kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
893 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: ac6900b0d3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ac6900b0d3'
${ noResults }
boringssl/crypto/x509v3/v3_cpols.c

462 lines
14 KiB
Raw Blame History 

  1. /* v3_cpols.c */

  2. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  3.  * project 1999.

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer. 

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    licensing@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com).

  56.  *

  57.  */

  58. 

  59. #include <stdio.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/asn1.h>

  63. #include <openssl/asn1t.h>

  64. #include <openssl/conf.h>

  65. #include <openssl/err.h>

  66. #include <openssl/mem.h>

  67. #include <openssl/obj.h>

  68. #include <openssl/stack.h>

  69. #include <openssl/x509v3.h>

  70. 

  71. #include "pcy_int.h"

  72. 

  73. /* Certificate policies extension support: this one is a bit complex... */

  74. 

  75. static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);

  76. static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);

  77. static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);

  78. static void print_notice(BIO *out, USERNOTICE *notice, int indent);

  79. static POLICYINFO *policy_section(X509V3_CTX *ctx,

  80. 				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);

  81. static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,

  82. 					STACK_OF(CONF_VALUE) *unot, int ia5org);

  83. static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);

  84. 

  85. const X509V3_EXT_METHOD v3_cpols = {

  86. NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),

  87. 0,0,0,0,

  88. 0,0,

  89. 0,0,

  90. (X509V3_EXT_I2R)i2r_certpol,

  91. (X509V3_EXT_R2I)r2i_certpol,

  92. NULL

  93. };

  94. 

  95. ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 

  96. 	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)

  97. ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)

  98. 

  99. IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)

  100. 

  101. ASN1_SEQUENCE(POLICYINFO) = {

  102. 	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),

  103. 	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)

  104. } ASN1_SEQUENCE_END(POLICYINFO)

  105. 

  106. IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)

  107. 

  108. ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);

  109. 

  110. ASN1_ADB(POLICYQUALINFO) = {

  111. 	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),

  112. 	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))

  113. } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);

  114. 

  115. ASN1_SEQUENCE(POLICYQUALINFO) = {

  116. 	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),

  117. 	ASN1_ADB_OBJECT(POLICYQUALINFO)

  118. } ASN1_SEQUENCE_END(POLICYQUALINFO)

  119. 

  120. IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)

  121. 

  122. ASN1_SEQUENCE(USERNOTICE) = {

  123. 	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),

  124. 	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)

  125. } ASN1_SEQUENCE_END(USERNOTICE)

  126. 

  127. IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)

  128. 

  129. ASN1_SEQUENCE(NOTICEREF) = {

  130. 	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),

  131. 	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)

  132. } ASN1_SEQUENCE_END(NOTICEREF)

  133. 

  134. IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)

  135. 

  136. static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,

  137. 		X509V3_CTX *ctx, char *value)

  138. {

  139. 	STACK_OF(POLICYINFO) *pols = NULL;

  140. 	char *pstr;

  141. 	POLICYINFO *pol;

  142. 	ASN1_OBJECT *pobj;

  143. 	STACK_OF(CONF_VALUE) *vals;

  144. 	CONF_VALUE *cnf;

  145. 	size_t i;

  146. 	int ia5org;

  147. 	pols = sk_POLICYINFO_new_null();

  148. 	if (pols == NULL) {

  149. 		OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_MALLOC_FAILURE);

  150. 		return NULL;

  151. 	}

  152. 	vals =  X509V3_parse_list(value);

  153. 	if (vals == NULL) {

  154. 		OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_X509V3_LIB);

  155. 		goto err;

  156. 	}

  157. 	ia5org = 0;

  158. 	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {

  159. 		cnf = sk_CONF_VALUE_value(vals, i);

  160. 		if(cnf->value || !cnf->name ) {

  161. 			OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_POLICY_IDENTIFIER);

  162. 			X509V3_conf_err(cnf);

  163. 			goto err;

  164. 		}

  165. 		pstr = cnf->name;

  166. 		if(!strcmp(pstr,"ia5org")) {

  167. 			ia5org = 1;

  168. 			continue;

  169. 		} else if(*pstr == '@') {

  170. 			STACK_OF(CONF_VALUE) *polsect;

  171. 			polsect = X509V3_get_section(ctx, pstr + 1);

  172. 			if(!polsect) {

  173. 				OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_SECTION);

  174. 

  175. 				X509V3_conf_err(cnf);

  176. 				goto err;

  177. 			}

  178. 			pol = policy_section(ctx, polsect, ia5org);

  179. 			X509V3_section_free(ctx, polsect);

  180. 			if(!pol) goto err;

  181. 		} else {

  182. 			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {

  183. 				OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_OBJECT_IDENTIFIER);

  184. 				X509V3_conf_err(cnf);

  185. 				goto err;

  186. 			}

  187. 			pol = POLICYINFO_new();

  188. 			pol->policyid = pobj;

  189. 		}

  190. 		if (!sk_POLICYINFO_push(pols, pol)){

  191. 			POLICYINFO_free(pol);

  192. 			OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_MALLOC_FAILURE);

  193. 			goto err;

  194. 		}

  195. 	}

  196. 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

  197. 	return pols;

  198. 	err:

  199. 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

  200. 	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);

  201. 	return NULL;

  202. }

  203. 

  204. static POLICYINFO *policy_section(X509V3_CTX *ctx,

  205. 				STACK_OF(CONF_VALUE) *polstrs, int ia5org)

  206. {

  207. 	size_t i;

  208. 	CONF_VALUE *cnf;

  209. 	POLICYINFO *pol;

  210. 	POLICYQUALINFO *qual;

  211. 	if(!(pol = POLICYINFO_new())) goto merr;

  212. 	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {

  213. 		cnf = sk_CONF_VALUE_value(polstrs, i);

  214. 		if(!strcmp(cnf->name, "policyIdentifier")) {

  215. 			ASN1_OBJECT *pobj;

  216. 			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {

  217. 				OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_OBJECT_IDENTIFIER);

  218. 				X509V3_conf_err(cnf);

  219. 				goto err;

  220. 			}

  221. 			pol->policyid = pobj;

  222. 

  223. 		} else if(!name_cmp(cnf->name, "CPS")) {

  224. 			if(!pol->qualifiers) pol->qualifiers =

  225. 						 sk_POLICYQUALINFO_new_null();

  226. 			if(!(qual = POLICYQUALINFO_new())) goto merr;

  227. 			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))

  228. 								 goto merr;

  229.                         /* TODO(fork): const correctness */

  230. 			qual->pqualid = (ASN1_OBJECT*) OBJ_nid2obj(NID_id_qt_cps);

  231. 			qual->d.cpsuri = M_ASN1_IA5STRING_new();

  232. 			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,

  233. 						 strlen(cnf->value))) goto merr;

  234. 		} else if(!name_cmp(cnf->name, "userNotice")) {

  235. 			STACK_OF(CONF_VALUE) *unot;

  236. 			if(*cnf->value != '@') {

  237. 				OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_EXPECTED_A_SECTION_NAME);

  238. 				X509V3_conf_err(cnf);

  239. 				goto err;

  240. 			}

  241. 			unot = X509V3_get_section(ctx, cnf->value + 1);

  242. 			if(!unot) {

  243. 				OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_SECTION);

  244. 

  245. 				X509V3_conf_err(cnf);

  246. 				goto err;

  247. 			}

  248. 			qual = notice_section(ctx, unot, ia5org);

  249. 			X509V3_section_free(ctx, unot);

  250. 			if(!qual) goto err;

  251. 			if(!pol->qualifiers) pol->qualifiers =

  252. 						 sk_POLICYQUALINFO_new_null();

  253. 			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))

  254. 								 goto merr;

  255. 		} else {

  256. 			OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_OPTION);

  257. 

  258. 			X509V3_conf_err(cnf);

  259. 			goto err;

  260. 		}

  261. 	}

  262. 	if(!pol->policyid) {

  263. 		OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_NO_POLICY_IDENTIFIER);

  264. 		goto err;

  265. 	}

  266. 

  267. 	return pol;

  268. 

  269. 	merr:

  270. 	OPENSSL_PUT_ERROR(X509V3, policy_section, ERR_R_MALLOC_FAILURE);

  271. 

  272. 	err:

  273. 	POLICYINFO_free(pol);

  274. 	return NULL;

  275. 	

  276. 	

  277. }

  278. 

  279. static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,

  280. 					STACK_OF(CONF_VALUE) *unot, int ia5org)

  281. {

  282. 	size_t i;

  283. 	int ret;

  284. 	CONF_VALUE *cnf;

  285. 	USERNOTICE *not;

  286. 	POLICYQUALINFO *qual;

  287. 	if(!(qual = POLICYQUALINFO_new())) goto merr;

  288.         /* TODO(fork): const correctness */

  289. 	qual->pqualid = (ASN1_OBJECT *) OBJ_nid2obj(NID_id_qt_unotice);

  290. 	if(!(not = USERNOTICE_new())) goto merr;

  291. 	qual->d.usernotice = not;

  292. 	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {

  293. 		cnf = sk_CONF_VALUE_value(unot, i);

  294. 		if(!strcmp(cnf->name, "explicitText")) {

  295. 			not->exptext = M_ASN1_VISIBLESTRING_new();

  296. 			if(!ASN1_STRING_set(not->exptext, cnf->value,

  297. 						 strlen(cnf->value))) goto merr;

  298. 		} else if(!strcmp(cnf->name, "organization")) {

  299. 			NOTICEREF *nref;

  300. 			if(!not->noticeref) {

  301. 				if(!(nref = NOTICEREF_new())) goto merr;

  302. 				not->noticeref = nref;

  303. 			} else nref = not->noticeref;

  304. 			if(ia5org) nref->organization->type = V_ASN1_IA5STRING;

  305. 			else nref->organization->type = V_ASN1_VISIBLESTRING;

  306. 			if(!ASN1_STRING_set(nref->organization, cnf->value,

  307. 						 strlen(cnf->value))) goto merr;

  308. 		} else if(!strcmp(cnf->name, "noticeNumbers")) {

  309. 			NOTICEREF *nref;

  310. 			STACK_OF(CONF_VALUE) *nos;

  311. 			if(!not->noticeref) {

  312. 				if(!(nref = NOTICEREF_new())) goto merr;

  313. 				not->noticeref = nref;

  314. 			} else nref = not->noticeref;

  315. 			nos = X509V3_parse_list(cnf->value);

  316. 			if(!nos || !sk_CONF_VALUE_num(nos)) {

  317. 				OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_INVALID_NUMBERS);

  318. 				X509V3_conf_err(cnf);

  319. 				goto err;

  320. 			}

  321. 			ret = nref_nos(nref->noticenos, nos);

  322. 			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);

  323. 			if (!ret)

  324. 				goto err;

  325. 		} else {

  326. 			OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_INVALID_OPTION);

  327. 			X509V3_conf_err(cnf);

  328. 			goto err;

  329. 		}

  330. 	}

  331. 

  332. 	if(not->noticeref && 

  333. 	      (!not->noticeref->noticenos || !not->noticeref->organization)) {

  334. 			OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);

  335. 			goto err;

  336. 	}

  337. 

  338. 	return qual;

  339. 

  340. 	merr:

  341. 	OPENSSL_PUT_ERROR(X509V3, notice_section, ERR_R_MALLOC_FAILURE);

  342. 

  343. 	err:

  344. 	POLICYQUALINFO_free(qual);

  345. 	return NULL;

  346. }

  347. 

  348. static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)

  349. {

  350. 	CONF_VALUE *cnf;

  351. 	ASN1_INTEGER *aint;

  352. 

  353. 	size_t i;

  354. 

  355. 	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {

  356. 		cnf = sk_CONF_VALUE_value(nos, i);

  357. 		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {

  358. 			OPENSSL_PUT_ERROR(X509V3, nref_nos, X509V3_R_INVALID_NUMBER);

  359. 			goto err;

  360. 		}

  361. 		if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;

  362. 	}

  363. 	return 1;

  364. 

  365. 	merr:

  366. 	OPENSSL_PUT_ERROR(X509V3, nref_nos, ERR_R_MALLOC_FAILURE);

  367. 

  368. 	err:

  369. 	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);

  370. 	return 0;

  371. }

  372. 

  373. 

  374. static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,

  375. 		BIO *out, int indent)

  376. {

  377. 	size_t i;

  378. 	POLICYINFO *pinfo;

  379. 	/* First print out the policy OIDs */

  380. 	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {

  381. 		pinfo = sk_POLICYINFO_value(pol, i);

  382. 		BIO_printf(out, "%*sPolicy: ", indent, "");

  383. 		i2a_ASN1_OBJECT(out, pinfo->policyid);

  384. 		BIO_puts(out, "\n");

  385. 		if(pinfo->qualifiers)

  386. 			 print_qualifiers(out, pinfo->qualifiers, indent + 2);

  387. 	}

  388. 	return 1;

  389. }

  390. 

  391. static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,

  392. 		int indent)

  393. {

  394. 	POLICYQUALINFO *qualinfo;

  395. 	size_t i;

  396. 	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {

  397. 		qualinfo = sk_POLICYQUALINFO_value(quals, i);

  398. 		switch(OBJ_obj2nid(qualinfo->pqualid))

  399. 		{

  400. 			case NID_id_qt_cps:

  401. 			BIO_printf(out, "%*sCPS: %s\n", indent, "",

  402. 						qualinfo->d.cpsuri->data);

  403. 			break;

  404. 		

  405. 			case NID_id_qt_unotice:

  406. 			BIO_printf(out, "%*sUser Notice:\n", indent, "");

  407. 			print_notice(out, qualinfo->d.usernotice, indent + 2);

  408. 			break;

  409. 

  410. 			default:

  411. 			BIO_printf(out, "%*sUnknown Qualifier: ",

  412. 							 indent + 2, "");

  413. 			

  414. 			i2a_ASN1_OBJECT(out, qualinfo->pqualid);

  415. 			BIO_puts(out, "\n");

  416. 			break;

  417. 		}

  418. 	}

  419. }

  420. 

  421. static void print_notice(BIO *out, USERNOTICE *notice, int indent)

  422. {

  423. 	size_t i;

  424. 	if(notice->noticeref) {

  425. 		NOTICEREF *ref;

  426. 		ref = notice->noticeref;

  427. 		BIO_printf(out, "%*sOrganization: %s\n", indent, "",

  428. 						 ref->organization->data);

  429. 		BIO_printf(out, "%*sNumber%s: ", indent, "",

  430. 			   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");

  431. 		for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {

  432. 			ASN1_INTEGER *num;

  433. 			char *tmp;

  434. 			num = sk_ASN1_INTEGER_value(ref->noticenos, i);

  435. 			if(i) BIO_puts(out, ", ");

  436. 			tmp = i2s_ASN1_INTEGER(NULL, num);

  437. 			BIO_puts(out, tmp);

  438. 			OPENSSL_free(tmp);

  439. 		}

  440. 		BIO_puts(out, "\n");

  441. 	}

  442. 	if(notice->exptext)

  443. 		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",

  444. 							 notice->exptext->data);

  445. }

  446. 

  447. void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)

  448. 	{

  449. 	const X509_POLICY_DATA *dat = node->data;

  450. 

  451. 	BIO_printf(out, "%*sPolicy: ", indent, "");

  452. 			

  453. 	i2a_ASN1_OBJECT(out, dat->valid_policy);

  454. 	BIO_puts(out, "\n");

  455. 	BIO_printf(out, "%*s%s\n", indent + 2, "",

  456. 		node_data_critical(dat) ? "Critical" : "Non Critical");

  457. 	if (dat->qualifier_set)

  458. 		print_qualifiers(out, dat->qualifier_set, indent + 2);

  459. 	else

  460. 		BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");

  461. 	}