Fix for #2730. Add CRLDP extension to list of supported extensions

[openssl.git] / crypto / x509v3 / v3_purp.c

diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 0820a2a5d38977b21002fa21fb7b68b58d1b709e..fa5c425ffc48a1a93d298402c5e31a8c40a3b6a8 100644 (file)
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -277,6 +277,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
         NID_subject_alt_name,   /* 85 */
         NID_basic_constraints,  /* 87 */
         NID_certificate_policies, /* 89 */
+        NID_crl_distribution_points, /* 103 */
         NID_ext_key_usage,      /* 126 */
 #ifndef OPENSSL_NO_RFC3779
         NID_sbgp_ipAddrBlock,   /* 290 */
@@ -533,6 +534,11 @@ void X509_set_proxy_flag(X509 *x)
     x->ex_flags |= EXFLAG_PROXY;
 }
 
+void X509_set_proxy_pathlen(X509 *x, long l)
+{
+    x->ex_pcpathlen = l;
+}
+
 int X509_check_ca(X509 *x)
 {
     if (!(x->ex_flags & EXFLAG_SET)) {
@@ -720,7 +726,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
         return 0;
 
     /* Extended Key Usage MUST be critical */
-    i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
+    i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
     if (i_ext >= 0) {
         X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
         if (!X509_EXTENSION_get_critical(ext))
@@ -849,3 +855,12 @@ long X509_get_pathlen(X509 *x)
         return -1;
     return x->ex_pathlen;
 }
+
+long X509_get_proxy_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_PROXY) == 0)
+        return -1;
+    return x->ex_pcpathlen;
+}