Initial support for Certificate Policies extension: print out works but setting
authorDr. Stephen Henson <steve@openssl.org>
Sun, 18 Apr 1999 23:21:03 +0000 (23:21 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 18 Apr 1999 23:21:03 +0000 (23:21 +0000)
isn't fully implemented (yet).

13 files changed:
CHANGES
apps/ca.c
apps/req.c
crypto/asn1/asn1.err
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/x509v3/Makefile.ssl
crypto/x509v3/v3_conf.c
crypto/x509v3/v3_cpols.c [new file with mode: 0644]
crypto/x509v3/v3_lib.c
crypto/x509v3/v3err.c
crypto/x509v3/x509v3.err
crypto/x509v3/x509v3.h

diff --git a/CHANGES b/CHANGES
index 597a6f3..a5c6aa0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Initial support for Certificate Policies extension: print works but
+     setting doesn't work fully (yet). Also various additions to support
+     the r2i method this extension will use.
+     [Steve Henson]
+
   *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
      return a const string when you are expecting an allocated buffer.
      [Ben Laurie]
index 4225158..4671880 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -712,7 +712,10 @@ bad:
                extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
                if(extensions) {
                        /* Check syntax of file */
-                       if(!X509V3_EXT_check_conf(conf, extensions)) {
+                       X509V3_CTX ctx;
+                       X509V3_set_ctx_test(&ctx);
+                       X509V3_set_conf_lhash(&ctx, conf);
+                       if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
                                BIO_printf(bio_err,
                                 "Error Loading extension section %s\n",
                                                                 extensions);
@@ -984,7 +987,10 @@ bad:
                crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
                if(crl_ext) {
                        /* Check syntax of file */
-                       if(!X509V3_EXT_check_conf(conf, crl_ext)) {
+                       X509V3_CTX ctx;
+                       X509V3_set_ctx_test(&ctx);
+                       X509V3_set_conf_lhash(&ctx, conf);
+                       if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
                                BIO_printf(bio_err,
                                 "Error Loading CRL extension section %s\n",
                                                                 crl_ext);
index 0cfed93..bb3a65a 100644 (file)
@@ -438,7 +438,10 @@ bad:
        extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
        if(extensions) {
                /* Check syntax of file */
-               if(!X509V3_EXT_check_conf(req_conf, extensions)) {
+               X509V3_CTX ctx;
+               X509V3_set_ctx_test(&ctx);
+               X509V3_set_conf_lhash(&ctx, req_conf);
+               if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
                        BIO_printf(bio_err,
                         "Error Loading extension section %s\n", extensions);
                        goto end;
index 62dbd71..e032270 100644 (file)
@@ -67,6 +67,7 @@
 #define ASN1_F_D2I_NETSCAPE_RSA_2                       142
 #define ASN1_F_D2I_NETSCAPE_SPKAC                       143
 #define ASN1_F_D2I_NETSCAPE_SPKI                        144
+#define ASN1_F_D2I_NOTICEREF                            268
 #define ASN1_F_D2I_PBE2PARAM                            262
 #define ASN1_F_D2I_PBEPARAM                             249
 #define ASN1_F_D2I_PBKDF2PARAM                          263
 #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE                  154
 #define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO                  250
 #define ASN1_F_D2I_PKEY_USAGE_PERIOD                    239
+#define ASN1_F_D2I_POLICYINFO                           269
+#define ASN1_F_D2I_POLICYQUALINFO                       270
 #define ASN1_F_D2I_PRIVATEKEY                           155
 #define ASN1_F_D2I_PUBLICKEY                            156
 #define ASN1_F_D2I_RSAPRIVATEKEY                        157
 #define ASN1_F_D2I_RSAPUBLICKEY                                 158
 #define ASN1_F_D2I_SXNET                                241
 #define ASN1_F_D2I_SXNETID                              243
+#define ASN1_F_D2I_USERNOTICE                           271
 #define ASN1_F_D2I_X509                                         159
 #define ASN1_F_D2I_X509_ALGOR                           160
 #define ASN1_F_D2I_X509_ATTRIBUTE                       161
 #define ASN1_F_NETSCAPE_PKEY_NEW                        189
 #define ASN1_F_NETSCAPE_SPKAC_NEW                       190
 #define ASN1_F_NETSCAPE_SPKI_NEW                        191
+#define ASN1_F_NOTICEREF_NEW                            272
 #define ASN1_F_PBE2PARAM_NEW                            264
 #define ASN1_F_PBEPARAM_NEW                             251
 #define ASN1_F_PBKDF2PARAM_NEW                          265
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW                  201
 #define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW                  252
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW                    240
+#define ASN1_F_POLICYINFO_NEW                           273
+#define ASN1_F_POLICYQUALINFO_NEW                       274
 #define ASN1_F_SXNETID_NEW                              244
 #define ASN1_F_SXNET_NEW                                242
+#define ASN1_F_USERNOTICE_NEW                           275
 #define ASN1_F_X509_ALGOR_NEW                           202
 #define ASN1_F_X509_ATTRIBUTE_NEW                       203
 #define ASN1_F_X509_CINF_NEW                            204
index 3dc6eda..04174cd 100644 (file)
@@ -874,6 +874,7 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_D2I_NETSCAPE_RSA_2                       142
 #define ASN1_F_D2I_NETSCAPE_SPKAC                       143
 #define ASN1_F_D2I_NETSCAPE_SPKI                        144
+#define ASN1_F_D2I_NOTICEREF                            268
 #define ASN1_F_D2I_PBE2PARAM                            262
 #define ASN1_F_D2I_PBEPARAM                             249
 #define ASN1_F_D2I_PBKDF2PARAM                          263
@@ -893,12 +894,15 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE                  154
 #define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO                  250
 #define ASN1_F_D2I_PKEY_USAGE_PERIOD                    239
+#define ASN1_F_D2I_POLICYINFO                           269
+#define ASN1_F_D2I_POLICYQUALINFO                       270
 #define ASN1_F_D2I_PRIVATEKEY                           155
 #define ASN1_F_D2I_PUBLICKEY                            156
 #define ASN1_F_D2I_RSAPRIVATEKEY                        157
 #define ASN1_F_D2I_RSAPUBLICKEY                                 158
 #define ASN1_F_D2I_SXNET                                241
 #define ASN1_F_D2I_SXNETID                              243
+#define ASN1_F_D2I_USERNOTICE                           271
 #define ASN1_F_D2I_X509                                         159
 #define ASN1_F_D2I_X509_ALGOR                           160
 #define ASN1_F_D2I_X509_ATTRIBUTE                       161
@@ -935,6 +939,7 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_NETSCAPE_PKEY_NEW                        189
 #define ASN1_F_NETSCAPE_SPKAC_NEW                       190
 #define ASN1_F_NETSCAPE_SPKI_NEW                        191
+#define ASN1_F_NOTICEREF_NEW                            272
 #define ASN1_F_PBE2PARAM_NEW                            264
 #define ASN1_F_PBEPARAM_NEW                             251
 #define ASN1_F_PBKDF2PARAM_NEW                          265
@@ -954,8 +959,11 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW                  201
 #define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW                  252
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW                    240
+#define ASN1_F_POLICYINFO_NEW                           273
+#define ASN1_F_POLICYQUALINFO_NEW                       274
 #define ASN1_F_SXNETID_NEW                              244
 #define ASN1_F_SXNET_NEW                                242
+#define ASN1_F_USERNOTICE_NEW                           275
 #define ASN1_F_X509_ALGOR_NEW                           202
 #define ASN1_F_X509_ATTRIBUTE_NEW                       203
 #define ASN1_F_X509_CINF_NEW                            204
index 682e702..c5a898f 100644 (file)
@@ -129,6 +129,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),      "D2I_NETSCAPE_RSA_2"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),      "D2I_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),       "D2I_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),   "D2I_NOTICEREF"},
 {ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),   "D2I_PBE2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),    "D2I_PBEPARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0), "D2I_PBKDF2PARAM"},
@@ -148,12 +149,15 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0), "D2I_PKCS7_SIGN_ENVELOPE"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0), "D2I_PKCS8_PRIV_KEY_INFO"},
 {ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),   "D2I_PKEY_USAGE_PERIOD"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0),  "D2I_POLICYINFO"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0),      "D2I_POLICYQUALINFO"},
 {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),  "D2I_PRIVATEKEY"},
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),   "D2I_PUBLICKEY"},
 {ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),       "D2I_RSAPRIVATEKEY"},
 {ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),        "D2I_RSAPUBLICKEY"},
 {ERR_PACK(0,ASN1_F_D2I_SXNET,0),       "D2I_SXNET"},
 {ERR_PACK(0,ASN1_F_D2I_SXNETID,0),     "D2I_SXNETID"},
+{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0),  "D2I_USERNOTICE"},
 {ERR_PACK(0,ASN1_F_D2I_X509,0),        "D2I_X509"},
 {ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),  "D2I_X509_ALGOR"},
 {ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),      "D2I_X509_ATTRIBUTE"},
@@ -190,6 +194,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),       "NETSCAPE_PKEY_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),      "NETSCAPE_SPKAC_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),       "NETSCAPE_SPKI_NEW"},
+{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),   "NOTICEREF_NEW"},
 {ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),   "PBE2PARAM_NEW"},
 {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),    "PBEPARAM_NEW"},
 {ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0), "PBKDF2PARAM_NEW"},
@@ -209,8 +214,11 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0), "PKCS8_PRIV_KEY_INFO_NEW"},
 {ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),   "PKEY_USAGE_PERIOD_NEW"},
+{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0),  "POLICYINFO_NEW"},
+{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0),      "POLICYQUALINFO_NEW"},
 {ERR_PACK(0,ASN1_F_SXNETID_NEW,0),     "SXNETID_NEW"},
 {ERR_PACK(0,ASN1_F_SXNET_NEW,0),       "SXNET_NEW"},
+{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0),  "USERNOTICE_NEW"},
 {ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),  "X509_ALGOR_NEW"},
 {ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),      "X509_ATTRIBUTE_NEW"},
 {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),   "X509_CINF_NEW"},
index ac8690b..4ab659e 100644 (file)
@@ -24,10 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=        v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
 v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c v3_int.c v3_enum.c v3_sxnet.c
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
 v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o v3_sxnet.o
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o
 
 SRC= $(LIBSRC)
 
index 0427a30..54ee2a5 100644 (file)
@@ -149,6 +149,12 @@ char *value;       /* Value */
                if(!ext_struc) return NULL;
        } else if(method->s2i) {
                if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+       } else if(method->r2i) {
+               if(!ctx->db) {
+                       X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
+                       return NULL;
+               }
+               if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
        } else {
                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
                ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
@@ -287,15 +293,6 @@ X509_CRL *crl;
        return 1;
 }
 
-/* Just check syntax of config file as far as possible */
-int X509V3_EXT_check_conf(conf, section)
-LHASH *conf;
-char *section;
-{
-       static X509V3_CTX ctx_tst = { CTX_TEST, NULL, NULL, NULL, NULL };
-       return X509V3_EXT_add_conf(conf, &ctx_tst, section, NULL);
-}
-
 /* Config database functions */
 
 char * X509V3_get_string(ctx, name, section)
@@ -317,18 +314,20 @@ char *section;
        return NULL;
 }
 
-void X509V3_free_string(ctx, str)
+void X509V3_string_free(ctx, str)
 X509V3_CTX *ctx;
 char *str;
 {
+       if(!str) return;
        if(ctx->db_meth->free_string)
                        return ctx->db_meth->free_string(ctx->db, str);
 }
 
-void X509V3_free_section(ctx, section)
+void X509V3_section_free(ctx, section)
 X509V3_CTX *ctx;
 STACK *section;
 {
+       if(!section) return;
        if(ctx->db_meth->free_section)
                        return ctx->db_meth->free_section(ctx->db, section);
 }
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
new file mode 100644 (file)
index 0000000..c934004
--- /dev/null
@@ -0,0 +1,544 @@
+/* v3_cpols.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "conf.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+#include "x509v3.h"
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs);
+
+X509V3_EXT_METHOD v3_cpols = {
+NID_certificate_policies, 0,
+(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
+CERTIFICATEPOLICIES_free,
+(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
+i2d_CERTIFICATEPOLICIES,
+NULL, NULL,
+NULL, NULL,
+(X509V3_EXT_I2R)i2r_certpol,
+(X509V3_EXT_R2I)r2i_certpol,
+NULL
+};
+
+
+/*
+ * ASN1err(ASN1_F_POLICYINFO_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_POLICYINFO,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_POLICYQUALINFO_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_POLICYQUALINFO,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_USERNOTICE_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_USERNOTICE,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_NOTICEREF_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_NOTICEREF,ERR_R_MALLOC_FAILURE);
+ */
+
+static STACK_OF(POLICYINFO) *r2i_certpol(method, ctx, value)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+char *value;
+{
+       STACK_OF(POLICYINFO) *pols = NULL;
+       char *pstr;
+       POLICYINFO *pol;
+       ASN1_OBJECT *pobj;
+       STACK *vals;
+       CONF_VALUE *cnf;
+       int i;
+       pols = sk_POLICYINFO_new_null();
+       vals =  X509V3_parse_list(value);
+       for(i = 0; i < sk_num(vals); i++) {
+               cnf = (CONF_VALUE *)sk_value(vals, i);
+               if(cnf->value || !cnf->name ) {
+                       X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
+                       X509V3_conf_err(cnf);
+                       goto err;
+               }
+               pstr = cnf->name;
+               if(*pstr == '@') {
+                       STACK *polsect;
+                       polsect = X509V3_get_section(ctx, pstr + 1);
+                       if(!polsect) {
+                               X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
+
+                               X509V3_conf_err(cnf);
+                               goto err;
+                       }
+                       pol = policy_section(ctx, polsect);
+                       X509V3_section_free(ctx, polsect);
+                       if(!pol) goto err;
+               } else {
+                       if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+                               X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                               X509V3_conf_err(cnf);
+                               goto err;
+                       }
+                       pol = POLICYINFO_new();
+                       pol->policyid = pobj;
+               }
+               sk_POLICYINFO_push(pols, pol);
+       }
+       sk_pop_free(vals, X509V3_conf_free);
+       return pols;
+       err:
+       sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+       return NULL;
+}
+
+static POLICYINFO *policy_section(ctx, polstrs)
+X509V3_CTX *ctx;
+STACK *polstrs;
+{
+       int i;
+       CONF_VALUE *cnf;
+       for(i = 0; i < sk_num(polstrs); i++) {
+               cnf = (CONF_VALUE *)sk_value(polstrs, i);
+       }
+       return NULL;
+}
+
+
+static int i2r_certpol(method, pol, out, indent)
+X509V3_EXT_METHOD *method;
+STACK_OF(POLICYINFO) *pol;
+BIO *out;
+int indent;
+{
+       int i;
+       POLICYINFO *pinfo;
+       /* First print out the policy OIDs */
+       for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
+               pinfo = sk_POLICYINFO_value(pol, i);
+               BIO_printf(out, "%*sPolicy: ", indent, "");
+               i2a_ASN1_OBJECT(out, pinfo->policyid);
+               BIO_puts(out, "\n");
+               if(pinfo->qualifiers)
+                        print_qualifiers(out, pinfo->qualifiers, indent + 2);
+       }
+       return 1;
+}
+
+
+int i2d_CERTIFICATEPOLICIES(a, pp)
+STACK_OF(POLICYINFO) *a;
+unsigned char **pp;
+{
+
+return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
+                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
+
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new()
+{
+       return sk_POLICYINFO_new_null();
+}
+
+void CERTIFICATEPOLICIES_free(a)
+STACK_OF(POLICYINFO) *a;
+{
+       sk_POLICYINFO_pop_free(a, POLICYINFO_free);
+}
+
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(a,pp,length)
+STACK_OF(POLICYINFO) **a;
+unsigned char **pp;
+long length;
+{
+return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
+                         POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+
+}
+
+IMPLEMENT_STACK_OF(POLICYINFO)
+IMPLEMENT_ASN1_SET_OF(POLICYINFO)
+
+int i2d_POLICYINFO(a,pp)
+POLICYINFO *a;
+unsigned char **pp;
+{
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
+       M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
+                                                        i2d_POLICYQUALINFO);
+
+       M_ASN1_I2D_seq_total();
+
+       M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
+       M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
+                                                        i2d_POLICYQUALINFO);
+
+       M_ASN1_I2D_finish();
+}
+
+POLICYINFO *POLICYINFO_new()
+{
+       POLICYINFO *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, POLICYINFO);
+       ret->policyid = NULL;
+       ret->qualifiers = NULL;
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
+}
+
+POLICYINFO *d2i_POLICYINFO(a,pp,length)
+POLICYINFO **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
+       if(!M_ASN1_D2I_end_sequence()) {
+               M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
+                                d2i_POLICYQUALINFO, POLICYQUALINFO_free);
+       }
+       M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
+}
+
+void POLICYINFO_free(a)
+POLICYINFO *a;
+{
+       if (a == NULL) return;
+       ASN1_OBJECT_free(a->policyid);
+       sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
+       Free (a);
+}
+
+static void print_qualifiers(out, quals, indent)
+BIO *out;
+STACK_OF(POLICYQUALINFO) *quals;
+int indent;
+{
+       POLICYQUALINFO *qualinfo;
+       int i;
+       for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+               qualinfo = sk_POLICYQUALINFO_value(quals, i);
+               switch(OBJ_obj2nid(qualinfo->pqualid))
+               {
+                       case NID_id_qt_cps:
+                       BIO_printf(out, "%*sCPS: %s\n", indent, "",
+                                               qualinfo->d.cpsuri->data);
+                       break;
+               
+                       case NID_id_qt_unotice:
+                       BIO_printf(out, "%*sUser Notice:\n", indent, "");
+                       print_notice(out, qualinfo->d.usernotice, indent + 2);
+                       break;
+
+                       default:
+                       BIO_printf(out, "%*sUnknown Qualifier: ",
+                                                        indent + 2, "");
+                       
+                       i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+                       BIO_puts(out, "\n");
+                       break;
+               }
+       }
+}
+
+static void print_notice(out, notice, indent)
+BIO *out;
+USERNOTICE *notice;
+int indent;
+{
+       int i;
+       if(notice->noticeref) {
+               NOTICEREF *ref;
+               ref = notice->noticeref;
+               BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+                                                ref->organization->data);
+               BIO_printf(out, "%*sNumber%s: ", indent, "",
+                                (sk_num(ref->noticenos) > 1) ? "s" : "");
+               for(i = 0; i < sk_num(ref->noticenos); i++) {
+                       ASN1_INTEGER *num;
+                       char *tmp;
+                       num = (ASN1_INTEGER *)sk_value(ref->noticenos, i);
+                       if(i) BIO_puts(out, ", ");
+                       tmp = i2s_ASN1_INTEGER(NULL, num);
+                       BIO_puts(out, tmp);
+                       Free(tmp);
+               }
+               BIO_puts(out, "\n");
+       }
+       if(notice->exptext)
+               BIO_printf(out, "%*sNotice Reference: %s\n", indent, "",
+                                                        notice->exptext->data);
+}
+               
+       
+
+int i2d_POLICYQUALINFO(a,pp)
+POLICYQUALINFO *a;
+unsigned char **pp;
+{
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
+       switch(OBJ_obj2nid(a->pqualid)) {
+               case NID_id_qt_cps:
+               M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
+               break;
+
+               case NID_id_qt_unotice:
+               M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
+               break;
+
+               default:
+               M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
+               break;
+       }
+
+       M_ASN1_I2D_seq_total();
+
+       M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
+       switch(OBJ_obj2nid(a->pqualid)) {
+               case NID_id_qt_cps:
+               M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
+               break;
+
+               case NID_id_qt_unotice:
+               M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
+               break;
+
+               default:
+               M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
+               break;
+       }
+
+       M_ASN1_I2D_finish();
+}
+
+POLICYQUALINFO *POLICYQUALINFO_new()
+{
+       POLICYQUALINFO *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, POLICYQUALINFO);
+       ret->pqualid = NULL;
+       ret->d.other = NULL;
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
+}
+
+POLICYQUALINFO *d2i_POLICYQUALINFO(a,pp,length)
+POLICYQUALINFO **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
+       switch(OBJ_obj2nid(ret->pqualid)) {
+               case NID_id_qt_cps:
+               M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
+               break;
+
+               case NID_id_qt_unotice:
+               M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
+               break;
+
+               default:
+               M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
+               break;
+       }
+       M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
+}
+
+void POLICYQUALINFO_free(a)
+POLICYQUALINFO *a;
+{
+       if (a == NULL) return;
+       switch(OBJ_obj2nid(a->pqualid)) {
+               case NID_id_qt_cps:
+               ASN1_IA5STRING_free(a->d.cpsuri);
+               break;
+
+               case NID_id_qt_unotice:
+               USERNOTICE_free(a->d.usernotice);
+               break;
+
+               default:
+               ASN1_TYPE_free(a->d.other);
+               break;
+       }
+       
+       ASN1_OBJECT_free(a->pqualid);
+       Free (a);
+}
+
+int i2d_USERNOTICE(a,pp)
+USERNOTICE *a;
+unsigned char **pp;
+{
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
+       M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
+
+       M_ASN1_I2D_seq_total();
+
+       M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
+       M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
+
+       M_ASN1_I2D_finish();
+}
+
+USERNOTICE *USERNOTICE_new()
+{
+       USERNOTICE *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, USERNOTICE);
+       ret->noticeref = NULL;
+       ret->exptext = NULL;
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
+}
+
+USERNOTICE *d2i_USERNOTICE(a,pp,length)
+USERNOTICE **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
+       if (!M_ASN1_D2I_end_sequence()) {
+               M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
+       }
+       M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
+}
+
+void USERNOTICE_free(a)
+USERNOTICE *a;
+{
+       if (a == NULL) return;
+       NOTICEREF_free(a->noticeref);
+       DISPLAYTEXT_free(a->exptext);
+       Free (a);
+}
+
+int i2d_NOTICEREF(a,pp)
+NOTICEREF *a;
+unsigned char **pp;
+{
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
+       M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+
+       M_ASN1_I2D_seq_total();
+
+       M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
+       M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+
+       M_ASN1_I2D_finish();
+}
+
+NOTICEREF *NOTICEREF_new()
+{
+       NOTICEREF *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, NOTICEREF);
+       ret->organization = NULL;
+       ret->noticenos = NULL;
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
+}
+
+NOTICEREF *d2i_NOTICEREF(a,pp,length)
+NOTICEREF **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       /* This is to cope with some broken encodings that use IA5STRING for
+         * the organization field
+        */
+       M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
+                                                        V_ASN1_IA5STRING);
+       if(!ret->organization) {
+                M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
+       }
+       M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free);
+       M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
+}
+
+void NOTICEREF_free(a)
+NOTICEREF *a;
+{
+       if (a == NULL) return;
+       DISPLAYTEXT_free(a->organization);
+       sk_pop_free(a->noticenos, ASN1_STRING_free);
+       Free (a);
+}
+
+IMPLEMENT_STACK_OF(POLICYQUALINFO)
+IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
index f5dda42..e3686b6 100644 (file)
@@ -149,7 +149,7 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols;
 
 int X509V3_add_standard_extensions()
 {
@@ -165,6 +165,7 @@ int X509V3_add_standard_extensions()
        X509V3_EXT_add(&v3_crl_num);
        X509V3_EXT_add(&v3_sxnet);
        X509V3_EXT_add(&v3_crl_reason);
+       X509V3_EXT_add(&v3_cpols);
        return 1;
 }
 
index ac7ac48..4a8297c 100644 (file)
@@ -69,6 +69,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),   "i2s_ASN1_ENUMERATED"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),      "i2s_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0),   "R2I_CERTPOL"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),    "S2I_ASN1_IA5STRING"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0),      "s2i_ASN1_INTEGER"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
@@ -87,12 +88,12 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0),      "v2i_GENERAL_NAME"},
 {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0),     "v2i_GENERAL_NAMES"},
 {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0),  "V3_GENERIC_EXTENSION"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0),        "X509V3_EXT_add"},
 {ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),      "X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0),        "X509V3_EXT_add"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),  "X509V3_EXT_add_alias"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),       "X509V3_EXT_conf"},
-{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),     "X509V3_parse_list"},
 {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),     "X509V3_parse_list"},
 {0,NULL},
        };
 
@@ -117,8 +118,11 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_INVALID_NULL_NAME              ,"invalid null name"},
 {X509V3_R_INVALID_NULL_VALUE             ,"invalid null value"},
 {X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
+{X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
+{X509V3_R_INVALID_SECTION                ,"invalid section"},
 {X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
 {X509V3_R_MISSING_VALUE                  ,"missing value"},
+{X509V3_R_NO_CONFIG_DATABASE             ,"no config database"},
 {X509V3_R_NO_ISSUER_CERTIFICATE          ,"no issuer certificate"},
 {X509V3_R_NO_ISSUER_DETAILS              ,"no issuer details"},
 {X509V3_R_NO_PUBLIC_KEY                  ,"no public key"},
index 9358d44..2c02781 100644 (file)
@@ -7,6 +7,7 @@
 #define X509V3_F_HEX_TO_STRING                          111
 #define X509V3_F_I2S_ASN1_ENUMERATED                    121
 #define X509V3_F_I2S_ASN1_INTEGER                       120
+#define X509V3_F_R2I_CERTPOL                            130
 #define X509V3_F_S2I_ASN1_IA5STRING                     100
 #define X509V3_F_S2I_ASN1_INTEGER                       108
 #define X509V3_F_S2I_ASN1_OCTET_STRING                  112
 #define X509V3_F_V2I_GENERAL_NAME                       117
 #define X509V3_F_V2I_GENERAL_NAMES                      118
 #define X509V3_F_V3_GENERIC_EXTENSION                   116
-#define X509V3_F_X509V3_EXT_ADD                                 104
 #define X509V3_F_X509V3_ADD_VALUE                       105
+#define X509V3_F_X509V3_EXT_ADD                                 104
 #define X509V3_F_X509V3_EXT_ADD_ALIAS                   106
 #define X509V3_F_X509V3_EXT_CONF                        107
-#define X509V3_F_X509V3_PARSE_LIST                      109
 #define X509V3_F_X509V3_GET_VALUE_BOOL                  110
+#define X509V3_F_X509V3_PARSE_LIST                      109
 
 /* Reason codes. */
 #define X509V3_R_BAD_IP_ADDRESS                                 118
 #define X509V3_R_INVALID_NULL_NAME                      108
 #define X509V3_R_INVALID_NULL_VALUE                     109
 #define X509V3_R_INVALID_OBJECT_IDENTIFIER              110
+#define X509V3_R_INVALID_POLICY_IDENTIFIER              134
+#define X509V3_R_INVALID_SECTION                        135
 #define X509V3_R_ISSUER_DECODE_ERROR                    126
 #define X509V3_R_MISSING_VALUE                          124
+#define X509V3_R_NO_CONFIG_DATABASE                     136
 #define X509V3_R_NO_ISSUER_CERTIFICATE                  121
 #define X509V3_R_NO_ISSUER_DETAILS                      127
 #define X509V3_R_NO_PUBLIC_KEY                          114
index d44aad7..d636301 100644 (file)
@@ -203,7 +203,7 @@ typedef struct NOTICEREF_st {
 } NOTICEREF;
 
 typedef struct USERNOTICE_st {
-       NOTICEREF *notref;
+       NOTICEREF *noticeref;
        ASN1_STRING *exptext;
 } USERNOTICE;
 
@@ -217,10 +217,11 @@ typedef struct POLICYQUALINFO_st {
 } POLICYQUALINFO;
 
 DECLARE_STACK_OF(POLICYQUALINFO)
+DECLARE_ASN1_SET_OF(POLICYQUALINFO)
 
 typedef struct POLICYINFO_st {
        ASN1_OBJECT *policyid;
-       STACK_OF(POLICYQUALINFO) qualifiers;
+       STACK_OF(POLICYQUALINFO) *qualifiers;
 } POLICYINFO;
 
 DECLARE_STACK_OF(POLICYINFO);
@@ -229,6 +230,10 @@ DECLARE_ASN1_SET_OF(POLICYINFO);
 #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
 ",name:", val->name, ",value:", val->value);
 
+#define X509V3_set_ctx_test(ctx) \
+                       X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
+
 #define EXT_BITSTRING(nid, table) { nid, 0, \
                        (X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \
                        (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
@@ -308,6 +313,32 @@ STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length);
 void ext_ku_free(STACK *a);
 STACK *ext_ku_new(void);
 
+int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp);
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void);
+void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a);
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length);
+
+int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp);
+POLICYINFO *POLICYINFO_new(void);
+POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length);
+void POLICYINFO_free(POLICYINFO *a);
+
+int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp);
+POLICYQUALINFO *POLICYQUALINFO_new(void);
+POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
+                                                                long length);
+void POLICYQUALINFO_free(POLICYQUALINFO *a);
+
+int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp);
+USERNOTICE *USERNOTICE_new(void);
+USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length);
+void USERNOTICE_free(USERNOTICE *a);
+
+int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp);
+NOTICEREF *NOTICEREF_new(void);
+NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length);
+void NOTICEREF_free(NOTICEREF *a);
+
 #ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
 void X509V3_conf_free(CONF_VALUE *val);
@@ -315,7 +346,6 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, c
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-int X509V3_EXT_check_conf(LHASH *conf, char *section);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
@@ -323,8 +353,8 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
 
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
 STACK * X509V3_get_section(X509V3_CTX *ctx, char *section);
-void X509V3_free_string(X509V3_CTX *ctx, char *str);
-void X509V3_free_section( X509V3_CTX *ctx, STACK *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free( X509V3_CTX *ctx, STACK *section);
 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
                                 X509_REQ *req, X509_CRL *crl, int flags);
 
@@ -413,16 +443,40 @@ void X509V3_conf_free();
 X509_EXTENSION *X509V3_EXT_conf_nid();
 X509_EXTENSION *X509V3_EXT_conf();
 int X509V3_EXT_add_conf();
-int X509V3_EXT_check_conf();
 int X509V3_get_value_bool();
 int X509V3_get_value_int();
 void X509V3_set_conf_lhash();
 #endif
 
+int i2d_CERTIFICATEPOLICIES();
+STACK *CERTIFICATEPOLICIES_new();
+void CERTIFICATEPOLICIES_free();
+STACK *d2i_CERTIFICATEPOLICIES();
+
+int i2d_POLICYINFO();
+POLICYINFO *POLICYINFO_new();
+POLICYINFO *d2i_POLICYINFO();
+void POLICYINFO_free();
+
+int i2d_POLICYQUALINFO();
+POLICYQUALINFO *POLICYQUALINFO_new();
+POLICYQUALINFO *d2i_POLICYQUALINFO();
+void POLICYQUALINFO_free();
+
+int i2d_USERNOTICE();
+USERNOTICE *USERNOTICE_new();
+USERNOTICE *d2i_USERNOTICE();
+void USERNOTICE_free();
+
+int i2d_NOTICEREF();
+NOTICEREF *NOTICEREF_new();
+NOTICEREF *d2i_NOTICEREF();
+void NOTICEREF_free();
+
 char * X509V3_get_string();
 STACK * X509V3_get_section();
-void X509V3_free_string();
-void X509V3_free_section();
+void X509V3_string_free();
+void X509V3_section_free();
 void X509V3_set_ctx();
 
 int X509V3_add_value();
@@ -461,6 +515,7 @@ int X509V3_EXT_print_fp();
 #define X509V3_F_HEX_TO_STRING                          111
 #define X509V3_F_I2S_ASN1_ENUMERATED                    121
 #define X509V3_F_I2S_ASN1_INTEGER                       120
+#define X509V3_F_R2I_CERTPOL                            130
 #define X509V3_F_S2I_ASN1_IA5STRING                     100
 #define X509V3_F_S2I_ASN1_INTEGER                       108
 #define X509V3_F_S2I_ASN1_OCTET_STRING                  112
@@ -479,12 +534,12 @@ int X509V3_EXT_print_fp();
 #define X509V3_F_V2I_GENERAL_NAME                       117
 #define X509V3_F_V2I_GENERAL_NAMES                      118
 #define X509V3_F_V3_GENERIC_EXTENSION                   116
-#define X509V3_F_X509V3_EXT_ADD                                 104
 #define X509V3_F_X509V3_ADD_VALUE                       105
+#define X509V3_F_X509V3_EXT_ADD                                 104
 #define X509V3_F_X509V3_EXT_ADD_ALIAS                   106
 #define X509V3_F_X509V3_EXT_CONF                        107
-#define X509V3_F_X509V3_PARSE_LIST                      109
 #define X509V3_F_X509V3_GET_VALUE_BOOL                  110
+#define X509V3_F_X509V3_PARSE_LIST                      109
 
 /* Reason codes. */
 #define X509V3_R_BAD_IP_ADDRESS                                 118
@@ -506,8 +561,11 @@ int X509V3_EXT_print_fp();
 #define X509V3_R_INVALID_NULL_NAME                      108
 #define X509V3_R_INVALID_NULL_VALUE                     109
 #define X509V3_R_INVALID_OBJECT_IDENTIFIER              110
+#define X509V3_R_INVALID_POLICY_IDENTIFIER              134
+#define X509V3_R_INVALID_SECTION                        135
 #define X509V3_R_ISSUER_DECODE_ERROR                    126
 #define X509V3_R_MISSING_VALUE                          124
+#define X509V3_R_NO_CONFIG_DATABASE                     136
 #define X509V3_R_NO_ISSUER_CERTIFICATE                  121
 #define X509V3_R_NO_ISSUER_DETAILS                      127
 #define X509V3_R_NO_PUBLIC_KEY                          114