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq); @@ -3425,8 +3432,7 @@ _gnutls_parse_aia (ASN1_TYPE src, gnutls_assert (); return _gnutls_asn2err (result); } - if (len != sizeof (GNUTLS_OID_AD_OCSP) || - memcmp (tmpoid, GNUTLS_OID_AD_OCSP, len) != 0) + if (len != strlen (oid) + 1 || memcmp (tmpoid, oid, len) != 0) return GNUTLS_E_UNKNOWN_ALGORITHM; } /* fall through */ @@ -3506,8 +3512,7 @@ _gnutls_parse_aia (ASN1_TYPE src, * should be #gnutls_info_access_what_t values. * * If @what is %GNUTLS_IA_ACCESSMETHOD_OID then @data will hold the - * accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1" for id-ad-ocsp meaning - * OCSP). + * accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1"). * * If @what is %GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, @data will * hold the accessLocation GeneralName type (e.g., @@ -3519,8 +3524,13 @@ _gnutls_parse_aia (ASN1_TYPE src, * * If @what is %GNUTLS_IA_OCSP_URI, @data will hold the OCSP URI. * Requesting this @what value leads to an error if the accessMethod - * is not OSCP or accessLocation is not of the - * "uniformResourceIdentifier" type. + * is not 1.3.6.1.5.5.7.48.1 aka OSCP, or if accessLocation is not of + * the "uniformResourceIdentifier" type. + * + * If @what is %GNUTLS_IA_CAISSUERS_URI, @data will hold the caIssuers + * URI. Requesting this @what value leads to an error if the + * accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if + * accessLocation is not of the "uniformResourceIdentifier" type. * * More @what values may be allocated in the future as needed. * diff --git a/tests/infoaccess.c b/tests/infoaccess.c index 242b33411c..f539e69553 100644 --- a/tests/infoaccess.c +++ b/tests/infoaccess.c @@ -218,7 +218,6 @@ doit (void) /* even more specific query */ ret = gnutls_x509_crt_get_authority_info_access (crt, 0, GNUTLS_IA_OCSP_URI, &data, NULL); - printf ("ret %d\n", ret); if (ret < 0) { fail ("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_OCSP_URI\n"); |