diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-10-01 14:08:41 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-10-01 14:08:41 +0000 |
| commit | 428db2ae5860af8170ca71c89857ef4e2456d6fc (patch) | |
| tree | ecd677066afaf7f4c40bf24f253007be0c542f61 /sbin/isakmpd/x509.c | |
| parent | 027c6f59e2d73da1dc74637b5bfa2043025d0c00 (diff) | |
Merge with EOM 1.24
author: niklas
OpenSSL 0.9.4 support
author: angelos
blah
author: angelos
Add handling of X509v3_RFC_NAME and X509v3_DNS_NAME as subjaltnames
Diffstat (limited to 'sbin/isakmpd/x509.c')
| -rw-r--r-- | sbin/isakmpd/x509.c | 59 |
1 files changed, 55 insertions, 4 deletions
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index 1168b76c807..cdfa737f253 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,5 +1,5 @@ -/* $OpenBSD: x509.c,v 1.13 1999/08/26 22:28:15 niklas Exp $ */ -/* $EOM: x509.c,v 1.21 1999/08/26 11:21:49 niklas Exp $ */ +/* $OpenBSD: x509.c,v 1.14 1999/10/01 14:08:40 niklas Exp $ */ +/* $EOM: x509.c,v 1.24 1999/09/30 13:40:38 niklas Exp $ */ /* * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. @@ -108,7 +108,11 @@ x509_generate_kn (X509 *cert) char *ikey, *skey, *buf; X509_STORE_CTX csc; X509 *icert; +#if SSLEAY_VERSION_NUMBER >= 0x00904100L + STACK_OF (X509) *sk; +#else STACK *sk; +#endif RSA *key; issuer = LC (X509_get_issuer_name, (cert)); @@ -139,9 +143,17 @@ x509_generate_kn (X509 *cert) /* Now find issuer's certificate so we can get the public key */ LC (X509_STORE_CTX_init, (&csc, x509_cas, NULL, NULL)); - sk = sk_new_null (); +#if SSLEAY_VERSION_NUMBER >= 0x00904100L + sk = LC (sk_X509_new_null, ()); +#else + sk = LC (sk_new_null, ()); +#endif icert = LC (X509_find_by_subject, (sk, issuer)); - sk_free (sk); +#if SSLEAY_VERSION_NUMBER >= 0x00904100L + LC (sk_X509_free, (sk)); +#else + LC (sk_free, (sk)); +#endif LC (X509_STORE_CTX_cleanup, (&csc)); if (icert == NULL) @@ -354,7 +366,11 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash) continue; } +#if SSLEAY_VERSION_NUMBER >= 0x00904100L + cert = LC (PEM_read_bio_X509, (certh, NULL, NULL, NULL)); +#else cert = LC (PEM_read_bio_X509, (certh, NULL, NULL)); +#endif LC (BIO_free, (certh)); if (cert == NULL) { @@ -845,6 +861,41 @@ x509_cert_get_subject (void *scert, u_int8_t **id, u_int32_t *id_len) switch (type) { + case X509v3_DNS_NAME: + case X509v3_RFC_NAME: + { + char *buf; + + buf = malloc (altlen + ISAKMP_ID_DATA_OFF); + if (!buf) + { + log_print ("x509_cert_get_subject: malloc (%d) failed", + altlen + ISAKMP_ID_DATA_OFF); + return 0; + } + + if (type == X509v3_DNS_NAME) + SET_ISAKMP_ID_TYPE (buf, IPSEC_ID_FQDN); + else + SET_ISAKMP_ID_TYPE (buf, IPSEC_ID_USER_FQDN); + + SET_IPSEC_ID_PROTO (buf + ISAKMP_ID_DOI_DATA_OFF, 0); + SET_IPSEC_ID_PORT (buf + ISAKMP_ID_DOI_DATA_OFF, 0); + memcpy (buf + ISAKMP_ID_DATA_OFF, altname, altlen); + + *id_len = ISAKMP_ID_DATA_OFF + altlen - ISAKMP_GEN_SZ; + *id = malloc (*id_len); + if (!*id) + { + log_print ("x509_cert_get_subject: malloc (%d) failed", *id_len); + free (buf); + return 0; + } + memcpy (*id, buf + ISAKMP_GEN_SZ, *id_len); + free (buf); + } + break; + case X509v3_IPV4_ADDR: { char buf[ISAKMP_ID_DATA_OFF + 4]; |