New function X509_cmp().
This commit is contained in:
Dr. Stephen Henson
parent
b7cfcfb7f8
commit
e947f39689
4 changed files with 22 additions and 1 deletions
6
CHANGES
6
CHANGES
|
|
@ -4,6 +4,12 @@
|
|||
|
||||
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
|
||||
|
||||
*) New function X509_cmp(). Oddly enough there wasn't a function
|
||||
to compare two certificates. We do this by working out the SHA1
|
||||
hash and comparing that. X509_cmp() will be needed by the trust
|
||||
code.
|
||||
[Steve Henson]
|
||||
|
||||
*) Correctly increment the reference count in the SSL_SESSION pointer
|
||||
returned from SSL_get_session().
|
||||
[Geoff Thorpe <geoff@eu.c2.net>]
|
||||
|
|
|
|||
|
|
@ -269,6 +269,7 @@ typedef struct x509_st
|
|||
unsigned long ex_kusage;
|
||||
unsigned long ex_xkusage;
|
||||
unsigned long ex_nscert;
|
||||
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
|
||||
X509_CERT_AUX *aux;
|
||||
} X509;
|
||||
|
||||
|
|
@ -869,6 +870,7 @@ unsigned long X509_issuer_name_hash(X509 *a);
|
|||
int X509_subject_name_cmp(X509 *a,X509 *b);
|
||||
unsigned long X509_subject_name_hash(X509 *x);
|
||||
|
||||
int X509_cmp (X509 *a, X509 *b);
|
||||
int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
|
||||
unsigned long X509_NAME_hash(X509_NAME *x);
|
||||
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@
|
|||
#include <openssl/asn1.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
|
||||
{
|
||||
|
|
@ -135,6 +136,16 @@ unsigned long X509_subject_name_hash(X509 *x)
|
|||
{
|
||||
return(X509_NAME_hash(x->cert_info->subject));
|
||||
}
|
||||
/* Compare two certificates: they must be identical for
|
||||
* this to work.
|
||||
*/
|
||||
int X509_cmp(X509 *a, X509 *b)
|
||||
{
|
||||
/* ensure hash is valid */
|
||||
X509_check_purpose(a, -1, 0);
|
||||
X509_check_purpose(b, -1, 0);
|
||||
return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
|
||||
}
|
||||
|
||||
int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -103,12 +103,13 @@ int X509_check_purpose(X509 *x, int id, int ca)
|
|||
x509v3_cache_extensions(x);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
|
||||
}
|
||||
if(id == -1) return 1;
|
||||
idx = x509_purpose_get_idx(id);
|
||||
if(idx == -1) return -1;
|
||||
pt = sk_X509_PURPOSE_value(xptable, idx);
|
||||
return pt->check_purpose(pt, x,ca);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -199,6 +200,7 @@ static void x509v3_cache_extensions(X509 *x)
|
|||
STACK_OF(ASN1_OBJECT) *extusage;
|
||||
int i;
|
||||
if(x->ex_flags & EXFLAG_SET) return;
|
||||
X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
|
||||
/* Does subject name match issuer ? */
|
||||
if(X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
|
||||
x->ex_flags |= EXFLAG_SS;
|
||||
|
|
|
|||
Loading…
Reference in a new issue