From b5cfc2f590fd143611cc87f9fd6571dacda45e31 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 3 Mar 2010 20:13:30 +0000 Subject: [PATCH] option to replace extensions with new ones: mainly for creating cross-certificates --- crypto/x509v3/v3_conf.c | 8 ++++---- crypto/x509v3/x509v3.h | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 24b21d4ea2..b570b6e592 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -322,10 +322,10 @@ static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) int idx; ASN1_OBJECT *obj; obj = X509_EXTENSION_get_object(dext); - while ((idx = X509_EXTENSION_get_by_OBJ(sk, obj, -1)) >= 0) + while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) { - X509_EXTENSION *tmpext= X509_get_ext(sk, idx); - X509_del_ext(sk, idx); + X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx); + X509v3_delete_ext(sk, idx); X509_EXTENSION_free(tmpext); } } @@ -348,7 +348,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, val = sk_CONF_VALUE_value(nval, i); if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) return 0; - if (ctx->flags == X509V3_CTX_FLAG_REPLACE) + if (ctx->flags == X509V3_CTX_REPLACE) delete_ext(*sk, ext); if (sk) X509v3_add_ext(sk, ext, -1); X509_EXTENSION_free(ext); diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 84cf46f538..bf409997e7 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -128,6 +128,7 @@ void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); /* Context specific info */ struct v3_ext_ctx { #define CTX_TEST 0x1 +#define X509V3_CTX_REPLACE 0x2 int flags; X509 *issuer_cert; X509 *subject_cert;