aboutsummaryrefslogtreecommitdiff
path: root/crypto/heimdal/lib/hx509/print.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/hx509/print.c')
-rw-r--r--crypto/heimdal/lib/hx509/print.c273
1 files changed, 161 insertions, 112 deletions
diff --git a/crypto/heimdal/lib/hx509/print.c b/crypto/heimdal/lib/hx509/print.c
index 78ebbafb2f67..1e8bcabfa7e9 100644
--- a/crypto/heimdal/lib/hx509/print.c
+++ b/crypto/heimdal/lib/hx509/print.c
@@ -1,38 +1,37 @@
/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "hx_locl.h"
-RCSID("$Id: print.c 22420 2008-01-13 09:42:35Z lha $");
/**
* @page page_print Hx509 printing functions
@@ -114,7 +113,7 @@ print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...)
/**
* Print a oid to a string.
- *
+ *
* @param oid oid to print
* @param str allocated string, free with hx509_xfree().
*
@@ -132,7 +131,7 @@ hx509_oid_sprint(const heim_oid *oid, char **str)
/**
* Print a oid using a hx509_vprint_func function. To print to stdout
* use hx509_print_stdout().
- *
+ *
* @param oid oid to print
* @param func hx509_vprint_func to print with.
* @param ctx context variable to hx509_vprint_func function.
@@ -152,7 +151,7 @@ hx509_oid_print(const heim_oid *oid, hx509_vprint_func func, void *ctx)
/**
* Print a bitstring using a hx509_vprint_func function. To print to
* stdout use hx509_print_stdout().
- *
+ *
* @param b bit string to print.
* @param func hx509_vprint_func to print with.
* @param ctx context variable to hx509_vprint_func function.
@@ -164,11 +163,11 @@ void
hx509_bitstring_print(const heim_bit_string *b,
hx509_vprint_func func, void *ctx)
{
- int i;
+ size_t i;
print_func(func, ctx, "\tlength: %d\n\t", b->length);
for (i = 0; i < (b->length + 7) / 8; i++)
print_func(func, ctx, "%02x%s%s",
- ((unsigned char *)b->data)[i],
+ ((unsigned char *)b->data)[i],
i < (b->length - 7) / 8
&& (i == 0 || (i % 16) != 15) ? ":" : "",
i != 0 && (i % 16) == 15 ?
@@ -177,7 +176,7 @@ hx509_bitstring_print(const heim_bit_string *b,
/**
* Print certificate usage for a certificate to a string.
- *
+ *
* @param context A hx509 context.
* @param c a certificate print the keyusage for.
* @param s the return string with the keysage printed in to, free
@@ -234,7 +233,7 @@ validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...)
va_end(va);
}
-/*
+/*
* Dont Care, SHOULD critical, SHOULD NOT critical, MUST critical,
* MUST NOT critical
*/
@@ -275,7 +274,7 @@ check_Null(hx509_validate_ctx ctx,
}
static int
-check_subjectKeyIdentifier(hx509_validate_ctx ctx,
+check_subjectKeyIdentifier(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
@@ -287,7 +286,7 @@ check_subjectKeyIdentifier(hx509_validate_ctx ctx,
status->haveSKI = 1;
check_Null(ctx, status, cf, e);
- ret = decode_SubjectKeyIdentifier(e->extnValue.data,
+ ret = decode_SubjectKeyIdentifier(e->extnValue.data,
e->extnValue.length,
&si, &size);
if (ret) {
@@ -323,7 +322,7 @@ check_subjectKeyIdentifier(hx509_validate_ctx ctx,
}
static int
-check_authorityKeyIdentifier(hx509_validate_ctx ctx,
+check_authorityKeyIdentifier(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
@@ -335,10 +334,7 @@ check_authorityKeyIdentifier(hx509_validate_ctx ctx,
status->haveAKI = 1;
check_Null(ctx, status, cf, e);
- status->haveSKI = 1;
- check_Null(ctx, status, cf, e);
-
- ret = decode_AuthorityKeyIdentifier(e->extnValue.data,
+ ret = decode_AuthorityKeyIdentifier(e->extnValue.data,
e->extnValue.length,
&ai, &size);
if (ret) {
@@ -365,6 +361,56 @@ check_authorityKeyIdentifier(hx509_validate_ctx ctx,
return 0;
}
+static int
+check_extKeyUsage(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ ExtKeyUsage eku;
+ size_t size, i;
+ int ret;
+
+ check_Null(ctx, status, cf, e);
+
+ ret = decode_ExtKeyUsage(e->extnValue.data,
+ e->extnValue.length,
+ &eku, &size);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding ExtKeyUsage failed: %d", ret);
+ return 1;
+ }
+ if (size != e->extnValue.length) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Padding data in EKU");
+ free_ExtKeyUsage(&eku);
+ return 1;
+ }
+ if (eku.len == 0) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "ExtKeyUsage length is 0");
+ return 1;
+ }
+
+ for (i = 0; i < eku.len; i++) {
+ char *str;
+ ret = der_print_heim_oid (&eku.val[i], '.', &str);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "\tEKU: failed to print oid %d", i);
+ free_ExtKeyUsage(&eku);
+ return 1;
+ }
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\teku-%d: %s\n", i, str);;
+ free(str);
+ }
+
+ free_ExtKeyUsage(&eku);
+
+ return 0;
+}
static int
check_pkinit_san(hx509_validate_ctx ctx, heim_any *a)
@@ -389,7 +435,7 @@ check_pkinit_san(hx509_validate_ctx ctx, heim_any *a)
/* print kerberos principal, add code to quote / within components */
for (i = 0; i < kn.principalName.name_string.len; i++) {
- validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s",
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s",
kn.principalName.name_string.val[i]);
if (i + 1 < kn.principalName.name_string.len)
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "/");
@@ -428,18 +474,19 @@ check_altnull(hx509_validate_ctx ctx, heim_any *a)
}
static int
-check_CRLDistributionPoints(hx509_validate_ctx ctx,
+check_CRLDistributionPoints(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
{
CRLDistributionPoints dp;
size_t size;
- int ret, i;
+ int ret;
+ size_t i;
check_Null(ctx, status, cf, e);
- ret = decode_CRLDistributionPoints(e->extnValue.data,
+ ret = decode_CRLDistributionPoints(e->extnValue.data,
e->extnValue.length,
&dp, &size);
if (ret) {
@@ -453,12 +500,12 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
if (dp.val[i].distributionPoint) {
DistributionPointName dpname;
heim_any *data = dp.val[i].distributionPoint;
- int j;
-
+ size_t j;
+
ret = decode_DistributionPointName(data->data, data->length,
&dpname, NULL);
if (ret) {
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Failed to parse CRL Distribution Point Name: %d\n", ret);
continue;
}
@@ -466,7 +513,7 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
switch (dpname.element) {
case choice_DistributionPointName_fullName:
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Fullname:\n");
-
+
for (j = 0 ; j < dpname.u.fullName.len; j++) {
char *s;
GeneralName *name = &dpname.u.fullName.val[j];
@@ -500,14 +547,14 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
struct {
const char *name;
- const heim_oid *(*oid)(void);
+ const heim_oid *oid;
int (*func)(hx509_validate_ctx, heim_any *);
-} check_altname[] = {
- { "pk-init", oid_id_pkinit_san, check_pkinit_san },
- { "jabber", oid_id_pkix_on_xmppAddr, check_utf8_string_san },
- { "dns-srv", oid_id_pkix_on_dnsSRV, check_altnull },
- { "card-id", oid_id_uspkicommon_card_id, check_altnull },
- { "Microsoft NT-PRINCIPAL-NAME", oid_id_pkinit_ms_san, check_utf8_string_san }
+} altname_types[] = {
+ { "pk-init", &asn1_oid_id_pkinit_san, check_pkinit_san },
+ { "jabber", &asn1_oid_id_pkix_on_xmppAddr, check_utf8_string_san },
+ { "dns-srv", &asn1_oid_id_pkix_on_dnsSRV, check_altnull },
+ { "card-id", &asn1_oid_id_uspkicommon_card_id, check_altnull },
+ { "Microsoft NT-PRINCIPAL-NAME", &asn1_oid_id_pkinit_ms_san, check_utf8_string_san }
};
static int
@@ -519,7 +566,8 @@ check_altName(hx509_validate_ctx ctx,
{
GeneralNames gn;
size_t size;
- int ret, i;
+ int ret;
+ size_t i;
check_Null(ctx, status, cf, e);
@@ -532,7 +580,7 @@ check_altName(hx509_validate_ctx ctx,
&gn, &size);
if (ret) {
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
- "\tret = %d while decoding %s GeneralNames\n",
+ "\tret = %d while decoding %s GeneralNames\n",
ret, name);
return 1;
}
@@ -550,17 +598,17 @@ check_altName(hx509_validate_ctx ctx,
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"%sAltName otherName ", name);
- for (j = 0; j < sizeof(check_altname)/sizeof(check_altname[0]); j++) {
- if (der_heim_oid_cmp((*check_altname[j].oid)(),
+ for (j = 0; j < sizeof(altname_types)/sizeof(altname_types[0]); j++) {
+ if (der_heim_oid_cmp(altname_types[j].oid,
&gn.val[i].u.otherName.type_id) != 0)
continue;
-
- validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ",
- check_altname[j].name);
- (*check_altname[j].func)(ctx, &gn.val[i].u.otherName.value);
+
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ",
+ altname_types[j].name);
+ (*altname_types[j].func)(ctx, &gn.val[i].u.otherName.value);
break;
}
- if (j == sizeof(check_altname)/sizeof(check_altname[0])) {
+ if (j == sizeof(altname_types)/sizeof(altname_types[0])) {
hx509_oid_print(&gn.val[i].u.otherName.type_id,
validate_vprint, ctx);
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, " unknown");
@@ -610,9 +658,9 @@ check_issuerAltName(hx509_validate_ctx ctx,
static int
-check_basicConstraints(hx509_validate_ctx ctx,
+check_basicConstraints(hx509_validate_ctx ctx,
struct cert_status *status,
- enum critical_flag cf,
+ enum critical_flag cf,
const Extension *e)
{
BasicConstraints b;
@@ -620,7 +668,7 @@ check_basicConstraints(hx509_validate_ctx ctx,
int ret;
check_Null(ctx, status, cf, e);
-
+
ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length,
&b, &size);
if (ret) {
@@ -653,9 +701,9 @@ check_basicConstraints(hx509_validate_ctx ctx,
}
static int
-check_proxyCertInfo(hx509_validate_ctx ctx,
+check_proxyCertInfo(hx509_validate_ctx ctx,
struct cert_status *status,
- enum critical_flag cf,
+ enum critical_flag cf,
const Extension *e)
{
check_Null(ctx, status, cf, e);
@@ -664,18 +712,19 @@ check_proxyCertInfo(hx509_validate_ctx ctx,
}
static int
-check_authorityInfoAccess(hx509_validate_ctx ctx,
+check_authorityInfoAccess(hx509_validate_ctx ctx,
struct cert_status *status,
- enum critical_flag cf,
+ enum critical_flag cf,
const Extension *e)
{
AuthorityInfoAccessSyntax aia;
size_t size;
- int ret, i;
+ int ret;
+ size_t i;
check_Null(ctx, status, cf, e);
- ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data,
+ ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data,
e->extnValue.length,
&aia, &size);
if (ret) {
@@ -704,14 +753,14 @@ check_authorityInfoAccess(hx509_validate_ctx ctx,
struct {
const char *name;
- const heim_oid *(*oid)(void);
- int (*func)(hx509_validate_ctx ctx,
+ const heim_oid *oid;
+ int (*func)(hx509_validate_ctx ctx,
struct cert_status *status,
- enum critical_flag cf,
+ enum critical_flag cf,
const Extension *);
enum critical_flag cf;
} check_extension[] = {
-#define ext(name, checkname) #name, &oid_id_x509_ce_##name, check_##checkname
+#define ext(name, checkname) #name, &asn1_oid_id_x509_ce_##name, check_##checkname
{ ext(subjectDirectoryAttributes, Null), M_N_C },
{ ext(subjectKeyIdentifier, subjectKeyIdentifier), M_N_C },
{ ext(keyUsage, Null), S_C },
@@ -727,28 +776,28 @@ struct {
{ ext(certificateIssuer, Null), M_C },
{ ext(nameConstraints, Null), M_C },
{ ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C },
- { ext(certificatePolicies, Null) },
+ { ext(certificatePolicies, Null), 0 },
{ ext(policyMappings, Null), M_N_C },
{ ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C },
{ ext(policyConstraints, Null), D_C },
- { ext(extKeyUsage, Null), D_C },
+ { ext(extKeyUsage, extKeyUsage), D_C },
{ ext(freshestCRL, Null), M_N_C },
{ ext(inhibitAnyPolicy, Null), M_C },
#undef ext
-#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname
+#define ext(name, checkname) #name, &asn1_oid_id_pkix_pe_##name, check_##checkname
{ ext(proxyCertInfo, proxyCertInfo), M_C },
{ ext(authorityInfoAccess, authorityInfoAccess), M_C },
#undef ext
- { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim,
+ { "US Fed PKI - PIV Interim", &asn1_oid_id_uspkicommon_piv_interim,
check_Null, D_C },
- { "Netscape cert comment", oid_id_netscape_cert_comment,
+ { "Netscape cert comment", &asn1_oid_id_netscape_cert_comment,
check_Null, D_C },
- { NULL }
+ { NULL, NULL, NULL, 0 }
};
/**
* Allocate a hx509 validation/printing context.
- *
+ *
* @param context A hx509 context.
* @param ctx a new allocated hx509 validation context, free with
* hx509_validate_ctx_free().
@@ -770,7 +819,7 @@ hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
/**
* Set the printing functions for the validation context.
- *
+ *
* @param ctx a hx509 valication context.
* @param func the printing function to usea.
* @param c the context variable to the printing function.
@@ -781,7 +830,7 @@ hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
*/
void
-hx509_validate_ctx_set_print(hx509_validate_ctx ctx,
+hx509_validate_ctx_set_print(hx509_validate_ctx ctx,
hx509_vprint_func func,
void *c)
{
@@ -792,7 +841,7 @@ hx509_validate_ctx_set_print(hx509_validate_ctx ctx,
/**
* Add flags to control the behaivor of the hx509_validate_cert()
* function.
- *
+ *
* @param ctx A hx509 validation context.
* @param flags flags to add to the validation context.
*
@@ -809,7 +858,7 @@ hx509_validate_ctx_add_flags(hx509_validate_ctx ctx, int flags)
/**
* Free an hx509 validate context.
- *
+ *
* @param ctx the hx509 validate context to free.
*
* @ingroup hx509_print
@@ -823,7 +872,7 @@ hx509_validate_ctx_free(hx509_validate_ctx ctx)
/**
* Validate/Print the status of the certificate.
- *
+ *
* @param context A hx509 context.
* @param ctx A hx509 validation context.
* @param cert the cerificate to validate/print.
@@ -850,11 +899,11 @@ hx509_validate_cert(hx509_context context,
if (_hx509_cert_get_version(c) != 3)
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"Not version 3 certificate\n");
-
+
if ((t->version == NULL || *t->version < 2) && t->extensions)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Not version 3 certificate with extensions\n");
-
+
if (_hx509_cert_get_version(c) >= 3 && t->extensions == NULL)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Version 3 certificate without extensions\n");
@@ -890,7 +939,7 @@ hx509_validate_cert(hx509_context context,
free(str);
if (t->extensions) {
- int i, j;
+ size_t i, j;
if (t->extensions->len == 0) {
validate_print(ctx,
@@ -902,7 +951,7 @@ hx509_validate_cert(hx509_context context,
for (i = 0; i < t->extensions->len; i++) {
for (j = 0; check_extension[j].name; j++)
- if (der_heim_oid_cmp((*check_extension[j].oid)(),
+ if (der_heim_oid_cmp(check_extension[j].oid,
&t->extensions->val[i].extnID) == 0)
break;
if (check_extension[j].name == NULL) {
@@ -913,7 +962,7 @@ hx509_validate_cert(hx509_context context,
if (t->extensions->val[i].critical)
validate_print(ctx, flags, "and is CRITICAL ");
if (ctx->flags & flags)
- hx509_oid_print(&t->extensions->val[i].extnID,
+ hx509_oid_print(&t->extensions->val[i].extnID,
validate_vprint, ctx);
validate_print(ctx, flags, " is\n");
continue;
@@ -929,57 +978,57 @@ hx509_validate_cert(hx509_context context,
}
} else
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n");
-
+
if (status.isca) {
if (!status.haveSKI)
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"CA certificate have no SubjectKeyIdentifier\n");
} else {
if (!status.haveAKI)
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Is not CA and doesn't have "
"AuthorityKeyIdentifier\n");
}
-
+
if (!status.haveSKI)
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Doesn't have SubjectKeyIdentifier\n");
if (status.isproxy && status.isca)
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Proxy and CA at the same time!\n");
if (status.isproxy) {
if (status.haveSAN)
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Proxy and have SAN\n");
if (status.haveIAN)
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Proxy and have IAN\n");
}
if (hx509_name_is_null_p(subject) && !status.haveSAN)
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"NULL subject DN and doesn't have a SAN\n");
if (!status.selfsigned && !status.haveCRLDP)
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Not a CA nor PROXY and doesn't have"
"CRL Dist Point\n");
if (status.selfsigned) {
ret = _hx509_verify_signature_bitstring(context,
- c,
+ cert,
&c->signatureAlgorithm,
&c->tbsCertificate._save,
&c->signatureValue);
if (ret == 0)
- validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"Self-signed certificate was self-signed\n");
else
- validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Self-signed certificate NOT really self-signed!\n");
}