abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update X.509

Browse Source
This commit is contained in:
Zhi Guan
2024-02-06 20:57:54 +08:00
parent 69ffa88037
commit 983fa90978
3 changed files with 5 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/x509_alg.c
View File

@@ -557,11 +557,7 @@ err:
} }
static uint32_t oid_ec_public_key[] = { oid_x9_62,2,1 }; static uint32_t oid_ec_public_key[] = { oid_x9_62,2,1 };
//static uint32_t oid_rsa_encryption[] = { 1,2,840,113549,1,1,1 };
static const ASN1_OID_INFO x509_public_key_algors[] = { static const ASN1_OID_INFO x509_public_key_algors[] = {
{ OID_ec_public_key, "ecPublicKey", oid_ec_public_key, sizeof(oid_ec_public_key)/sizeof(int), 0, "X9.62 ecPublicKey" }, { OID_ec_public_key, "ecPublicKey", oid_ec_public_key, sizeof(oid_ec_public_key)/sizeof(int), 0, "X9.62 ecPublicKey" },

21
src/x509_ext.c
View File

@@ -112,7 +112,6 @@ int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
return 1; return 1;
} }
// 如果要支持未知的ext_id应该提供一个callback
int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen) int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
{ {
int ret; int ret;
@@ -1259,9 +1258,7 @@ int x509_key_usage_check(int bits, int cert_type)
break; break;
case X509_cert_server_auth: case X509_cert_server_auth:
case X509_cert_client_auth: case X509_cert_client_auth:
if (!(bits & X509_KU_DIGITAL_SIGNATURE) if (!(bits & X509_KU_DIGITAL_SIGNATURE)) {
//&& !(bits & X509_KU_NON_REPUDIATION) // un-comment for compatibility
) {
error_print(); error_print();
return -1; return -1;
} }
@@ -1274,9 +1271,7 @@ int x509_key_usage_check(int bits, int cert_type)
case X509_cert_server_key_encipher: case X509_cert_server_key_encipher:
case X509_cert_client_key_encipher: case X509_cert_client_key_encipher:
if (!(bits & X509_KU_KEY_ENCIPHERMENT) if (!(bits & X509_KU_KEY_ENCIPHERMENT)) {
//&& !(bits & X509_KU_KEY_AGREEMENT) // un-comment for compatibility
) {
error_print(); error_print();
return -1; return -1;
} }
@@ -1292,23 +1287,15 @@ int x509_key_usage_check(int bits, int cert_type)
error_print(); error_print();
return -1; return -1;
} }
if ((bits & X509_KU_DIGITAL_SIGNATURE)
|| (bits & X509_KU_NON_REPUDIATION)) {
error_print();
//return -1; // comment to print warning
}
break; break;
case X509_cert_crl_sign: case X509_cert_crl_sign:
if (!(bits & X509_KU_CRL_SIGN)) { if (!(bits & X509_KU_CRL_SIGN)) {
error_print(); error_print();
return -1; return -1;
} }
if ((bits & X509_KU_DIGITAL_SIGNATURE)
|| (bits & X509_KU_NON_REPUDIATION)) {
error_print();
//return -1; // comment to print warning
}
break; break;
default: default:
error_print(); error_print();
return -1; return -1;

4
src/x509_req.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* *
* Licensed under the Apache License, Version 2.0 (the License); you may * Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License. * not use this file except in compliance with the License.
@@ -76,12 +76,10 @@ int x509_request_info_from_der(
error_print(); error_print();
return -1; return -1;
} }
/*
if (*version != X509_version_v1) { if (*version != X509_version_v1) {
error_print(); error_print();
return -1; return -1;
} }
*/
return 1; return 1;
} }