commit 1756d405cc0d5bf8fd0a40b8d103ee9314522171
author Dr. Stephen Henson <steve@openssl.org> Sat Mar 06 19:33:29 1999 +0000
committer Dr. Stephen Henson <steve@openssl.org> Sat Mar 06 19:33:29 1999 +0000
tree fb862f3f0c53144b518ebf0eec245a10a355fa90
parent 116e315303d87c1974500a89dc3ff2fe7f88e59d

Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.

crypto/pkcs7/sign.c

diff --git a/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c
index 6ad88d4..772863b 100644
--- a/crypto/pkcs7/sign.c
+++ b/crypto/pkcs7/sign.c
@@ -110,8 +110,11 @@
 
 	/* Add some extra attributes */
 	if (!add_signed_time(si)) goto err;
+#if 0
+	/* Since these are made up attributes lets leave them out */
 	if (!add_signed_string(si,"SIGNED STRING")) goto err;
 	if (!add_signed_seq2string(si,"STRING1","STRING2")) goto err;
+#endif
 
 	/* we may want to add more */
 	PKCS7_add_certificate(p7,x509);

crypto/x509v3/v3_conf.c

diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 78dd995..5e0fa0b 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -264,6 +264,29 @@
 	return 1;
 }
 
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(conf, ctx, section, crl)
+LHASH *conf;
+X509V3_CTX *ctx;
+char *section;
+X509_CRL *crl;
+{
+	X509_EXTENSION *ext;
+	STACK *nval;
+	CONF_VALUE *val;	
+	int i;
+	if(!(nval = CONF_get_section(conf, section))) return 0;
+	for(i = 0; i < sk_num(nval); i++) {
+		val = (CONF_VALUE *)sk_value(nval, i);
+		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+								return 0;
+		if(crl) X509_CRL_add_ext(crl, ext, -1);
+		X509_EXTENSION_free(ext);
+	}
+	return 1;
+}
+
 /* Just check syntax of config file as far as possible */
 int X509V3_EXT_check_conf(conf, section)
 LHASH *conf;

crypto/x509v3/x509v3.h

diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 282732e..1f5f797 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -246,6 +246,7 @@
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
 int X509V3_EXT_check_conf(LHASH *conf, char *section);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
@@ -326,6 +327,7 @@
 char * i2s_ASN1_ENUMERATED();
 char * i2s_ASN1_ENUMERATED_TABLE();
 int X509V3_EXT_add();
+int X509V3_EXT_CRL_add_conf();
 int X509V3_EXT_add_alias();
 void X509V3_EXT_cleanup();