kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1256 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 160f4ef14c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '160f4ef14c'
${ noResults }
boringssl/crypto/x509v3/v3_cpols.c

476 lines
14 KiB
Raw Blame History 

  1. /* v3_cpols.c */

  2. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  3.  * project 1999.

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer. 

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    licensing@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com).

  56.  *

  57.  */

  58. 

  59. #include <stdio.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/asn1.h>

  63. #include <openssl/asn1t.h>

  64. #include <openssl/conf.h>

  65. #include <openssl/err.h>

  66. #include <openssl/mem.h>

  67. #include <openssl/obj.h>

  68. #include <openssl/stack.h>

  69. #include <openssl/x509v3.h>

  70. 

  71. #include "pcy_int.h"

  72. 

  73. /* Certificate policies extension support: this one is a bit complex... */

  74. 

  75. static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);

  76. static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);

  77. static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);

  78. static void print_notice(BIO *out, USERNOTICE *notice, int indent);

  79. static POLICYINFO *policy_section(X509V3_CTX *ctx,

  80. 				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);

  81. static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,

  82. 					STACK_OF(CONF_VALUE) *unot, int ia5org);

  83. static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);

  84. 

  85. const X509V3_EXT_METHOD v3_cpols = {

  86. NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),

  87. 0,0,0,0,

  88. 0,0,

  89. 0,0,

  90. (X509V3_EXT_I2R)i2r_certpol,

  91. (X509V3_EXT_R2I)r2i_certpol,

  92. NULL

  93. };

  94. 

  95. ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 

  96. 	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)

  97. ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)

  98. 

  99. IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)

  100. 

  101. ASN1_SEQUENCE(POLICYINFO) = {

  102. 	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),

  103. 	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)

  104. } ASN1_SEQUENCE_END(POLICYINFO)

  105. 

  106. IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)

  107. 

  108. ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);

  109. 

  110. ASN1_ADB(POLICYQUALINFO) = {

  111. 	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),

  112. 	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))

  113. } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);

  114. 

  115. ASN1_SEQUENCE(POLICYQUALINFO) = {

  116. 	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),

  117. 	ASN1_ADB_OBJECT(POLICYQUALINFO)

  118. } ASN1_SEQUENCE_END(POLICYQUALINFO)

  119. 

  120. IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)

  121. 

  122. ASN1_SEQUENCE(USERNOTICE) = {

  123. 	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),

  124. 	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)

  125. } ASN1_SEQUENCE_END(USERNOTICE)

  126. 

  127. IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)

  128. 

  129. ASN1_SEQUENCE(NOTICEREF) = {

  130. 	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),

  131. 	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)

  132. } ASN1_SEQUENCE_END(NOTICEREF)

  133. 

  134. IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)

  135. 

  136. static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,

  137. 		X509V3_CTX *ctx, char *value)

  138. {

  139. 	STACK_OF(POLICYINFO) *pols = NULL;

  140. 	char *pstr;

  141. 	POLICYINFO *pol;

  142. 	ASN1_OBJECT *pobj;

  143. 	STACK_OF(CONF_VALUE) *vals;

  144. 	CONF_VALUE *cnf;

  145. 	size_t i;

  146. 	int ia5org;

  147. 	pols = sk_POLICYINFO_new_null();

  148. 	if (pols == NULL) {

  149. 		OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_MALLOC_FAILURE);

  150. 		return NULL;

  151. 	}

  152. 	vals =  X509V3_parse_list(value);

  153. 	if (vals == NULL) {

  154. 		OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_X509V3_LIB);

  155. 		goto err;

  156. 	}

  157. 	ia5org = 0;

  158. 	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {

  159. 		cnf = sk_CONF_VALUE_value(vals, i);

  160. 		if(cnf->value || !cnf->name ) {

  161. 			OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_POLICY_IDENTIFIER);

  162. 			X509V3_conf_err(cnf);

  163. 			goto err;

  164. 		}

  165. 		pstr = cnf->name;

  166. 		if(!strcmp(pstr,"ia5org")) {

  167. 			ia5org = 1;

  168. 			continue;

  169. 		} else if(*pstr == '@') {

  170. 			STACK_OF(CONF_VALUE) *polsect;

  171. 			polsect = X509V3_get_section(ctx, pstr + 1);

  172. 			if(!polsect) {

  173. 				OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_SECTION);

  174. 

  175. 				X509V3_conf_err(cnf);

  176. 				goto err;

  177. 			}

  178. 			pol = policy_section(ctx, polsect, ia5org);

  179. 			X509V3_section_free(ctx, polsect);

  180. 			if(!pol) goto err;

  181. 		} else {

  182. 			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {

  183. 				OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_OBJECT_IDENTIFIER);

  184. 				X509V3_conf_err(cnf);

  185. 				goto err;

  186. 			}

  187. 			pol = POLICYINFO_new();

  188. 			pol->policyid = pobj;

  189. 		}

  190. 		if (!sk_POLICYINFO_push(pols, pol)){

  191. 			POLICYINFO_free(pol);

  192. 			OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_MALLOC_FAILURE);

  193. 			goto err;

  194. 		}

  195. 	}

  196. 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

  197. 	return pols;

  198. 	err:

  199. 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

  200. 	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);

  201. 	return NULL;

  202. }

  203. 

  204. static POLICYINFO *policy_section(X509V3_CTX *ctx,

  205. 				STACK_OF(CONF_VALUE) *polstrs, int ia5org)

  206. {

  207. 	size_t i;

  208. 	CONF_VALUE *cnf;

  209. 	POLICYINFO *pol;

  210. 	POLICYQUALINFO *qual;

  211. 	if(!(pol = POLICYINFO_new())) goto merr;

  212. 	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {

  213. 		cnf = sk_CONF_VALUE_value(polstrs, i);

  214. 		if(!strcmp(cnf->name, "policyIdentifier")) {

  215. 			ASN1_OBJECT *pobj;

  216. 			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {

  217. 				OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_OBJECT_IDENTIFIER);

  218. 				X509V3_conf_err(cnf);

  219. 				goto err;

  220. 			}

  221. 			pol->policyid = pobj;

  222. 

  223. 		} else if(!name_cmp(cnf->name, "CPS")) {

  224. 			if(!pol->qualifiers) pol->qualifiers =

  225. 						 sk_POLICYQUALINFO_new_null();

  226. 			if(!(qual = POLICYQUALINFO_new())) goto merr;

  227. 			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))

  228. 								 goto merr;

  229.                         /* TODO(fork): const correctness */

  230. 			qual->pqualid = (ASN1_OBJECT*) OBJ_nid2obj(NID_id_qt_cps);

  231. 			if (qual->pqualid == NULL) {

  232. 				OPENSSL_PUT_ERROR(X509V3, policy_section, ERR_R_INTERNAL_ERROR);

  233. 				goto err;

  234. 			}

  235. 			qual->d.cpsuri = M_ASN1_IA5STRING_new();

  236. 			if (qual->d.cpsuri == NULL) {

  237. 				goto err;

  238. 			}

  239. 			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,

  240. 						 strlen(cnf->value))) goto merr;

  241. 		} else if(!name_cmp(cnf->name, "userNotice")) {

  242. 			STACK_OF(CONF_VALUE) *unot;

  243. 			if(*cnf->value != '@') {

  244. 				OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_EXPECTED_A_SECTION_NAME);

  245. 				X509V3_conf_err(cnf);

  246. 				goto err;

  247. 			}

  248. 			unot = X509V3_get_section(ctx, cnf->value + 1);

  249. 			if(!unot) {

  250. 				OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_SECTION);

  251. 

  252. 				X509V3_conf_err(cnf);

  253. 				goto err;

  254. 			}

  255. 			qual = notice_section(ctx, unot, ia5org);

  256. 			X509V3_section_free(ctx, unot);

  257. 			if(!qual) goto err;

  258. 			if(!pol->qualifiers) pol->qualifiers =

  259. 						 sk_POLICYQUALINFO_new_null();

  260. 			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))

  261. 								 goto merr;

  262. 		} else {

  263. 			OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_OPTION);

  264. 

  265. 			X509V3_conf_err(cnf);

  266. 			goto err;

  267. 		}

  268. 	}

  269. 	if(!pol->policyid) {

  270. 		OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_NO_POLICY_IDENTIFIER);

  271. 		goto err;

  272. 	}

  273. 

  274. 	return pol;

  275. 

  276. 	merr:

  277. 	OPENSSL_PUT_ERROR(X509V3, policy_section, ERR_R_MALLOC_FAILURE);

  278. 

  279. 	err:

  280. 	POLICYINFO_free(pol);

  281. 	return NULL;

  282. 	

  283. 	

  284. }

  285. 

  286. static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,

  287. 					STACK_OF(CONF_VALUE) *unot, int ia5org)

  288. {

  289. 	size_t i;

  290. 	int ret;

  291. 	CONF_VALUE *cnf;

  292. 	USERNOTICE *not;

  293. 	POLICYQUALINFO *qual;

  294. 	if(!(qual = POLICYQUALINFO_new())) goto merr;

  295.         /* TODO(fork): const correctness */

  296. 	qual->pqualid = (ASN1_OBJECT *) OBJ_nid2obj(NID_id_qt_unotice);

  297. 	if (qual->pqualid == NULL)

  298. 		{

  299. 		OPENSSL_PUT_ERROR(X509V3, notice_section, ERR_R_INTERNAL_ERROR);

  300. 		goto err;

  301. 		}

  302. 	if(!(not = USERNOTICE_new())) goto merr;

  303. 	qual->d.usernotice = not;

  304. 	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {

  305. 		cnf = sk_CONF_VALUE_value(unot, i);

  306. 		if(!strcmp(cnf->name, "explicitText")) {

  307. 			not->exptext = M_ASN1_VISIBLESTRING_new();

  308. 			if (not->exptext == NULL)

  309. 				goto merr;

  310. 			if(!ASN1_STRING_set(not->exptext, cnf->value,

  311. 						 strlen(cnf->value))) goto merr;

  312. 		} else if(!strcmp(cnf->name, "organization")) {

  313. 			NOTICEREF *nref;

  314. 			if(!not->noticeref) {

  315. 				if(!(nref = NOTICEREF_new())) goto merr;

  316. 				not->noticeref = nref;

  317. 			} else nref = not->noticeref;

  318. 			if(ia5org) nref->organization->type = V_ASN1_IA5STRING;

  319. 			else nref->organization->type = V_ASN1_VISIBLESTRING;

  320. 			if(!ASN1_STRING_set(nref->organization, cnf->value,

  321. 						 strlen(cnf->value))) goto merr;

  322. 		} else if(!strcmp(cnf->name, "noticeNumbers")) {

  323. 			NOTICEREF *nref;

  324. 			STACK_OF(CONF_VALUE) *nos;

  325. 			if(!not->noticeref) {

  326. 				if(!(nref = NOTICEREF_new())) goto merr;

  327. 				not->noticeref = nref;

  328. 			} else nref = not->noticeref;

  329. 			nos = X509V3_parse_list(cnf->value);

  330. 			if(!nos || !sk_CONF_VALUE_num(nos)) {

  331. 				OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_INVALID_NUMBERS);

  332. 				X509V3_conf_err(cnf);

  333. 				goto err;

  334. 			}

  335. 			ret = nref_nos(nref->noticenos, nos);

  336. 			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);

  337. 			if (!ret)

  338. 				goto err;

  339. 		} else {

  340. 			OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_INVALID_OPTION);

  341. 			X509V3_conf_err(cnf);

  342. 			goto err;

  343. 		}

  344. 	}

  345. 

  346. 	if(not->noticeref && 

  347. 	      (!not->noticeref->noticenos || !not->noticeref->organization)) {

  348. 			OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);

  349. 			goto err;

  350. 	}

  351. 

  352. 	return qual;

  353. 

  354. 	merr:

  355. 	OPENSSL_PUT_ERROR(X509V3, notice_section, ERR_R_MALLOC_FAILURE);

  356. 

  357. 	err:

  358. 	POLICYQUALINFO_free(qual);

  359. 	return NULL;

  360. }

  361. 

  362. static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)

  363. {

  364. 	CONF_VALUE *cnf;

  365. 	ASN1_INTEGER *aint;

  366. 

  367. 	size_t i;

  368. 

  369. 	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {

  370. 		cnf = sk_CONF_VALUE_value(nos, i);

  371. 		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {

  372. 			OPENSSL_PUT_ERROR(X509V3, nref_nos, X509V3_R_INVALID_NUMBER);

  373. 			goto err;

  374. 		}

  375. 		if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;

  376. 	}

  377. 	return 1;

  378. 

  379. 	merr:

  380. 	OPENSSL_PUT_ERROR(X509V3, nref_nos, ERR_R_MALLOC_FAILURE);

  381. 

  382. 	err:

  383. 	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);

  384. 	return 0;

  385. }

  386. 

  387. 

  388. static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,

  389. 		BIO *out, int indent)

  390. {

  391. 	size_t i;

  392. 	POLICYINFO *pinfo;

  393. 	/* First print out the policy OIDs */

  394. 	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {

  395. 		pinfo = sk_POLICYINFO_value(pol, i);

  396. 		BIO_printf(out, "%*sPolicy: ", indent, "");

  397. 		i2a_ASN1_OBJECT(out, pinfo->policyid);

  398. 		BIO_puts(out, "\n");

  399. 		if(pinfo->qualifiers)

  400. 			 print_qualifiers(out, pinfo->qualifiers, indent + 2);

  401. 	}

  402. 	return 1;

  403. }

  404. 

  405. static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,

  406. 		int indent)

  407. {

  408. 	POLICYQUALINFO *qualinfo;

  409. 	size_t i;

  410. 	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {

  411. 		qualinfo = sk_POLICYQUALINFO_value(quals, i);

  412. 		switch(OBJ_obj2nid(qualinfo->pqualid))

  413. 		{

  414. 			case NID_id_qt_cps:

  415. 			BIO_printf(out, "%*sCPS: %s\n", indent, "",

  416. 						qualinfo->d.cpsuri->data);

  417. 			break;

  418. 		

  419. 			case NID_id_qt_unotice:

  420. 			BIO_printf(out, "%*sUser Notice:\n", indent, "");

  421. 			print_notice(out, qualinfo->d.usernotice, indent + 2);

  422. 			break;

  423. 

  424. 			default:

  425. 			BIO_printf(out, "%*sUnknown Qualifier: ",

  426. 							 indent + 2, "");

  427. 			

  428. 			i2a_ASN1_OBJECT(out, qualinfo->pqualid);

  429. 			BIO_puts(out, "\n");

  430. 			break;

  431. 		}

  432. 	}

  433. }

  434. 

  435. static void print_notice(BIO *out, USERNOTICE *notice, int indent)

  436. {

  437. 	size_t i;

  438. 	if(notice->noticeref) {

  439. 		NOTICEREF *ref;

  440. 		ref = notice->noticeref;

  441. 		BIO_printf(out, "%*sOrganization: %s\n", indent, "",

  442. 						 ref->organization->data);

  443. 		BIO_printf(out, "%*sNumber%s: ", indent, "",

  444. 			   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");

  445. 		for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {

  446. 			ASN1_INTEGER *num;

  447. 			char *tmp;

  448. 			num = sk_ASN1_INTEGER_value(ref->noticenos, i);

  449. 			if(i) BIO_puts(out, ", ");

  450. 			tmp = i2s_ASN1_INTEGER(NULL, num);

  451. 			BIO_puts(out, tmp);

  452. 			OPENSSL_free(tmp);

  453. 		}

  454. 		BIO_puts(out, "\n");

  455. 	}

  456. 	if(notice->exptext)

  457. 		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",

  458. 							 notice->exptext->data);

  459. }

  460. 

  461. void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)

  462. 	{

  463. 	const X509_POLICY_DATA *dat = node->data;

  464. 

  465. 	BIO_printf(out, "%*sPolicy: ", indent, "");

  466. 			

  467. 	i2a_ASN1_OBJECT(out, dat->valid_policy);

  468. 	BIO_puts(out, "\n");

  469. 	BIO_printf(out, "%*s%s\n", indent + 2, "",

  470. 		node_data_critical(dat) ? "Critical" : "Non Critical");

  471. 	if (dat->qualifier_set)

  472. 		print_qualifiers(out, dat->qualifier_set, indent + 2);

  473. 	else

  474. 		BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");

  475. 	}