- }
-}
-
-if(!ctx || !ctx->issuer_cert) {
- if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
+ }
+
+ cert = ctx->issuer_cert;
+
+ if(keyid)
+ {
+ i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+ if((i >= 0) && (ext = X509_get_ext(cert, i)))
+ ikeyid = X509V3_EXT_d2i(ext);
+ if(keyid==2 && !ikeyid)
+ {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+ return NULL;
+ }
+ }
+
+ if((issuer && !ikeyid) || (issuer == 2))
+ {
+ isname = X509_NAME_dup(X509_get_issuer_name(cert));
+ serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+ if(!isname || !serial)
+ {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+ goto err;
+ }
+ }
+
+ if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
+
+ if(isname)
+ {
+ if(!(gens = sk_GENERAL_NAME_new_null())
+ || !(gen = GENERAL_NAME_new())
+ || !sk_GENERAL_NAME_push(gens, gen))
+ {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ gen->type = GEN_DIRNAME;
+ gen->d.dirn = isname;
+ }
+
+ akeyid->issuer = gens;
+ akeyid->serial = serial;
+ akeyid->keyid = ikeyid;
+
+ return akeyid;
+
+ err:
+ X509_NAME_free(isname);
+ M_ASN1_INTEGER_free(serial);
+ M_ASN1_OCTET_STRING_free(ikeyid);