- Added prelimenary CRL parsing and info support

2024-11-26 04:35:44 +01:00 · 2009-05-02 15:13:40 +00:00 · 2009-05-02 15:13:40 +00:00 · d98030e7d6
commit d98030e7d6
parent 68041ec500
5 changed files with 967 additions and 219 deletions
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@ -169,6 +169,46 @@ typedef struct _x509_cert
 }
 x509_cert;
 typedef struct _x509_crl_entry
 {
    x509_buf raw;
    x509_buf serial;
    x509_time revocation_date;
    x509_buf entry_ext;
    struct _x509_crl_entry *next;
 }
 x509_crl_entry;
 typedef struct _x509_crl
 {
    x509_buf raw;
    x509_buf tbs;
    int version;
    x509_buf sig_oid1;
    x509_buf issuer_raw;
    x509_name issuer;
    x509_time this_update;
    x509_time next_update;
    x509_crl_entry entry;
    x509_buf crl_ext;
    x509_buf sig_oid2;
    x509_buf sig;
    struct _x509_crl *next; 
 }
 x509_crl;
 /*
 * Structures for writing X.509 certificates
 */
@ -227,6 +267,29 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen );
 */
 int x509parse_crtfile( x509_cert *chain, char *path );
 /**
 * \brief          Parse one or more CRLs and add them
 *                 to the chained list
 *
 * \param chain    points to the start of the chain
 * \param buf      buffer holding the CRL data
 * \param buflen   size of the buffer
 *
 * \return         0 if successful, or a specific X509 error code
 */
 int x509parse_crl( x509_crl *chain, unsigned char *buf, int buflen );
 /**
 * \brief          Load one or more CRLs and add them
 *                 to the chained list
 *
 * \param chain    points to the start of the chain
 * \param path     filename to read the CRLs from
 *
 * \return         0 if successful, or a specific X509 error code
 */
 int x509parse_crlfile( x509_crl *chain, char *path );
 /**
 * \brief          Parse a private RSA key
 *
@ -255,15 +318,21 @@ int x509parse_keyfile( rsa_context *rsa, char *path, char *password );
 /**
 * \brief          Store the certificate DN in printable form into buf;
- *                 no more than (end - buf) characters will be written.
+ *                 no more than size characters will be written.
 */
-int x509parse_dn_gets( char *buf, char *end, x509_name *dn );
+int x509parse_dn_gets( char *buf, size_t size, x509_name *dn );
 /**
 * \brief          Returns an informational string about the
 *                 certificate.
 */
-char *x509parse_cert_info( char *prefix, x509_cert *crt );
+int x509parse_cert_info( char *buf, size_t size, char *prefix, x509_cert *crt );
 /**
 * \brief          Returns an informational string about the
 *                 CRL.
 */
 int x509parse_crl_info( char *buf, size_t size, char *prefix, x509_crl *crl );
 /**
 * \brief          Return 0 if the certificate is still valid,
@ -299,6 +368,11 @@ int x509parse_verify( x509_cert *crt,
 */
 void x509_free( x509_cert *crt );
 /**
 * \brief          Unallocate all CRL data
 */
 void x509_crl_free( x509_crl *crl );
 /**
 * \brief          Checkup routine
 *
--- a/library/debug.c
+++ b/library/debug.c
@ -171,7 +171,7 @@ void debug_print_mpi( ssl_context *ssl, int level,
 void debug_print_crt( ssl_context *ssl, int level,
                      char *file, int line, char *text, x509_cert *crt )
 {
-    char str[1024], prefix[64], *p;
+    char str[1024], prefix[64];
    int i = 0, maxlen = sizeof( prefix ) - 1;
    if( ssl->f_dbg == NULL || crt == NULL )
@ -183,10 +183,11 @@ void debug_print_crt( ssl_context *ssl, int level,
    while( crt != NULL && crt->next != NULL )
    {
-        p = x509parse_cert_info( prefix, crt );
+        char buf[1024];
        x509parse_cert_info( buf, sizeof( buf ) - 1, prefix, crt );
        snprintf( str, maxlen, "%s(%04d): %s #%d:\n%s",
-                  file, line, text, ++i, p );
+                  file, line, text, ++i, buf );
        str[maxlen] = '\0';
        ssl->f_dbg( ssl->p_dbg, level, str );
--- a/library/x509parse.c
+++ b/library/x509parse.c
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -208,7 +208,8 @@ int main( void )
        printf( " ok\n" );
    printf( "  . Peer certificate information    ...\n" );
-    printf( x509parse_cert_info( "      ", ssl.peer_cert ) );
+    x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ", ssl.peer_cert );
    printf( "%s\n", buf );
    /*
     * 6. Write the GET request
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@ -28,6 +28,10 @@
 #include "polarssl/certs.h"
 #include "polarssl/x509.h"
 #if defined _MSC_VER && !defined snprintf
 #define snprintf _snprintf
 #endif
 #define MAX_CLIENT_CERTS    6
 char *client_certificates[MAX_CLIENT_CERTS] =
@ -53,8 +57,12 @@ char *client_private_keys[MAX_CLIENT_CERTS] =
 int main( void )
 {
    int ret, i;
-    x509_cert cacert, clicert;
+    x509_cert cacert;
-    rsa_context	rsa;
+    x509_crl crl;
    char buf[10240];
    memset( &cacert, 0, sizeof( x509_cert ) );
    memset( &crl, 0, sizeof( x509_crl ) );
    /*
     * 1.1. Load the trusted CA
@ -62,8 +70,6 @@ int main( void )
    printf( "\n  . Loading the CA root certificate ..." );
    fflush( stdout );
    memset( &cacert, 0, sizeof( x509_cert ) );
    /*
     * Alternatively, you may load the CA certificates from a .pem or
     * .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
@ -77,21 +83,42 @@ int main( void )
    printf( " ok\n" );
    /*
     * 1.2. Load the CRL
     */
    printf( "  . Loading the CRL ..." );
    fflush( stdout );
    ret = x509parse_crlfile( &crl, "ssl/test-ca/crl.pem" );
    if( ret != 0 )
    {
        printf( " failed\n  !  x509parse_crlfile returned %d\n\n", ret );
        goto exit;
    }
    printf( " ok\n" );
    x509parse_crl_info( buf, 1024, "CRL: ", &crl );
    printf("%s\n", buf );
    for( i = 0; i < MAX_CLIENT_CERTS; i++ )
    {
        /*
-         * 1.2. Load own certificate
+         * 1.3. Load own certificate
         */
        char    name[512];
        int flags;
        x509_cert clicert;
        rsa_context rsa;
        memset( &clicert, 0, sizeof( x509_cert ) );
        memset( &rsa, 0, sizeof( rsa_context ) );
        snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
-        printf( "  . Loading the client certificatei %s...", name );
+        printf( "  . Loading the client certificate %s...", name );
        fflush( stdout );
        memset( &clicert, 0, sizeof( x509_cert ) );
        ret = x509parse_crtfile( &clicert, name );
        if( ret != 0 )
        {
@ -102,7 +129,7 @@ int main( void )
        printf( " ok\n" );
        /*
-	 * 1.3. Verify certificate validity with CA certificate
+         * 1.4. Verify certificate validity with CA certificate
         */
        printf( "  . Verify the client certificate with CA certificate..." );
        fflush( stdout );
@ -117,15 +144,13 @@ int main( void )
        printf( " ok\n" );
        /*
-         * 1.4. Load own private key
+         * 1.5. Load own private key
         */
        snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
        printf( "  . Loading the client private key %s...", name );
        fflush( stdout );
 	memset( &rsa, 0, sizeof( rsa_context ) );
        ret = x509parse_keyfile( &rsa, name, NULL );
        if( ret != 0 )
        {
@ -136,7 +161,7 @@ int main( void )
        printf( " ok\n" );
        /*
-	 * 1.4. Verify certificate validity with private key
+         * 1.5. Verify certificate validity with private key
         */
        printf( "  . Verify the client certificate with private key..." );
        fflush( stdout );
@ -163,11 +188,14 @@ int main( void )
        }
        printf( " ok\n" );
        x509_free( &clicert );
        rsa_free( &rsa );
    }
 exit:
    x509_free( &clicert );
    x509_free( &cacert );
    x509_crl_free( &crl );
 #ifdef WIN32
    printf( "  + Press Enter to exit this program.\n" );