diff options
author | neil.williams%sun.com <devnull@localhost> | 2005-03-14 18:55:46 +0000 |
---|---|---|
committer | neil.williams%sun.com <devnull@localhost> | 2005-03-14 18:55:46 +0000 |
commit | 8ab74f3e67dee1f7bd890c94aaa34ef489ca08f7 (patch) | |
tree | 3c8c5dbee25e4ad465a0c2b0a7c8dd69241a3a59 | |
parent | 1dc73c48c0bd661dd5357f11936431a0695f815b (diff) | |
download | nss-hg-8ab74f3e67dee1f7bd890c94aaa34ef489ca08f7.tar.gz |
Bug 285208: certutil when given arguments for both -7 and -8 would create two
subjAltName extensions. Now a list single extension with both name types in
created.
r=nelson
-rw-r--r-- | security/nss/cmd/certutil/certutil.c | 90 |
1 files changed, 51 insertions, 39 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 88eba3018..459e665e7 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -449,8 +449,8 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, PORT_FreeArena (arena, PR_FALSE); return SECFailure; } - if (AddExtensions(extHandle, emailAddrs, PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE) + if (AddExtensions(extHandle, emailAddrs, dnsNames, keyUsage, extKeyUsage, + basicConstraint, authKeyID, crlDistPoints, nscpCertType) != SECSuccess) { PORT_FreeArena (arena, PR_FALSE); return SECFailure; @@ -1704,21 +1704,16 @@ AddNscpCertType (void *extHandle) } static SECStatus -AddSubjectAltNames(void *extHandle, const char *names, CERTGeneralNameType type) +AddSubjectAltNames(PRArenaPool *arena, CERTGeneralName **existingListp, + const char *names, CERTGeneralNameType type) { - SECItem item = { 0, NULL, 0 }; CERTGeneralName *nameList = NULL; CERTGeneralName *current = NULL; PRCList *prev = NULL; - PRArenaPool *arena; const char *cp; char *tbuf; SECStatus rv = SECSuccess; - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - return SECFailure; - } /* * walk down the comma separated list of names. NOTE: there is @@ -1755,37 +1750,40 @@ AddSubjectAltNames(void *extHandle, const char *names, CERTGeneralNameType type) current->name.other.len = PORT_Strlen(tbuf); prev = &(current->l); } - if (rv != SECSuccess) { - goto loser; - } - /* no email address */ - if (!nameList) { - /*rv=SECSuccess; We know rv is SECSuccess because of the previous if*/ - goto done; + /* at this point nameList points to the head of a doubly linked, but not yet + circular, list and current points to its tail. */ + if (rv == SECSuccess && nameList) { + if (*existingListp != NULL) { + PRCList *existingprev; + /* add nameList to the end of the existing list */ + existingprev = (*existingListp)->l.prev; + (*existingListp)->l.prev = &(current->l); + nameList->l.prev = existingprev; + existingprev->next = &(nameList->l); + current->l.next = &((*existingListp)->l); + } + else { + /* make nameList circular and set it as the new existingList */ + nameList->l.prev = prev; + current->l.next = &(nameList->l); + *existingListp = nameList; + } } - nameList->l.prev = prev; - current->l.next = &(nameList->l); - - CERT_EncodeAltNameExtension(arena, nameList, &item); - rv = CERT_AddExtension (extHandle, SEC_OID_X509_SUBJECT_ALT_NAME, &item, - PR_FALSE, PR_TRUE); -done: -loser: - PORT_FreeArena(arena, PR_FALSE); return rv; - } static SECStatus -AddEmailSubjectAlt(void *extHandle, const char *emailAddrs) +AddEmailSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp, + const char *emailAddrs) { - return AddSubjectAltNames(extHandle, emailAddrs, certRFC822Name); + return AddSubjectAltNames(arena, existingListp, emailAddrs, certRFC822Name); } static SECStatus -AddDNSSubjectAlt(void *extHandle, const char *dnsNames) +AddDNSSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp, + const char *dnsNames) { - return AddSubjectAltNames(extHandle, dnsNames, certDNSName); + return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName); } @@ -2156,16 +2154,30 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, break; } - if (emailAddrs != NULL) { - rv = AddEmailSubjectAlt(extHandle,emailAddrs); - if (rv) - break; - } + if (emailAddrs || dnsNames) { + PRArenaPool *arena; + CERTGeneralName *namelist = NULL; + SECItem item = { 0, NULL, 0 }; + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) { + rv = SECFailure; + break; + } - if (dnsNames != NULL) { - rv = AddDNSSubjectAlt(extHandle,dnsNames); - if (rv) - break; + rv = AddEmailSubjectAlt(arena, &namelist, emailAddrs); + + rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); + + if (rv == SECSuccess) { + rv = CERT_EncodeAltNameExtension(arena, namelist, &item); + if (rv == SECSuccess) { + rv = CERT_AddExtension(extHandle, + SEC_OID_X509_SUBJECT_ALT_NAME, + &item, PR_FALSE, PR_TRUE); + } + } + PORT_FreeArena(arena, PR_FALSE); } } while (0); return rv; |