abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update X.509

Browse Source
This commit is contained in:
Zhi Guan
2024-02-06 20:57:54 +08:00
parent 69ffa88037
commit 983fa90978
3 changed files with 5 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/x509_alg.c
View File

@@ -557,11 +557,7 @@ err:
}
static uint32_t oid_ec_public_key[] = { oid_x9_62,2,1 };
//static uint32_t oid_rsa_encryption[] = { 1,2,840,113549,1,1,1 };
static const ASN1_OID_INFO x509_public_key_algors[] = {
{ OID_ec_public_key, "ecPublicKey", oid_ec_public_key, sizeof(oid_ec_public_key)/sizeof(int), 0, "X9.62 ecPublicKey" },

21
src/x509_ext.c
View File

@@ -112,7 +112,6 @@ int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
return 1;
}
// 如果要支持未知的ext_id应该提供一个callback
int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
{
int ret;
@@ -1259,9 +1258,7 @@ int x509_key_usage_check(int bits, int cert_type)
break;
case X509_cert_server_auth:
case X509_cert_client_auth:
if (!(bits & X509_KU_DIGITAL_SIGNATURE)
//&& !(bits & X509_KU_NON_REPUDIATION) // un-comment for compatibility
) {
if (!(bits & X509_KU_DIGITAL_SIGNATURE)) {
error_print();
return -1;
}
@@ -1274,9 +1271,7 @@ int x509_key_usage_check(int bits, int cert_type)
case X509_cert_server_key_encipher:
case X509_cert_client_key_encipher:
if (!(bits & X509_KU_KEY_ENCIPHERMENT)
//&& !(bits & X509_KU_KEY_AGREEMENT) // un-comment for compatibility
) {
if (!(bits & X509_KU_KEY_ENCIPHERMENT)) {
error_print();
return -1;
}
@@ -1292,23 +1287,15 @@ int x509_key_usage_check(int bits, int cert_type)
error_print();
return -1;
}
if ((bits & X509_KU_DIGITAL_SIGNATURE)
|| (bits & X509_KU_NON_REPUDIATION)) {
error_print();
//return -1; // comment to print warning
}
break;
case X509_cert_crl_sign:
if (!(bits & X509_KU_CRL_SIGN)) {
error_print();
return -1;
}
if ((bits & X509_KU_DIGITAL_SIGNATURE)
|| (bits & X509_KU_NON_REPUDIATION)) {
error_print();
//return -1; // comment to print warning
}
break;
default:
error_print();
return -1;

4
src/x509_req.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -76,12 +76,10 @@ int x509_request_info_from_der(
error_print();
return -1;
}
/*
if (*version != X509_version_v1) {
error_print();
return -1;
}
*/
return 1;
}