summaryrefslogtreecommitdiff
path: root/lib/x509/output.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/x509/output.c')
-rw-r--r--lib/x509/output.c53
1 files changed, 49 insertions, 4 deletions
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 8084b92b29..705e8babfa 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -448,7 +448,9 @@ print_aki_gn_serial(gnutls_buffer_st * str, gnutls_x509_aki_t aki)
err =
gnutls_x509_aki_get_cert_issuer(aki,
0, &alt_type, &san, &other_oid, &serial);
- if (err < 0) {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ return;
+ } else if (err < 0) {
addf(str, "error: gnutls_x509_aki_get_cert_issuer: %s\n",
gnutls_strerror(err));
return;
@@ -481,10 +483,11 @@ static void print_aki(gnutls_buffer_st * str, gnutls_datum_t *der)
goto cleanup;
}
+ /* Check if an alternative name is there */
+ print_aki_gn_serial(str, aki);
+
err = gnutls_x509_aki_get_id(aki, &id);
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
- /* Check if an alternative name is there */
- print_aki_gn_serial(str, aki);
goto cleanup;
} else if (err < 0) {
addf(str, "error: gnutls_x509_aki_get_id: %s\n",
@@ -959,6 +962,27 @@ hexdump:
adds(str, "\n");
}
+#define ENTRY(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, 0}
+
+static const struct oid_to_string cp_oid2str[] = {
+ ENTRY("2.5.29.32.0", "anyPolicy"),
+
+ ENTRY("2.23.140.1.2.1", "CA/B Domain Validated"),
+ ENTRY("2.23.140.1.2.2", "CA/B Organization Validated"),
+ ENTRY("2.23.140.1.2.3", "CA/B Individual Validated"),
+ ENTRY("2.23.140.1.1", "CA/B Extended Validation"),
+
+ /* draft-deremin-rfc4491-bis */
+ ENTRY("1.2.643.100.113.1", "Russian security class KC1"),
+ ENTRY("1.2.643.100.113.2", "Russian security class KC2"),
+ ENTRY("1.2.643.100.113.3", "Russian security class KC3"),
+ ENTRY("1.2.643.100.113.4", "Russian security class KB1"),
+ ENTRY("1.2.643.100.113.5", "Russian security class KB2"),
+ ENTRY("1.2.643.100.113.6", "Russian security class KA1"),
+
+ {NULL, 0, NULL, 0},
+};
+
struct ext_indexes_st {
int san;
int ian;
@@ -1011,6 +1035,7 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix,
struct gnutls_x509_policy_st policy;
gnutls_x509_policies_t policies;
const char *name;
+ const struct oid_to_string *entry;
int x;
err = gnutls_x509_policies_init(&policies);
@@ -1050,7 +1075,11 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix,
critical ? _("critical") :
_("not critical"));
- addf(str, "%s\t\t\t%s\n", prefix, policy.oid);
+ entry = _gnutls_oid_get_entry(cp_oid2str, policy.oid);
+ if (entry != NULL && entry->name_desc != NULL)
+ addf(str, "%s\t\t\t%s (%s)\n", prefix, policy.oid, entry->name_desc);
+ else
+ addf(str, "%s\t\t\t%s\n", prefix, policy.oid);
for (j = 0; j < policy.qualifiers; j++) {
if (policy.qualifier[j].type ==
GNUTLS_X509_QUALIFIER_URI)
@@ -1233,6 +1262,22 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix,
critical ? _("critical") : _("not critical"));
print_issuer_sign_tool(str, prefix, der);
+ } else if (strcmp(oid, "2.5.4.3") == 0) {
+ int ret;
+ gnutls_datum_t tmp = {NULL, 0};
+
+ addf(str, _("%s\t\tCommon Name (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ ret = _gnutls_x509_decode_string(ASN1_ETYPE_PRINTABLE_STRING, der->data, der->size, &tmp, 0);
+ if (ret < 0) {
+ addf(str, "error: x509_decode_string: %s\n",
+ gnutls_strerror(ret));
+ } else {
+ addf(str, "%s\t\t\t%s\n", prefix, tmp.data);
+ gnutls_free(tmp.data);
+ }
} else {
addf(str, _("%s\t\tUnknown extension %s (%s):\n"),
prefix, oid,
View Lorry Controller Status