gnutls-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_0_3-12-g6d967fd

From: Simon Josefsson
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_3-12-g6d967fd
Date: Wed, 21 Sep 2011 15:29:36 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=6d967fd54ecd1cb7e5034a60e50bb91cf2381667

The branch, master has been updated
       via  6d967fd54ecd1cb7e5034a60e50bb91cf2381667 (commit)
      from  4c49931e8794b3f7d49fb1d1cc24c7a58f8aa3e0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6d967fd54ecd1cb7e5034a60e50bb91cf2381667
Author: Simon Josefsson <address@hidden>
Date:   Wed Sep 21 17:23:35 2011 +0200

    libgnutls: gnutls_x509_crt_print supports printing AIA fields.  Support 
caIssuers.

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                 |    1 +
 NEWS                       |    5 ++-
 lib/includes/gnutls/x509.h |    5 ++-
 lib/x509/output.c          |   68 +++++++++++++++++++++++++++++++++++++++++++-
 lib/x509/x509.c            |   22 ++++++++++----
 tests/infoaccess.c         |    1 -
 6 files changed, 92 insertions(+), 10 deletions(-)

diff --git a/.gitignore b/.gitignore
index 53b2c2c..1d31f67 100644
--- a/.gitignore
+++ b/.gitignore
@@ -517,3 +517,4 @@ doc/latex/gnutls.lot
 tests/x509cert-tl
 doc/enums.texi
 doc/enums/
+tests/infoaccess
diff --git a/NEWS b/NEWS
index 9826af1..e89105b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,13 +5,16 @@ See the end for copying conditions.
 * Version 3.0.4 (unreleased)
 
 ** libgnutls: Added gnutls_x509_crt_get_authority_info_access.
-Used to get the PKIX Authority Information Access field.
+Used to get the PKIX Authority Information Access (AIA) field.
+
+** libgnutls: gnutls_x509_crt_print supports printing AIA fields.
 
 ** API and ABI modifications:
 gnutls_x509_crt_get_authority_info_access (x509.h): Added function.
 gnutls_info_access_what_t (x509.h): Added enum.
 GNUTLS_OID_AIA (x509.h): Added symbol.
 GNUTLS_OID_AD_OCSP (x509.h): Added symbol.
+GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol.
 
 * Version 3.0.3 (released 2011-09-18)
 
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 2c65448..55fdd31 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -80,6 +80,7 @@ extern "C"
 
 #define GNUTLS_OID_AIA                         "1.3.6.1.5.5.7.1.1"
 #define GNUTLS_OID_AD_OCSP                     "1.3.6.1.5.5.7.48.1"
+#define GNUTLS_OID_AD_CAISSUERS                        "1.3.6.1.5.5.7.48.2"
 
 #define GNUTLS_FSAN_SET 0
 #define GNUTLS_FSAN_APPEND 1
@@ -171,6 +172,7 @@ extern "C"
    * @GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: Get accessLocation name type.
    * @GNUTLS_IA_URI: Get accessLocation URI value.
    * @GNUTLS_IA_OCSP_URI: get accessLocation URI value for OCSP.
+   * @GNUTLS_IA_CAISSUERS_URI: get accessLocation URI value for caIssuers.
    *
    * Enumeration of types for the @what parameter of
    * gnutls_x509_crt_get_authority_info_access().
@@ -182,7 +184,8 @@ extern "C"
       /* use 100-108 for the generalName types, populate as needed */
       GNUTLS_IA_URI = 106,
       /* quick-access variants that match both OID and name type. */
-      GNUTLS_IA_OCSP_URI = 10006
+      GNUTLS_IA_OCSP_URI = 10006,
+      GNUTLS_IA_CAISSUERS_URI = 10106
     } gnutls_info_access_what_t;
 
   int gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 39b0ea7..78ac29d 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2007-2011 Free Software Foundation, Inc.
  *
  * Author: Simon Josefsson
  *
@@ -171,6 +171,63 @@ print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t 
cert)
 }
 
 static void
+print_aia (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+{
+  int err;
+  int seq = 0;
+  gnutls_datum_t data;
+
+  for (;;)
+    {
+      err = gnutls_x509_crt_get_authority_info_access
+       (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
+      if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+       return;
+      if (err < 0)
+       {
+         addf (str, "error: get_aia: %s\n", gnutls_strerror (err));
+         return;
+       }
+
+      addf (str, _("\t\t\tAccess Method: %.*s"), data.size, data.data);
+      if (data.size == sizeof (GNUTLS_OID_AD_OCSP) &&
+         memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0)
+       adds (str, " (id-ad-ocsp)\n");
+      else if (data.size == sizeof (GNUTLS_OID_AD_CAISSUERS) &&
+              memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0)
+       adds (str, " (id-ad-caIssuers)\n");
+      else
+       adds (str, " (UNKNOWN)\n");
+
+      err = gnutls_x509_crt_get_authority_info_access
+       (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL);
+      if (err < 0)
+       {
+         addf (str, "error: get_aia type: %s\n", gnutls_strerror (err));
+         return;
+       }
+
+      if (data.size == sizeof ("uniformResourceIdentifier") &&
+         memcmp (data.data, "uniformResourceIdentifier", data.size) == 0)
+       {
+         adds (str, "\t\t\tAccess Location URI: ");
+         err = gnutls_x509_crt_get_authority_info_access
+           (cert, seq, GNUTLS_IA_URI, &data, NULL);
+         if (err < 0)
+           {
+             addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err));
+             return;
+           }
+         addf (str, "%.*s\n", data.size, data.data);
+       }
+      else
+       adds (str, "\t\t\tUnsupported accessLocation type\n");
+
+      seq++;
+    }
+}
+
+static void
 print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
 {
   char *buffer = NULL;
@@ -958,6 +1015,15 @@ print_extensions (gnutls_buffer_st * str, const char 
*prefix, int type,
 
           proxy_idx++;
         }
+      else if (strcmp (oid, "1.3.6.1.5.5.7.1.1") == 0)
+        {
+          addf (str, _("%s\t\tAuthority Information "
+                      "Access Information (%s):\n"), prefix,
+                critical ? _("critical") : _("not critical"));
+
+          if (type == TYPE_CRT)
+            print_aia (str, cert.crt);
+        }
       else
         {
           char *buffer;
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 611adcf..25de5ae 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3400,6 +3400,7 @@ _gnutls_parse_aia (ASN1_TYPE src,
   char nptr[ASN1_MAX_NAME_SIZE];
   int result;
   gnutls_datum_t d;
+  const char *oid = NULL;
 
   seq++;                        /* 0->1, 1->2 etc */
   switch (what)
@@ -3412,7 +3413,13 @@ _gnutls_parse_aia (ASN1_TYPE src,
       snprintf (nptr, sizeof (nptr), "?%u.accessLocation", seq);
       break;
 
+    case GNUTLS_IA_CAISSUERS_URI:
+      oid = GNUTLS_OID_AD_CAISSUERS;
+      /* fall through */
+
     case GNUTLS_IA_OCSP_URI:
+      if (oid == NULL)
+       oid = GNUTLS_OID_AD_OCSP;
       {
        char *tmpoid[20];
        snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq);
@@ -3425,8 +3432,7 @@ _gnutls_parse_aia (ASN1_TYPE src,
            gnutls_assert ();
            return _gnutls_asn2err (result);
          }
-       if (len != sizeof (GNUTLS_OID_AD_OCSP) ||
-           memcmp (tmpoid, GNUTLS_OID_AD_OCSP, len) != 0)
+       if (len != strlen (oid) + 1 || memcmp (tmpoid, oid, len) != 0)
          return GNUTLS_E_UNKNOWN_ALGORITHM;
       }
       /* fall through */
@@ -3506,8 +3512,7 @@ _gnutls_parse_aia (ASN1_TYPE src,
  * should be #gnutls_info_access_what_t values.
  *
  * If @what is %GNUTLS_IA_ACCESSMETHOD_OID then @data will hold the
- * accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1" for id-ad-ocsp meaning
- * OCSP).
+ * accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1").
  *
  * If @what is %GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, @data will
  * hold the accessLocation GeneralName type (e.g.,
@@ -3519,8 +3524,13 @@ _gnutls_parse_aia (ASN1_TYPE src,
  *
  * If @what is %GNUTLS_IA_OCSP_URI, @data will hold the OCSP URI.
  * Requesting this @what value leads to an error if the accessMethod
- * is not OSCP or accessLocation is not of the
- * "uniformResourceIdentifier" type.
+ * is not 1.3.6.1.5.5.7.48.1 aka OSCP, or if accessLocation is not of
+ * the "uniformResourceIdentifier" type.
+ *
+ * If @what is %GNUTLS_IA_CAISSUERS_URI, @data will hold the caIssuers
+ * URI.  Requesting this @what value leads to an error if the
+ * accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if
+ * accessLocation is not of the "uniformResourceIdentifier" type.
  *
  * More @what values may be allocated in the future as needed.
  *
diff --git a/tests/infoaccess.c b/tests/infoaccess.c
index 242b334..f539e69 100644
--- a/tests/infoaccess.c
+++ b/tests/infoaccess.c
@@ -218,7 +218,6 @@ doit (void)
   /* even more specific query */
   ret = gnutls_x509_crt_get_authority_info_access
     (crt, 0, GNUTLS_IA_OCSP_URI, &data, NULL);
-  printf ("ret %d\n", ret);
   if (ret < 0)
     {
       fail ("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_OCSP_URI\n");


hooks/post-receive
-- 
GNU gnutls
reply via email to
[Prev in Thread] Current Thread [Next in Thread]