summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>1999-10-01 14:08:41 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>1999-10-01 14:08:41 +0000
commit428db2ae5860af8170ca71c89857ef4e2456d6fc (patch)
treeecd677066afaf7f4c40bf24f253007be0c542f61 /sbin/isakmpd
parent027c6f59e2d73da1dc74637b5bfa2043025d0c00 (diff)
Merge with EOM 1.24
author: niklas OpenSSL 0.9.4 support author: angelos blah author: angelos Add handling of X509v3_RFC_NAME and X509v3_DNS_NAME as subjaltnames
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/x509.c59
1 files changed, 55 insertions, 4 deletions
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 1168b76c807..cdfa737f253 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: x509.c,v 1.13 1999/08/26 22:28:15 niklas Exp $ */
-/* $EOM: x509.c,v 1.21 1999/08/26 11:21:49 niklas Exp $ */
+/* $OpenBSD: x509.c,v 1.14 1999/10/01 14:08:40 niklas Exp $ */
+/* $EOM: x509.c,v 1.24 1999/09/30 13:40:38 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niels Provos. All rights reserved.
@@ -108,7 +108,11 @@ x509_generate_kn (X509 *cert)
char *ikey, *skey, *buf;
X509_STORE_CTX csc;
X509 *icert;
+#if SSLEAY_VERSION_NUMBER >= 0x00904100L
+ STACK_OF (X509) *sk;
+#else
STACK *sk;
+#endif
RSA *key;
issuer = LC (X509_get_issuer_name, (cert));
@@ -139,9 +143,17 @@ x509_generate_kn (X509 *cert)
/* Now find issuer's certificate so we can get the public key */
LC (X509_STORE_CTX_init, (&csc, x509_cas, NULL, NULL));
- sk = sk_new_null ();
+#if SSLEAY_VERSION_NUMBER >= 0x00904100L
+ sk = LC (sk_X509_new_null, ());
+#else
+ sk = LC (sk_new_null, ());
+#endif
icert = LC (X509_find_by_subject, (sk, issuer));
- sk_free (sk);
+#if SSLEAY_VERSION_NUMBER >= 0x00904100L
+ LC (sk_X509_free, (sk));
+#else
+ LC (sk_free, (sk));
+#endif
LC (X509_STORE_CTX_cleanup, (&csc));
if (icert == NULL)
@@ -354,7 +366,11 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash)
continue;
}
+#if SSLEAY_VERSION_NUMBER >= 0x00904100L
+ cert = LC (PEM_read_bio_X509, (certh, NULL, NULL, NULL));
+#else
cert = LC (PEM_read_bio_X509, (certh, NULL, NULL));
+#endif
LC (BIO_free, (certh));
if (cert == NULL)
{
@@ -845,6 +861,41 @@ x509_cert_get_subject (void *scert, u_int8_t **id, u_int32_t *id_len)
switch (type)
{
+ case X509v3_DNS_NAME:
+ case X509v3_RFC_NAME:
+ {
+ char *buf;
+
+ buf = malloc (altlen + ISAKMP_ID_DATA_OFF);
+ if (!buf)
+ {
+ log_print ("x509_cert_get_subject: malloc (%d) failed",
+ altlen + ISAKMP_ID_DATA_OFF);
+ return 0;
+ }
+
+ if (type == X509v3_DNS_NAME)
+ SET_ISAKMP_ID_TYPE (buf, IPSEC_ID_FQDN);
+ else
+ SET_ISAKMP_ID_TYPE (buf, IPSEC_ID_USER_FQDN);
+
+ SET_IPSEC_ID_PROTO (buf + ISAKMP_ID_DOI_DATA_OFF, 0);
+ SET_IPSEC_ID_PORT (buf + ISAKMP_ID_DOI_DATA_OFF, 0);
+ memcpy (buf + ISAKMP_ID_DATA_OFF, altname, altlen);
+
+ *id_len = ISAKMP_ID_DATA_OFF + altlen - ISAKMP_GEN_SZ;
+ *id = malloc (*id_len);
+ if (!*id)
+ {
+ log_print ("x509_cert_get_subject: malloc (%d) failed", *id_len);
+ free (buf);
+ return 0;
+ }
+ memcpy (*id, buf + ISAKMP_GEN_SZ, *id_len);
+ free (buf);
+ }
+ break;
+
case X509v3_IPV4_ADDR:
{
char buf[ISAKMP_ID_DATA_OFF + 4];