int
X509_CRL_print(BIO *out, X509_CRL *x)
{
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
long l;
int i;
char *p;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
if (l < 0 || l == LONG_MAX)
goto err;
BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
i = OBJ_obj2nid(x->sig_alg->algorithm);
if (X509_signature_print(out, x->sig_alg, NULL) == 0)
goto err;
p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
if (p == NULL)
goto err;
BIO_printf(out, "%8sIssuer: %s\n", "", p);
free(p);
BIO_printf(out, "%8sLast Update: ", "");
ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x));
BIO_printf(out, "\n%8sNext Update: ", "");
if (X509_CRL_get_nextUpdate(x))
ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x));
else
BIO_printf(out, "NONE");
BIO_printf(out, "\n");
X509V3_extensions_print(out, "CRL extensions",
x->crl->extensions, 0, 8);
rev = X509_CRL_get_REVOKED(x);
if (sk_X509_REVOKED_num(rev) > 0)
BIO_printf(out, "Revoked Certificates:\n");
else
BIO_printf(out, "No Revoked Certificates.\n");
for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
r = sk_X509_REVOKED_value(rev, i);
BIO_printf(out, " Serial Number: ");
i2a_ASN1_INTEGER(out, r->serialNumber);
BIO_printf(out, "\n Revocation Date: ");
ASN1_TIME_print(out, r->revocationDate);
BIO_printf(out, "\n");
X509V3_extensions_print(out, "CRL entry extensions",
r->extensions, 0, 8);
}
if (X509_signature_print(out, x->sig_alg, x->signature) == 0)
goto err;
return 1;
err:
return 0;
}
int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag)
{
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
const X509_ALGOR *sig_alg;
const ASN1_BIT_STRING *sig;
long l;
int i;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
if (l >= 0 && l <= 1)
BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l);
else
BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
X509_CRL_get0_signature(x, &sig, &sig_alg);
BIO_puts(out, " ");
X509_signature_print(out, sig_alg, NULL);
BIO_printf(out, "%8sIssuer: ", "");
X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);
BIO_puts(out, "\n");
BIO_printf(out, "%8sLast Update: ", "");
ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
BIO_printf(out, "\n%8sNext Update: ", "");
if (X509_CRL_get0_nextUpdate(x))
ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
else
BIO_printf(out, "NONE");
BIO_printf(out, "\n");
X509V3_extensions_print(out, "CRL extensions",
X509_CRL_get0_extensions(x), 0, 8);
rev = X509_CRL_get_REVOKED(x);
if (sk_X509_REVOKED_num(rev) > 0)
BIO_printf(out, "Revoked Certificates:\n");
else
BIO_printf(out, "No Revoked Certificates.\n");
for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
r = sk_X509_REVOKED_value(rev, i);
BIO_printf(out, " Serial Number: ");
i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r));
BIO_printf(out, "\n Revocation Date: ");
ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r));
BIO_printf(out, "\n");
X509V3_extensions_print(out, "CRL entry extensions",
X509_REVOKED_get0_extensions(r), 0, 8);
}
X509_signature_print(out, sig_alg, sig);
return 1;
}
static VALUE
ossl_x509crl_get_version(VALUE self)
{
X509_CRL *crl;
long ver;
GetX509CRL(self, crl);
ver = X509_CRL_get_version(crl);
return LONG2NUM(ver);
}
EXPORT_C int X509_CRL_print(BIO *out, X509_CRL *x)
{
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
long l;
int i, n;
char *p;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
i = OBJ_obj2nid(x->sig_alg->algorithm);
BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
(i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
BIO_printf(out,"%8sIssuer: %s\n","",p);
OPENSSL_free(p);
BIO_printf(out,"%8sLast Update: ","");
ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
BIO_printf(out,"\n%8sNext Update: ","");
if (X509_CRL_get_nextUpdate(x))
ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
else BIO_printf(out,"NONE");
BIO_printf(out,"\n");
n=X509_CRL_get_ext_count(x);
X509V3_extensions_print(out, "CRL extensions",
x->crl->extensions, 0, 8);
rev = X509_CRL_get_REVOKED(x);
if(sk_X509_REVOKED_num(rev) > 0)
BIO_printf(out, "Revoked Certificates:\n");
else BIO_printf(out, "No Revoked Certificates.\n");
for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
r = sk_X509_REVOKED_value(rev, i);
BIO_printf(out," Serial Number: ");
i2a_ASN1_INTEGER(out,r->serialNumber);
BIO_printf(out,"\n Revocation Date: ");
ASN1_TIME_print(out,r->revocationDate);
BIO_printf(out,"\n");
X509V3_extensions_print(out, "CRL entry extensions",
r->extensions, 0, 8);
}
X509_signature_print(out, x->sig_alg, x->signature);
return 1;
}
static LUA_FUNCTION(openssl_crl_version)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
if (lua_isnone(L, 2))
{
lua_pushinteger(L, X509_CRL_get_version(crl));
return 1;
}
else
{
long version = luaL_optinteger(L, 2, 0);
int ret = X509_CRL_set_version(crl, version);
return openssl_pushresult(L, ret);
}
}
long HsOpenSSL_X509_CRL_get_version(X509_CRL* crl) {
return X509_CRL_get_version(crl);
}
static LUA_FUNCTION(openssl_crl_parse)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
int n, i;
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_CRL_get_version(crl), integer);
/* hash as used in CA directories to lookup cert by subject name */
{
char buf[32];
snprintf(buf, sizeof(buf), "%08lx", X509_NAME_hash(X509_CRL_get_issuer(crl)));
AUXILIAR_SET(L, -1, "hash", buf, string);
}
{
const EVP_MD *digest = EVP_get_digestbyname("sha1");
unsigned char md[EVP_MAX_MD_SIZE];
int n = sizeof(md);
if (X509_CRL_digest(crl, digest, md, (unsigned int*)&n))
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "alg", OBJ_nid2sn(EVP_MD_type(digest)), string);
AUXILIAR_SETLSTR(L, -1, "hash", (const char*)md, n);
lua_setfield(L, -2, "fingerprint");
}
}
openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl));
lua_setfield(L, -2, "issuer");
PUSH_ASN1_TIME(L,X509_CRL_get_lastUpdate(crl));
lua_setfield(L, -2, "lastUpdate");
PUSH_ASN1_TIME(L,X509_CRL_get_nextUpdate(crl));
lua_setfield(L, -2, "nextUpdate");
openssl_push_x509_algor(L, crl->crl->sig_alg);
lua_setfield(L, -2, "sig_alg");
PUSH_ASN1_INTEGER(L, X509_CRL_get_ext_d2i(crl, NID_crl_number, NULL, NULL));
lua_setfield(L, -2, "crl_number");
PUSH_OBJECT(sk_X509_EXTENSION_dup(crl->crl->extensions),"openssl.stack_of_x509_extension");
lua_setfield(L, -2, "extensions");
n = sk_X509_REVOKED_num(crl->crl->revoked);
lua_newtable(L);
for (i = 0; i < n; i++)
{
X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i);
lua_newtable(L);
#if OPENSSL_VERSION_NUMBER > 0x10000000L
AUXILIAR_SET(L, -1, "CRLReason", reason_flags[revoked->reason].lname, string);
#else
{
int crit = 0;
void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL);
AUXILIAR_SET(L, -1, "CRLReason", reason_flags[ASN1_ENUMERATED_get(reason)].lname, string);
ASN1_ENUMERATED_free(reason);
}
#endif
PUSH_ASN1_INTEGER(L, revoked->serialNumber);
lua_setfield(L,-2, "serialNumber");
PUSH_ASN1_TIME(L, revoked->revocationDate);
lua_setfield(L,-2, "revocationDate");
PUSH_OBJECT(sk_X509_EXTENSION_dup(revoked->extensions),"openssl.stack_of_x509_extension");
lua_setfield(L,-2, "extensions");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "revoked");
return 1;
}
int X509_CRL_print(BIO *out, X509_CRL *x)
{
char buf[256];
unsigned char *s;
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
long l;
int i, j, n;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
i = OBJ_obj2nid(x->sig_alg->algorithm);
BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
(i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
BIO_printf(out,"%8sIssuer: %s\n","",buf);
BIO_printf(out,"%8sLast Update: ","");
ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
BIO_printf(out,"\n%8sNext Update: ","");
if (X509_CRL_get_nextUpdate(x))
ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
else BIO_printf(out,"NONE");
BIO_printf(out,"\n");
n=X509_CRL_get_ext_count(x);
if (n > 0) {
BIO_printf(out,"%8sCRL extensions:\n","");
for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
}
rev = X509_CRL_get_REVOKED(x);
if(sk_X509_REVOKED_num(rev))
BIO_printf(out, "Revoked Certificates:\n");
else BIO_printf(out, "No Revoked Certificates.\n");
for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
r = sk_X509_REVOKED_value(rev, i);
BIO_printf(out," Serial Number: ");
i2a_ASN1_INTEGER(out,r->serialNumber);
BIO_printf(out,"\n Revocation Date: ","");
ASN1_TIME_print(out,r->revocationDate);
BIO_printf(out,"\n");
for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
ext_print(out, X509_REVOKED_get_ext(r, j));
}
i=OBJ_obj2nid(x->sig_alg->algorithm);
BIO_printf(out," Signature Algorithm: %s",
(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
s = x->signature->data;
n = x->signature->length;
for (i=0; i<n; i++, s++)
{
if ((i%18) == 0) BIO_write(out,"\n ",9);
BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
}
BIO_write(out,"\n",1);
return 1;
}
