mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 02:37:28 +02:00
Merge pull request #4459 from julek-wolfssl/missing-ext
Add x509 name attributes and extensions to DER parsing and generation
This commit is contained in:
David Garske
GitHub
@ -278,7 +278,7 @@ keyUsage=critical, digitalSignature, keyEncipherment, keyAgreement
|
||||
extendedKeyUsage=serverAuth
|
||||
nsCertType=server
|
||||
|
||||
# server-ecc extensions
|
||||
# client-ecc extensions
|
||||
[ client_ecc ]
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
@ -10,7 +10,7 @@ L = Brisbane
|
||||
O = wolfSSL Inc
|
||||
OU = Engineering
|
||||
CN = www.wolfssl.com
|
||||
emailAddress = support@wolfsssl.com
|
||||
emailAddress = support@wolfssl.com
|
||||
|
||||
[ v3_ca ]
|
||||
inhibitAnyPolicy = critical,1
|
||||
|
||||
Binary file not shown.
24
certs/test/cert-ext-ia.pem
Normal file
24
certs/test/cert-ext-ia.pem
Normal file
@ -0,0 +1,24 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEAzCCAuugAwIBAgIUSu44/nlA6ddYMKuTWT7jAAObXbwwDQYJKoZIhvcNAQEL
|
||||
BQAwgZ8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
|
||||
DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
|
||||
ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
|
||||
E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjExMDI2MTMzMzAzWhcNMjQwNzIyMTMz
|
||||
MzAzWjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
|
||||
BAcMCEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5n
|
||||
aW5lZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEiMCAGCSqGSIb3DQEJ
|
||||
ARYTc3VwcG9ydEB3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5c
|
||||
nFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0l
|
||||
T+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRp
|
||||
o0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGW
|
||||
Srzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgI
|
||||
vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaM1MDMwDQYDVR02AQH/BAMCAQEw
|
||||
IgYJYIZIAYb4QgENBBUWE1Rlc3RpbmcgaW5oaWJpdCBhbnkwDQYJKoZIhvcNAQEL
|
||||
BQADggEBAEPJZmwD9Lr+f2zp4AT4Yq7C45EBvEjvYHyHqk+QzIhxVF+aT6+gsMtG
|
||||
irPW0GLjQEZtydpe9GeKvONvQRMEMovNJib/WuFiEKjRMgVGnRVNuL8Fya5RQgMy
|
||||
lHLOuufqGyw4zpm/BxItMx/ChTWCdLHS3LDxV8lheKaU4FdzgEhutHTGiVoJKbZX
|
||||
7lge6KTL8MtQ+A11dO5Eo6Yal5PoME/562AOe/0f0OZJQwW6t4XO1r+X5j7YX6dn
|
||||
MCfc8skCCpro0YM2xE1OYaBTEFXcRYJaEU7U6lvIbWu09lVlzXb1IRdyCxa5xenI
|
||||
i8/4jRVl9EDP3TBovy4o9BBhDXX4XZ8=
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
31
certs/test/cert-ext-joi.pem
Normal file
31
certs/test/cert-ext-joi.pem
Normal file
@ -0,0 +1,31 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFXDCCBESgAwIBAgIUdtjq13Vf1QryOYup6Qniboz466gwDQYJKoZIhvcNAQEL
|
||||
BQAwgccxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
|
||||
b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
|
||||
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
|
||||
bGZzc3NsLmNvbTETMBEGCysGAQQBgjc8AgEDEwJVUzEbMBkGCysGAQQBgjc8AgEC
|
||||
DApDYWxpZm9ybmlhMB4XDTIxMTAyNjEzMzMwM1oXDTI0MDcyMjEzMzMwM1owgccx
|
||||
CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu
|
||||
MREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UE
|
||||
AwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3Ns
|
||||
LmNvbTETMBEGCysGAQQBgjc8AgEDEwJVUzEbMBkGCysGAQQBgjc8AgECDApDYWxp
|
||||
Zm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRC
|
||||
W804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3J
|
||||
cncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2n
|
||||
onqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4
|
||||
fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1
|
||||
oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zY
|
||||
KLNLve02eQIDAQABo4IBPDCCATgwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w
|
||||
5ejVMIIBBwYDVR0jBIH/MIH8gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBzaSByjCB
|
||||
xzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
|
||||
YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
|
||||
VQQDDA93d3cud29sZnNzbC5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ad29sZnNz
|
||||
c2wuY29tMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQIMCkNh
|
||||
bGlmb3JuaWGCFHbY6td1X9UK8jmLqekJ4m6M+OuoMAwGA1UdEwQFMAMBAf8wDQYJ
|
||||
KoZIhvcNAQELBQADggEBAKCwAqkAY84wjms5rRzLMdJSDBn3hnXyY+A1TctSMoxc
|
||||
9mgytzwEaYQnMzCpoyC4Dut1RCL7D5ws1MAfBLd3zeMdc4mpIEtqMy2n7UDEP/Kx
|
||||
6WCg6IRUTr+2ki0f+4egKrpZRdeJgZHhqn2rHP3MzxaLjWoGLbg5MDrX4xOwH+Kb
|
||||
/yhoHI4ukiWXjP9hUsg1SD6emlK9ws7QeTC8pw2w7ybzIAR6sz+Zc/edcQlpywu1
|
||||
FgqqhJ7n1zxrnda1j5Dd3qC5motPGtxigyn+pwEUHmguiwQFsZAePTdTzsdYHrNo
|
||||
y6g2C3CP8W7IdALiu8vxhMYXCs+6MCo8qkttJg/zoek=
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
24
certs/test/cert-ext-multiple.cfg
Normal file
24
certs/test/cert-ext-multiple.cfg
Normal file
@ -0,0 +1,24 @@
|
||||
[ req ]
|
||||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
C = AU
|
||||
ST = Queensland
|
||||
L = Brisbane
|
||||
O = wolfSSL Inc
|
||||
OU = Engineering
|
||||
CN = www.wolfssl.com
|
||||
emailAddress = support@wolfssl.com
|
||||
postalCode = 56-131
|
||||
street = Main St
|
||||
|
||||
[ v3_ca ]
|
||||
nsCertType = server
|
||||
crlDistributionPoints = URI:http://www.wolfssl.com/crl.pem
|
||||
extendedKeyUsage = serverAuth
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer:always
|
||||
|
||||
|
||||
BIN
certs/test/cert-ext-multiple.der
Normal file
BIN
certs/test/cert-ext-multiple.der
Normal file
Binary file not shown.
32
certs/test/cert-ext-multiple.pem
Normal file
32
certs/test/cert-ext-multiple.pem
Normal file
@ -0,0 +1,32 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFmDCCBICgAwIBAgIUIYnKdgsnPTG1eUAZKAmpUcb9N/4wDQYJKoZIhvcNAQEL
|
||||
BQAwgcIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
|
||||
DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
|
||||
ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
|
||||
E3N1cHBvcnRAd29sZnNzbC5jb20xDzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwH
|
||||
TWFpbiBTdDAeFw0yMTEwMjYxMzMzMDNaFw0yNDA3MjIxMzMzMDNaMIHCMQswCQYD
|
||||
VQQGEwJBVTETMBEGA1UECAwKUXVlZW5zbGFuZDERMA8GA1UEBwwIQnJpc2JhbmUx
|
||||
FDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG
|
||||
A1UEAwwPd3d3LndvbGZzc2wuY29tMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QHdv
|
||||
bGZzc2wuY29tMQ8wDQYDVQQRDAY1Ni0xMzExEDAOBgNVBAkMB01haW4gU3QwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDx
|
||||
tjWf38p9A5jTrN4DZu4q8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQ
|
||||
Ay+o85XF8YtiVhvvZ2+kEEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3y
|
||||
fJWwlYJ9SVw4zXcl772AdVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh
|
||||
3HMbQi1TnP4a/H2rejY/mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdv
|
||||
sVoX1ziZCP6TWG/+wxNJCBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMB
|
||||
AAGjggGCMIIBfjARBglghkgBhvhCAQEEBAMCBkAwLwYDVR0fBCgwJjAkoCKgIIYe
|
||||
aHR0cDovL3d3dy53b2xmc3NsLmNvbS9jcmwucGVtMBMGA1UdJQQMMAoGCCsGAQUF
|
||||
BwMBMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCCAQIGA1UdIwSB+jCB
|
||||
94AUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgcikgcUwgcIxCzAJBgNVBAYTAkFVMRMw
|
||||
EQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQHDAhCcmlzYmFuZTEUMBIGA1UECgwL
|
||||
d29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93d3cu
|
||||
d29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRAd29sZnNzbC5jb20x
|
||||
DzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwHTWFpbiBTdIIUIYnKdgsnPTG1eUAZ
|
||||
KAmpUcb9N/4wDQYJKoZIhvcNAQELBQADggEBABYF8t1yWicD7C0ZktxBMPQ9yJ3I
|
||||
TBq/PdAJl18OthE33I9lyVmF65AEW4pJS8Xjss+WNs159IJLbKuT3tdiqmBA7V1H
|
||||
sV03vMnhfdBDF0+zWnsKZF0tw2Gb772P2LiN/YrBc4KktcDqJocEy8D+P4jRVNM6
|
||||
toMD7KkzBrv+FU3OjzhP8MfaiIlqsvb4u4qOqi+lLyy6jgUQzrDp99uU986SrybW
|
||||
ulnisYYRQGGZ0vyAKez8PzoKvodfTUg5lLkkqlBfITnCsI3gHcjyk+uT8F9nSDGy
|
||||
VZGdHNOS++/gbeWwPyJ97gyu65yotc3fL89iM8BrzDSTxADaS18i5afEZFI=
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
25
certs/test/cert-ext-nc.pem
Normal file
25
certs/test/cert-ext-nc.pem
Normal file
@ -0,0 +1,25 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIENTCCAx2gAwIBAgIUFtCwMsYG2mHNWoLk3+8pf7piWZowDQYJKoZIhvcNAQEL
|
||||
BQAwezELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNVBAcM
|
||||
CEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5naW5l
|
||||
ZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yMTEwMjYxMzMzMDNa
|
||||
Fw0yNDA3MjIxMzMzMDNaMHsxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNs
|
||||
YW5kMREwDwYDVQQHDAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDAS
|
||||
BgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu
|
||||
8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu6
|
||||
4CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZ
|
||||
aHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1U
|
||||
s+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT
|
||||
0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMB
|
||||
AAGjgbAwga0wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MB8GA1UdIwQY
|
||||
MBaAFLMRMsmSmITiyfjQO24DQsofDo48MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD
|
||||
VR0PAQH/BAQDAgGGMB4GA1UdHgEB/wQUMBKgEDAOgQwud29sZnNzbC5jb20wJwYJ
|
||||
YIZIAYb4QgENBBoWGFRlc3RpbmcgbmFtZSBjb25zdHJhaW50czANBgkqhkiG9w0B
|
||||
AQsFAAOCAQEAgD7lONgXq4cY/e/TP3hNok+ANPOTmwexPgQxYGr3p7lmV9veNLBD
|
||||
xJE9J6kNb3T4Fge1wuSFFamnJyT5FbOdNn6v/RsCxIOm5snTUM8bXuA5Vw/lCB7C
|
||||
hccGiOPmEhxD8K+IQqZ4a1Zp6HUHZuPrs99PRt+lWA3M5PJbzpCKzHMiFDGRpkib
|
||||
RzC466/+V76ln7AtBbOh3w1QXAiHdIA2V40d0iX+q5e+L1X8sFGDvlxeTy+KXLwV
|
||||
/7fNVLgtDfdP2XO+jwhkQJeoOmpNJDxsvwm7xhouK0L5G87QUtsaIwK9SnR07Aj5
|
||||
5LHpvNCgLQHO5nmJyJ13RlEUDfnnaGXCbA==
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
Binary file not shown.
@ -10,7 +10,7 @@ L = Brisbane
|
||||
O = wolfSSL Inc
|
||||
OU = Engineering
|
||||
CN = www.wolfssl.com
|
||||
emailAddress = support@wolfsssl.com
|
||||
emailAddress = support@wolfssl.com
|
||||
|
||||
[ v3_ca ]
|
||||
nsCertType = critical,server
|
||||
|
||||
Binary file not shown.
24
certs/test/cert-ext-nct.pem
Normal file
24
certs/test/cert-ext-nct.pem
Normal file
@ -0,0 +1,24 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEGDCCAwCgAwIBAgIUN9zd5Z6FAMRqEkWPoS4D42402XowDQYJKoZIhvcNAQEL
|
||||
BQAwgZ8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
|
||||
DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
|
||||
ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
|
||||
E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjExMDI2MTMzMzAzWhcNMjQwNzIyMTMz
|
||||
MzAzWjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
|
||||
BAcMCEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5n
|
||||
aW5lZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEiMCAGCSqGSIb3DQEJ
|
||||
ARYTc3VwcG9ydEB3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5c
|
||||
nFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0l
|
||||
T+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRp
|
||||
o0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGW
|
||||
Srzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgI
|
||||
vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaNKMEgwFAYJYIZIAYb4QgEBAQH/
|
||||
BAQDAgZAMDAGCWCGSAGG+EIBDQQjFiFUZXN0aW5nIE5ldHNjYXBlIENlcnRpZmlj
|
||||
YXRlIFR5cGUwDQYJKoZIhvcNAQELBQADggEBADvSHYLUd9cwFnqktCMOVggvPEvi
|
||||
QwiCn0Pfw5niwidHbdHeVqfcoA8hYYoLNFwSwiRpnlxoA6KBPkzmkat5s9ea4ATR
|
||||
gTMdhicrTpldWldJtrm0ReR8vtxlEg8Ts8ZJrKOoyJ5MP5qPbZj+a0vyS2Qb8rnL
|
||||
obou6pz2qbMhBrOYVP6gWnhZRHJmLplPNo/WEZMBXDgL62dca6oUiXWBpAO8j2PI
|
||||
VShex+u2l6DNy/KvDlaUYvW88A5FwI1ThuoeRU76Y8QhB6zaC0wQttVVguzOcf3G
|
||||
3c9jNLtz1Ydp3sLDmSJfHnI7dO4rRWd8go98GsGLt8O2ZhWZ1D8dkzRZfv0=
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
29
certs/test/cert-ext-ndir-exc.pem
Normal file
29
certs/test/cert-ext-ndir-exc.pem
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE/TCCA+WgAwIBAgIUNPy5nImvNHMmLnekTFdBX87LWIcwDQYJKoZIhvcNAQEL
|
||||
BQAwgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
|
||||
b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
|
||||
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
|
||||
bGZzc3NsLmNvbTAeFw0yMTEwMjYxMzMzMDNaFw0yNDA3MjIxMzMzMDNaMIGVMQsw
|
||||
CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjER
|
||||
MA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMM
|
||||
D3d3dy53b2xmc3NsLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0B3b2xmc3NzbC5j
|
||||
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgf
|
||||
SvJNdRDxtjWf38p9A5jTrN4DZu4q8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLq
|
||||
ypC7aVIQAy+o85XF8YtiVhvvZ2+kEEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04
|
||||
KRysx+3yfJWwlYJ9SVw4zXcl772AdVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC
|
||||
19pAb9gh3HMbQi1TnP4a/H2rejY/mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VW
|
||||
L6Mm0rdvsVoX1ziZCP6TWG/+wxNJCBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u9
|
||||
7TZ5AgMBAAGjggFBMIIBPTAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUw
|
||||
gdUGA1UdIwSBzTCByoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZukgZgwgZUxCzAJ
|
||||
BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
|
||||
DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
|
||||
d3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3NsLmNv
|
||||
bYIUNPy5nImvNHMmLnekTFdBX87LWIcwDAYDVR0TBAUwAwEB/zA2BgNVHR4BAf8E
|
||||
LDAqoSgwJqQkMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQCOsVInwF8jwAT/YzOZppX9UfOVKxRkJSaXWLKyskDY
|
||||
NKsq2nY1bxn4QwZL7G/Blq0dBCpaW7wkpTrkeSOrYCtl+nkdNA+I40ek9W+M889L
|
||||
WoDTh5gbm1pN4w/Y9Sn5eJG0jzg7eUgQ8dCbAqoEP/6R33TccMJIxG3eT9VeZSag
|
||||
bra51uVAfZuU5ec1EHomC2QdFAW6ekf7Bk7mejkhkA4EtM0784Srjk7azYR3kc0n
|
||||
ow2o9qwtA6lQnGmrZO0AArXosFW/MuZzBEIJxRCkATF/ZxMpAVvYb9h26GguiDu2
|
||||
B+LV1qS/UnQfqE78jojSA5JZ/wIHiDHwBiTaBTBx5Ub4
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
29
certs/test/cert-ext-ndir.pem
Normal file
29
certs/test/cert-ext-ndir.pem
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE6DCCA9CgAwIBAgIUUjnwSvtRITn8DePk5BV3FpOSt/EwDQYJKoZIhvcNAQEL
|
||||
BQAwgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
|
||||
b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
|
||||
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
|
||||
bGZzc3NsLmNvbTAeFw0yMTEwMjYxMzMzMDNaFw0yNDA3MjIxMzMzMDNaMIGVMQsw
|
||||
CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjER
|
||||
MA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMM
|
||||
D3d3dy53b2xmc3NsLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0B3b2xmc3NzbC5j
|
||||
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgf
|
||||
SvJNdRDxtjWf38p9A5jTrN4DZu4q8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLq
|
||||
ypC7aVIQAy+o85XF8YtiVhvvZ2+kEEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04
|
||||
KRysx+3yfJWwlYJ9SVw4zXcl772AdVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC
|
||||
19pAb9gh3HMbQi1TnP4a/H2rejY/mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VW
|
||||
L6Mm0rdvsVoX1ziZCP6TWG/+wxNJCBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u9
|
||||
7TZ5AgMBAAGjggEsMIIBKDAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUw
|
||||
gdUGA1UdIwSBzTCByoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZukgZgwgZUxCzAJ
|
||||
BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
|
||||
DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
|
||||
d3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3NsLmNv
|
||||
bYIUUjnwSvtRITn8DePk5BV3FpOSt/EwDAYDVR0TBAUwAwEB/zAhBgNVHR4BAf8E
|
||||
FzAVoBMwEaQPMA0xCzAJBgNVBAYTAlVTMA0GCSqGSIb3DQEBCwUAA4IBAQCftSer
|
||||
x/DD+8l32zkBpvuVQtRcEpQ6w7Cl1PD8TaiXe0W9eqKeBmxOgJ+a0kyKIcYSJU5R
|
||||
K8enk17q1FFiqdgU0lEo3tdOdvfxFyLTbdCVz/Q0KRhhELU+9ZQRl0NOj3NSRR+/
|
||||
QI0tHo9UvsojdlRUW2LTaVdHAz8yBp5dC73KM/7Y3bS4q8MDjVvXD+TiJdfbcbQo
|
||||
1eBm5eEsmoYQoOqQAt8n9bmEAe6syFi/sBJU5PqBWuNlBVLlySxEzCA8vPXyvL95
|
||||
3eStUcicaHWFA3dljObenJ8m9UWLlZTf+XPA9BrUwXHSG3945Rb8/gAdPUgsIT67
|
||||
UQJbTMyGRwalE97X
|
||||
-----END CERTIFICATE-----
|
||||
@ -5,20 +5,22 @@ TMP="/tmp/`basename $0`"
|
||||
KEY=certs/server-key.der
|
||||
gen_cert() {
|
||||
openssl req -x509 -keyform DER -key $KEY \
|
||||
-days 1000 -new -outform DER -out $OUT -config $CONFIG \
|
||||
-days 1000 -new -outform DER -out $OUT.der -config $CONFIG \
|
||||
>$TMP 2>&1
|
||||
|
||||
if [ "$?" = "0" -a -f $OUT ]; then
|
||||
if [ "$?" = "0" -a -f $OUT.der ]; then
|
||||
echo "Created: $OUT"
|
||||
else
|
||||
cat $TMP
|
||||
echo "Failed: $OUT"
|
||||
fi
|
||||
|
||||
openssl x509 -in $OUT.der -inform DER -outform PEM > $OUT.pem
|
||||
|
||||
rm $TMP
|
||||
}
|
||||
|
||||
OUT=certs/test/cert-ext-nc.der
|
||||
OUT=certs/test/cert-ext-nc
|
||||
KEYFILE=certs/test/cert-ext-nc-key.der
|
||||
CONFIG=certs/test/cert-ext-nc.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -47,7 +49,7 @@ EOF
|
||||
gen_cert
|
||||
|
||||
|
||||
OUT=certs/test/cert-ext-mnc.der
|
||||
OUT=certs/test/cert-ext-mnc
|
||||
KEYFILE=certs/test/cert-ext-mnc-key.der
|
||||
CONFIG=certs/test/cert-ext-mnc.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -76,7 +78,7 @@ EOF
|
||||
gen_cert
|
||||
|
||||
|
||||
OUT=certs/test/cert-ext-ncdns.der
|
||||
OUT=certs/test/cert-ext-ncdns
|
||||
KEYFILE=certs/test/cert-ext-nc-key.der
|
||||
CONFIG=certs/test/cert-ext-ncdns.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -104,7 +106,7 @@ nsComment = "Testing name constraints"
|
||||
EOF
|
||||
gen_cert
|
||||
|
||||
OUT=certs/test/cert-ext-ncmixed.der
|
||||
OUT=certs/test/cert-ext-ncmixed
|
||||
KEYFILE=certs/test/cert-ext-ncmixed-key.der
|
||||
CONFIG=certs/test/cert-ext-ncmixed.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -132,7 +134,7 @@ nsComment = "Testing name constraints"
|
||||
EOF
|
||||
gen_cert
|
||||
|
||||
OUT=certs/test/cert-ext-ia.der
|
||||
OUT=certs/test/cert-ext-ia
|
||||
KEYFILE=certs/test/cert-ext-ia-key.der
|
||||
CONFIG=certs/test/cert-ext-ia.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -148,7 +150,7 @@ L = Brisbane
|
||||
O = wolfSSL Inc
|
||||
OU = Engineering
|
||||
CN = www.wolfssl.com
|
||||
emailAddress = support@wolfsssl.com
|
||||
emailAddress = support@wolfssl.com
|
||||
|
||||
[ v3_ca ]
|
||||
inhibitAnyPolicy = critical,1
|
||||
@ -157,7 +159,7 @@ nsComment = "Testing inhibit any"
|
||||
EOF
|
||||
gen_cert
|
||||
|
||||
OUT=certs/test/cert-ext-nct.der
|
||||
OUT=certs/test/cert-ext-nct
|
||||
KEYFILE=certs/test/cert-ext-mct-key.der
|
||||
CONFIG=certs/test/cert-ext-nct.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -173,7 +175,7 @@ L = Brisbane
|
||||
O = wolfSSL Inc
|
||||
OU = Engineering
|
||||
CN = www.wolfssl.com
|
||||
emailAddress = support@wolfsssl.com
|
||||
emailAddress = support@wolfssl.com
|
||||
|
||||
[ v3_ca ]
|
||||
nsCertType = critical,server
|
||||
@ -183,7 +185,7 @@ EOF
|
||||
gen_cert
|
||||
|
||||
KEY=certs/ca-key.der
|
||||
OUT=certs/test/cert-ext-ndir.der
|
||||
OUT=certs/test/cert-ext-ndir
|
||||
KEYFILE=certs/ca-key.der
|
||||
CONFIG=certs/test/cert-ext-ndir.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -213,7 +215,7 @@ countryName = US
|
||||
EOF
|
||||
gen_cert
|
||||
|
||||
OUT=certs/test/cert-ext-ndir-exc.der
|
||||
OUT=certs/test/cert-ext-ndir-exc
|
||||
KEYFILE=certs/ca-key.der
|
||||
CONFIG=certs/test/cert-ext-ndir-exc.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -244,7 +246,7 @@ stateOrProvinceName = California
|
||||
EOF
|
||||
gen_cert
|
||||
|
||||
OUT=certs/test/cert-ext-joi.der
|
||||
OUT=certs/test/cert-ext-joi
|
||||
KEYFILE=certs/ca-key.der
|
||||
CONFIG=certs/test/cert-ext-joi.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
@ -272,4 +274,34 @@ basicConstraints=CA:TRUE
|
||||
EOF
|
||||
gen_cert
|
||||
|
||||
OUT=certs/test/cert-ext-multiple
|
||||
KEYFILE=certs/test/cert-ext-mct-key.der
|
||||
CONFIG=certs/test/cert-ext-multiple.cfg
|
||||
tee >$CONFIG <<EOF
|
||||
[ req ]
|
||||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
C = AU
|
||||
ST = Queensland
|
||||
L = Brisbane
|
||||
O = wolfSSL Inc
|
||||
OU = Engineering
|
||||
CN = www.wolfssl.com
|
||||
emailAddress = support@wolfssl.com
|
||||
postalCode = 56-131
|
||||
street = Main St
|
||||
|
||||
[ v3_ca ]
|
||||
nsCertType = server
|
||||
crlDistributionPoints = URI:http://www.wolfssl.com/crl.pem
|
||||
extendedKeyUsage = serverAuth
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer:always
|
||||
|
||||
|
||||
EOF
|
||||
gen_cert
|
||||
|
||||
|
||||
@ -5,22 +5,31 @@
|
||||
EXTRA_DIST += \
|
||||
certs/test/cert-ext-ia.cfg \
|
||||
certs/test/cert-ext-ia.der \
|
||||
certs/test/cert-ext-ia.pem \
|
||||
certs/test/cert-ext-nc.cfg \
|
||||
certs/test/cert-ext-nc.der \
|
||||
certs/test/cert-ext-nc.pem \
|
||||
certs/test/cert-ext-ncdns.der \
|
||||
certs/test/cert-ext-ncmixed.der \
|
||||
certs/test/cert-ext-mnc.der \
|
||||
certs/test/cert-ext-nct.cfg \
|
||||
certs/test/cert-ext-nct.der \
|
||||
certs/test/cert-ext-nct.pem \
|
||||
certs/test/cert-ext-ndir.cfg \
|
||||
certs/test/cert-ext-ndir.der \
|
||||
certs/test/cert-ext-ndir.pem \
|
||||
certs/test/cert-ext-ns.der \
|
||||
certs/test/cert-ext-ndir-exc.cfg \
|
||||
certs/test/cert-ext-ndir-exc.der \
|
||||
certs/test/cert-ext-ndir-exc.pem \
|
||||
certs/test/gen-ext-certs.sh \
|
||||
certs/test/server-duplicate-policy.pem \
|
||||
certs/test/cert-ext-joi.der \
|
||||
certs/test/cert-ext-joi.cfg
|
||||
certs/test/cert-ext-joi.pem \
|
||||
certs/test/cert-ext-joi.cfg \
|
||||
certs/test/cert-ext-multiple.cfg \
|
||||
certs/test/cert-ext-multiple.der \
|
||||
certs/test/cert-ext-multiple.pem
|
||||
|
||||
# The certs/server-cert with the last byte (signature byte) changed
|
||||
EXTRA_DIST += \
|
||||
|
||||
@ -6795,6 +6795,7 @@ then
|
||||
AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
|
||||
AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
|
||||
AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS"
|
||||
AM_CFLAGS="-DWOLFSSL_AKID_NAME $AM_CFLAGS"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
|
||||
|
||||
@ -3895,7 +3895,13 @@ void FreeX509(WOLFSSL_X509* x509)
|
||||
XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
x509->sig.buffer = NULL;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
if (x509->authKeyIdSrc != NULL) {
|
||||
XFREE(x509->authKeyIdSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
}
|
||||
else {
|
||||
XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
}
|
||||
x509->authKeyIdSrc = NULL;
|
||||
x509->authKeyId = NULL;
|
||||
XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
x509->subjKeyId = NULL;
|
||||
@ -3903,6 +3909,10 @@ void FreeX509(WOLFSSL_X509* x509)
|
||||
XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
x509->authInfo = NULL;
|
||||
}
|
||||
if (x509->rawCRLInfo != NULL) {
|
||||
XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
x509->rawCRLInfo = NULL;
|
||||
}
|
||||
if (x509->CRLInfo != NULL) {
|
||||
XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
x509->CRLInfo = NULL;
|
||||
@ -10649,6 +10659,17 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
|
||||
x509->CRLdistSet = dCert->extCRLdistSet;
|
||||
x509->CRLdistCrit = dCert->extCRLdistCrit;
|
||||
if (dCert->extCrlInfoRaw != NULL && dCert->extCrlInfoRawSz > 0) {
|
||||
x509->rawCRLInfo = (byte*)XMALLOC(dCert->extCrlInfoRawSz, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
if (x509->rawCRLInfo != NULL) {
|
||||
XMEMCPY(x509->rawCRLInfo, dCert->extCrlInfoRaw, dCert->extCrlInfoRawSz);
|
||||
x509->rawCRLInfoSz = dCert->extCrlInfoRawSz;
|
||||
}
|
||||
else {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
if (dCert->extCrlInfo != NULL && dCert->extCrlInfoSz > 0) {
|
||||
x509->CRLInfo = (byte*)XMALLOC(dCert->extCrlInfoSz, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
@ -10694,6 +10715,27 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
x509->authKeyIdSet = dCert->extAuthKeyIdSet;
|
||||
x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
|
||||
if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
if (dCert->extRawAuthKeyIdSrc != NULL &&
|
||||
dCert->extAuthKeyIdSrc > dCert->extRawAuthKeyIdSrc &&
|
||||
dCert->extAuthKeyIdSrc <
|
||||
(dCert->extRawAuthKeyIdSrc + dCert->extRawAuthKeyIdSz)) {
|
||||
/* Confirmed: extAuthKeyIdSrc points inside extRawAuthKeyIdSrc */
|
||||
x509->authKeyIdSrc = (byte*)XMALLOC(dCert->extRawAuthKeyIdSz,
|
||||
x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
if (x509->authKeyIdSrc != NULL) {
|
||||
XMEMCPY(x509->authKeyIdSrc, dCert->extRawAuthKeyIdSrc,
|
||||
dCert->extRawAuthKeyIdSz);
|
||||
x509->authKeyIdSrcSz = dCert->extRawAuthKeyIdSz;
|
||||
/* Set authKeyId to same offset inside authKeyIdSrc */
|
||||
x509->authKeyId = x509->authKeyIdSrc +
|
||||
(dCert->extAuthKeyIdSrc - dCert->extRawAuthKeyIdSrc);
|
||||
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
|
||||
}
|
||||
else
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
#else
|
||||
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
if (x509->authKeyId != NULL) {
|
||||
@ -10701,6 +10743,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
|
||||
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
|
||||
}
|
||||
#endif
|
||||
else
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
@ -10725,6 +10768,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
if (x509->extKeyUsageSrc != NULL) {
|
||||
XMEMCPY(x509->extKeyUsageSrc, dCert->extExtKeyUsageSrc,
|
||||
dCert->extExtKeyUsageSz);
|
||||
x509->extKeyUsage = dCert->extExtKeyUsage;
|
||||
x509->extKeyUsageSz = dCert->extExtKeyUsageSz;
|
||||
x509->extKeyUsageCrit = dCert->extExtKeyUsageCrit;
|
||||
x509->extKeyUsageCount = dCert->extExtKeyUsageCount;
|
||||
@ -10733,6 +10777,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
x509->nsCertType = dCert->nsCertType;
|
||||
#endif
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
|
||||
x509->certPolicySet = dCert->extCertPolicySet;
|
||||
x509->certPolicyCrit = dCert->extCertPolicyCrit;
|
||||
|
||||
103
src/ssl.c
103
src/ssl.c
@ -8839,58 +8839,24 @@ unsigned int wolfSSL_X509_get_key_usage(WOLFSSL_X509* x509)
|
||||
unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509)
|
||||
{
|
||||
int ret = 0;
|
||||
int rc;
|
||||
word32 idx = 0;
|
||||
word32 oid;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_X509_get_extended_key_usage");
|
||||
|
||||
if (x509 == NULL) {
|
||||
WOLFSSL_MSG("x509 is NULL");
|
||||
}
|
||||
else if (x509->extKeyUsageSrc != NULL) {
|
||||
while (idx < x509->extKeyUsageSz) {
|
||||
rc = GetObjectId(x509->extKeyUsageSrc, &idx, &oid,
|
||||
oidCertKeyUseType, x509->extKeyUsageSz);
|
||||
if (rc == ASN_UNKNOWN_OID_E) {
|
||||
continue;
|
||||
}
|
||||
else if (rc < 0) {
|
||||
WOLFSSL_MSG("GetObjectId failed");
|
||||
ret = -1;
|
||||
break;
|
||||
}
|
||||
|
||||
switch (oid) {
|
||||
case EKU_ANY_OID:
|
||||
ret |= XKU_ANYEKU;
|
||||
break;
|
||||
case EKU_SERVER_AUTH_OID:
|
||||
ret |= XKU_SSL_SERVER;
|
||||
break;
|
||||
case EKU_CLIENT_AUTH_OID:
|
||||
ret |= XKU_SSL_CLIENT;
|
||||
break;
|
||||
case EKU_CODESIGNING_OID:
|
||||
ret |= XKU_CODE_SIGN;
|
||||
break;
|
||||
case EKU_EMAILPROTECT_OID:
|
||||
ret |= XKU_SMIME;
|
||||
break;
|
||||
case EKU_TIMESTAMP_OID:
|
||||
ret |= XKU_TIMESTAMP;
|
||||
break;
|
||||
case EKU_OCSP_SIGN_OID:
|
||||
ret |= XKU_OCSP_SIGN;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("x509->extKeyUsageSrc is NULL");
|
||||
ret = -1;
|
||||
if (x509 != NULL) {
|
||||
if (x509->extKeyUsage & EXTKEYUSE_OCSP_SIGN)
|
||||
ret |= XKU_OCSP_SIGN;
|
||||
if (x509->extKeyUsage & EXTKEYUSE_TIMESTAMP)
|
||||
ret |= XKU_TIMESTAMP;
|
||||
if (x509->extKeyUsage & EXTKEYUSE_EMAILPROT)
|
||||
ret |= XKU_SMIME;
|
||||
if (x509->extKeyUsage & EXTKEYUSE_CODESIGN)
|
||||
ret |= XKU_CODE_SIGN;
|
||||
if (x509->extKeyUsage & EXTKEYUSE_CLIENT_AUTH)
|
||||
ret |= XKU_SSL_CLIENT;
|
||||
if (x509->extKeyUsage & EXTKEYUSE_SERVER_AUTH)
|
||||
ret |= XKU_SSL_SERVER;
|
||||
if (x509->extKeyUsage & EXTKEYUSE_ANY)
|
||||
ret |= XKU_ANYEKU;
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_X509_get_extended_key_usage", ret);
|
||||
@ -9792,6 +9758,13 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
|
||||
|
||||
switch (ext->obj->type) {
|
||||
case NID_authority_key_identifier:
|
||||
if (x509->authKeyIdSrc != NULL) {
|
||||
/* If authKeyId points into authKeyIdSrc then free it and
|
||||
* revert to old functionality */
|
||||
XFREE(x509->authKeyIdSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
x509->authKeyIdSrc = NULL;
|
||||
x509->authKeyId = NULL;
|
||||
}
|
||||
if (asn1_string_copy_to_buffer(&ext->value, &x509->authKeyId,
|
||||
&x509->authKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("asn1_string_copy_to_buffer error");
|
||||
@ -31420,6 +31393,8 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
|
||||
{ NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"},
|
||||
{ NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST",
|
||||
"stateOrProvinceName"},
|
||||
{ NID_streetAddress, NID_streetAddress, oidCertNameType, "street",
|
||||
"streetAddress"},
|
||||
{ NID_organizationName, NID_organizationName, oidCertNameType, "O",
|
||||
"organizationName"},
|
||||
{ NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType,
|
||||
@ -31436,6 +31411,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
|
||||
"jurisdictionCountryName"},
|
||||
{ NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName,
|
||||
oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"},
|
||||
{ NID_postalCode, NID_postalCode, oidCertNameType, "postalCode", "postalCode"},
|
||||
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
{ NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
|
||||
@ -41882,11 +41858,20 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) {
|
||||
if (x509->authKeyIdSz < sizeof(cert->akid)) {
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
cert->rawAkid = 0;
|
||||
if (x509->authKeyIdSrc) {
|
||||
XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
|
||||
cert->akidSz = (int)x509->authKeyIdSrcSz;
|
||||
cert->rawAkid = 1;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if (x509->authKeyId) {
|
||||
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
|
||||
cert->akidSz = (int)x509->authKeyIdSz;
|
||||
}
|
||||
cert->akidSz = (int)x509->authKeyIdSz;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Auth Key ID too large");
|
||||
@ -41907,6 +41892,17 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
|
||||
cert->certPoliciesNb = (word16)x509->certPoliciesNb;
|
||||
|
||||
cert->keyUsage = x509->keyUsage;
|
||||
cert->extKeyUsage = x509->extKeyUsage;
|
||||
cert->nsCertType = x509->nsCertType;
|
||||
|
||||
if (x509->rawCRLInfo != NULL) {
|
||||
if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) {
|
||||
WOLFSSL_MSG("CRL Info too large");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
|
||||
cert->crlInfoSz = x509->rawCRLInfoSz;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
@ -42446,12 +42442,14 @@ static int ConvertNIDToWolfSSL(int nid)
|
||||
case NID_countryName: return ASN_COUNTRY_NAME;
|
||||
case NID_localityName: return ASN_LOCALITY_NAME;
|
||||
case NID_stateOrProvinceName: return ASN_STATE_NAME;
|
||||
case NID_streetAddress: return ASN_STREET_ADDR;
|
||||
case NID_organizationName: return ASN_ORG_NAME;
|
||||
case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
|
||||
case NID_emailAddress: return ASN_EMAIL_NAME;
|
||||
case NID_serialNumber: return ASN_SERIAL_NUMBER;
|
||||
case NID_businessCategory: return ASN_BUS_CAT;
|
||||
case NID_domainComponent: return ASN_DOMAIN_COMPONENT;
|
||||
case NID_postalCode: return ASN_POSTAL_CODE;
|
||||
default:
|
||||
WOLFSSL_MSG("Attribute NID not found");
|
||||
return -1;
|
||||
@ -46006,6 +46004,9 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
|
||||
/* write the PEM to BIO */
|
||||
ret = wolfSSL_BIO_write(bio, pem, pemSz);
|
||||
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
if (ret <= 0) return WOLFSSL_FAILURE;
|
||||
return WOLFSSL_SUCCESS;
|
||||
|
||||
414
tests/api.c
414
tests/api.c
@ -343,8 +343,11 @@
|
||||
#endif
|
||||
|
||||
#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
|
||||
defined(HAVE_SESSION_TICKET)
|
||||
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT */
|
||||
defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
|
||||
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \
|
||||
!defined(WOLFSSL_ASN_TEMPLATE))
|
||||
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
|
||||
* or for setting authKeyIdSrc in WOLFSSL_X509 */
|
||||
#include "wolfssl/internal.h"
|
||||
#endif
|
||||
|
||||
@ -35677,140 +35680,208 @@ static void test_wolfSSL_X509_sign2(void)
|
||||
time_t t;
|
||||
|
||||
const unsigned char expected[] = {
|
||||
0x30, 0x82, 0x04, 0x25, 0x30, 0x82, 0x03, 0x0D,
|
||||
0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
|
||||
0xF1, 0x5C, 0x99, 0x43, 0x66, 0x3D, 0x96, 0x04,
|
||||
0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
|
||||
0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
|
||||
0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
|
||||
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
|
||||
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
|
||||
0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
|
||||
0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
|
||||
0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65,
|
||||
0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61,
|
||||
0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13,
|
||||
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
|
||||
0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74,
|
||||
0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
|
||||
0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
|
||||
0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
|
||||
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
|
||||
0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
|
||||
0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
|
||||
0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
|
||||
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E,
|
||||
0x17, 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35,
|
||||
0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5A, 0x17,
|
||||
0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
|
||||
0x30, 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81,
|
||||
0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
|
||||
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
|
||||
0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
|
||||
0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
|
||||
0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D,
|
||||
0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
|
||||
0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C,
|
||||
0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34,
|
||||
0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
|
||||
0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67,
|
||||
0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D,
|
||||
0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16,
|
||||
0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
|
||||
0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
|
||||
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
|
||||
0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
|
||||
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
|
||||
0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
|
||||
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
|
||||
0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A,
|
||||
0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
|
||||
0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30,
|
||||
0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00,
|
||||
0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32,
|
||||
0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C,
|
||||
0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47,
|
||||
0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0,
|
||||
0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4,
|
||||
0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67,
|
||||
0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2,
|
||||
0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF,
|
||||
0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47,
|
||||
0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69,
|
||||
0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7,
|
||||
0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A,
|
||||
0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6,
|
||||
0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C,
|
||||
0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C,
|
||||
0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4,
|
||||
0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E,
|
||||
0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81,
|
||||
0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67,
|
||||
0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88,
|
||||
0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72,
|
||||
0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0,
|
||||
0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C,
|
||||
0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D,
|
||||
0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E,
|
||||
0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A,
|
||||
0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB,
|
||||
0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71,
|
||||
0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5,
|
||||
0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D,
|
||||
0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE,
|
||||
0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3,
|
||||
0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x6E, 0x30,
|
||||
0x6C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13,
|
||||
0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
|
||||
0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15,
|
||||
0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D,
|
||||
0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
|
||||
0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06,
|
||||
0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14,
|
||||
0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
|
||||
0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
|
||||
0xD7, 0x85, 0x65, 0xC0, 0x30, 0x1F, 0x06, 0x03,
|
||||
0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
|
||||
0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87,
|
||||
0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7,
|
||||
0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x0D, 0x06,
|
||||
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
|
||||
0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
|
||||
0x00, 0x79, 0x81, 0x5D, 0xAB, 0xDB, 0x44, 0x70,
|
||||
0xD6, 0x39, 0x4F, 0xA6, 0xBA, 0x09, 0x99, 0xBB,
|
||||
0xCB, 0x82, 0xF9, 0x17, 0x34, 0xBD, 0x3E, 0xB1,
|
||||
0x18, 0xA8, 0xF9, 0x10, 0x16, 0x2A, 0xE0, 0x74,
|
||||
0xC6, 0xCF, 0xB3, 0x5F, 0xC6, 0x2C, 0xFB, 0xE3,
|
||||
0x5D, 0x38, 0x2B, 0x99, 0x02, 0x98, 0x9D, 0x55,
|
||||
0x95, 0x65, 0xC3, 0xEB, 0x77, 0x13, 0xA0, 0x75,
|
||||
0x35, 0x68, 0x1F, 0x08, 0xE8, 0x82, 0x3E, 0xF1,
|
||||
0xEF, 0x4B, 0xE7, 0x6E, 0xAD, 0xC1, 0x7C, 0x57,
|
||||
0xCE, 0xF5, 0x24, 0x4E, 0x2F, 0xC4, 0xF7, 0x46,
|
||||
0xED, 0x0E, 0x27, 0x1D, 0xD2, 0x12, 0x5D, 0x9A,
|
||||
0xE5, 0x82, 0xB8, 0x92, 0x42, 0x8F, 0x9E, 0x4D,
|
||||
0x9B, 0x31, 0x85, 0x2E, 0xE0, 0x5E, 0x83, 0xFB,
|
||||
0xA4, 0x33, 0x32, 0x34, 0x2A, 0xAD, 0x38, 0x7A,
|
||||
0x6D, 0xD5, 0x02, 0xAE, 0x77, 0xCB, 0x26, 0x76,
|
||||
0x7B, 0xFA, 0xE0, 0x91, 0x9B, 0x6F, 0xF4, 0xC4,
|
||||
0xA1, 0x54, 0xB1, 0x13, 0x80, 0x6E, 0xFB, 0x70,
|
||||
0x4C, 0x7F, 0x4F, 0x58, 0x39, 0xFA, 0x5B, 0x3D,
|
||||
0x60, 0x63, 0xDF, 0xEF, 0x90, 0xB3, 0x9B, 0x9A,
|
||||
0xEE, 0x8E, 0x34, 0xFB, 0x8B, 0x75, 0x5F, 0xC7,
|
||||
0xE4, 0xDB, 0x7C, 0x63, 0x84, 0xE4, 0x6C, 0xC7,
|
||||
0xD8, 0xC8, 0xA9, 0xA4, 0x42, 0x64, 0x93, 0x65,
|
||||
0x17, 0x58, 0xC2, 0x51, 0x3E, 0x8E, 0x2A, 0x68,
|
||||
0x37, 0xC6, 0x59, 0x75, 0x68, 0xD4, 0x16, 0x6A,
|
||||
0x17, 0x87, 0xC0, 0xA8, 0x9A, 0x1F, 0x07, 0xCF,
|
||||
0x43, 0x58, 0xF4, 0xEA, 0xFE, 0xFB, 0xB2, 0x3F,
|
||||
0x7E, 0xC0, 0xF4, 0x83, 0x67, 0x85, 0x30, 0xF2,
|
||||
0xE1, 0x60, 0x37, 0x39, 0x45, 0x2A, 0x21, 0x51,
|
||||
0x0C, 0x4F, 0xFB, 0x0C, 0x0A, 0xFA, 0x7D, 0xD9,
|
||||
0xB4, 0x72, 0x86, 0x9C, 0x0D, 0x2A, 0x25, 0x0E,
|
||||
0xBB, 0x45, 0xEC, 0x5D, 0xFB, 0x7A, 0xAA, 0x67,
|
||||
0x49, 0x4F, 0x36, 0xAB, 0xDE, 0x4B, 0x57, 0x35,
|
||||
0xF3
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01,
|
||||
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
|
||||
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
|
||||
0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
|
||||
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
|
||||
0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
|
||||
0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
|
||||
0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
|
||||
0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
|
||||
0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
|
||||
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
|
||||
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
|
||||
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
|
||||
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
|
||||
0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
|
||||
0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
|
||||
0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
|
||||
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
|
||||
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
|
||||
0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
|
||||
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
|
||||
0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
|
||||
0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
|
||||
0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
|
||||
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
|
||||
0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
|
||||
0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
||||
0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
|
||||
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
|
||||
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
|
||||
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
|
||||
0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
|
||||
0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
|
||||
0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
|
||||
0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
|
||||
0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
|
||||
0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
|
||||
0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
|
||||
0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
|
||||
0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
|
||||
0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
|
||||
0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
|
||||
0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
|
||||
0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
|
||||
0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
|
||||
0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
|
||||
0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
|
||||
0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
|
||||
0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
|
||||
0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
|
||||
0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
|
||||
0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
|
||||
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x44, 0x30, 0x82, 0x01,
|
||||
0x40, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
|
||||
0x01, 0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15,
|
||||
0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
|
||||
0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06,
|
||||
0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66,
|
||||
0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26,
|
||||
0xd7, 0x85, 0x65, 0xc0, 0x30, 0x81, 0xd3, 0x06, 0x03, 0x55, 0x1d, 0x23,
|
||||
0x04, 0x81, 0xcb, 0x30, 0x81, 0xc8, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66,
|
||||
0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26,
|
||||
0xd7, 0x85, 0x65, 0xc0, 0xa1, 0x81, 0xa4, 0xa4, 0x81, 0xa1, 0x30, 0x81,
|
||||
0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
|
||||
0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
|
||||
0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
|
||||
0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
|
||||
0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
|
||||
0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34,
|
||||
0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10,
|
||||
0x50, 0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d,
|
||||
0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
|
||||
0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73,
|
||||
0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
|
||||
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
|
||||
0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
|
||||
0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d,
|
||||
0x96, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30,
|
||||
0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06,
|
||||
0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06,
|
||||
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
|
||||
0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x2e, 0xd1, 0xec, 0xbc, 0x99, 0xfe,
|
||||
0x50, 0x38, 0x47, 0x47, 0x88, 0x51, 0xcf, 0xe4, 0x88, 0x76, 0xdf, 0x89,
|
||||
0x8f, 0xea, 0x91, 0xbc, 0xd6, 0xc6, 0x91, 0xc9, 0xcc, 0x33, 0x77, 0x5d,
|
||||
0xdd, 0x4b, 0xc9, 0xf6, 0x10, 0x54, 0xe2, 0x04, 0x89, 0x51, 0xdb, 0xe1,
|
||||
0x00, 0x0c, 0x61, 0x03, 0x26, 0x86, 0x35, 0xac, 0x96, 0x23, 0x9d, 0xef,
|
||||
0xd9, 0x95, 0xe4, 0xb4, 0x83, 0x9e, 0x0f, 0x47, 0x30, 0x08, 0x96, 0x28,
|
||||
0x7f, 0x2d, 0xe3, 0x23, 0x30, 0x3b, 0xb0, 0x46, 0xe8, 0x21, 0x78, 0xb4,
|
||||
0xc0, 0xbc, 0x9f, 0x60, 0x02, 0xd4, 0x16, 0x2d, 0xe5, 0x5a, 0x00, 0x65,
|
||||
0x15, 0x95, 0x81, 0x93, 0x80, 0x06, 0x3e, 0xf7, 0xdf, 0x0c, 0x2b, 0x3f,
|
||||
0x14, 0xfc, 0xc3, 0x79, 0xfd, 0x59, 0x5c, 0xa7, 0xc3, 0xe0, 0xa8, 0xd4,
|
||||
0x53, 0x4f, 0x13, 0x0a, 0xa3, 0xfe, 0x1d, 0x63, 0x4e, 0x84, 0xb2, 0x98,
|
||||
0x19, 0x06, 0xe0, 0x60, 0x3a, 0xc9, 0x49, 0x73, 0x00, 0xe3, 0x72, 0x2f,
|
||||
0x68, 0x27, 0x9f, 0x14, 0x18, 0xb7, 0x57, 0xb9, 0x1d, 0xa8, 0xb3, 0x05,
|
||||
0x6c, 0xf5, 0x4b, 0x0e, 0xac, 0x26, 0x7a, 0xfe, 0xc1, 0xab, 0x1f, 0x27,
|
||||
0xf1, 0x1e, 0x21, 0x33, 0x31, 0xb6, 0x43, 0xb0, 0xf8, 0x74, 0x69, 0x6a,
|
||||
0xb1, 0x9b, 0xcb, 0xe4, 0xd3, 0xa2, 0x8e, 0x8a, 0x55, 0xef, 0x81, 0xf3,
|
||||
0x4a, 0x44, 0x90, 0x4d, 0x08, 0xb8, 0x31, 0x90, 0x1a, 0x82, 0x52, 0x56,
|
||||
0xeb, 0xf0, 0x50, 0x5b, 0x9f, 0x87, 0x98, 0x54, 0xfe, 0x6a, 0x60, 0x41,
|
||||
0x16, 0xdb, 0xdc, 0xff, 0x89, 0x4c, 0x98, 0x00, 0xb1, 0x87, 0x6c, 0xe7,
|
||||
0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14,
|
||||
0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab,
|
||||
0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0
|
||||
#else
|
||||
0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01,
|
||||
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
|
||||
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
|
||||
0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
|
||||
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
|
||||
0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
|
||||
0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
|
||||
0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
|
||||
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
|
||||
0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
|
||||
0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
|
||||
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
|
||||
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
|
||||
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
|
||||
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
|
||||
0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
|
||||
0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
|
||||
0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
|
||||
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
|
||||
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
|
||||
0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
|
||||
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
|
||||
0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
|
||||
0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
|
||||
0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
|
||||
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
|
||||
0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
|
||||
0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
||||
0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
|
||||
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
|
||||
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
|
||||
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
|
||||
0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
|
||||
0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
|
||||
0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
|
||||
0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
|
||||
0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
|
||||
0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
|
||||
0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
|
||||
0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
|
||||
0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
|
||||
0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
|
||||
0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
|
||||
0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
|
||||
0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
|
||||
0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
|
||||
0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
|
||||
0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
|
||||
0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
|
||||
0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
|
||||
0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
|
||||
0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
|
||||
0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
|
||||
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30,
|
||||
0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
|
||||
0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13,
|
||||
0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
|
||||
0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55,
|
||||
0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68,
|
||||
0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85,
|
||||
0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
|
||||
0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e,
|
||||
0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30,
|
||||
0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
|
||||
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
|
||||
0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
|
||||
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
|
||||
0x01, 0x00, 0x98, 0x2a, 0x3d, 0x94, 0x37, 0xae, 0xd6, 0x28, 0x12, 0xed,
|
||||
0x6d, 0x95, 0xc9, 0x05, 0x89, 0x4b, 0x5c, 0x5e, 0x88, 0xed, 0x9e, 0x14,
|
||||
0x89, 0x79, 0x65, 0x7b, 0x5c, 0xdb, 0xcd, 0x21, 0xc5, 0xfc, 0x7a, 0x05,
|
||||
0xd2, 0x33, 0x54, 0xa1, 0x1b, 0xb2, 0xc6, 0xd8, 0x3e, 0x88, 0x7d, 0x58,
|
||||
0xfd, 0xd0, 0xca, 0x71, 0x58, 0xd5, 0x37, 0x81, 0xe0, 0xef, 0x65, 0xfc,
|
||||
0x1b, 0xf1, 0x5d, 0xdd, 0x26, 0x68, 0x12, 0xfb, 0x12, 0x24, 0xd5, 0x45,
|
||||
0x4f, 0x41, 0xad, 0xee, 0x3f, 0x16, 0x40, 0xb2, 0x59, 0xe6, 0x5b, 0x76,
|
||||
0xe7, 0x47, 0x11, 0xa4, 0xe1, 0x2f, 0x0d, 0xe8, 0x13, 0x13, 0x49, 0xb0,
|
||||
0x01, 0x11, 0x15, 0xb5, 0xb3, 0x93, 0x4f, 0x28, 0xdc, 0xd0, 0x30, 0x03,
|
||||
0x48, 0x02, 0x95, 0x2d, 0xd9, 0x26, 0x87, 0x1f, 0x19, 0xa1, 0x03, 0x5c,
|
||||
0x7c, 0xde, 0x54, 0xd4, 0x98, 0x85, 0x34, 0xcc, 0x54, 0xf1, 0x24, 0x43,
|
||||
0xa6, 0x87, 0xfa, 0xb6, 0x62, 0xee, 0xa3, 0x4a, 0xb3, 0xce, 0x1c, 0x2e,
|
||||
0xbf, 0x94, 0xef, 0x4c, 0x75, 0x75, 0x55, 0x1d, 0xc9, 0xc2, 0xe4, 0xe5,
|
||||
0x24, 0xb2, 0x0a, 0x93, 0xf0, 0xff, 0x2e, 0x43, 0x99, 0xad, 0x4e, 0x83,
|
||||
0x11, 0x52, 0xf4, 0xb9, 0x92, 0x30, 0xe1, 0x02, 0x2f, 0xa5, 0xf2, 0x21,
|
||||
0xb1, 0xf4, 0xe9, 0x57, 0xbd, 0xba, 0x17, 0x56, 0xd7, 0x31, 0xcb, 0x63,
|
||||
0xa3, 0xd5, 0xcf, 0xc9, 0xd9, 0xa6, 0x4f, 0x51, 0x6c, 0x52, 0x4c, 0x53,
|
||||
0x88, 0x9a, 0x2e, 0xb9, 0x72, 0x02, 0x6e, 0x1b, 0x21, 0x93, 0xa1, 0x88,
|
||||
0x1b, 0x35, 0x0e, 0x9e, 0x2b, 0x63, 0x81, 0xba, 0xb4, 0x6b, 0x28, 0x01,
|
||||
0x56, 0xe1, 0x0e, 0x13, 0x73, 0xf6, 0xd6, 0xa0, 0xd2, 0xfd, 0xc9, 0x4d,
|
||||
0xbd, 0xa8, 0xa9, 0x22, 0x9e, 0xc7, 0x13, 0x76, 0x5a, 0x9c, 0xd3, 0x9a,
|
||||
0xf4, 0x0c, 0x52, 0xe6, 0x47, 0xcb
|
||||
#endif
|
||||
};
|
||||
|
||||
printf(testingFmt, "wolfSSL_X509_sign2");
|
||||
@ -37526,6 +37597,76 @@ static void test_wolfSSL_i2t_ASN1_OBJECT(void)
|
||||
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
|
||||
}
|
||||
|
||||
static void test_wolfSSL_PEM_write_bio_X509(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \
|
||||
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
|
||||
/* This test contains the hard coded expected
|
||||
* lengths. Update if necessary */
|
||||
|
||||
BIO* input;
|
||||
BIO* output;
|
||||
X509* x509 = NULL;
|
||||
int expectedLen;
|
||||
|
||||
printf(testingFmt, "wolfSSL_PEM_write_bio_X509()");
|
||||
|
||||
AssertNotNull(input = BIO_new_file(
|
||||
"certs/test/cert-ext-multiple.pem", "rb"));
|
||||
AssertIntEQ(wolfSSL_BIO_get_len(input), 2000);
|
||||
|
||||
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
|
||||
|
||||
AssertNotNull(PEM_read_bio_X509(input, &x509, NULL, NULL));
|
||||
|
||||
AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);
|
||||
|
||||
#ifdef WOLFSSL_ALT_NAMES
|
||||
/* Here we copy the validity struct from the original */
|
||||
expectedLen = 2000;
|
||||
#else
|
||||
/* Only difference is that we generate the validity in generalized
|
||||
* time. Generating UTCTime vs Generalized time should be fixed in
|
||||
* the future */
|
||||
expectedLen = 2004;
|
||||
#endif
|
||||
AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
|
||||
|
||||
/* Reset output buffer */
|
||||
BIO_free(output);
|
||||
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
|
||||
|
||||
/* Test forcing the AKID to be generated just from KeyIdentifier */
|
||||
if (x509->authKeyIdSrc != NULL) {
|
||||
XMEMMOVE(x509->authKeyIdSrc, x509->authKeyId, x509->authKeyIdSz);
|
||||
x509->authKeyId = x509->authKeyIdSrc;
|
||||
x509->authKeyIdSrc = NULL;
|
||||
x509->authKeyIdSrcSz = 0;
|
||||
}
|
||||
|
||||
AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);
|
||||
|
||||
/* Check that we generate a smaller output since the AKID will
|
||||
* only contain the KeyIdentifier without any additional
|
||||
* information */
|
||||
|
||||
#ifdef WOLFSSL_ALT_NAMES
|
||||
/* Here we copy the validity struct from the original */
|
||||
expectedLen = 1688;
|
||||
#else
|
||||
/* UTCTime vs Generalized time */
|
||||
expectedLen = 1692;
|
||||
#endif
|
||||
AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
|
||||
|
||||
X509_free(x509);
|
||||
BIO_free(input);
|
||||
BIO_free(output);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_X509_NAME_ENTRY(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
|
||||
@ -51454,6 +51595,7 @@ void ApiTest(void)
|
||||
test_wolfSSL_OBJ_txt2nid();
|
||||
test_wolfSSL_OBJ_txt2obj();
|
||||
test_wolfSSL_i2t_ASN1_OBJECT();
|
||||
test_wolfSSL_PEM_write_bio_X509();
|
||||
test_wolfSSL_X509_NAME_ENTRY();
|
||||
test_wolfSSL_X509_set_name();
|
||||
test_wolfSSL_X509_set_notAfter();
|
||||
|
||||
@ -74,6 +74,8 @@ ASN Options:
|
||||
* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK: Use ASN functions to better test compiler
|
||||
type issues for testing
|
||||
* CRLDP_VALIDATE_DATA: For ASN template only, validates the reason data
|
||||
* WOLFSSL_AKID_NAME: Enable support for full AuthorityKeyIdentifier extension.
|
||||
* Only supports copying full AKID from an existing certificate.
|
||||
*/
|
||||
|
||||
#ifndef NO_ASN
|
||||
@ -612,8 +614,8 @@ static void SizeASN_CalcDataLength(const ASNItem* asn, ASNSetData *data,
|
||||
/* The length of a header only item doesn't include the data unless
|
||||
* a replacement buffer is supplied.
|
||||
*/
|
||||
if (asn[j].headerOnly && data[j].dataType !=
|
||||
ASN_DATA_TYPE_REPLACE_BUFFER) {
|
||||
if (asn[j].headerOnly && data[j].data.buffer.data == NULL &&
|
||||
data[j].dataType != ASN_DATA_TYPE_REPLACE_BUFFER) {
|
||||
data[idx].data.buffer.length += data[j].data.buffer.length;
|
||||
}
|
||||
}
|
||||
@ -685,8 +687,16 @@ int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz)
|
||||
* Mostly used for constructed items.
|
||||
*/
|
||||
if (asn[i].headerOnly) {
|
||||
/* Calculate data length from items below. */
|
||||
SizeASN_CalcDataLength(asn, data, i, count);
|
||||
if (data[i].data.buffer.data != NULL) {
|
||||
/* Force all child nodes to be ignored. Buffer
|
||||
* overwrites children. */
|
||||
SetASNItem_NoOutBelow(data, asn, i, count);
|
||||
}
|
||||
else {
|
||||
/* Calculate data length from items below if no buffer
|
||||
* supplied. */
|
||||
SizeASN_CalcDataLength(asn, data, i, count);
|
||||
}
|
||||
}
|
||||
if (asn[i].tag == ASN_BOOLEAN) {
|
||||
dataLen = 1;
|
||||
@ -705,8 +715,9 @@ int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz)
|
||||
}
|
||||
/* Add in the size of tag and length. */
|
||||
len += SizeASNHeader(dataLen);
|
||||
/* Include data in length if not header only. */
|
||||
if (!asn[i].headerOnly) {
|
||||
/* Include data in length if not header only or if
|
||||
* buffer supplied. */
|
||||
if (!asn[i].headerOnly || data[i].data.buffer.data != NULL) {
|
||||
len += dataLen;
|
||||
}
|
||||
break;
|
||||
@ -933,8 +944,10 @@ int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output)
|
||||
if (data[i].data.buffer.data == NULL) {
|
||||
data[i].data.buffer.data = out + idx;
|
||||
}
|
||||
/* Copy supplied data if not putting out header only. */
|
||||
else if (!asn[i].headerOnly) {
|
||||
/* Copy supplied data if not putting out header only or
|
||||
* if buffer supplied. */
|
||||
else if (!asn[i].headerOnly ||
|
||||
data[i].data.buffer.data != NULL) {
|
||||
/* Allow data to come from output buffer. */
|
||||
XMEMMOVE(out + idx, data[i].data.buffer.data,
|
||||
data[i].data.buffer.length);
|
||||
@ -3239,7 +3252,7 @@ word32 SetBitString(word32 len, byte unusedBits, byte* output)
|
||||
idx += ASN_TAG_SZ;
|
||||
|
||||
/* Encode length - passing NULL for output will not encode.
|
||||
* Add one to length for unsued bits. */
|
||||
* Add one to length for unused bits. */
|
||||
idx += SetLength(len + 1, output ? output + idx : NULL);
|
||||
if (output) {
|
||||
/* Write out unused bits. */
|
||||
@ -10113,8 +10126,6 @@ static int GetHashId(const byte* id, int length, byte* hash)
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
/* Id for street address - not used. */
|
||||
#define ASN_STREET 9
|
||||
/* Id for email address. */
|
||||
#define ASN_EMAIL 0x100
|
||||
/* Id for user id. */
|
||||
@ -10146,6 +10157,10 @@ static int GetHashId(const byte* id, int length, byte* hash)
|
||||
#define GetCertNameSubjectNID(id) \
|
||||
(certNameSubject[(id) - 3].nid)
|
||||
|
||||
#define ValidCertNameSubject(id) \
|
||||
((id - 3) >= 0 && (id - 3) < certNameSubjectSz && \
|
||||
(certNameSubject[(id) - 3].strLen > 0))
|
||||
|
||||
/* Mapping of certificate name component to useful information. */
|
||||
typedef struct CertNameData {
|
||||
/* Type string of name component. */
|
||||
@ -10240,16 +10255,16 @@ static const CertNameData certNameSubject[] = {
|
||||
NID_stateOrProvinceName
|
||||
#endif
|
||||
},
|
||||
/* Undefined - Street */
|
||||
/* Street Address */
|
||||
{
|
||||
NULL, 0,
|
||||
"/street=", 8,
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
OFFSETOF(DecodedCert, subjectStreet),
|
||||
OFFSETOF(DecodedCert, subjectStreetLen),
|
||||
OFFSETOF(DecodedCert, subjectStreetEnc),
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
0,
|
||||
NID_streetAddress
|
||||
#endif
|
||||
},
|
||||
/* Organization Name */
|
||||
@ -10328,10 +10343,43 @@ static const CertNameData certNameSubject[] = {
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
NID_businessCategory
|
||||
#endif
|
||||
},
|
||||
/* Undefined */
|
||||
{
|
||||
NULL, 0,
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
0,
|
||||
#endif
|
||||
},
|
||||
/* Postal Code */
|
||||
{
|
||||
"/postalCode=", 12,
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
OFFSETOF(DecodedCert, subjectPC),
|
||||
OFFSETOF(DecodedCert, subjectPCLen),
|
||||
OFFSETOF(DecodedCert, subjectPCEnc),
|
||||
#else
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
NID_postalCode
|
||||
#endif
|
||||
},
|
||||
};
|
||||
|
||||
static const int certNameSubjectSz =
|
||||
(int) (sizeof(certNameSubject) / sizeof(CertNameData));
|
||||
|
||||
/* Full email OID. */
|
||||
static const byte emailOid[] = {
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01
|
||||
@ -10527,8 +10575,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
|
||||
if ((oidSz == 3) && (oid[0] == 0x55) && (oid[1] == 0x04)) {
|
||||
id = oid[2];
|
||||
/* Check range of supported ids in table. */
|
||||
if (((id >= ASN_COMMON_NAME) && (id <= ASN_ORGUNIT_NAME) &&
|
||||
(id != ASN_STREET)) || (id == ASN_BUS_CAT)) {
|
||||
if (ValidCertNameSubject(id)) {
|
||||
/* Get the type string, length and NID from table. */
|
||||
typeStr = GetCertNameSubjectStr(id);
|
||||
typeStrLen = GetCertNameSubjectStrLen(id);
|
||||
@ -10887,6 +10934,22 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
else if (id == ASN_STREET_ADDR) {
|
||||
copy = WOLFSSL_STREET_ADDR_NAME;
|
||||
copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1;
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
if (nameType == SUBJECT) {
|
||||
cert->subjectStreet = (char*)&input[srcIdx];
|
||||
cert->subjectStreetLen = strLen;
|
||||
cert->subjectStreetEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_streetAddress;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_BUS_CAT) {
|
||||
copy = WOLFSSL_BUS_CAT;
|
||||
copyLen = sizeof(WOLFSSL_BUS_CAT) - 1;
|
||||
@ -10902,6 +10965,22 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
|
||||
nid = NID_businessCategory;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_POSTAL_CODE) {
|
||||
copy = WOLFSSL_POSTAL_NAME;
|
||||
copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1;
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
if (nameType == SUBJECT) {
|
||||
cert->subjectPC = (char*)&input[srcIdx];
|
||||
cert->subjectPCLen = strLen;
|
||||
cert->subjectPCEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_postalCode;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
}
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
@ -14533,6 +14612,9 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert)
|
||||
|
||||
WOLFSSL_ENTER("DecodeCrlDist");
|
||||
|
||||
cert->extCrlInfoRaw = input;
|
||||
cert->extCrlInfoRawSz = sz;
|
||||
|
||||
/* Unwrap the list of Distribution Points*/
|
||||
if (GetSequence(input, &idx, &length, sz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
@ -14625,6 +14707,9 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert)
|
||||
|
||||
CALLOC_ASNGETDATA(dataASN, crlDistASN_Length, ret, cert->heap);
|
||||
|
||||
cert->extCrlInfoRaw = input;
|
||||
cert->extCrlInfoRawSz = sz;
|
||||
|
||||
if (ret == 0) {
|
||||
/* Get the GeneralName choice */
|
||||
GetASN_Choice(&dataASN[4], generalNameChoice);
|
||||
@ -14869,6 +14954,10 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
cert->extRawAuthKeyIdSrc = input;
|
||||
cert->extRawAuthKeyIdSz = sz;
|
||||
#endif
|
||||
cert->extAuthKeyIdSrc = &input[idx];
|
||||
cert->extAuthKeyIdSz = length;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
@ -14895,7 +14984,11 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
|
||||
}
|
||||
else {
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* Store the autority key id. */
|
||||
/* Store the authority key id. */
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
cert->extRawAuthKeyIdSrc = input;
|
||||
cert->extRawAuthKeyIdSz = sz;
|
||||
#endif
|
||||
GetASN_GetConstRef(&dataASN[1], &cert->extAuthKeyIdSrc,
|
||||
&cert->extAuthKeyIdSz);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
@ -15163,6 +15256,26 @@ static int DecodeExtKeyUsage(const byte* input, int sz, DecodedCert* cert)
|
||||
#endif /* WOLFSSL_ASN_TEMPLATE */
|
||||
}
|
||||
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
|
||||
static int DecodeNsCertType(const byte* input, int sz, DecodedCert* cert)
|
||||
{
|
||||
word32 idx = 0;
|
||||
int len = 0;
|
||||
|
||||
WOLFSSL_ENTER("DecodeNsCertType");
|
||||
if (CheckBitString(input, &idx, &len, (word32)sz, 0, NULL) < 0) {
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
/* Don't need to worry about unused bits as CheckBitString makes sure
|
||||
* they're zero. */
|
||||
cert->nsCertType = input[idx];
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
@ -15976,11 +16089,8 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
/* Netscape's certificate type. */
|
||||
case NETSCAPE_CT_OID:
|
||||
WOLFSSL_MSG("Netscape certificate type extension not supported "
|
||||
"yet.");
|
||||
if (CheckBitString(input, &idx, &length, length, 0, NULL) < 0) {
|
||||
if (DecodeNsCertType(input, length, cert) < 0)
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_OCSP
|
||||
@ -19927,10 +20037,18 @@ typedef struct DerCert {
|
||||
byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
byte skid[MAX_KID_SZ]; /* Subject Key Identifier extension */
|
||||
byte akid[MAX_KID_SZ]; /* Authority Key Identifier extension */
|
||||
byte akid[MAX_KID_SZ
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
+ sizeof(CertName) + CTC_SERIAL_SIZE
|
||||
#endif
|
||||
]; /* Authority Key Identifier extension */
|
||||
byte keyUsage[MAX_KEYUSAGE_SZ]; /* Key Usage extension */
|
||||
byte extKeyUsage[MAX_EXTKEYUSAGE_SZ]; /* Extended Key Usage extension */
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
byte nsCertType[MAX_NSCERTTYPE_SZ]; /* Extended Key Usage extension */
|
||||
#endif
|
||||
byte certPolicies[MAX_CERTPOL_NB*MAX_CERTPOL_SZ]; /* Certificate Policies */
|
||||
byte crlInfo[CTC_MAX_CRLINFO_SZ]; /* CRL Distribution Points */
|
||||
#endif
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
byte attrib[MAX_ATTRIB_SZ]; /* Cert req attributes encoded */
|
||||
@ -19952,7 +20070,12 @@ typedef struct DerCert {
|
||||
int akidSz; /* encoded SKID extension length */
|
||||
int keyUsageSz; /* encoded KeyUsage extension length */
|
||||
int extKeyUsageSz; /* encoded ExtendedKeyUsage extension length */
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
int nsCertTypeSz; /* encoded Netscape Certifcate Type
|
||||
* extension length */
|
||||
#endif
|
||||
int certPoliciesSz; /* encoded CertPolicies extension length*/
|
||||
int crlInfoSz; /* encoded CRL Dist Points length */
|
||||
#endif
|
||||
#ifdef WOLFSSL_ALT_NAMES
|
||||
int altNamesSz; /* encoded AltNames extension length */
|
||||
@ -20621,28 +20744,34 @@ const char* GetOneCertName(CertName* name, int idx)
|
||||
return name->state;
|
||||
|
||||
case 2:
|
||||
return name->locality;
|
||||
return name->street;
|
||||
|
||||
case 3:
|
||||
return name->sur;
|
||||
return name->locality;
|
||||
|
||||
case 4:
|
||||
return name->org;
|
||||
return name->sur;
|
||||
|
||||
case 5:
|
||||
return name->unit;
|
||||
return name->org;
|
||||
|
||||
case 6:
|
||||
return name->commonName;
|
||||
return name->unit;
|
||||
|
||||
case 7:
|
||||
return name->serialDev;
|
||||
return name->commonName;
|
||||
|
||||
case 8:
|
||||
return name->serialDev;
|
||||
|
||||
case 9:
|
||||
return name->postalCode;
|
||||
|
||||
case 10:
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
return name->busCat;
|
||||
|
||||
case 9:
|
||||
case 11:
|
||||
#endif
|
||||
return name->email;
|
||||
|
||||
@ -20663,28 +20792,34 @@ static char GetNameType(CertName* name, int idx)
|
||||
return name->stateEnc;
|
||||
|
||||
case 2:
|
||||
return name->localityEnc;
|
||||
return name->postalCodeEnc;
|
||||
|
||||
case 3:
|
||||
return name->surEnc;
|
||||
return name->localityEnc;
|
||||
|
||||
case 4:
|
||||
return name->orgEnc;
|
||||
return name->surEnc;
|
||||
|
||||
case 5:
|
||||
return name->unitEnc;
|
||||
return name->orgEnc;
|
||||
|
||||
case 6:
|
||||
return name->commonNameEnc;
|
||||
return name->unitEnc;
|
||||
|
||||
case 7:
|
||||
return name->serialDevEnc;
|
||||
return name->commonNameEnc;
|
||||
|
||||
case 8:
|
||||
return name->serialDevEnc;
|
||||
|
||||
case 9:
|
||||
return name->postalCodeEnc;
|
||||
|
||||
case 10:
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
return name->busCatEnc;
|
||||
|
||||
case 9:
|
||||
case 11:
|
||||
#endif
|
||||
/* FALL THROUGH */
|
||||
/* The last index, email name, does not have encoding type.
|
||||
@ -20706,28 +20841,34 @@ byte GetCertNameId(int idx)
|
||||
return ASN_STATE_NAME;
|
||||
|
||||
case 2:
|
||||
return ASN_LOCALITY_NAME;
|
||||
return ASN_STREET_ADDR;
|
||||
|
||||
case 3:
|
||||
return ASN_SUR_NAME;
|
||||
return ASN_LOCALITY_NAME;
|
||||
|
||||
case 4:
|
||||
return ASN_ORG_NAME;
|
||||
return ASN_SUR_NAME;
|
||||
|
||||
case 5:
|
||||
return ASN_ORGUNIT_NAME;
|
||||
return ASN_ORG_NAME;
|
||||
|
||||
case 6:
|
||||
return ASN_COMMON_NAME;
|
||||
return ASN_ORGUNIT_NAME;
|
||||
|
||||
case 7:
|
||||
return ASN_SERIAL_NUMBER;
|
||||
return ASN_COMMON_NAME;
|
||||
|
||||
case 8:
|
||||
return ASN_SERIAL_NUMBER;
|
||||
|
||||
case 9:
|
||||
return ASN_POSTAL_CODE;
|
||||
|
||||
case 10:
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
return ASN_BUS_CAT;
|
||||
|
||||
case 9:
|
||||
case 11:
|
||||
#endif
|
||||
return ASN_EMAIL_NAME;
|
||||
|
||||
@ -20890,36 +21031,60 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
|
||||
|
||||
/* encode Authority Key Identifier, return total bytes written
|
||||
* RFC5280 : non-critical */
|
||||
static int SetAKID(byte* output, word32 outSz,
|
||||
byte *input, word32 length, void* heap)
|
||||
static int SetAKID(byte* output, word32 outSz, byte *input, word32 length,
|
||||
byte rawAkid)
|
||||
{
|
||||
byte *enc_val;
|
||||
int ret, enc_valSz;
|
||||
const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 };
|
||||
int enc_valSz, inSeqSz;
|
||||
byte enc_val_buf[MAX_KID_SZ];
|
||||
byte* enc_val;
|
||||
const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 };
|
||||
const byte akid_cs[] = { 0x80 };
|
||||
word32 idx;
|
||||
|
||||
(void)heap;
|
||||
(void)rawAkid;
|
||||
|
||||
if (output == NULL || input == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
enc_valSz = length + 3 + sizeof(akid_cs);
|
||||
enc_val = (byte *)XMALLOC(enc_valSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (enc_val == NULL)
|
||||
return MEMORY_E;
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
if (rawAkid) {
|
||||
enc_val = input;
|
||||
enc_valSz = length;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
enc_val = enc_val_buf;
|
||||
enc_valSz = length + 3 + sizeof(akid_cs);
|
||||
if (enc_valSz > (int)sizeof(enc_val_buf))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* sequence for ContentSpec & value */
|
||||
ret = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs),
|
||||
input, length);
|
||||
if (ret > 0) {
|
||||
enc_valSz = ret;
|
||||
|
||||
ret = SetOidValue(output, outSz, akid_oid, sizeof(akid_oid),
|
||||
enc_val, enc_valSz);
|
||||
/* sequence for ContentSpec & value */
|
||||
enc_valSz = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs),
|
||||
input, length);
|
||||
if (enc_valSz <= 0)
|
||||
return enc_valSz;
|
||||
}
|
||||
|
||||
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
/* The size of the extension sequence contents */
|
||||
inSeqSz = sizeof(akid_oid) + SetOctetString(enc_valSz, NULL) +
|
||||
enc_valSz;
|
||||
|
||||
if (SetSequence(inSeqSz, NULL) + inSeqSz > outSz)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* Write out the sequence header */
|
||||
idx = SetSequence(inSeqSz, output);
|
||||
|
||||
/* Write out OID */
|
||||
XMEMCPY(output + idx, akid_oid, sizeof(akid_oid));
|
||||
idx += sizeof(akid_oid);
|
||||
|
||||
/* Write out AKID */
|
||||
idx += SetOctetString(enc_valSz, output + idx);
|
||||
XMEMCPY(output + idx, enc_val, enc_valSz);
|
||||
|
||||
return idx + enc_valSz;
|
||||
}
|
||||
|
||||
/* encode Key Usage, return total bytes written
|
||||
@ -21163,6 +21328,89 @@ static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input)
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
static int SetNsCertType(Cert* cert, byte* output, word32 outSz, byte input)
|
||||
{
|
||||
word32 idx;
|
||||
byte unusedBits = 0;
|
||||
byte nsCertType = input;
|
||||
word32 totalSz;
|
||||
word32 bitStrSz;
|
||||
const byte nscerttype_oid[] = { 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
|
||||
0x86, 0xF8, 0x42, 0x01, 0x01 };
|
||||
|
||||
if (cert == NULL || output == NULL ||
|
||||
input == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
totalSz = sizeof(nscerttype_oid);
|
||||
|
||||
/* Get amount of lsb zero's */
|
||||
for (;(input & 1) == 0; input >>= 1)
|
||||
unusedBits++;
|
||||
|
||||
/* 1 byte of NS Cert Type extension */
|
||||
bitStrSz = SetBitString(1, unusedBits, NULL) + 1;
|
||||
totalSz += SetOctetString(bitStrSz, NULL) + bitStrSz;
|
||||
|
||||
if (SetSequence(totalSz, NULL) + totalSz > outSz)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* 1. Seq + Total Len */
|
||||
idx = SetSequence(totalSz, output);
|
||||
|
||||
/* 2. Object ID */
|
||||
XMEMCPY(&output[idx], nscerttype_oid, sizeof(nscerttype_oid));
|
||||
idx += sizeof(nscerttype_oid);
|
||||
|
||||
/* 3. Octet String */
|
||||
idx += SetOctetString(bitStrSz, &output[idx]);
|
||||
|
||||
/* 4. Bit String */
|
||||
idx += SetBitString(1, unusedBits, &output[idx]);
|
||||
output[idx++] = nsCertType;
|
||||
|
||||
return idx;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
static int SetCRLInfo(Cert* cert, byte* output, word32 outSz, byte* input,
|
||||
int inSz)
|
||||
{
|
||||
word32 idx;
|
||||
word32 totalSz;
|
||||
const byte crlinfo_oid[] = { 0x06, 0x03, 0x55, 0x1D, 0x1F };
|
||||
|
||||
if (cert == NULL || output == NULL ||
|
||||
input == 0 || inSz <= 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
totalSz = sizeof(crlinfo_oid) + SetOctetString(inSz, NULL) + inSz;
|
||||
|
||||
if (SetSequence(totalSz, NULL) + totalSz > outSz)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* 1. Seq + Total Len */
|
||||
idx = SetSequence(totalSz, output);
|
||||
|
||||
/* 2. Object ID */
|
||||
XMEMCPY(&output[idx], crlinfo_oid, sizeof(crlinfo_oid));
|
||||
idx += sizeof(crlinfo_oid);
|
||||
|
||||
/* 3. Octet String */
|
||||
idx += SetOctetString(inSz, &output[idx]);
|
||||
|
||||
/* 4. CRL Info */
|
||||
XMEMCPY(&output[idx], input, inSz);
|
||||
idx += inSz;
|
||||
|
||||
return idx;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* encode Certificate Policies, return total bytes written
|
||||
* each input value must be ITU-T X.690 formatted : a.b.c...
|
||||
* input must be an array of values with a NULL terminated for the latest
|
||||
@ -21625,6 +21873,7 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
|
||||
static const byte nameOid[NAME_ENTRIES - 1][NAME_OID_SZ] = {
|
||||
{ 0x55, 0x04, ASN_COUNTRY_NAME },
|
||||
{ 0x55, 0x04, ASN_STATE_NAME },
|
||||
{ 0x55, 0x04, ASN_STREET_ADDR },
|
||||
{ 0x55, 0x04, ASN_LOCALITY_NAME },
|
||||
{ 0x55, 0x04, ASN_SUR_NAME },
|
||||
{ 0x55, 0x04, ASN_ORG_NAME },
|
||||
@ -21634,6 +21883,7 @@ static const byte nameOid[NAME_ENTRIES - 1][NAME_OID_SZ] = {
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
{ 0x55, 0x04, ASN_BUS_CAT },
|
||||
#endif
|
||||
{ 0x55, 0x04, ASN_POSTAL_CODE },
|
||||
/* Email OID is much longer. */
|
||||
};
|
||||
|
||||
@ -22042,6 +22292,15 @@ static const ASNItem certExtsASN[] = {
|
||||
/* 28 */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
|
||||
/* 29 */ { 2, ASN_OCTET_STRING, 0, 1, 0 },
|
||||
/* 30 */ { 3, ASN_SEQUENCE, 0, 0, 0 },
|
||||
/* Netscape Certificate Type */
|
||||
/* 31 */ { 1, ASN_SEQUENCE, 1, 1, 0 },
|
||||
/* 32 */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
|
||||
/* 33 */ { 2, ASN_OCTET_STRING, 0, 1, 0 },
|
||||
/* 34 */ { 3, ASN_BIT_STRING, 0, 0, 0 },
|
||||
/* 35 */ { 1, ASN_SEQUENCE, 1, 1, 0 },
|
||||
/* 36 */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
|
||||
/* 37 */ { 2, ASN_OCTET_STRING, 0, 0, 0 },
|
||||
|
||||
#endif
|
||||
};
|
||||
|
||||
@ -22064,6 +22323,9 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
|
||||
static const byte kuOID[] = { 0x55, 0x1d, 0x0f };
|
||||
static const byte ekuOID[] = { 0x55, 0x1d, 0x25 };
|
||||
static const byte cpOID[] = { 0x55, 0x1d, 0x20 };
|
||||
static const byte nsCertOID[] = { 0x60, 0x86, 0x48, 0x01,
|
||||
0x86, 0xF8, 0x42, 0x01, 0x01 };
|
||||
static const byte crlInfoOID[] = { 0x55, 0x1D, 0x1F };
|
||||
#endif
|
||||
|
||||
(void)forRequest;
|
||||
@ -22107,7 +22369,15 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
|
||||
if (cert->akidSz > 0) {
|
||||
/* Set Authority Key Identifier OID and data. */
|
||||
SetASN_Buffer(&dataASN[15], akidOID, sizeof(akidOID));
|
||||
SetASN_Buffer(&dataASN[18], cert->akid, cert->akidSz);
|
||||
if (cert->rawAkid) {
|
||||
SetASN_Buffer(&dataASN[16], cert->akid, cert->akidSz);
|
||||
/* cert->akid contains the internal ext structure */
|
||||
SetASNItem_NoOutBelow(dataASN, certExtsASN, 16,
|
||||
certExtsASN_Length);
|
||||
}
|
||||
else {
|
||||
SetASN_Buffer(&dataASN[18], cert->akid, cert->akidSz);
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* Don't write out Authority Key Identifier extension items. */
|
||||
@ -22156,6 +22426,28 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
|
||||
/* Don't write out Certificate Policies extension items. */
|
||||
SetASNItem_NoOut(dataASN, 27, 30);
|
||||
}
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
/* Netscape Certificate Type */
|
||||
if (cert->nsCertType != 0) {
|
||||
/* Set Netscape Certificate Type OID and data. */
|
||||
SetASN_Buffer(&dataASN[32], nsCertOID, sizeof(nsCertOID));
|
||||
SetASN_Buffer(&dataASN[34], &cert->nsCertType, 1);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
/* Don't write out Netscape Certificate Type. */
|
||||
SetASNItem_NoOut(dataASN, 31, 34);
|
||||
}
|
||||
if (cert->crlInfoSz > 0) {
|
||||
/* Set CRL Distribution Points OID and data. */
|
||||
SetASN_Buffer(&dataASN[36], crlInfoOID, sizeof(crlInfoOID));
|
||||
SetASN_Buffer(&dataASN[37], cert->crlInfo, cert->crlInfoSz);
|
||||
}
|
||||
else {
|
||||
/* Don't write out CRL Distribution Points. */
|
||||
SetASNItem_NoOut(dataASN, 35, 37);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -22179,7 +22471,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
|
||||
SetASN_Items(certExtsASN, dataASN, certExtsASN_Length, output);
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
if (cert->keyUsage != 0){
|
||||
if (cert->extKeyUsage != 0){
|
||||
/* Encode Extended Key Usage into space provided. */
|
||||
if (SetExtKeyUsage(cert, (byte*)dataASN[26].data.buffer.data,
|
||||
dataASN[26].data.buffer.length, cert->extKeyUsage) <= 0) {
|
||||
@ -22209,6 +22501,10 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
|
||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
/* Set Date validity from now until now + daysValid
|
||||
* return size in bytes written to output, 0 on error */
|
||||
/* TODO https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
|
||||
* "MUST always encode certificate validity dates through the year 2049 as
|
||||
* UTCTime; certificate validity dates in 2050 or later MUST be encoded as
|
||||
* GeneralizedTime." */
|
||||
static int SetValidity(byte* output, int daysValid)
|
||||
{
|
||||
#ifndef NO_ASN_TIME
|
||||
@ -22562,11 +22858,25 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
/* AKID */
|
||||
if (cert->akidSz) {
|
||||
/* check the provided AKID size */
|
||||
if (cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid)))
|
||||
if ((
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
!cert->rawAkid &&
|
||||
#endif
|
||||
cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid)))
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
|| (cert->rawAkid && cert->akidSz > (int)sizeof(der->akid))
|
||||
#endif
|
||||
)
|
||||
return AKID_E;
|
||||
|
||||
der->akidSz = SetAKID(der->akid, sizeof(der->akid),
|
||||
cert->akid, cert->akidSz, cert->heap);
|
||||
der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid,
|
||||
cert->akidSz,
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
cert->rawAkid
|
||||
#else
|
||||
0
|
||||
#endif
|
||||
);
|
||||
if (der->akidSz <= 0)
|
||||
return AKID_E;
|
||||
|
||||
@ -22599,6 +22909,31 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
else
|
||||
der->extKeyUsageSz = 0;
|
||||
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
/* Netscape Certificate Type */
|
||||
if (cert->nsCertType != 0) {
|
||||
der->nsCertTypeSz = SetNsCertType(cert, der->nsCertType,
|
||||
sizeof(der->nsCertType), cert->nsCertType);
|
||||
if (der->nsCertTypeSz <= 0)
|
||||
return EXTENSIONS_E;
|
||||
|
||||
der->extensionsSz += der->nsCertTypeSz;
|
||||
}
|
||||
else
|
||||
der->nsCertTypeSz = 0;
|
||||
#endif
|
||||
|
||||
if (cert->crlInfoSz > 0) {
|
||||
der->crlInfoSz = SetCRLInfo(cert, der->crlInfo, sizeof(der->crlInfo),
|
||||
cert->crlInfo, cert->crlInfoSz);
|
||||
if (der->crlInfoSz <= 0)
|
||||
return EXTENSIONS_E;
|
||||
|
||||
der->extensionsSz += der->crlInfoSz;
|
||||
}
|
||||
else
|
||||
der->crlInfoSz = 0;
|
||||
|
||||
/* Certificate Policies */
|
||||
if (cert->certPoliciesNb != 0) {
|
||||
der->certPoliciesSz = SetCertificatePolicies(der->certPolicies,
|
||||
@ -22664,6 +22999,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
return EXTENSIONS_E;
|
||||
}
|
||||
|
||||
/* put CRL Distribution Points */
|
||||
if (der->crlInfoSz) {
|
||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||
&der->extensionsSz,
|
||||
der->crlInfo, der->crlInfoSz);
|
||||
if (ret <= 0)
|
||||
return EXTENSIONS_E;
|
||||
}
|
||||
|
||||
/* put KeyUsage */
|
||||
if (der->keyUsageSz) {
|
||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||
@ -22682,6 +23026,17 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
return EXTENSIONS_E;
|
||||
}
|
||||
|
||||
/* put Netscape Cert Type */
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
if (der->nsCertTypeSz) {
|
||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||
&der->extensionsSz,
|
||||
der->nsCertType, der->nsCertTypeSz);
|
||||
if (ret <= 0)
|
||||
return EXTENSIONS_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* put Certificate Policies */
|
||||
if (der->certPoliciesSz) {
|
||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||
@ -26957,16 +27312,20 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
|
||||
return ASN_PARSE_E;
|
||||
|
||||
/* key header */
|
||||
ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL);
|
||||
ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
/* check that the value found is not too large for pubKey buffer */
|
||||
if (inSz - *inOutIdx > *pubKeyLen)
|
||||
if ((word32)length > *pubKeyLen)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
/* check that input buffer is exhausted */
|
||||
if (*inOutIdx + (word32)length != inSz)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
/* This is the raw point data compressed or uncompressed. */
|
||||
*pubKeyLen = inSz - *inOutIdx;
|
||||
*pubKeyLen = length;
|
||||
XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);
|
||||
#else
|
||||
len = inSz - *inOutIdx;
|
||||
@ -26982,9 +27341,11 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
|
||||
/* Decode Ed25519 private key. */
|
||||
ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input,
|
||||
inOutIdx, inSz);
|
||||
if (ret != 0) {
|
||||
if (ret != 0)
|
||||
ret = ASN_PARSE_E;
|
||||
/* check that input buffer is exhausted */
|
||||
if (*inOutIdx != inSz)
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
/* Check the public value length is correct. */
|
||||
if ((ret == 0) && (dataASN[3].data.ref.length > *pubKeyLen)) {
|
||||
|
||||
@ -12289,18 +12289,20 @@ static void initDefaultName(void)
|
||||
static const CertName certDefaultName = {
|
||||
"US", CTC_PRINTABLE, /* country */
|
||||
"Oregon", CTC_UTF8, /* state */
|
||||
"Main St", CTC_UTF8, /* street */
|
||||
"Portland", CTC_UTF8, /* locality */
|
||||
"Test", CTC_UTF8, /* sur */
|
||||
"wolfSSL", CTC_UTF8, /* org */
|
||||
"Development", CTC_UTF8, /* unit */
|
||||
"www.wolfssl.com", CTC_UTF8, /* commonName */
|
||||
"wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
|
||||
"12-456", CTC_PRINTABLE, /* Postal Code */
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
"Private Organization", CTC_UTF8, /* businessCategory */
|
||||
"US", CTC_PRINTABLE, /* jurisdiction country */
|
||||
"Oregon", CTC_PRINTABLE, /* jurisdiction state */
|
||||
#endif
|
||||
"info@wolfssl.com" /* email */
|
||||
"info@wolfssl.com", /* email */
|
||||
};
|
||||
#endif /* WOLFSSL_MULTI_ATTRIB */
|
||||
|
||||
|
||||
@ -3854,12 +3854,14 @@ struct WOLFSSL_X509 {
|
||||
#ifdef HAVE_EX_DATA
|
||||
WOLFSSL_CRYPTO_EX_DATA ex_data;
|
||||
#endif
|
||||
byte* authKeyId;
|
||||
byte* authKeyId; /* Points into authKeyIdSrc */
|
||||
byte* authKeyIdSrc;
|
||||
byte* subjKeyId;
|
||||
byte* extKeyUsageSrc;
|
||||
#ifdef OPENSSL_ALL
|
||||
byte* subjAltNameSrc;
|
||||
#endif
|
||||
byte* rawCRLInfo;
|
||||
byte* CRLInfo;
|
||||
byte* authInfo;
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
@ -3868,12 +3870,18 @@ struct WOLFSSL_X509 {
|
||||
#endif
|
||||
word32 pathLength;
|
||||
word16 keyUsage;
|
||||
int rawCRLInfoSz;
|
||||
int CRLInfoSz;
|
||||
int authInfoSz;
|
||||
word32 authKeyIdSz;
|
||||
word32 authKeyIdSrcSz;
|
||||
word32 subjKeyIdSz;
|
||||
byte extKeyUsage;
|
||||
word32 extKeyUsageSz;
|
||||
word32 extKeyUsageCount;
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
byte nsCertType;
|
||||
#endif
|
||||
#ifdef OPENSSL_ALL
|
||||
word32 subjAltNameSz;
|
||||
#endif
|
||||
|
||||
@ -57,8 +57,8 @@
|
||||
#define X509_PURPOSE_SSL_CLIENT 0
|
||||
#define X509_PURPOSE_SSL_SERVER 1
|
||||
|
||||
#define NS_SSL_CLIENT 0
|
||||
#define NS_SSL_SERVER 1
|
||||
#define NS_SSL_CLIENT WC_NS_SSL_CLIENT
|
||||
#define NS_SSL_SERVER WC_NS_SSL_SERVER
|
||||
|
||||
/* Forward reference */
|
||||
|
||||
|
||||
@ -166,7 +166,9 @@ typedef struct ASNItem {
|
||||
byte tag;
|
||||
/* Whether the ASN.1 item is constructed. */
|
||||
byte constructed:1;
|
||||
/* Whether to parse the header only or skip data. */
|
||||
/* Whether to parse the header only or skip data. If
|
||||
* ASNSetData.data.buffer.data is supplied then this option gets
|
||||
* overwritten and the child nodes get ignored. */
|
||||
byte headerOnly:1;
|
||||
/* Whether ASN.1 item is optional.
|
||||
* - 0 means not optional
|
||||
@ -587,6 +589,23 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
|
||||
} \
|
||||
while (0)
|
||||
|
||||
/* Set the data items below node to not be encoded.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] node Node who's children should not be encoded.
|
||||
* @param [in] dataASNLen Number of items in dataASN.
|
||||
*/
|
||||
#define SetASNItem_NoOutBelow(dataASN, asn, node, dataASNLen) \
|
||||
do { \
|
||||
int ii; \
|
||||
for (ii = node + 1; ii < (int)(dataASNLen); ii++) { \
|
||||
if (asn[ii].depth <= asn[node].depth) \
|
||||
break; \
|
||||
dataASN[ii].noOut = 1; \
|
||||
} \
|
||||
} \
|
||||
while (0)
|
||||
|
||||
#endif /* WOLFSSL_ASN_TEMPLATE */
|
||||
|
||||
|
||||
@ -598,9 +617,11 @@ enum DN_Tags {
|
||||
ASN_COUNTRY_NAME = 0x06, /* C */
|
||||
ASN_LOCALITY_NAME = 0x07, /* L */
|
||||
ASN_STATE_NAME = 0x08, /* ST */
|
||||
ASN_STREET_ADDR = 0x09, /* street */
|
||||
ASN_ORG_NAME = 0x0a, /* O */
|
||||
ASN_ORGUNIT_NAME = 0x0b, /* OU */
|
||||
ASN_BUS_CAT = 0x0f, /* businessCategory */
|
||||
ASN_POSTAL_CODE = 0x11, /* postalCode */
|
||||
ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
|
||||
|
||||
/* pilot attribute types
|
||||
@ -636,6 +657,9 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
|
||||
#define WOLFSSL_LN_LOCALITY_NAME "/localityName="
|
||||
#define WOLFSSL_STATE_NAME "/ST="
|
||||
#define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName="
|
||||
#define WOLFSSL_STREET_ADDR_NAME "/street="
|
||||
#define WOLFSSL_LN_STREET_ADDR_NAME "/streetAddress="
|
||||
#define WOLFSSL_POSTAL_NAME "/postalCode="
|
||||
#define WOLFSSL_ORG_NAME "/O="
|
||||
#define WOLFSSL_LN_ORG_NAME "/organizationName="
|
||||
#define WOLFSSL_ORGUNIT_NAME "/OU="
|
||||
@ -715,12 +739,14 @@ enum
|
||||
NID_countryName = 0x06, /* C */
|
||||
NID_localityName = 0x07, /* L */
|
||||
NID_stateOrProvinceName = 0x08, /* ST */
|
||||
NID_streetAddress = ASN_STREET_ADDR, /* street */
|
||||
NID_organizationName = 0x0a, /* O */
|
||||
NID_organizationalUnitName = 0x0b, /* OU */
|
||||
NID_jurisdictionCountryName = 0xc,
|
||||
NID_jurisdictionStateOrProvinceName = 0xd,
|
||||
NID_businessCategory = ASN_BUS_CAT,
|
||||
NID_domainComponent = ASN_DOMAIN_COMPONENT,
|
||||
NID_postalCode = ASN_POSTAL_CODE, /* postalCode */
|
||||
NID_favouriteDrink = 462,
|
||||
NID_userId = 458,
|
||||
NID_emailAddress = 0x30, /* emailAddress */
|
||||
@ -857,6 +883,10 @@ enum Misc_ASN {
|
||||
CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage
|
||||
(SEQ/LEN + OBJID + OCTSTR/LEN + SEQ +
|
||||
(6 * (SEQ + OID))) */
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
MAX_NSCERTTYPE_SZ = MAX_SEQ_SZ + 17, /* SEQ + OID + OCTET STR +
|
||||
* NS BIT STR */
|
||||
#endif
|
||||
MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
|
||||
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
|
||||
#endif
|
||||
@ -1127,6 +1157,15 @@ enum CsrAttrType {
|
||||
#define EXTKEYUSE_SERVER_AUTH 0x02
|
||||
#define EXTKEYUSE_ANY 0x01
|
||||
|
||||
#define WC_NS_SSL_CLIENT 0x80
|
||||
#define WC_NS_SSL_SERVER 0x40
|
||||
#define WC_NS_SMIME 0x20
|
||||
#define WC_NS_OBJSIGN 0x10
|
||||
#define WC_NS_SSL_CA 0x04
|
||||
#define WC_NS_SMIME_CA 0x02
|
||||
#define WC_NS_OBJSIGN_CA 0x01
|
||||
|
||||
|
||||
typedef struct DNS_entry DNS_entry;
|
||||
|
||||
struct DNS_entry {
|
||||
@ -1382,6 +1421,10 @@ struct DecodedCert {
|
||||
const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
|
||||
int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */
|
||||
#endif
|
||||
const byte* extCrlInfoRaw; /* Entire CRL Distribution Points
|
||||
* Extension. This is useful when
|
||||
* re-generating the DER. */
|
||||
int extCrlInfoRawSz; /* length of the extension */
|
||||
const byte* extCrlInfo; /* CRL Distribution Points */
|
||||
int extCrlInfoSz; /* length of the URI */
|
||||
byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
|
||||
@ -1398,6 +1441,10 @@ struct DecodedCert {
|
||||
const byte* extExtKeyUsageSrc;
|
||||
word32 extExtKeyUsageSz;
|
||||
word32 extExtKeyUsageCount;
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
const byte* extRawAuthKeyIdSrc;
|
||||
word32 extRawAuthKeyIdSz;
|
||||
#endif
|
||||
const byte* extAuthKeyIdSrc;
|
||||
word32 extAuthKeyIdSz;
|
||||
const byte* extSubjKeyIdSrc;
|
||||
@ -1447,6 +1494,9 @@ struct DecodedCert {
|
||||
int subjectSNDLen;
|
||||
char subjectSNDEnc;
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
char* subjectStreet;
|
||||
int subjectStreetLen;
|
||||
char subjectStreetEnc;
|
||||
char* subjectBC;
|
||||
int subjectBCLen;
|
||||
char subjectBCEnc;
|
||||
@ -1456,10 +1506,13 @@ struct DecodedCert {
|
||||
char* subjectJS;
|
||||
int subjectJSLen;
|
||||
char subjectJSEnc;
|
||||
char* subjectPC;
|
||||
int subjectPCLen;
|
||||
char subjectPCEnc;
|
||||
#endif
|
||||
char* subjectEmail;
|
||||
int subjectEmailLen;
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
|
||||
void* issuerName;
|
||||
@ -1476,7 +1529,10 @@ struct DecodedCert {
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
|
||||
int extCertPoliciesNb;
|
||||
#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
byte nsCertType;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
/* CSR attributes */
|
||||
@ -1880,9 +1936,9 @@ WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head);
|
||||
|
||||
enum cert_enums {
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
NAME_ENTRIES = 10,
|
||||
NAME_ENTRIES = 12,
|
||||
#else
|
||||
NAME_ENTRIES = 9,
|
||||
NAME_ENTRIES = 11,
|
||||
#endif
|
||||
JOINT_LEN = 2,
|
||||
EMAIL_JOINT_LEN = 9,
|
||||
|
||||
@ -197,7 +197,9 @@ enum Ctc_Misc {
|
||||
CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
|
||||
CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
|
||||
CTC_MAX_CERTPOL_SZ = 64,
|
||||
CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */
|
||||
CTC_MAX_CERTPOL_NB = 2, /* Max number of Certificate Policy */
|
||||
CTC_MAX_CRLINFO_SZ = 200, /* Arbitrary size that should be enough for at
|
||||
* least two distribution points. */
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
};
|
||||
|
||||
@ -305,6 +307,8 @@ typedef struct CertName {
|
||||
char countryEnc;
|
||||
char state[CTC_NAME_SIZE];
|
||||
char stateEnc;
|
||||
char street[CTC_NAME_SIZE];
|
||||
char streetEnc;
|
||||
char locality[CTC_NAME_SIZE];
|
||||
char localityEnc;
|
||||
char sur[CTC_NAME_SIZE];
|
||||
@ -317,6 +321,8 @@ typedef struct CertName {
|
||||
char commonNameEnc;
|
||||
char serialDev[CTC_NAME_SIZE];
|
||||
char serialDevEnc;
|
||||
char postalCode[CTC_NAME_SIZE];
|
||||
char postalCodeEnc;
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
char busCat[CTC_NAME_SIZE];
|
||||
char busCatEnc;
|
||||
@ -357,10 +363,24 @@ typedef struct Cert {
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */
|
||||
int skidSz; /* SKID size in bytes */
|
||||
byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */
|
||||
byte akid[CTC_MAX_AKID_SIZE
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
+ sizeof(CertName) + CTC_SERIAL_SIZE
|
||||
#endif
|
||||
]; /* Authority Key
|
||||
* Identifier */
|
||||
int akidSz; /* AKID size in bytes */
|
||||
#ifdef WOLFSSL_AKID_NAME
|
||||
byte rawAkid; /* Set to true if akid is a
|
||||
* AuthorityKeyIdentifier object.
|
||||
* Set to false if akid is just a
|
||||
* KeyIdentifier object. */
|
||||
#endif
|
||||
word16 keyUsage; /* Key Usage */
|
||||
byte extKeyUsage; /* Extended Key Usage */
|
||||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
byte nsCertType; /* Netscape Certificate Type */
|
||||
#endif
|
||||
#ifdef WOLFSSL_EKU_OID
|
||||
/* Extended Key Usage OIDs */
|
||||
byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ];
|
||||
@ -368,6 +388,8 @@ typedef struct Cert {
|
||||
#endif
|
||||
char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];
|
||||
word16 certPoliciesNb; /* Number of Cert Policy */
|
||||
byte crlInfo[CTC_MAX_CRLINFO_SZ]; /* CRL Distribution points */
|
||||
int crlInfoSz;
|
||||
#endif
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(WOLFSSL_CERT_REQ)
|
||||
|
||||
Reference in New Issue
Block a user