Fixes to OCSP print code.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 20 Dec 2000 00:46:44 +0000 (00:46 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 20 Dec 2000 00:46:44 +0000 (00:46 +0000)
Don't try to print request certificates if signature is not present.

Remove unnecessary test for certificates being NULL.

Fix typos in printed output.

Tidy up output.

Fix for typo in OCSP_SERVICELOC ASN1 template.

Also give a bit more info in CHANGES about the ASN1 revision.

CHANGES
crypto/ocsp/ocsp_asn.c
crypto/ocsp/ocsp_prn.c
crypto/x509v3/v3_ocsp.c
crypto/x509v3/v3_prn.c

diff --git a/CHANGES b/CHANGES
index c63a2df..b082012 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
   *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
      Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
      when writing a 32767 byte record.
@@ -19,6 +24,7 @@
 
   *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
      entries for variables.
+     [Steve Henson]
 
   *) Add functionality to apps/openssl.c for detecting locking
      problems: As the program is single-threaded, all we have
      [Steve Henson]
 
   *) Merge in replacement ASN1 code from the ASN1 branch. This almost
-     completely replaces the old ASN1 functionality.
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
      [Steve Henson]
 
   *) Change BN_mod_exp_recp so that negative moduli are tolerated
index a84db66..336d5e3 100644 (file)
@@ -174,7 +174,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
 
 ASN1_SEQUENCE(OCSP_SERVICELOC) = {
        ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
-       ASN1_SEQUENCE_OF(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+       ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
 } ASN1_SEQUENCE_END(OCSP_SERVICELOC);
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
index 649a9ce..533d301 100644 (file)
@@ -158,23 +158,22 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
                cid = one->reqCert;
                ocsp_certid_print(bp, cid, 8);
                if (!X509V3_extensions_print(bp,
-                                       "OCSP Request Single Extensions",
-                                       one->singleRequestExtensions, flags, 4))
+                                       "Request Single Extensions",
+                                       one->singleRequestExtensions, flags, 8))
                                                        goto err;
                }
-       if (!X509V3_extensions_print(bp, "OCSP Request Extensions",
+       if (!X509V3_extensions_print(bp, "Request Extensions",
                        inf->requestExtensions, flags, 4))
                                                        goto err;
        if (sig)
                {
                X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
-               }
-
-       for (i=0; i<sk_X509_num(sig->certs); i++)
-               if (sk_X509_value(sig->certs,i) != NULL) {
+               for (i=0; i<sk_X509_num(sig->certs); i++)
+                       {
                        X509_print(bp, sk_X509_value(sig->certs,i));
                        PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
-       }
+                       }
+               }
        return 1;
 err:
        return 0;
@@ -269,20 +268,20 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
                        }
                if (!BIO_write(bp,"\n",1)) goto err;
                if (!X509V3_extensions_print(bp,
-                                       "OCSP Basic Response Single Extensions",
-                                       single->singleExtensions, flags, 4))
+                                       "Response Single Extensions",
+                                       single->singleExtensions, flags, 8))
                                                        goto err;
                }
-       if (!X509V3_extensions_print(bp, "OCSP Basic Response Extensions",
+       if (!X509V3_extensions_print(bp, "Response Extensions",
                                        rd->responseExtensions, flags, 4))
        if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
                                                        goto err;
 
        for (i=0; i<sk_X509_num(br->certs); i++)
-               if (sk_X509_value(br->certs,i) != NULL) {
-                       X509_print(bp, sk_X509_value(br->certs,i));
-                       PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
-       }
+               {
+               X509_print(bp, sk_X509_value(br->certs,i));
+               PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+               }
 
        return 1;
 err:
index a10bfa9..c65dbfa 100644 (file)
@@ -229,7 +229,7 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int
        OCSP_SERVICELOC *a = in;
        ACCESS_DESCRIPTION *ad;
 
-        if (BIO_printf(bp, "%*ssIissuer: ", ind, "") <= 0) goto err;
+        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
         if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
        for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
                {
index 475c480..62ec1f1 100644 (file)
@@ -112,7 +112,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
        if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, method->it);
        else ext_str = method->d2i(NULL, &p, ext->value->length);
 
-       if(!ext_str) unknown_ext_print(out, ext, flag, indent, 1);
+       if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
 
        if(method->i2s) {
                if(!(value = method->i2s(method, ext_str))) {