/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-multi-crl.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-multi-crl.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:10 2014 UTC (10 years, 8 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 wellsi 1.1 diff -up openssl-fips-0.9.8e/crypto/x509/x509_lu.c.multi-crl openssl-fips-0.9.8e/crypto/x509/x509_lu.c
2     --- openssl-fips-0.9.8e/crypto/x509/x509_lu.c.multi-crl 2005-05-11 05:45:35.000000000 +0200
3     +++ openssl-fips-0.9.8e/crypto/x509/x509_lu.c 2009-03-26 15:09:49.000000000 +0100
4     @@ -453,19 +453,41 @@ X509_OBJECT *X509_OBJECT_retrieve_by_sub
5     return sk_X509_OBJECT_value(h, idx);
6     }
7    
8     +static int x509_crl_match(const X509_CRL *a, const X509_CRL *b)
9     +{
10     + if (a->signature == NULL || b->signature == NULL)
11     + return a->signature != b->signature;
12     +
13     + if (a->signature->length != b->signature->length)
14     + return 0;
15     +
16     + return memcmp(a->signature->data, b->signature->data, a->signature->length);
17     +}
18     +
19     X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
20     {
21     int idx, i;
22     X509_OBJECT *obj;
23     idx = sk_X509_OBJECT_find(h, x);
24     if (idx == -1) return NULL;
25     - if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
26     + if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
27     + return sk_X509_OBJECT_value(h, idx);
28     for (i = idx; i < sk_X509_OBJECT_num(h); i++)
29     {
30     obj = sk_X509_OBJECT_value(h, i);
31     if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
32     return NULL;
33     - if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
34     + if (x->type == X509_LU_X509)
35     + {
36     + if (!X509_cmp(obj->data.x509, x->data.x509))
37     + return obj;
38     + }
39     + else if (x->type == X509_LU_CRL)
40     + {
41     + if (!x509_crl_match(obj->data.crl, x->data.crl))
42     + return obj;
43     + }
44     + else
45     return obj;
46     }
47     return NULL;
48     diff -up openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.multi-crl openssl-fips-0.9.8e/crypto/x509/x509_vfy.c
49     --- openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.multi-crl 2007-02-07 02:42:51.000000000 +0100
50     +++ openssl-fips-0.9.8e/crypto/x509/x509_vfy.c 2009-03-26 15:00:05.000000000 +0100
51     @@ -721,7 +721,38 @@ static int get_crl(X509_STORE_CTX *ctx,
52     return 0;
53     }
54    
55     - *pcrl = xobj.data.crl;
56     + /* If CRL times not valid look through store */
57     + if (!check_crl_time(ctx, xobj.data.crl, 0))
58     + {
59     + int idx, i;
60     + X509_OBJECT *pobj;
61     + X509_OBJECT_free_contents(&xobj);
62     + idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs,
63     + X509_LU_CRL, nm);
64     + if (idx == -1)
65     + return 0;
66     + *pcrl = NULL;
67     + for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
68     + {
69     + pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
70     + /* Check to see if it is a CRL and issuer matches */
71     + if (pobj->type != X509_LU_CRL)
72     + break;
73     + if (X509_NAME_cmp(nm,
74     + X509_CRL_get_issuer(pobj->data.crl)))
75     + break;
76     + /* Set *pcrl because the CRL will either be valid or
77     + * a "best fit" CRL.
78     + */
79     + *pcrl = pobj->data.crl;
80     + if (check_crl_time(ctx, *pcrl, 0))
81     + break;
82     + }
83     + if (*pcrl)
84     + CRYPTO_add(&(*pcrl)->references, 1, CRYPTO_LOCK_X509);
85     + }
86     + else
87     + *pcrl = xobj.data.crl;
88     if (crl)
89     X509_CRL_free(crl);
90     return 1;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed