static void setup_crldp(X509 *x) { int i; x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); }
static void CheckCRL(X509 *x509) { int idx = -1; do { int critical = -1; STACK_OF(DIST_POINT) *crls = X509_get_ext_d2i(x509, NID_crl_distribution_points, &critical, &idx); if (crls == NULL) { if (critical >= 0) { /* Found but fails to parse */ SetError(ERR_INVALID); continue; } /* Not found */ break; } for (int i = 0; i < sk_DIST_POINT_num(crls); i++) { DIST_POINT *dp = sk_DIST_POINT_value(crls, i); if (dp->distpoint == NULL && dp->CRLissuer == NULL) { SetError(ERR_INVALID_CRL_DIST_POINT); } if (dp->distpoint != NULL && dp->distpoint->type == 0) { /* full name */ for (int j = 0; j < sk_GENERAL_NAME_num(dp->distpoint->name.fullname); j++) { GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->distpoint->name.fullname, j); int type; ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type); if (type == GEN_URI) { CheckValidURL(ASN1_STRING_get0_data(uri), ASN1_STRING_length(uri)); } else { SetInfo(INF_CRL_NOT_URL); } CheckGeneralNameType(gen); } } else { /* relative name */ SetWarning(WARN_CRL_RELATIVE); } } sk_DIST_POINT_pop_free(crls, DIST_POINT_free); } while (1); }
PKI_STACK *PKI_X509_CERT_get_cdp (const PKI_X509_CERT *x) { STACK_OF(DIST_POINT) *sk_cdp = NULL; DIST_POINT *cdp = NULL; STACK_OF(CONF_VALUE) *sk_val = NULL; CONF_VALUE *v = NULL; PKI_STACK *ret = NULL; PKI_X509_CERT_VALUE *cert = NULL; char *tmp_s = NULL; int k = -1; int i = 0; if ( !x || !x->value ) return NULL; cert = (PKI_X509_CERT_VALUE *) x->value; if(( sk_cdp = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) == NULL ) { return NULL; } /* Should we go through the whole stack ? Maybe, now we just take the first value... */ if ( sk_DIST_POINT_num ( sk_cdp ) < 1 ) { return NULL; } for ( i = 0 ; i < sk_DIST_POINT_num ( sk_cdp ); i++ ) { cdp = sk_DIST_POINT_value ( sk_cdp, i ); if( cdp->distpoint ) { if(cdp->distpoint->type == 0) { if( cdp->distpoint->name.fullname ) { sk_val = i2v_GENERAL_NAMES(NULL, cdp->distpoint->name.fullname, sk_val); k=0; for( ;; ) { v = sk_CONF_VALUE_value( sk_val, k++ ); if( v == NULL ) break; if( strncmp_nocase("URI", v->name, 3) == 0 ) { PKI_log_debug( "INFO::Found " "CDP in cert %s:%s", v->name, v->value ); if (!ret) { ret = PKI_STACK_new_null (); if (!ret) return NULL; } tmp_s = strdup( v->value ); PKI_STACK_push ( ret, tmp_s ); } } // sk_CONF_VALUE_free(sk_val); } } // else { // DIST_POINT_free( cdp ); // sk_DIST_POINT_free( sk_cdp ); //} } } return ret; }