diff options
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | lib/pkix.asn | 11 | ||||
-rw-r--r-- | lib/pkix_asn1_tab.c | 20 | ||||
-rw-r--r-- | lib/x509/common.c | 2 | ||||
-rw-r--r-- | lib/x509/dn.c | 1 | ||||
-rw-r--r-- | src/certtool.c | 26 |
6 files changed, 48 insertions, 13 deletions
@@ -6,6 +6,7 @@ Version 1.1.4 - Changed handshake behaviour to send the lowest TLS version when an unsupported version was advertized. The current behaviour is to send the maximum version we support. +- Corrected problem printing the DC attributes in a DN. Version 1.1.3 (30/12/2003) - Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection diff --git a/lib/pkix.asn b/lib/pkix.asn index c43743b90b..2ec091e0fc 100644 --- a/lib/pkix.asn +++ b/lib/pkix.asn @@ -1206,4 +1206,15 @@ pkcs-7-EncryptedContent ::= OCTET STRING pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute +-- LDAP stuff +-- may not be correct + +id-at-ldap-DC AttributeType ::= { 0 9 2342 19200300 100 1 25 } + +ldap-DC ::= IA5String + +id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 } + +ldap-UID ::= IA5String + END diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c index d47aa460ae..159c0c64be 100644 --- a/lib/pkix_asn1_tab.c +++ b/lib/pkix_asn1_tab.c @@ -1071,8 +1071,26 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[]={ {0,4104,"0"}, {"pkcs-7-ContentEncryptionAlgorithmIdentifier",1073741826,"AlgorithmIdentifier"}, {"pkcs-7-EncryptedContent",1073741831,0}, - {"pkcs-7-UnprotectedAttributes",538968079,0}, + {"pkcs-7-UnprotectedAttributes",1612709903,0}, {"MAX",1074266122,"1"}, {0,2,"Attribute"}, + {"id-at-ldap-DC",1880096780,"AttributeType"}, + {0,1073741825,"0"}, + {0,1073741825,"9"}, + {0,1073741825,"2342"}, + {0,1073741825,"19200300"}, + {0,1073741825,"100"}, + {0,1073741825,"1"}, + {0,1,"25"}, + {"ldap-DC",1073741826,"IA5String"}, + {"id-at-ldap-UID",1880096780,"AttributeType"}, + {0,1073741825,"0"}, + {0,1073741825,"9"}, + {0,1073741825,"2342"}, + {0,1073741825,"19200300"}, + {0,1073741825,"100"}, + {0,1073741825,"1"}, + {0,1,"1"}, + {"ldap-UID",2,"IA5String"}, {0,0,0} }; diff --git a/lib/x509/common.c b/lib/x509/common.c index ebbdd11a24..adc7965b96 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -55,7 +55,7 @@ static const oid2string _oid2str[] = { {"2.5.4.20", "telephoneNumber", 0, 1}, {"0.9.2342.19200300.100.1.25", "DC", 0, 1}, - {"0.9.2342.19200300.100.1.1", "UID", 0, 1}, /* FIXME: CHOICE? */ + {"0.9.2342.19200300.100.1.1", "UID", 0, 1}, {"1.2.840.113549.1.9.1", "EMAIL", 0, 1}, {"1.2.840.113549.1.9.7", NULL, 1, 1}, diff --git a/lib/x509/dn.c b/lib/x509/dn.c index ae3af42c0e..3f0f34cba5 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -273,6 +273,7 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, len, string, &sizeof_string); + if (result < 0) { gnutls_assert(); _gnutls_x509_log diff --git a/src/certtool.c b/src/certtool.c index 1b11ea8ef7..8ef53683de 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -218,26 +218,26 @@ const char* msg; } -static void print_key_usage( unsigned int x) +static void print_key_usage( unsigned int x, FILE* out) { if (x&GNUTLS_KEY_DIGITAL_SIGNATURE) - fprintf(stderr,"\t\tDigital signature.\n"); + fprintf(out,"\t\tDigital signature.\n"); if (x&GNUTLS_KEY_NON_REPUDIATION) - fprintf(stderr,"\t\tNon repudiation.\n"); + fprintf(out,"\t\tNon repudiation.\n"); if (x&GNUTLS_KEY_KEY_ENCIPHERMENT) - fprintf(stderr,"\t\tKey encipherment.\n"); + fprintf(out,"\t\tKey encipherment.\n"); if (x&GNUTLS_KEY_DATA_ENCIPHERMENT) - fprintf(stderr,"\t\tData encipherment.\n"); + fprintf(out,"\t\tData encipherment.\n"); if (x&GNUTLS_KEY_KEY_AGREEMENT) - fprintf(stderr,"\t\tKey agreement.\n"); + fprintf(out,"\t\tKey agreement.\n"); if (x&GNUTLS_KEY_KEY_CERT_SIGN) - fprintf(stderr,"\t\tCertificate signing.\n"); + fprintf(out,"\t\tCertificate signing.\n"); if (x&GNUTLS_KEY_CRL_SIGN) - fprintf(stderr,"\t\tCRL signing.\n"); + fprintf(out,"\t\tCRL signing.\n"); if (x&GNUTLS_KEY_ENCIPHER_ONLY) - fprintf(stderr,"\t\tKey encipher only.\n"); + fprintf(out,"\t\tKey encipher only.\n"); if (x&GNUTLS_KEY_DECIPHER_ONLY) - fprintf(stderr,"\t\tKey decipher only.\n"); + fprintf(out,"\t\tKey decipher only.\n"); } static void print_private_key( gnutls_x509_privkey key) @@ -900,6 +900,8 @@ static void print_certificate_info( gnutls_x509_crt crt, FILE* out, unsigned int ret = gnutls_x509_crt_get_dn(crt, dn, &dn_size); if (ret >= 0) fprintf(out, "Subject: %s\n", dn); + else + fprintf(stderr, "get_issuer_dn: %s\n", gnutls_strerror(ret)); /* Issuer */ @@ -908,6 +910,8 @@ static void print_certificate_info( gnutls_x509_crt crt, FILE* out, unsigned int ret = gnutls_x509_crt_get_issuer_dn(crt, dn, &dn_size); if (ret >= 0) fprintf(out, "Issuer: %s\n", dn); + else + fprintf(stderr, "get_issuer_dn: %s\n", gnutls_strerror(ret)); /* signature algorithm @@ -1023,7 +1027,7 @@ static void print_certificate_info( gnutls_x509_crt crt, FILE* out, unsigned int if (ret >= 0) { fprintf(out, "\tKey usage: %s\n", critical?"(critical)":""); - print_key_usage(key_usage); + print_key_usage(key_usage, out); } /* Subject Key ID |