Updates from 1.0.0-stable.

[openssl.git] / crypto / x509v3 / v3_pci.c

diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 42fb0d74df6d682290b05aec2768db77c6e7abab..601211f41691f75f34eb40c79d8c0c4fd083a136 100644 (file)
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -44,7 +44,7 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
        X509V3_CTX *ctx, char *str);
 
-X509V3_EXT_METHOD v3_pci =
+const X509V3_EXT_METHOD v3_pci =
        { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
          0,0,0,0,
          0,0,
@@ -82,13 +82,13 @@ static int process_pci_value(CONF_VALUE *val,
                {
                if (*language)
                        {
-                       X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
+                       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
                        X509V3_conf_err(val);
                        return 0;
                        }
                if (!(*language = OBJ_txt2obj(val->value, 0)))
                        {
-                       X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
                        X509V3_conf_err(val);
                        return 0;
                        }
@@ -97,13 +97,13 @@ static int process_pci_value(CONF_VALUE *val,
                {
                if (*pathlen)
                        {
-                       X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
+                       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
                        X509V3_conf_err(val);
                        return 0;
                        }
                if (!X509V3_get_value_int(val, pathlen))
                        {
-                       X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH);
+                       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
                        X509V3_conf_err(val);
                        return 0;
                        }
@@ -117,7 +117,7 @@ static int process_pci_value(CONF_VALUE *val,
                        *policy = ASN1_OCTET_STRING_new();
                        if (!*policy)
                                {
-                               X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
+                               X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
                                X509V3_conf_err(val);
                                return 0;
                                }
@@ -148,7 +148,7 @@ static int process_pci_value(CONF_VALUE *val,
                        BIO *b = BIO_new_file(val->value + 5, "r");
                        if (!b)
                                {
-                               X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
+                               X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
                                X509V3_conf_err(val);
                                goto err;
                                }
@@ -172,7 +172,7 @@ static int process_pci_value(CONF_VALUE *val,
 
                        if (n < 0)
                                {
-                               X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
+                               X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
                                X509V3_conf_err(val);
                                goto err;
                                }
@@ -193,13 +193,13 @@ static int process_pci_value(CONF_VALUE *val,
                        }
                else
                        {
-                       X509V3err(X509V3_F_R2I_PCI,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+                       X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
                        X509V3_conf_err(val);
                        goto err;
                        }
                if (!tmp_data)
                        {
-                       X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
+                       X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
                        X509V3_conf_err(val);
                        goto err;
                        }
@@ -273,15 +273,15 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
                X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
                goto err;
                }
-
-       pci = PROXY_CERT_INFO_EXTENSION_new();
-       if (!pci)
+       i = OBJ_obj2nid(language);
+       if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
                {
-               X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
+               X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
                goto err;
                }
-       pci->proxyPolicy = PROXY_POLICY_new();
-       if (!pci->proxyPolicy)
+
+       pci = PROXY_CERT_INFO_EXTENSION_new();
+       if (!pci)
                {
                X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
                goto err;
@@ -295,11 +295,6 @@ err:
        if (language) { ASN1_OBJECT_free(language); language = NULL; }
        if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
        if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
-       if (pci && pci->proxyPolicy)
-               {
-               PROXY_POLICY_free(pci->proxyPolicy);
-               pci->proxyPolicy = NULL;
-               }
        if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
 end:
        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);