diff options
Diffstat (limited to 'lib/x509/output.c')
-rw-r--r-- | lib/x509/output.c | 53 |
1 files changed, 49 insertions, 4 deletions
diff --git a/lib/x509/output.c b/lib/x509/output.c index 8084b92b29..705e8babfa 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -448,7 +448,9 @@ print_aki_gn_serial(gnutls_buffer_st * str, gnutls_x509_aki_t aki) err = gnutls_x509_aki_get_cert_issuer(aki, 0, &alt_type, &san, &other_oid, &serial); - if (err < 0) { + if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + return; + } else if (err < 0) { addf(str, "error: gnutls_x509_aki_get_cert_issuer: %s\n", gnutls_strerror(err)); return; @@ -481,10 +483,11 @@ static void print_aki(gnutls_buffer_st * str, gnutls_datum_t *der) goto cleanup; } + /* Check if an alternative name is there */ + print_aki_gn_serial(str, aki); + err = gnutls_x509_aki_get_id(aki, &id); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - /* Check if an alternative name is there */ - print_aki_gn_serial(str, aki); goto cleanup; } else if (err < 0) { addf(str, "error: gnutls_x509_aki_get_id: %s\n", @@ -959,6 +962,27 @@ hexdump: adds(str, "\n"); } +#define ENTRY(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, 0} + +static const struct oid_to_string cp_oid2str[] = { + ENTRY("2.5.29.32.0", "anyPolicy"), + + ENTRY("2.23.140.1.2.1", "CA/B Domain Validated"), + ENTRY("2.23.140.1.2.2", "CA/B Organization Validated"), + ENTRY("2.23.140.1.2.3", "CA/B Individual Validated"), + ENTRY("2.23.140.1.1", "CA/B Extended Validation"), + + /* draft-deremin-rfc4491-bis */ + ENTRY("1.2.643.100.113.1", "Russian security class KC1"), + ENTRY("1.2.643.100.113.2", "Russian security class KC2"), + ENTRY("1.2.643.100.113.3", "Russian security class KC3"), + ENTRY("1.2.643.100.113.4", "Russian security class KB1"), + ENTRY("1.2.643.100.113.5", "Russian security class KB2"), + ENTRY("1.2.643.100.113.6", "Russian security class KA1"), + + {NULL, 0, NULL, 0}, +}; + struct ext_indexes_st { int san; int ian; @@ -1011,6 +1035,7 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, struct gnutls_x509_policy_st policy; gnutls_x509_policies_t policies; const char *name; + const struct oid_to_string *entry; int x; err = gnutls_x509_policies_init(&policies); @@ -1050,7 +1075,11 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, critical ? _("critical") : _("not critical")); - addf(str, "%s\t\t\t%s\n", prefix, policy.oid); + entry = _gnutls_oid_get_entry(cp_oid2str, policy.oid); + if (entry != NULL && entry->name_desc != NULL) + addf(str, "%s\t\t\t%s (%s)\n", prefix, policy.oid, entry->name_desc); + else + addf(str, "%s\t\t\t%s\n", prefix, policy.oid); for (j = 0; j < policy.qualifiers; j++) { if (policy.qualifier[j].type == GNUTLS_X509_QUALIFIER_URI) @@ -1233,6 +1262,22 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, critical ? _("critical") : _("not critical")); print_issuer_sign_tool(str, prefix, der); + } else if (strcmp(oid, "2.5.4.3") == 0) { + int ret; + gnutls_datum_t tmp = {NULL, 0}; + + addf(str, _("%s\t\tCommon Name (%s):\n"), + prefix, + critical ? _("critical") : _("not critical")); + + ret = _gnutls_x509_decode_string(ASN1_ETYPE_PRINTABLE_STRING, der->data, der->size, &tmp, 0); + if (ret < 0) { + addf(str, "error: x509_decode_string: %s\n", + gnutls_strerror(ret)); + } else { + addf(str, "%s\t\t\t%s\n", prefix, tmp.data); + gnutls_free(tmp.data); + } } else { addf(str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid, |