v3_info.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c \
v3_pcia.c v3_pci.c v3_ist.c \
pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
- v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
+ v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c v3_no_rev_avail.c \
+ v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c
IF[{- !$disabled{'deprecated-3.0'} -}]
SOURCE[../../libcrypto]=x509type.c
extern const X509V3_EXT_METHOD ossl_v3_ext_admission;
extern const X509V3_EXT_METHOD ossl_v3_utf8_list[1];
extern const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool;
+extern const X509V3_EXT_METHOD ossl_v3_group_ac;
+extern const X509V3_EXT_METHOD ossl_v3_soa_identifier;
+extern const X509V3_EXT_METHOD ossl_v3_no_assertion;
+extern const X509V3_EXT_METHOD ossl_v3_no_rev_avail;
+extern const X509V3_EXT_METHOD ossl_v3_single_use;
+extern const X509V3_EXT_METHOD ossl_v3_indirect_issuer;
#endif
&ossl_v3_sinfo,
&ossl_v3_policy_constraints,
+ &ossl_v3_no_rev_avail,
#ifndef OPENSSL_NO_OCSP
&ossl_v3_crl_hold,
#endif
&ossl_v3_utf8_list[0],
&ossl_v3_issuer_sign_tool,
&ossl_v3_tls_feature,
- &ossl_v3_ext_admission
+ &ossl_v3_ext_admission,
+ &ossl_v3_soa_identifier,
+ &ossl_v3_indirect_issuer,
+ &ossl_v3_no_assertion,
+ &ossl_v3_single_use,
+ &ossl_v3_group_ac
};
/* Number of standard extensions */
--- /dev/null
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_GROUP_AC(X509V3_EXT_METHOD *method,
+ void *su, BIO *out,
+ int indent)
+{
+ return 1;
+}
+
+static void *r2i_GROUP_AC(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *value)
+{
+ return ASN1_NULL_new();
+}
+
+static char *i2s_GROUP_AC(const X509V3_EXT_METHOD *method, void *val)
+{
+ return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_GROUP_AC(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+ return ASN1_NULL_new();
+}
+
+/*
+ * The groupAC X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.1.2.6. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_group_ac = {
+ NID_group_ac, 0, ASN1_ITEM_ref(ASN1_NULL),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_GROUP_AC,
+ (X509V3_EXT_S2I)s2i_GROUP_AC,
+ 0, 0,
+ (X509V3_EXT_I2R)i2r_GROUP_AC,
+ (X509V3_EXT_R2I)r2i_GROUP_AC,
+ NULL
+};
--- /dev/null
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_INDIRECT_ISSUER(X509V3_EXT_METHOD *method,
+ void *su, BIO *out,
+ int indent)
+{
+ return 1;
+}
+
+static void *r2i_INDIRECT_ISSUER(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *value)
+{
+ return ASN1_NULL_new();
+}
+
+static char *i2s_INDIRECT_ISSUER(const X509V3_EXT_METHOD *method, void *val)
+{
+ return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_INDIRECT_ISSUER(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+ return ASN1_NULL_new();
+}
+
+/*
+ * The indirectIssuer X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.5.2.5. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_indirect_issuer = {
+ NID_indirect_issuer, 0, ASN1_ITEM_ref(ASN1_NULL),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_INDIRECT_ISSUER,
+ (X509V3_EXT_S2I)s2i_INDIRECT_ISSUER,
+ 0, 0,
+ (X509V3_EXT_I2R)i2r_INDIRECT_ISSUER,
+ (X509V3_EXT_R2I)r2i_INDIRECT_ISSUER,
+ NULL
+};
--- /dev/null
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_NO_ASSERTION(X509V3_EXT_METHOD *method,
+ void *su, BIO *out,
+ int indent)
+{
+ return 1;
+}
+
+static void *r2i_NO_ASSERTION(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *value)
+{
+ return ASN1_NULL_new();
+}
+
+static char *i2s_NO_ASSERTION(const X509V3_EXT_METHOD *method, void *val)
+{
+ return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_NO_ASSERTION(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+ return ASN1_NULL_new();
+}
+
+/*
+ * The noAssertion X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.5.2.7. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_no_assertion = {
+ NID_no_assertion, 0, ASN1_ITEM_ref(ASN1_NULL),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_NO_ASSERTION,
+ (X509V3_EXT_S2I)s2i_NO_ASSERTION,
+ 0, 0,
+ (X509V3_EXT_I2R)i2r_NO_ASSERTION,
+ (X509V3_EXT_R2I)r2i_NO_ASSERTION,
+ NULL
+};
--- /dev/null
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_NO_REV_AVAIL(X509V3_EXT_METHOD *method,
+ void *su, BIO *out,
+ int indent)
+{
+ return 1;
+}
+
+static void *r2i_NO_REV_AVAIL(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *value)
+{
+ return ASN1_NULL_new();
+}
+
+static char *i2s_NO_REV_AVAIL(const X509V3_EXT_METHOD *method, void *val)
+{
+ return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_NO_REV_AVAIL(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+ return ASN1_NULL_new();
+}
+
+/*
+ * The noRevAvail X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.2.2.7. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_no_rev_avail = {
+ NID_no_rev_avail, 0, ASN1_ITEM_ref(ASN1_NULL),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_NO_REV_AVAIL,
+ (X509V3_EXT_S2I)s2i_NO_REV_AVAIL,
+ 0, 0,
+ (X509V3_EXT_I2R)i2r_NO_REV_AVAIL,
+ (X509V3_EXT_R2I)r2i_NO_REV_AVAIL,
+ NULL
+};
--- /dev/null
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_SINGLE_USE(X509V3_EXT_METHOD *method,
+ void *su, BIO *out,
+ int indent)
+{
+ return 1;
+}
+
+static void *r2i_SINGLE_USE(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *value)
+{
+ return ASN1_NULL_new();
+}
+
+static char *i2s_SINGLE_USE(const X509V3_EXT_METHOD *method, void *val)
+{
+ return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_SINGLE_USE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+ return ASN1_NULL_new();
+}
+
+/*
+ * The singleUse X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.1.2.5. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_single_use = {
+ NID_single_use, 0, ASN1_ITEM_ref(ASN1_NULL),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_SINGLE_USE,
+ (X509V3_EXT_S2I)s2i_SINGLE_USE,
+ 0, 0,
+ (X509V3_EXT_I2R)i2r_SINGLE_USE,
+ (X509V3_EXT_R2I)r2i_SINGLE_USE,
+ NULL
+};
--- /dev/null
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_SOA_IDENTIFIER(X509V3_EXT_METHOD *method,
+ void *su, BIO *out,
+ int indent)
+{
+ return 1;
+}
+
+static void *r2i_SOA_IDENTIFIER(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *value)
+{
+ return ASN1_NULL_new();
+}
+
+static char *i2s_SOA_IDENTIFIER(const X509V3_EXT_METHOD *method, void *val)
+{
+ return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_SOA_IDENTIFIER(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+ return ASN1_NULL_new();
+}
+
+/*
+ * The sOAIdentifier X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.3.2.1.1. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_soa_identifier = {
+ NID_soa_identifier, 0, ASN1_ITEM_ref(ASN1_NULL),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_SOA_IDENTIFIER,
+ (X509V3_EXT_S2I)s2i_SOA_IDENTIFIER,
+ 0, 0,
+ (X509V3_EXT_I2R)i2r_SOA_IDENTIFIER,
+ (X509V3_EXT_R2I)r2i_SOA_IDENTIFIER,
+ NULL
+};
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBhjCCAXKgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMDA1
+MzE3WhgPMjAyMTA4MzAwMDUzMTdaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHUIEAgUAMAsGCSqG
+SIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBhjCCAXKgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy
+NzM4WhgPMjAyMTA4MzEwMjI3MzhaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHT0EAgUAMAsGCSqG
+SIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBhjCCAXKgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMDA1
+NDMyWhgPMjAyMTA4MzAwMDU0MzJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHT4EAgUAMAsGCSqG
+SIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBiTCCAXWgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwOTE1MDAw
+OTM1WhgPMjAyMTA5MTUwMDA5MzVaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxAwDjAMBgNVHTgBAf8EAgUAMAsG
+CSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBhjCCAXKgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMDA1
+NDA4WhgPMjAyMTA4MzAwMDU0MDhaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHTIEAgUAMAsGCSqG
+SIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBrzCCAZmgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMzA3MDExMzA4MDRaGA8yMDIzMDcwMTEzMDgwNFowETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHUEEAgUAMA0GCSqGSIb3DQEBBQUA
+AwEA
+-----END CERTIFICATE-----
setup("test_x509");
-plan tests => 37;
+plan tests => 43;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
"2.16.528.1.1003.1.3.5.5.2-1-0000006666-Z-12345678-01.015-12345678",
1, 'x500 -- subjectAltName');
+cert_contains(srctop_file(@certs, "ext-noAssertion.pem"),
+ "No Assertion",
+ 1, 'X.509 Not Assertion Extension');
+
+cert_contains(srctop_file(@certs, "ext-groupAC.pem"),
+ "Group Attribute Certificate",
+ 1, 'X.509 Group Attribute Certificate Extension');
+
+cert_contains(srctop_file(@certs, "ext-sOAIdentifier.pem"),
+ "Source of Authority",
+ 1, 'X.509 Source of Authority Extension');
+
+cert_contains(srctop_file(@certs, "ext-noRevAvail.pem"),
+ "No Revocation Available",
+ 1, 'X.509 No Revocation Available');
+
+cert_contains(srctop_file(@certs, "ext-singleUse.pem"),
+ "Single Use",
+ 1, 'X509v3 Single Use');
+
+cert_contains(srctop_file(@certs, "ext-indirectIssuer.pem"),
+ "Indirect Issuer",
+ 1, 'X.509 Indirect Issuer');
+
sub test_errors { # actually tests diagnostics of OSSL_STORE
my ($expected, $cert, @opts) = @_;
my $infile = srctop_file(@certs, $cert);