Adds s2i function for ct_precert_poison X509 extension
authorRob Percival <robpercival@google.com>
Mon, 21 Mar 2016 15:29:52 +0000 (15:29 +0000)
committerRich Salz <rsalz@openssl.org>
Mon, 21 Mar 2016 17:02:12 +0000 (13:02 -0400)
Allows CONF files for certificate requests to specify that a pre-
certificate should be created (see RFC6962).

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
crypto/ct/ct_x509v3.c

index ac37231..ed361dc 100644 (file)
@@ -67,6 +67,11 @@ static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
     return OPENSSL_strdup("NULL");
 }
 
+static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+   return ASN1_NULL_new();
+}
+
 static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
                  BIO *out, int indent)
 {
@@ -88,7 +93,7 @@ const X509V3_EXT_METHOD v3_ct_scts[] = {
     /* X509v3 extension to mark a certificate as a pre-certificate */
     { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
     NULL, NULL, NULL, NULL,
-    i2s_poison, NULL,
+    i2s_poison, s2i_poison,
     NULL, NULL,
     NULL, NULL,
     NULL },