示例#1
0
文件: crl.c 项目: randombit/hacrypto
/**
 * gnutls_x509_crl_get_next_update:
 * @crl: should contain a #gnutls_x509_crl_t structure
 *
 * This function will return the time the next CRL will be issued.
 * This field is optional in a CRL so it might be normal to get an
 * error instead.
 *
 * Returns: when the next CRL will be issued, or (time_t)-1 on error.
 **/
time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl)
{
	if (crl == NULL) {
		gnutls_assert();
		return (time_t) - 1;
	}

	return _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate",
				     0);
}
示例#2
0
文件: crl_write.c 项目: gnutls/gnutls
/* If OPTIONAL fields have not been initialized then
 * disable them.
 */
static void disable_optional_stuff(gnutls_x509_crl_t crl)
{
	time_t t;

	t = _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate", 0);
	if (t == (time_t)-1) {
		(void)asn1_write_value(crl->crl, "tbsCertList.nextUpdate", NULL, 0);
	}

	if (crl->use_extensions == 0) {
		(void)asn1_write_value(crl->crl, "tbsCertList.crlExtensions",
				 NULL, 0);
	}

	return;
}
示例#3
0
/**
 * gnutls_x509_crl_get_crt_serial - get the serial number of a revoked certificate
 * @crl: should contain a #gnutls_x509_crl_t structure
 * @indx: the index of the certificate to extract (starting from 0)
 * @serial: where the serial number will be copied
 * @serial_size: initially holds the size of serial
 * @t: if non null, will hold the time this certificate was revoked
 *
 * This function will retrieve the serial number of the specified, by
 * the index, revoked certificate.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
 *   negative error value. and a negative value on error.
 **/
int
gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
				unsigned char *serial,
				size_t * serial_size, time_t * t)
{

  int result, _serial_size;
  char serial_name[ASN1_MAX_NAME_SIZE];
  char date_name[ASN1_MAX_NAME_SIZE];

  if (crl == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }

  snprintf (serial_name, sizeof (serial_name),
	    "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1);
  snprintf (date_name, sizeof (date_name),
	    "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1);

  _serial_size = *serial_size;
  result = asn1_read_value (crl->crl, serial_name, serial, &_serial_size);

  *serial_size = _serial_size;
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      if (result == ASN1_ELEMENT_NOT_FOUND)
	return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
      return _gnutls_asn2err (result);
    }

  if (t)
    {
      *t = _gnutls_x509_get_time (crl->crl, date_name);
    }

  return 0;
}
示例#4
0
文件: crl.c 项目: Distrotech/gnutls
/**
 * gnutls_x509_crl_iter_crt_serial:
 * @crl: should contain a #gnutls_x509_crl_t structure
 * @iter: A pointer to an iterator (initially the iterator should be %NULL)
 * @serial: where the serial number will be copied
 * @serial_size: initially holds the size of serial
 * @t: if non null, will hold the time this certificate was revoked
 *
 * This function performs the same as gnutls_x509_crl_get_crt_serial(),
 * but reads sequentially and keeps state in the iterator 
 * between calls. That allows it to provide better performance in sequences 
 * with many elements (50000+).
 *
 * When past the last element is accessed %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
 * is returned and the iterator is reset.
 *
 * After use, the iterator must be deinitialized using gnutls_x509_crl_iter_deinit().
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 **/
int
gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl,
				gnutls_x509_crl_iter_t *iter,
			        unsigned char *serial,
			        size_t * serial_size, time_t * t)
{

	int result, _serial_size;
	char serial_name[ASN1_MAX_NAME_SIZE];
	char date_name[ASN1_MAX_NAME_SIZE];

	if (crl == NULL || iter == NULL) {
		gnutls_assert();
		return GNUTLS_E_INVALID_REQUEST;
	}

	if (*iter == NULL) {
		*iter = gnutls_calloc(1, sizeof(struct gnutls_x509_crl_iter));
		if (*iter == NULL)
			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
	}

	if ((*iter)->rcache == NULL) {
		(*iter)->rcache = asn1_find_node (crl->crl, "tbsCertList.revokedCertificates.?1");
		(*iter)->rcache_idx = 1;
	} else {
		snprintf(serial_name, sizeof(serial_name),
			 "?%d", (*iter)->rcache_idx);
		(*iter)->rcache = asn1_find_node ((*iter)->rcache, serial_name);
	}
	if ((*iter)->rcache == NULL) {
		/* reset */
		(*iter)->rcache = NULL;
		return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
	}

	snprintf(serial_name, sizeof(serial_name),
		 "?%d.userCertificate", (*iter)->rcache_idx);

	_serial_size = *serial_size;
	result =
	    asn1_read_value((*iter)->rcache, serial_name, serial, &_serial_size);

	*serial_size = _serial_size;
	if (result != ASN1_SUCCESS) {
		gnutls_assert();
		if (result == ASN1_ELEMENT_NOT_FOUND) {
			/* reset */
			(*iter)->rcache = NULL;
			return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
		}
		return _gnutls_asn2err(result);
	}

	if (t) {
		snprintf(date_name, sizeof(date_name),
			 "?%d.revocationDate", (*iter)->rcache_idx);
		*t = _gnutls_x509_get_time((*iter)->rcache, date_name, 0);
	}

	(*iter)->rcache_idx++;

	return 0;
}