From a94afcfac2402dbf5200a6d16b320c166994a49e Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Mon, 11 May 2020 23:11:56 +0300 Subject: x509: print certificate policiy names Add ability to print names for several pre-defined Certificate policies. Currently the list is populated with anyPolicy from X.509 and CA/B policies. Signed-off-by: Dmitry Baryshkov --- lib/x509/output.c | 20 +++++++++++++++++++- tests/cert-tests/data/grfc.crt | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/lib/x509/output.c b/lib/x509/output.c index 8084b92b29..d2da3916db 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -959,6 +959,19 @@ hexdump: adds(str, "\n"); } +#define ENTRY(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, 0} + +static const struct oid_to_string cp_oid2str[] = { + ENTRY("2.5.29.32.0", "anyPolicy"), + + ENTRY("2.23.140.1.2.1", "CA/B Domain Validated"), + ENTRY("2.23.140.1.2.2", "CA/B Organization Validated"), + ENTRY("2.23.140.1.2.3", "CA/B Individual Validated"), + ENTRY("2.23.140.1.1", "CA/B Extended Validation"), + + {NULL, 0, NULL, 0}, +}; + struct ext_indexes_st { int san; int ian; @@ -1011,6 +1024,7 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, struct gnutls_x509_policy_st policy; gnutls_x509_policies_t policies; const char *name; + const struct oid_to_string *entry; int x; err = gnutls_x509_policies_init(&policies); @@ -1050,7 +1064,11 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, critical ? _("critical") : _("not critical")); - addf(str, "%s\t\t\t%s\n", prefix, policy.oid); + entry = _gnutls_oid_get_entry(cp_oid2str, policy.oid); + if (entry != NULL && entry->name_desc != NULL) + addf(str, "%s\t\t\t%s (%s)\n", prefix, policy.oid, entry->name_desc); + else + addf(str, "%s\t\t\t%s\n", prefix, policy.oid); for (j = 0; j < policy.qualifiers; j++) { if (policy.qualifier[j].type == GNUTLS_X509_QUALIFIER_URI) diff --git a/tests/cert-tests/data/grfc.crt b/tests/cert-tests/data/grfc.crt index c7af541b5f..5161c9cb79 100644 --- a/tests/cert-tests/data/grfc.crt +++ b/tests/cert-tests/data/grfc.crt @@ -39,7 +39,7 @@ X.509 Certificate Information: Certificate Policies (not critical): 1.2.643.100.113.1 1.2.643.100.113.2 - 2.5.29.32.0 + 2.5.29.32.0 (anyPolicy) Signature Algorithm: GOSTR341001 Signature: bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0 -- cgit v1.2.1 From 1e780c7705f734522399ba175bb820268a9b1e64 Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Mon, 11 May 2020 23:50:40 +0300 Subject: output: add Russian security class policies Add Russian Security Class certificate policies (per draft-deremin-rfc4491-bis). Signed-off-by: Dmitry Baryshkov --- lib/x509/output.c | 8 ++++++++ tests/cert-tests/data/grfc.crt | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/x509/output.c b/lib/x509/output.c index d2da3916db..c8b0c66ddb 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -969,6 +969,14 @@ static const struct oid_to_string cp_oid2str[] = { ENTRY("2.23.140.1.2.3", "CA/B Individual Validated"), ENTRY("2.23.140.1.1", "CA/B Extended Validation"), + /* draft-deremin-rfc4491-bis */ + ENTRY("1.2.643.100.113.1", "Russian security class KC1"), + ENTRY("1.2.643.100.113.2", "Russian security class KC2"), + ENTRY("1.2.643.100.113.3", "Russian security class KC3"), + ENTRY("1.2.643.100.113.4", "Russian security class KB1"), + ENTRY("1.2.643.100.113.5", "Russian security class KB2"), + ENTRY("1.2.643.100.113.6", "Russian security class KA1"), + {NULL, 0, NULL, 0}, }; diff --git a/tests/cert-tests/data/grfc.crt b/tests/cert-tests/data/grfc.crt index 5161c9cb79..0b06f778b8 100644 --- a/tests/cert-tests/data/grfc.crt +++ b/tests/cert-tests/data/grfc.crt @@ -37,8 +37,8 @@ X.509 Certificate Information: ASCII: ... Hexdump: 020100 Certificate Policies (not critical): - 1.2.643.100.113.1 - 1.2.643.100.113.2 + 1.2.643.100.113.1 (Russian security class KC1) + 1.2.643.100.113.2 (Russian security class KC2) 2.5.29.32.0 (anyPolicy) Signature Algorithm: GOSTR341001 Signature: -- cgit v1.2.1