Adds s2i function for ct_precert_poison X509 extension

Allows CONF files for certificate requests to specify that a pre-
certificate should be created (see RFC6962).

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
index ac37231a7b4ba50e37db3fdbce26baf13cdbc8d1..ed361dc7f153a2d35a4db11ded03efde0d2a0b28 100644 (file)
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -67,6 +67,11 @@ static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
     return OPENSSL_strdup("NULL");
 }
 
     return OPENSSL_strdup("NULL");
 }
 

+static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+   return ASN1_NULL_new();
+}
+

 static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
                  BIO *out, int indent)
 {
 static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
                  BIO *out, int indent)
 {


@@ -88,7 +93,7 @@ const X509V3_EXT_METHOD v3_ct_scts[] = {
     /* X509v3 extension to mark a certificate as a pre-certificate */
     { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
     NULL, NULL, NULL, NULL,
     /* X509v3 extension to mark a certificate as a pre-certificate */
     { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
     NULL, NULL, NULL, NULL,

-    i2s_poison, NULL,
+    i2s_poison, s2i_poison,

     NULL, NULL,
     NULL, NULL,
     NULL },
     NULL, NULL,
     NULL, NULL,
     NULL },