auth/rsa2x509: generate x509v3 cert as extension field might not otherwise not be expected
This commit is contained in:
cinap_lenrek
parent
67158d5b05
commit
675ee1db15
1 changed files with 16 additions and 15 deletions
|
|
@ -2672,6 +2672,15 @@ asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static Elem
|
||||||
|
mkcont(Elem e, int num)
|
||||||
|
{
|
||||||
|
e = mkseq(mkel(e, nil));
|
||||||
|
e.tag.class = Context;
|
||||||
|
e.tag.num = num;
|
||||||
|
return e;
|
||||||
|
}
|
||||||
|
|
||||||
static Elem
|
static Elem
|
||||||
mkaltname(char *s)
|
mkaltname(char *s)
|
||||||
{
|
{
|
||||||
|
|
@ -2679,16 +2688,12 @@ mkaltname(char *s)
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
for(i=0; i<nelem(DN_oid); i++){
|
for(i=0; i<nelem(DN_oid); i++){
|
||||||
if(strstr(s, DN_oid[i].prefix) != nil){
|
if(strstr(s, DN_oid[i].prefix) != nil)
|
||||||
e = mkseq(mkel(mkDN(s),nil));
|
return mkcont(mkDN(s), 4); /* DN */
|
||||||
e.tag.class = Context;
|
|
||||||
e.tag.num = 4; /* DN */
|
|
||||||
return e;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
e = mkstring(s, IA5String);
|
e = mkstring(s, IA5String);
|
||||||
e.tag.class = Context;
|
e.tag.class = Context;
|
||||||
e.tag.num = strchr(s, '@') != nil ? 1 : 2; /* email : DNS */
|
e.tag.num = strchr(s, '@') != nil ? 1 : 2; /* email : DNS */
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2738,17 +2743,12 @@ static Elist*
|
||||||
mkextensions(char *alts)
|
mkextensions(char *alts)
|
||||||
{
|
{
|
||||||
Elist *sl, *xl;
|
Elist *sl, *xl;
|
||||||
Elem e;
|
|
||||||
|
|
||||||
xl = nil;
|
xl = nil;
|
||||||
if((sl = mkaltnames(alts)) != nil)
|
if((sl = mkaltnames(alts)) != nil)
|
||||||
xl = mkextel(mkseq(sl), (Ints*)&oid_subjectAltName, xl);
|
xl = mkextel(mkseq(sl), (Ints*)&oid_subjectAltName, xl);
|
||||||
if(xl != nil){
|
if(xl != nil)
|
||||||
e = mkseq(mkel(mkseq(xl), nil));
|
return mkel(mkcont(mkseq(xl), 3), nil);
|
||||||
e.tag.class = Context;
|
|
||||||
e.tag.num = 3; /* Extensions */
|
|
||||||
return mkel(e, nil);
|
|
||||||
}
|
|
||||||
return nil;
|
return nil;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2791,6 +2791,7 @@ X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
|
||||||
freevalfields(&e.val);
|
freevalfields(&e.val);
|
||||||
|
|
||||||
e = mkseq(
|
e = mkseq(
|
||||||
|
mkel(mkcont(mkint(2), 0),
|
||||||
mkel(mkint(serial),
|
mkel(mkint(serial),
|
||||||
mkel(mkalg(sigalg),
|
mkel(mkalg(sigalg),
|
||||||
mkel(mkDN(subj),
|
mkel(mkDN(subj),
|
||||||
|
|
@ -2803,7 +2804,7 @@ X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
|
||||||
mkel(mkalg(ALG_rsaEncryption),
|
mkel(mkalg(ALG_rsaEncryption),
|
||||||
mkel(mkbits(pkbytes->data, pkbytes->len),
|
mkel(mkbits(pkbytes->data, pkbytes->len),
|
||||||
nil))),
|
nil))),
|
||||||
mkextensions(alts))))))));
|
mkextensions(alts)))))))));
|
||||||
freebytes(pkbytes);
|
freebytes(pkbytes);
|
||||||
if(encode(e, &certinfobytes) != ASN_OK)
|
if(encode(e, &certinfobytes) != ASN_OK)
|
||||||
goto errret;
|
goto errret;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue