this stuff.
Changes between 0.9.2b and 0.9.3
+ *) Add support for CRL distribution points extension. Add Certificate
+ Policies and CRL distribution points documentation.
+ [Steve Henson]
+
*) Move the autogenerated header file parts to crypto/opensslconf.h.
[Ulf Möller]
*) Fix problems with sizeof(long) == 8.
[Andy Polyakov <appro@fy.chalmers.se>]
+>>>>>>> 1.185
*) Change functions to ANSI C.
[Ulf Möller]
[Andy Polyakov <appro@fy.chalmers.se>]
*) Support for Certificate Policies extension: both print and set.
- Various additions to support the r2i method this extension will use.
+ Various additions to support the r2i method this uses.
[Steve Henson]
*) A lot of constification, and fix a bug in X509_NAME_oneline() that could
OpenSSL STATUS Last modified at
- ______________ $Date: 1999/04/21 17:30:41 $
+ ______________ $Date: 1999/04/21 17:44:32 $
DEVELOPMENT STATE
PKCS#12 code cleanup and enhancement.
PKCS #8 and PKCS#5 v2.0 support.
Private key, certificate and CRL API and implementation.
+ Redo error code and DEF file generation scripts.
o Mark is currently working on:
Folding in any changes that are in the C2Net code base that were
#define ASN1_F_D2I_AUTHORITY_KEYID 238
#define ASN1_F_D2I_BASIC_CONSTRAINTS 227
#define ASN1_F_D2I_DHPARAMS 136
+#define ASN1_F_D2I_DIST_POINT 276
+#define ASN1_F_D2I_DIST_POINT_NAME 277
#define ASN1_F_D2I_DSAPARAMS 137
#define ASN1_F_D2I_DSAPRIVATEKEY 138
#define ASN1_F_D2I_DSAPUBLICKEY 139
#define ASN1_F_D2I_X509_REVOKED 173
#define ASN1_F_D2I_X509_SIG 174
#define ASN1_F_D2I_X509_VAL 175
+#define ASN1_F_DIST_POINT_NAME_NEW 278
+#define ASN1_F_DIST_POINT_NEW 279
#define ASN1_F_GENERAL_NAME_NEW 231
#define ASN1_F_I2D_ASN1_HEADER 176
#define ASN1_F_I2D_ASN1_TIME 225
#define ASN1_F_D2I_AUTHORITY_KEYID 238
#define ASN1_F_D2I_BASIC_CONSTRAINTS 227
#define ASN1_F_D2I_DHPARAMS 136
+#define ASN1_F_D2I_DIST_POINT 276
+#define ASN1_F_D2I_DIST_POINT_NAME 277
#define ASN1_F_D2I_DSAPARAMS 137
#define ASN1_F_D2I_DSAPRIVATEKEY 138
#define ASN1_F_D2I_DSAPUBLICKEY 139
#define ASN1_F_D2I_X509_REVOKED 173
#define ASN1_F_D2I_X509_SIG 174
#define ASN1_F_D2I_X509_VAL 175
+#define ASN1_F_DIST_POINT_NAME_NEW 278
+#define ASN1_F_DIST_POINT_NEW 279
#define ASN1_F_GENERAL_NAME_NEW 231
#define ASN1_F_I2D_ASN1_HEADER 176
#define ASN1_F_I2D_ASN1_TIME 225
{ERR_PACK(0,ASN1_F_D2I_AUTHORITY_KEYID,0), "D2I_AUTHORITY_KEYID"},
{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0), "D2I_BASIC_CONSTRAINTS"},
{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0), "D2I_DHPARAMS"},
+{ERR_PACK(0,ASN1_F_D2I_DIST_POINT,0), "D2I_DIST_POINT"},
+{ERR_PACK(0,ASN1_F_D2I_DIST_POINT_NAME,0), "D2I_DIST_POINT_NAME"},
{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0), "D2I_DSAPARAMS"},
{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0), "D2I_DSAPRIVATEKEY"},
{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0), "D2I_DSAPUBLICKEY"},
{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0), "D2I_X509_REVOKED"},
{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0), "D2I_X509_SIG"},
{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0), "D2I_X509_VAL"},
+{ERR_PACK(0,ASN1_F_DIST_POINT_NAME_NEW,0), "DIST_POINT_NAME_NEW"},
+{ERR_PACK(0,ASN1_F_DIST_POINT_NEW,0), "DIST_POINT_NEW"},
{ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0), "GENERAL_NAME_NEW"},
{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0), "i2d_ASN1_HEADER"},
{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "i2d_ASN1_TIME"},
LIB=$(TOP)/libcrypto.a
LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c
LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o
SRC= $(LIBSRC)
return pol;
- err:
- POLICYINFO_free(pol);
- return NULL;
-
merr:
X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
+
+ err:
POLICYINFO_free(pol);
return NULL;
+
}
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot)
return qual;
- err:
- POLICYQUALINFO_free(qual);
- return NULL;
-
merr:
X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+ err:
POLICYQUALINFO_free(qual);
return NULL;
}
}
return nnums;
- err:
- sk_pop_free(nnums, ASN1_STRING_free);
- return NULL;
-
merr:
X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+ err:
sk_pop_free(nnums, ASN1_STRING_free);
return NULL;
}
--- /dev/null
+/* v3_crld.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "conf.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+#include "x509v3.h"
+
+static STACK *i2v_crld(X509V3_EXT_METHOD *method, STACK_OF(DIST_POINT) *crld,
+ STACK *extlist);
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK *nval);
+
+X509V3_EXT_METHOD v3_crld = {
+NID_crl_distribution_points, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)CRL_DIST_POINTS_new,
+CRL_DIST_POINTS_free,
+(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
+i2d_CRL_DIST_POINTS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_crld,
+(X509V3_EXT_V2I)v2i_crld,
+NULL, NULL, NULL
+};
+
+/*
+ * ASN1err(ASN1_F_DIST_POINT_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_DIST_POINT,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_DIST_POINT_NAME_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_DIST_POINT_NAME,ERR_R_MALLOC_FAILURE);
+ */
+
+static STACK *i2v_crld(X509V3_EXT_METHOD *method, STACK_OF(DIST_POINT) *crld,
+ STACK *exts)
+{
+ DIST_POINT *point;
+ int i;
+ for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
+ point = sk_DIST_POINT_value(crld, i);
+ if(point->distpoint->fullname) {
+ exts = i2v_GENERAL_NAMES(NULL,
+ point->distpoint->fullname, exts);
+ }
+ if(point->reasons)
+ X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
+ if(point->CRLissuer)
+ X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
+ if(point->distpoint->relativename)
+ X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
+ }
+ return exts;
+}
+
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK *nval)
+{
+ STACK_OF(DIST_POINT) *crld = NULL;
+ STACK_OF(GENERAL_NAME) *gens = NULL;
+ GENERAL_NAME *gen = NULL;
+ CONF_VALUE *cnf;
+ int i;
+ if(!(crld = sk_DIST_POINT_new(NULL))) goto merr;
+ for(i = 0; i < sk_num(nval); i++) {
+ DIST_POINT *point;
+ cnf = (CONF_VALUE *)sk_value(nval, i);
+ if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
+ if(!(gens = GENERAL_NAMES_new())) goto merr;
+ if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
+ gen = NULL;
+ if(!(point = DIST_POINT_new())) goto merr;
+ if(!sk_DIST_POINT_push(crld, point)) {
+ DIST_POINT_free(point);
+ goto merr;
+ }
+ if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
+ point->distpoint->fullname = gens;
+ gens = NULL;
+ }
+ return crld;
+
+ merr:
+ X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
+ err:
+ GENERAL_NAME_free(gen);
+ GENERAL_NAMES_free(gens);
+ sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+ return NULL;
+}
+
+int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp)
+{
+
+return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);}
+
+STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void)
+{
+ return sk_DIST_POINT_new_null();
+}
+
+void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a)
+{
+ sk_DIST_POINT_pop_free(a, DIST_POINT_free);
+}
+
+STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
+ unsigned char **pp,long length)
+{
+return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT,
+ DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+
+}
+
+IMPLEMENT_STACK_OF(DIST_POINT)
+IMPLEMENT_ASN1_SET_OF(DIST_POINT)
+
+int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp)
+{
+ int v = 0;
+ M_ASN1_I2D_vars(a);
+ /* NB: underlying type is a CHOICE so need EXPLICIT tagging */
+ M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
+ M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING);
+ M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
+ M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1);
+ M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2);
+
+ M_ASN1_I2D_finish();
+}
+
+DIST_POINT *DIST_POINT_new(void)
+{
+ DIST_POINT *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, DIST_POINT);
+ ret->distpoint = NULL;
+ ret->reasons = NULL;
+ ret->CRLissuer = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW);
+}
+
+DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length)
+{
+ M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0);
+ M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1,
+ V_ASN1_BIT_STRING);
+ M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2,
+ V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT);
+}
+
+void DIST_POINT_free(DIST_POINT *a)
+{
+ if (a == NULL) return;
+ DIST_POINT_NAME_free(a->distpoint);
+ ASN1_BIT_STRING_free(a->reasons);
+ sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
+ Free ((char *)a);
+}
+
+int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
+{
+ int v = 0;
+ M_ASN1_I2D_vars(a);
+
+ if(a->fullname) {
+ M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
+ } else {
+ M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
+ }
+
+ /* Don't want a SEQUENCE so... */
+ if(pp == NULL) return ret;
+ p = *pp;
+
+ if(a->fullname) {
+ M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
+ } else {
+ M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
+ }
+ M_ASN1_I2D_finish();
+}
+
+DIST_POINT_NAME *DIST_POINT_NAME_new(void)
+{
+ DIST_POINT_NAME *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, DIST_POINT_NAME);
+ ret->fullname = NULL;
+ ret->relativename = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW);
+}
+
+void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
+{
+ if (a == NULL) return;
+ X509_NAME_free(a->relativename);
+ sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
+ Free ((char *)a);
+}
+
+DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
+ long length)
+{
+ unsigned char _tmp, tag;
+ M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new);
+ M_ASN1_D2I_Init();
+ c.slen = length;
+
+ _tmp = M_ASN1_next;
+ tag = _tmp & ~V_ASN1_CONSTRUCTED;
+
+ if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) {
+ M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
+ V_ASN1_SEQUENCE);
+ } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
+ M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1);
+ } else {
+ c.error = ASN1_R_BAD_TAG;
+ goto err;
+ }
+
+ M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME);
+}
extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
int X509V3_add_standard_extensions(void)
{
X509V3_EXT_add(&v3_sxnet);
X509V3_EXT_add(&v3_crl_reason);
X509V3_EXT_add(&v3_cpols);
+ X509V3_EXT_add(&v3_crld);
return 1;
}
{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"},
{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"},
{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"},
{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"},
{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"},
#define X509V3_F_V2I_ASN1_BIT_STRING 101
#define X509V3_F_V2I_AUTHORITY_KEYID 119
#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
+#define X509V3_F_V2I_CRLD 134
#define X509V3_F_V2I_EXT_KU 103
#define X509V3_F_V2I_GENERAL_NAME 117
#define X509V3_F_V2I_GENERAL_NAMES 118
DECLARE_STACK_OF(GENERAL_NAME)
DECLARE_ASN1_SET_OF(GENERAL_NAME)
+typedef struct DIST_POINT_NAME_st {
+/* NB: this is a CHOICE type and only one of these should be set */
+STACK_OF(GENERAL_NAME) *fullname;
+X509_NAME *relativename;
+} DIST_POINT_NAME;
+
+typedef struct DIST_POINT_st {
+DIST_POINT_NAME *distpoint;
+ASN1_BIT_STRING *reasons;
+STACK_OF(GENERAL_NAME) *CRLissuer;
+} DIST_POINT;
+
+DECLARE_STACK_OF(DIST_POINT)
+DECLARE_ASN1_SET_OF(DIST_POINT)
+
typedef struct AUTHORITY_KEYID_st {
ASN1_OCTET_STRING *keyid;
STACK_OF(GENERAL_NAME) *issuer;
NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length);
void NOTICEREF_free(NOTICEREF *a);
+int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp);
+STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void);
+void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a);
+STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
+ unsigned char **pp,long length);
+
+int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp);
+DIST_POINT *DIST_POINT_new(void);
+DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length);
+void DIST_POINT_free(DIST_POINT *a);
+
+int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp);
+DIST_POINT_NAME *DIST_POINT_NAME_new(void);
+void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
+DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
+ long length);
+
#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
void X509V3_conf_free(CONF_VALUE *val);
#define X509V3_F_V2I_ASN1_BIT_STRING 101
#define X509V3_F_V2I_AUTHORITY_KEYID 119
#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
+#define X509V3_F_V2I_CRLD 134
#define X509V3_F_V2I_EXT_KU 103
#define X509V3_F_V2I_GENERAL_NAME 117
#define X509V3_F_V2I_GENERAL_NAMES 118
The issuer alternative name option supports all the literal options of
subject alternative name. It does *not* support the email:copy option because
-that would not make sense. It does support and additional issuer:copy option
+that would not make sense. It does support an additional issuer:copy option
that will copy all the subject alternative name values from the issuer
certificate (if possible).
+CRL distribution points.
+
+This is a multivalued extension that supports all the literal options of
+subject alternative name. Of the few software packages that currently interpret
+this extension most only interpret the URI option.
+
+Currently each option will set a new DistributionPoint with the fullName
+field set to the given value.
+
+Other fields like cRLissuer and reasons cannot currently be set or displayed:
+at this time no examples were available that used these fields.
+
+If you see this extension with <UNSUPPORTED> when you attempt to print it out
+or it doesn't appear to display correctly then let me know, including the
+certificate (mail me at steve@openssl.org) .
+
+Examples:
+
+crlDistributionPoints=URI:http://www.myhost.com/myca.crl
+crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
+
+Certificate Policies.
+
+This is a RAW extension. It attempts to display the contents of this extension:
+unfortuntately this extension is often improperly encoded.
+
+The certificate policies extension will rarely be used in practice: few
+software packages interpret it correctly or at all.
+
+All the fields of this extension can be set by using the appropriate syntax.
+
+If you follow the PKIX recommendations of not including any qualifiers and just
+using only one OID then you just include the value of that OID. Multiple OIDs
+can be set separated by commas, for example:
+
+certificatePolicies= 1.2.4.5, 1.1.3.4
+
+If you wish to include qualifiers then the policy OID and qualifiers need to
+be specified in a separate section: this is done by using the @section syntax
+instead of a literal OID value.
+
+The section referred to must include the policy OID using the name
+policyIdentifier, cPSuri qualifiers can be included using the syntax:
+
+CPS.nnn=value
+
+userNotice qualifiers can be set using the syntax:
+
+userNotice.nnn=@notice
+
+The value of the userNotice qualifier is specified in the relevant section. This
+section can include explicitText, organization and noticeNumbers options.
+explicitText and organization are text strings, noticeNumbers is a comma
+separated list of numbers. The organization and noticeNumbers options (if
+included) must BOTH be present.
+
+Example:
+
+certificatePolicies=1.2.3.4,1.5.6.7.8,@polsect
+
+[polsect]
+
+policyIdentifier = 1.3.5.8
+CPS.1="http://my.host.name/"
+CPS.2="http://my.your.name/"
+userNotice.1=@notice
+
+[notice]
+
+explicitText="Explicit Text Here"
+organization="Organisation Name"
+noticeNumbers=1,2,3,4
+
Display only extensions.
Some extensions are only partially supported and currently are only displayed
projects / openssl.git / commitdiff