diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-02-07 01:32:55 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-02-07 01:32:55 +0000 |
| commit | 083c5f7aa6318b1231fe301d971189ce12b47207 (patch) | |
| tree | 20e20340c88dd661d7a8edb9993fce4de9ae118e /sbin/isakmpd/x509.c | |
| parent | 1e22d809ed2b65bdac0c1d1537bd5af5e1f431cc (diff) | |
ike_quick_mode.c: Merge with EOM 1.111
libcrypto.c: Merge with EOM 1.11
libcrypto.h: Merge with EOM 1.11
x509.c: Merge with EOM 1.33
author: angelos
Add Canonical Names as policy targets (so they can be specified in the
Licensees field), with the "CN:..." format.
Diffstat (limited to 'sbin/isakmpd/x509.c')
| -rw-r--r-- | sbin/isakmpd/x509.c | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index b3e05429d11..4708bf17789 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,5 +1,5 @@ -/* $OpenBSD: x509.c,v 1.21 2000/02/01 02:46:19 niklas Exp $ */ -/* $EOM: x509.c,v 1.32 2000/01/31 22:33:49 niklas Exp $ */ +/* $OpenBSD: x509.c,v 1.22 2000/02/07 01:32:54 niklas Exp $ */ +/* $EOM: x509.c,v 1.33 2000/02/07 01:30:36 angelos Exp $ */ /* * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. @@ -106,9 +106,10 @@ int x509_generate_kn (X509 *cert) { char *fmt = "Authorizer: \"rsa-hex:%s\"\nLicensees: \"rsa-hex:%s\"\n"; + char *ikey, *skey, *buf, isname[256], subname[256], *buf2; + char *fmt2 = "Authorizer: \"CN:%s\"\nLicensees: \"CN:%s\"\n"; X509_NAME *issuer, *subject; struct keynote_deckey dc; - char *ikey, *skey, *buf; X509_STORE_CTX csc; X509_OBJECT obj; X509 *icert; @@ -191,8 +192,7 @@ x509_generate_kn (X509 *cert) buf = calloc (strlen (fmt) + strlen (ikey) + strlen (skey), sizeof (char)); if (buf == NULL) - log_fatal ("x509_generate_kn: " - "failed to allocate memory for KeyNote credential"); + log_fatal ("x509_generate_kn: failed to allocate memory for KeyNote credential"); sprintf (buf, fmt, skey, ikey); free (ikey); @@ -201,12 +201,29 @@ x509_generate_kn (X509 *cert) if (LK (kn_add_assertion, (keynote_sessid, buf, strlen (buf), ASSERT_FLAG_LOCAL)) == -1) { - printf("%d\n", keynote_errno); log_error ("x509_generate_kn: failed to add new KeyNote credential"); free (buf); return 0; } + LC (X509_NAME_oneline, (issuer, isname, 256)); + LC (X509_NAME_oneline, (subject, subname, 256)); + + buf2 = calloc(strlen (fmt2) + strlen (isname) + strlen (subname), + sizeof(char)); + if (buf == NULL) + log_fatal ("x509_generate_kn: failed to allocate memory for KeyNote credential"); + + sprintf (buf2, fmt2, isname, subname); + + if (LK (kn_add_assertion, (keynote_sessid, buf2, strlen(buf2), + ASSERT_FLAG_LOCAL)) == -1) + { + log_error ("x509_generate_kn: failed to add new KeyNote credential"); + free (buf2); + return 0; + } + /* * XXX * Should add a remove-assertion event set to the expiration of the |