Diff

Differences From Artifact [6962c4384a]:

To Artifact [581b34e1fe]:


361
362
363
364
365
366
367

368
369
370
371
372
373
374
375

376

377



378



379
380





381









382
383
384

385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402



403

404
405

406

407
408





409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
	equivalent to the subject CA's subjectDomainPolicy. */

    /* Subject Alternative Name (SAN) extension. Additional URLs, DNS name, or IP addresses
	bound to certificate. */
    san = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
    if (san) {
	Tcl_Obj *namesPtr = Tcl_NewListObj(0, NULL);


	for (int i=0; i < sk_GENERAL_NAME_num(san); i++)         {
	    const GENERAL_NAME *name = sk_GENERAL_NAME_value(san, i);
	    size_t len2;

	    if (name) {
		if (name->type == GEN_DNS) {
		    char *dns_name;

		    if ((len2 = ASN1_STRING_to_UTF8(&dns_name, name->d.dNSName)) > 0) {

			Tcl_ListObjAppendElement(interp, namesPtr, Tcl_NewStringObj(dns_name, (int)len2));



			OPENSSL_free (dns_name);



		    }
		} else if (name->type == GEN_IPADD) {





		    /* name->d.iPAddress */









		}
	    }
	}

	sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free);
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectAltName", -1));
	Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
    }

    /* Get the STACK of all crl distribution point entries for this certificate. */
    /* CRL_DIST_POINTS is typedef on STACK_OF(DIST_POINT). */
    crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL);
    if (crl) {
	Tcl_Obj *namesPtr = Tcl_NewListObj(0, NULL);

	for (int i=0; i < sk_GENERAL_NAME_num(crl); i++)         {
	    const GENERAL_NAME *name = sk_GENERAL_NAME_value(crl, i);
	    size_t len2;

	    if (name) {
		if (name->type == GEN_DNS) {
		    char *dns_name;



		    if ((len2 = ASN1_STRING_to_UTF8(&dns_name, name->d.dNSName)) > 0) {

			Tcl_ListObjAppendElement(interp, namesPtr, Tcl_NewStringObj(dns_name, (int)len2));
			OPENSSL_free (dns_name);

		    }

		} else if (name->type == GEN_IPADD) {
		    /* name->d.iPAddress */





		}
	    }
	}
	sk_GENERAL_NAME_pop_free(crl, GENERAL_NAME_free);
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("cRLDistributionPoints", -1));
	Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
    }


    /* Issuer Alternative Name */
    /* Subject Directory Attributes */

    /* Basic Constraints - identifies whether the subject of the certificate is a CA and
	the maximum depth of valid certification paths that include this certificate. */

    /* Get OSCP URL */
    ocsp = X509_get1_ocsp(cert);







>

|

<

|
<
|
>
|
>
|
>
>
>
|
>
>
>
|
|
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>



>

|









|
|
|

<
|
|
>
>
>
|
>
|
<
>

>
|
|
>
>
>
>
>



|
|



<
<







361
362
363
364
365
366
367
368
369
370
371

372
373

374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421

422
423
424
425
426
427
428
429

430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447


448
449
450
451
452
453
454
	equivalent to the subject CA's subjectDomainPolicy. */

    /* Subject Alternative Name (SAN) extension. Additional URLs, DNS name, or IP addresses
	bound to certificate. */
    san = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
    if (san) {
	Tcl_Obj *namesPtr = Tcl_NewListObj(0, NULL);
	bio = BIO_new(BIO_s_mem());

	for (int i=0; i < sk_GENERAL_NAME_num(san); i++) {
	    const GENERAL_NAME *name = sk_GENERAL_NAME_value(san, i);


	    if (name && bio) {

		if (GENERAL_NAME_print(bio, name)) {
		    int n = BIO_read(bio, buffer, min(BIO_pending(bio), BUFSIZ));
		    buffer[max(n, 0)] = 0;
		    (void)BIO_flush(bio);
		    Tcl_ListObjAppendElement(interp, namesPtr, Tcl_NewStringObj(buffer, n));
		}
	    }
	}
	BIO_free(bio);
	sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free);
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectAltName", -1));
	Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
    }

    /* Issuer Alternative Name */
    san = X509_get_ext_d2i(cert, NID_issuer_alt_name, NULL, NULL);
    if (san) {
	Tcl_Obj *namesPtr = Tcl_NewListObj(0, NULL);
	bio = BIO_new(BIO_s_mem());

	for (int i=0; i < sk_GENERAL_NAME_num(san); i++) {
	    const GENERAL_NAME *name = sk_GENERAL_NAME_value(san, i);

	    if (name && bio) {
		if (GENERAL_NAME_print(bio, name)) {
		    int n = BIO_read(bio, buffer, min(BIO_pending(bio), BUFSIZ));
		    buffer[max(n, 0)] = 0;
		    (void)BIO_flush(bio);
		    Tcl_ListObjAppendElement(interp, namesPtr, Tcl_NewStringObj(buffer, n));
		}
	    }
	}
	BIO_free(bio);
	sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free);
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerAltName", -1));
	Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
    }

    /* Get the STACK of all crl distribution point entries for this certificate. */
    /* CRL_DIST_POINTS is typedef on STACK_OF(DIST_POINT). */
    crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL);
    if (crl) {
	Tcl_Obj *namesPtr = Tcl_NewListObj(0, NULL);

	for (int i=0; i < sk_DIST_POINT_num(crl); i++) {
	    DIST_POINT *dp = sk_DIST_POINT_value(crl, i);
	    DIST_POINT_NAME *distpoint = dp->distpoint;


	    if (distpoint->type == 0) {
		/* fullname GENERALIZEDNAME */
		for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) {
		    GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j);
		    int type;
		    ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
		    if (type == GEN_URI) {
			Tcl_ListObjAppendElement(interp, namesPtr,

			    Tcl_NewStringObj((char*)ASN1_STRING_get0_data(uri), ASN1_STRING_length(uri)));
		    }
		}
	    } else if (distpoint->type == 1) {
		/* relativename X509NAME */
		STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename;
		for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) {
		    X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j);
		    ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);
		    Tcl_ListObjAppendElement(interp, namesPtr, Tcl_NewStringObj((char*)ASN1_STRING_data(d), ASN1_STRING_length(d)));
		}
	    }
	}
	CRL_DIST_POINTS_free(crl);
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("crlDistributionPoints", -1));
	Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
    }



    /* Subject Directory Attributes */

    /* Basic Constraints - identifies whether the subject of the certificate is a CA and
	the maximum depth of valid certification paths that include this certificate. */

    /* Get OSCP URL */
    ocsp = X509_get1_ocsp(cert);