From: Dr. Stephen Henson Date: Wed, 27 Aug 2008 15:52:05 +0000 (+0000) Subject: Add support for freshest CRL extension. X-Git-Tag: OpenSSL_0_9_8k^2~269 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=249a77f5fb6407185e0a6ad44cd88eda2b6f8946 Add support for freshest CRL extension. --- diff --git a/CHANGES b/CHANGES index 15ad439990..654537ee3e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.8i and 0.9.9 [xx XXX xxxx] + *) Support for freshest CRL extension. + + This work was sponsored by Google. + [Steve Henson] + *) Initial indirect CRL support. Currently only supported in the CRLs passed directly and not via lookup. Process certificate issuer CRL entry extension and lookup CRL entries by bother issuer name diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 77f4522781..857b71a363 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 857 -#define NUM_SN 850 -#define NUM_LN 850 -#define NUM_OBJ 804 +#define NUM_NID 858 +#define NUM_SN 851 +#define NUM_LN 851 +#define NUM_OBJ 805 -static const unsigned char lvalues[5711]={ +static const unsigned char lvalues[5714]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -872,6 +872,7 @@ static const unsigned char lvalues[5711]={ 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */ +0x55,0x1D,0x2E, /* [5710] OBJ_freshest_crl */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2256,6 +2257,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"HMAC","hmac",NID_hmac,0,NULL,0}, {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, &(lvalues[5701]),0}, +{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3, + &(lvalues[5710]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2534,6 +2537,7 @@ static const unsigned int sn_objs[NUM_SN]={ 126, /* "extendedKeyUsage" */ 372, /* "extendedStatus" */ 462, /* "favouriteDrink" */ +857, /* "freshestCRL" */ 453, /* "friendlyCountry" */ 490, /* "friendlyCountryName" */ 156, /* "friendlyName" */ @@ -3230,6 +3234,7 @@ static const unsigned int ln_objs[NUM_LN]={ 89, /* "X509v3 Certificate Policies" */ 140, /* "X509v3 Delta CRL Indicator" */ 126, /* "X509v3 Extended Key Usage" */ +857, /* "X509v3 Freshest CRL" */ 748, /* "X509v3 Inhibit Any Policy" */ 86, /* "X509v3 Issuer Alternative Name" */ 770, /* "X509v3 Issuing Distrubution Point" */ @@ -4029,6 +4034,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 90, /* OBJ_authority_key_identifier 2 5 29 35 */ 401, /* OBJ_policy_constraints 2 5 29 36 */ 126, /* OBJ_ext_key_usage 2 5 29 37 */ +857, /* OBJ_freshest_crl 2 5 29 46 */ 748, /* OBJ_inhibit_any_policy 2 5 29 54 */ 402, /* OBJ_target_information 2 5 29 55 */ 403, /* OBJ_no_rev_avail 2 5 29 56 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 05fcbe7aa1..81d1dd711b 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2235,6 +2235,11 @@ #define NID_ext_key_usage 126 #define OBJ_ext_key_usage OBJ_id_ce,37L +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + #define SN_inhibit_any_policy "inhibitAnyPolicy" #define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" #define NID_inhibit_any_policy 748 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 53c9cb0d6a..29d490b1fd 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -854,3 +854,4 @@ id_GostR3411_94_with_GostR3410_2001_cc 853 id_GostR3410_2001_ParamSet_cc 854 hmac 855 LocalKeySet 856 +freshest_crl 857 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index e009702e55..5129ed9d27 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -726,6 +726,8 @@ id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier id-ce 36 : policyConstraints : X509v3 Policy Constraints !Cname ext-key-usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage +!Cname freshest-crl +id-ce 46 : freshestCRL : X509v3 Freshest CRL !Cname inhibit-any-policy id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy !Cname target-information diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index be3aaee99d..59837a44be 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -61,7 +61,7 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; -extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld; +extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; @@ -123,6 +123,7 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_inhibit_anyp, &v3_idp, &v3_alt[2], +&v3_freshest_crl, }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 4d06ea664e..001edec39a 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -79,6 +79,17 @@ const X509V3_EXT_METHOD v3_crld = NULL }; +const X509V3_EXT_METHOD v3_freshest_crl = + { + NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), + 0,0,0,0, + 0,0, + 0, + v2i_crld, + i2r_crldp,0, + NULL + }; + static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) { STACK_OF(CONF_VALUE) *gnsect;