kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1217 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 9f33fc63c6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9f33fc63c6'
${ noResults }
boringssl/crypto/x509v3/v3_crld.c

617 lines
16 KiB
Raw Blame History 

  1. /* v3_crld.c */

  2. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  3.  * project 1999.

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer. 

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    licensing@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com). */

  56. 

  57. #include <stdio.h>

  58. #include <string.h>

  59. 

  60. #include <openssl/asn1.h>

  61. #include <openssl/asn1t.h>

  62. #include <openssl/conf.h>

  63. #include <openssl/err.h>

  64. #include <openssl/mem.h>

  65. #include <openssl/obj.h>

  66. #include <openssl/x509v3.h>

  67. 

  68. 

  69. static void *v2i_crld(const X509V3_EXT_METHOD *method,

  70. 		      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

  71. static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,

  72. 		     int indent);

  73. 

  74. const X509V3_EXT_METHOD v3_crld =

  75. 	{

  76. 	NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),

  77. 	0,0,0,0,

  78. 	0,0,

  79. 	0,

  80. 	v2i_crld,

  81. 	i2r_crldp,0,

  82. 	NULL

  83. 	};

  84. 

  85. const X509V3_EXT_METHOD v3_freshest_crl =

  86. 	{

  87. 	NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),

  88. 	0,0,0,0,

  89. 	0,0,

  90. 	0,

  91. 	v2i_crld,

  92. 	i2r_crldp,0,

  93. 	NULL

  94. 	};

  95. 

  96. static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)

  97. 	{

  98. 	STACK_OF(CONF_VALUE) *gnsect;

  99. 	STACK_OF(GENERAL_NAME) *gens;

  100. 	if (*sect == '@')

  101. 		gnsect = X509V3_get_section(ctx, sect + 1);

  102. 	else

  103. 		gnsect = X509V3_parse_list(sect);

  104. 	if (!gnsect)

  105. 		{

  106. 		OPENSSL_PUT_ERROR(X509V3, gnames_from_sectname, X509V3_R_SECTION_NOT_FOUND);

  107. 		return NULL;

  108. 		}

  109. 	gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);

  110. 	if (*sect == '@')

  111. 		X509V3_section_free(ctx, gnsect);

  112. 	else

  113. 		sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);

  114. 	return gens;

  115. 	}

  116. 

  117. static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,

  118. 							CONF_VALUE *cnf)

  119. 	{

  120. 	STACK_OF(GENERAL_NAME) *fnm = NULL;

  121. 	STACK_OF(X509_NAME_ENTRY) *rnm = NULL;

  122. 	if (!strncmp(cnf->name, "fullname", 9))

  123. 		{

  124. 		fnm = gnames_from_sectname(ctx, cnf->value);

  125. 		if (!fnm)

  126. 			goto err;

  127. 		}

  128. 	else if (!strcmp(cnf->name, "relativename"))

  129. 		{

  130. 		int ret;

  131. 		STACK_OF(CONF_VALUE) *dnsect;

  132. 		X509_NAME *nm;

  133. 		nm = X509_NAME_new();

  134. 		if (!nm)

  135. 			return -1;

  136. 		dnsect = X509V3_get_section(ctx, cnf->value);

  137. 		if (!dnsect)

  138. 			{

  139. 			OPENSSL_PUT_ERROR(X509V3, set_dist_point_name, X509V3_R_SECTION_NOT_FOUND);

  140. 			return -1;

  141. 			}

  142. 		ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);

  143. 		X509V3_section_free(ctx, dnsect);

  144. 		rnm = nm->entries;

  145. 		nm->entries = NULL;

  146. 		X509_NAME_free(nm);

  147. 		if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)

  148. 			goto err;

  149. 		/* Since its a name fragment can't have more than one

  150. 		 * RDNSequence

  151. 		 */

  152. 		if (sk_X509_NAME_ENTRY_value(rnm,

  153. 				sk_X509_NAME_ENTRY_num(rnm) - 1)->set)

  154. 			{

  155. 			OPENSSL_PUT_ERROR(X509V3, set_dist_point_name, X509V3_R_INVALID_MULTIPLE_RDNS);

  156. 			goto err;

  157. 			}

  158. 		}

  159. 	else

  160. 		return 0;

  161. 

  162. 	if (*pdp)

  163. 		{

  164. 		OPENSSL_PUT_ERROR(X509V3, set_dist_point_name, X509V3_R_DISTPOINT_ALREADY_SET);

  165. 		goto err;

  166. 		}

  167. 

  168. 	*pdp = DIST_POINT_NAME_new();

  169. 	if (!*pdp)

  170. 		goto err;

  171. 	if (fnm)

  172. 		{

  173. 		(*pdp)->type = 0;

  174. 		(*pdp)->name.fullname = fnm;

  175. 		}

  176. 	else

  177. 		{

  178. 		(*pdp)->type = 1;

  179. 		(*pdp)->name.relativename = rnm;

  180. 		}

  181. 

  182. 	return 1;

  183. 		

  184. 	err:

  185. 	if (fnm)

  186. 		sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);

  187. 	if (rnm)

  188. 		sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);

  189. 	return -1;

  190. 	}

  191. 

  192. static const BIT_STRING_BITNAME reason_flags[] = {

  193. {0, "Unused", "unused"},

  194. {1, "Key Compromise", "keyCompromise"},

  195. {2, "CA Compromise", "CACompromise"},

  196. {3, "Affiliation Changed", "affiliationChanged"},

  197. {4, "Superseded", "superseded"},

  198. {5, "Cessation Of Operation", "cessationOfOperation"},

  199. {6, "Certificate Hold", "certificateHold"},

  200. {7, "Privilege Withdrawn", "privilegeWithdrawn"},

  201. {8, "AA Compromise", "AACompromise"},

  202. {-1, NULL, NULL}

  203. };

  204. 

  205. static int set_reasons(ASN1_BIT_STRING **preas, char *value)

  206. 	{

  207. 	STACK_OF(CONF_VALUE) *rsk = NULL;

  208. 	const BIT_STRING_BITNAME *pbn;

  209. 	const char *bnam;

  210. 	size_t i;

  211. 	int ret = 0;

  212. 	rsk = X509V3_parse_list(value);

  213. 	if (!rsk)

  214. 		return 0;

  215. 	if (*preas)

  216. 		return 0;

  217. 	for (i = 0; i < sk_CONF_VALUE_num(rsk); i++)

  218. 		{

  219. 		bnam = sk_CONF_VALUE_value(rsk, i)->name;

  220. 		if (!*preas)

  221. 			{

  222. 			*preas = ASN1_BIT_STRING_new();

  223. 			if (!*preas)

  224. 				goto err;

  225. 			}

  226. 		for (pbn = reason_flags; pbn->lname; pbn++)

  227. 			{

  228. 			if (!strcmp(pbn->sname, bnam))

  229. 				{

  230. 				if (!ASN1_BIT_STRING_set_bit(*preas,

  231. 							pbn->bitnum, 1))

  232. 					goto err;

  233. 				break;

  234. 				}

  235. 			}

  236. 		if (!pbn->lname)

  237. 			goto err;

  238. 		}

  239. 	ret = 1;

  240. 

  241. 	err:

  242. 	sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);

  243. 	return ret;

  244. 	}

  245. 

  246. static int print_reasons(BIO *out, const char *rname,

  247. 			ASN1_BIT_STRING *rflags, int indent)

  248. 	{

  249. 	int first = 1;

  250. 	const BIT_STRING_BITNAME *pbn;

  251. 	BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");

  252. 	for (pbn = reason_flags; pbn->lname; pbn++)

  253. 		{

  254. 		if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))

  255. 			{

  256. 			if (first)

  257. 				first = 0;

  258. 			else

  259. 				BIO_puts(out, ", ");

  260. 			BIO_puts(out, pbn->lname);

  261. 			}

  262. 		}

  263. 	if (first)

  264. 		BIO_puts(out, "<EMPTY>\n");

  265. 	else

  266. 		BIO_puts(out, "\n");

  267. 	return 1;

  268. 	}

  269. 

  270. static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,

  271. 						STACK_OF(CONF_VALUE) *nval)

  272. 	{

  273. 	size_t i;

  274. 	CONF_VALUE *cnf;

  275. 	DIST_POINT *point = NULL;

  276. 	point = DIST_POINT_new();

  277. 	if (!point)

  278. 		goto err;

  279. 	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)

  280. 		{

  281. 		int ret;

  282. 		cnf = sk_CONF_VALUE_value(nval, i);

  283. 		ret = set_dist_point_name(&point->distpoint, ctx, cnf);

  284. 		if (ret > 0)

  285. 			continue;

  286. 		if (ret < 0)

  287. 			goto err;

  288. 		if (!strcmp(cnf->name, "reasons"))

  289. 			{

  290. 			if (!set_reasons(&point->reasons, cnf->value))

  291. 				goto err;

  292. 			}

  293. 		else if (!strcmp(cnf->name, "CRLissuer"))

  294. 			{

  295. 			point->CRLissuer =

  296. 				gnames_from_sectname(ctx, cnf->value);

  297. 			if (!point->CRLissuer)

  298. 				goto err;

  299. 			}

  300. 		}

  301. 

  302. 	return point;

  303. 			

  304. 

  305. 	err:

  306. 	if (point)

  307. 		DIST_POINT_free(point);

  308. 	return NULL;

  309. 	}

  310. 

  311. static void *v2i_crld(const X509V3_EXT_METHOD *method,

  312. 		      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

  313. 	{

  314. 	STACK_OF(DIST_POINT) *crld = NULL;

  315. 	GENERAL_NAMES *gens = NULL;

  316. 	GENERAL_NAME *gen = NULL;

  317. 	CONF_VALUE *cnf;

  318. 	size_t i;

  319. 	if(!(crld = sk_DIST_POINT_new_null())) goto merr;

  320. 	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

  321. 		DIST_POINT *point;

  322. 		cnf = sk_CONF_VALUE_value(nval, i);

  323. 		if (!cnf->value)

  324. 			{

  325. 			STACK_OF(CONF_VALUE) *dpsect;

  326. 			dpsect = X509V3_get_section(ctx, cnf->name);

  327. 			if (!dpsect)

  328. 				goto err;

  329. 			point = crldp_from_section(ctx, dpsect);

  330. 			X509V3_section_free(ctx, dpsect);

  331. 			if (!point)

  332. 				goto err;

  333. 			if(!sk_DIST_POINT_push(crld, point))

  334. 				{

  335. 				DIST_POINT_free(point);

  336. 				goto merr;

  337. 				}

  338. 			}

  339. 		else

  340. 			{

  341. 			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))

  342. 				goto err; 

  343. 			if(!(gens = GENERAL_NAMES_new()))

  344. 				goto merr;

  345. 			if(!sk_GENERAL_NAME_push(gens, gen))

  346. 				goto merr;

  347. 			gen = NULL;

  348. 			if(!(point = DIST_POINT_new()))

  349. 				goto merr;

  350. 			if(!sk_DIST_POINT_push(crld, point))

  351. 				{

  352. 				DIST_POINT_free(point);

  353. 				goto merr;

  354. 				}

  355. 			if(!(point->distpoint = DIST_POINT_NAME_new()))

  356. 				goto merr;

  357. 			point->distpoint->name.fullname = gens;

  358. 			point->distpoint->type = 0;

  359. 			gens = NULL;

  360. 			}

  361. 	}

  362. 	return crld;

  363. 

  364. 	merr:

  365. 	OPENSSL_PUT_ERROR(X509V3, v2i_crld, ERR_R_MALLOC_FAILURE);

  366. 	err:

  367. 	GENERAL_NAME_free(gen);

  368. 	GENERAL_NAMES_free(gens);

  369. 	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);

  370. 	return NULL;

  371. }

  372. 

  373. IMPLEMENT_ASN1_SET_OF(DIST_POINT)

  374. 

  375. static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,

  376. 								void *exarg)

  377. 	{

  378. 	DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;

  379. 

  380. 	switch(operation)

  381. 		{

  382. 		case ASN1_OP_NEW_POST:

  383. 		dpn->dpname = NULL;

  384. 		break;

  385. 

  386. 		case ASN1_OP_FREE_POST:

  387. 		if (dpn->dpname)

  388. 			X509_NAME_free(dpn->dpname);

  389. 		break;

  390. 		}

  391. 	return 1;

  392. 	}

  393. 

  394. 

  395. ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {

  396. 	ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),

  397. 	ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)

  398. } ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)

  399. 

  400. 

  401. IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)

  402. 

  403. ASN1_SEQUENCE(DIST_POINT) = {

  404. 	ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),

  405. 	ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),

  406. 	ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)

  407. } ASN1_SEQUENCE_END(DIST_POINT)

  408. 

  409. IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)

  410. 

  411. ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 

  412. 	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)

  413. ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)

  414. 

  415. IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)

  416. 

  417. ASN1_SEQUENCE(ISSUING_DIST_POINT) = {

  418. 	ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),

  419. 	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),

  420. 	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),

  421. 	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),

  422. 	ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),

  423. 	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)

  424. } ASN1_SEQUENCE_END(ISSUING_DIST_POINT)

  425. 

  426. IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)

  427. 

  428. static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,

  429. 		   int indent);

  430. static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

  431. 		     STACK_OF(CONF_VALUE) *nval);

  432. 

  433. const X509V3_EXT_METHOD v3_idp =

  434. 	{

  435. 	NID_issuing_distribution_point, X509V3_EXT_MULTILINE,

  436. 	ASN1_ITEM_ref(ISSUING_DIST_POINT),

  437. 	0,0,0,0,

  438. 	0,0,

  439. 	0,

  440. 	v2i_idp,

  441. 	i2r_idp,0,

  442. 	NULL

  443. 	};

  444. 

  445. static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

  446. 		     STACK_OF(CONF_VALUE) *nval)

  447. 	{

  448. 	ISSUING_DIST_POINT *idp = NULL;

  449. 	CONF_VALUE *cnf;

  450. 	char *name, *val;

  451. 	size_t i;

  452. 	int ret;

  453. 	idp = ISSUING_DIST_POINT_new();

  454. 	if (!idp)

  455. 		goto merr;

  456. 	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)

  457. 		{

  458. 		cnf = sk_CONF_VALUE_value(nval, i);

  459. 		name = cnf->name;

  460. 		val = cnf->value;

  461. 		ret = set_dist_point_name(&idp->distpoint, ctx, cnf);

  462. 		if (ret > 0)

  463. 			continue;

  464. 		if (ret < 0)

  465. 			goto err;

  466. 		if (!strcmp(name, "onlyuser"))

  467. 			{

  468. 			if (!X509V3_get_value_bool(cnf, &idp->onlyuser))

  469. 				goto err;

  470. 			}

  471. 		else if (!strcmp(name, "onlyCA"))

  472. 			{

  473. 			if (!X509V3_get_value_bool(cnf, &idp->onlyCA))

  474. 				goto err;

  475. 			}

  476. 		else if (!strcmp(name, "onlyAA"))

  477. 			{

  478. 			if (!X509V3_get_value_bool(cnf, &idp->onlyattr))

  479. 				goto err;

  480. 			}

  481. 		else if (!strcmp(name, "indirectCRL"))

  482. 			{

  483. 			if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))

  484. 				goto err;

  485. 			}

  486. 		else if (!strcmp(name, "onlysomereasons"))

  487. 			{

  488. 			if (!set_reasons(&idp->onlysomereasons, val))

  489. 				goto err;

  490. 			}

  491. 		else

  492. 			{

  493.                         OPENSSL_PUT_ERROR(X509V3, v2i_idp, X509V3_R_INVALID_NAME);

  494.                         X509V3_conf_err(cnf);

  495.                         goto err;

  496. 			}

  497. 		}

  498. 	return idp;

  499. 

  500. 	merr:

  501. 	OPENSSL_PUT_ERROR(X509V3, v2i_idp, ERR_R_MALLOC_FAILURE);

  502. 	err:

  503. 	ISSUING_DIST_POINT_free(idp);

  504. 	return NULL;

  505. 	}

  506. 

  507. static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)

  508. 	{

  509. 	size_t i;

  510. 	for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)

  511. 		{

  512. 		BIO_printf(out, "%*s", indent + 2, "");

  513. 		GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));

  514. 		BIO_puts(out, "\n");

  515. 		}

  516. 	return 1;

  517. 	}

  518. 

  519. static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)

  520. 	{

  521. 	if (dpn->type == 0)

  522. 		{

  523. 		BIO_printf(out, "%*sFull Name:\n", indent, "");

  524. 		print_gens(out, dpn->name.fullname, indent);

  525. 		}

  526. 	else

  527. 		{

  528. 		X509_NAME ntmp;

  529. 		ntmp.entries = dpn->name.relativename;

  530. 		BIO_printf(out, "%*sRelative Name:\n%*s",

  531. 						indent, "", indent + 2, "");

  532. 		X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);

  533. 		BIO_puts(out, "\n");

  534. 		}

  535. 	return 1;

  536. 	}

  537. 

  538. static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,

  539. 		   int indent)

  540. 	{

  541. 	ISSUING_DIST_POINT *idp = pidp;

  542. 	if (idp->distpoint)

  543. 		print_distpoint(out, idp->distpoint, indent);

  544. 	if (idp->onlyuser > 0)

  545. 		BIO_printf(out, "%*sOnly User Certificates\n", indent, "");

  546. 	if (idp->onlyCA > 0)

  547. 		BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");

  548. 	if (idp->indirectCRL > 0)

  549. 		BIO_printf(out, "%*sIndirect CRL\n", indent, "");

  550. 	if (idp->onlysomereasons)

  551. 		print_reasons(out, "Only Some Reasons", 

  552. 				idp->onlysomereasons, indent);

  553. 	if (idp->onlyattr > 0)

  554. 		BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");

  555. 	if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)

  556. 		&& (idp->indirectCRL <= 0) && !idp->onlysomereasons

  557. 		&& (idp->onlyattr <= 0))

  558. 		BIO_printf(out, "%*s<EMPTY>\n", indent, "");

  559. 		

  560. 	return 1;

  561. 	}

  562. 

  563. static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,

  564. 		     int indent)

  565. 	{

  566. 	STACK_OF(DIST_POINT) *crld = pcrldp;

  567. 	DIST_POINT *point;

  568. 	size_t i;

  569. 	for(i = 0; i < sk_DIST_POINT_num(crld); i++)

  570. 		{

  571. 		BIO_puts(out, "\n");

  572. 		point = sk_DIST_POINT_value(crld, i);

  573. 		if(point->distpoint)

  574. 			print_distpoint(out, point->distpoint, indent);

  575. 		if(point->reasons) 

  576. 			print_reasons(out, "Reasons", point->reasons,

  577. 								indent);

  578. 		if(point->CRLissuer)

  579. 			{

  580. 			BIO_printf(out, "%*sCRL Issuer:\n", indent, "");

  581. 			print_gens(out, point->CRLissuer, indent);

  582. 			}

  583. 		}

  584. 	return 1;

  585. 	}

  586. 

  587. int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)

  588. 	{

  589. 	size_t i;

  590. 	STACK_OF(X509_NAME_ENTRY) *frag;

  591. 	X509_NAME_ENTRY *ne;

  592. 	if (!dpn || (dpn->type != 1))

  593. 		return 1;

  594. 	frag = dpn->name.relativename;

  595. 	dpn->dpname = X509_NAME_dup(iname);

  596. 	if (!dpn->dpname)

  597. 		return 0;

  598. 	for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++)

  599. 		{

  600. 		ne = sk_X509_NAME_ENTRY_value(frag, i);

  601. 		if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1))

  602. 			{

  603. 			X509_NAME_free(dpn->dpname);

  604. 			dpn->dpname = NULL;

  605. 			return 0;

  606. 			}

  607. 		}

  608. 	/* generate cached encoding of name */

  609. 	if (i2d_X509_NAME(dpn->dpname, NULL) < 0)

  610. 		{

  611. 		X509_NAME_free(dpn->dpname);

  612. 		dpn->dpname = NULL;

  613. 		return 0;

  614. 		}

  615. 	return 1;

  616. 	}