static void setup_crldp(X509 *x)
{
int i;
x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
}
static void CheckCRL(X509 *x509)
{
int idx = -1;
do
{
int critical = -1;
STACK_OF(DIST_POINT) *crls = X509_get_ext_d2i(x509, NID_crl_distribution_points, &critical, &idx);
if (crls == NULL)
{
if (critical >= 0)
{
/* Found but fails to parse */
SetError(ERR_INVALID);
continue;
}
/* Not found */
break;
}
for (int i = 0; i < sk_DIST_POINT_num(crls); i++)
{
DIST_POINT *dp = sk_DIST_POINT_value(crls, i);
if (dp->distpoint == NULL && dp->CRLissuer == NULL)
{
SetError(ERR_INVALID_CRL_DIST_POINT);
}
if (dp->distpoint != NULL && dp->distpoint->type == 0)
{
/* full name */
for (int j = 0; j < sk_GENERAL_NAME_num(dp->distpoint->name.fullname); j++)
{
GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->distpoint->name.fullname, j);
int type;
ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
if (type == GEN_URI)
{
CheckValidURL(ASN1_STRING_get0_data(uri), ASN1_STRING_length(uri));
}
else
{
SetInfo(INF_CRL_NOT_URL);
}
CheckGeneralNameType(gen);
}
}
else
{
/* relative name */
SetWarning(WARN_CRL_RELATIVE);
}
}
sk_DIST_POINT_pop_free(crls, DIST_POINT_free);
}
while (1);
}
PKI_STACK *PKI_X509_CERT_get_cdp (const PKI_X509_CERT *x) {
STACK_OF(DIST_POINT) *sk_cdp = NULL;
DIST_POINT *cdp = NULL;
STACK_OF(CONF_VALUE) *sk_val = NULL;
CONF_VALUE *v = NULL;
PKI_STACK *ret = NULL;
PKI_X509_CERT_VALUE *cert = NULL;
char *tmp_s = NULL;
int k = -1;
int i = 0;
if ( !x || !x->value ) return NULL;
cert = (PKI_X509_CERT_VALUE *) x->value;
if(( sk_cdp = X509_get_ext_d2i(cert,
NID_crl_distribution_points,
NULL, NULL)) == NULL ) {
return NULL;
}
/* Should we go through the whole stack ? Maybe, now we just
take the first value... */
if ( sk_DIST_POINT_num ( sk_cdp ) < 1 ) {
return NULL;
}
for ( i = 0 ; i < sk_DIST_POINT_num ( sk_cdp ); i++ ) {
cdp = sk_DIST_POINT_value ( sk_cdp, i );
if( cdp->distpoint ) {
if(cdp->distpoint->type == 0) {
if( cdp->distpoint->name.fullname ) {
sk_val = i2v_GENERAL_NAMES(NULL,
cdp->distpoint->name.fullname,
sk_val);
k=0;
for( ;; ) {
v = sk_CONF_VALUE_value( sk_val, k++ );
if( v == NULL ) break;
if( strncmp_nocase("URI",
v->name, 3) == 0 ) {
PKI_log_debug( "INFO::Found "
"CDP in cert %s:%s",
v->name, v->value );
if (!ret) {
ret = PKI_STACK_new_null ();
if (!ret) return NULL;
}
tmp_s = strdup( v->value );
PKI_STACK_push ( ret, tmp_s );
}
}
// sk_CONF_VALUE_free(sk_val);
}
} // else {
// DIST_POINT_free( cdp );
// sk_DIST_POINT_free( sk_cdp );
//}
}
}
return ret;
}
