910320a3a0
These are tied to OPENSSL_NO_OCSP in upstream but do not actually depend on most of the OCSP machinery. The CRL invdate extension, in particular, isn't associated with OCSP at all. cryptography.io gets upset if these two extensions aren't parseable, and they're tiny. I do not believe this actually affects anything beyond functions like X509_get_ext_d2i. In particular, the list of NIDs for the criticality check is elsewhere. Change-Id: I889f6ebf4ca4b34b1d9ff15f45e05878132826a1 Reviewed-on: https://boringssl-review.googlesource.com/28549 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
69 lines
1.9 KiB
C
69 lines
1.9 KiB
C
/*
|
|
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/x509v3.h>
|
|
|
|
#include <openssl/asn1.h>
|
|
#include <openssl/bio.h>
|
|
#include <openssl/nid.h>
|
|
|
|
/*
|
|
* OCSP extensions and a couple of CRL entry extensions
|
|
*/
|
|
|
|
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
|
|
BIO *out, int indent);
|
|
|
|
static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
|
|
void *nocheck, BIO *out, int indent);
|
|
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
|
|
X509V3_CTX *ctx, const char *str);
|
|
|
|
const X509V3_EXT_METHOD v3_crl_invdate = {
|
|
NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
|
|
0, 0, 0, 0,
|
|
0, 0,
|
|
0, 0,
|
|
i2r_ocsp_acutoff, 0,
|
|
NULL
|
|
};
|
|
|
|
const X509V3_EXT_METHOD v3_ocsp_nocheck = {
|
|
NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
|
|
0, 0, 0, 0,
|
|
0, s2i_ocsp_nocheck,
|
|
0, 0,
|
|
i2r_ocsp_nocheck, 0,
|
|
NULL
|
|
};
|
|
|
|
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
|
|
BIO *bp, int ind)
|
|
{
|
|
if (BIO_printf(bp, "%*s", ind, "") <= 0)
|
|
return 0;
|
|
if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
|
|
return 0;
|
|
return 1;
|
|
}
|
|
|
|
/* Nocheck is just a single NULL. Don't print anything and always set it */
|
|
|
|
static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
|
|
BIO *out, int indent)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
|
|
X509V3_CTX *ctx, const char *str)
|
|
{
|
|
return ASN1_NULL_new();
|
|
}
|