tests/x509cert-tl
doc/enums.texi
doc/enums/
+tests/infoaccess
* Version 3.0.4 (unreleased)
** libgnutls: Added gnutls_x509_crt_get_authority_info_access.
-Used to get the PKIX Authority Information Access field.
+Used to get the PKIX Authority Information Access (AIA) field.
+
+** libgnutls: gnutls_x509_crt_print supports printing AIA fields.
** API and ABI modifications:
gnutls_x509_crt_get_authority_info_access (x509.h): Added function.
gnutls_info_access_what_t (x509.h): Added enum.
GNUTLS_OID_AIA (x509.h): Added symbol.
GNUTLS_OID_AD_OCSP (x509.h): Added symbol.
+GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol.
* Version 3.0.3 (released 2011-09-18)
#define GNUTLS_OID_AIA "1.3.6.1.5.5.7.1.1"
#define GNUTLS_OID_AD_OCSP "1.3.6.1.5.5.7.48.1"
+#define GNUTLS_OID_AD_CAISSUERS "1.3.6.1.5.5.7.48.2"
#define GNUTLS_FSAN_SET 0
#define GNUTLS_FSAN_APPEND 1
* @GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: Get accessLocation name type.
* @GNUTLS_IA_URI: Get accessLocation URI value.
* @GNUTLS_IA_OCSP_URI: get accessLocation URI value for OCSP.
+ * @GNUTLS_IA_CAISSUERS_URI: get accessLocation URI value for caIssuers.
*
* Enumeration of types for the @what parameter of
* gnutls_x509_crt_get_authority_info_access().
/* use 100-108 for the generalName types, populate as needed */
GNUTLS_IA_URI = 106,
/* quick-access variants that match both OID and name type. */
- GNUTLS_IA_OCSP_URI = 10006
+ GNUTLS_IA_OCSP_URI = 10006,
+ GNUTLS_IA_CAISSUERS_URI = 10106
} gnutls_info_access_what_t;
int gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
/*
- * Copyright (C) 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2007-2011 Free Software Foundation, Inc.
*
* Author: Simon Josefsson
*
}
}
+static void
+print_aia (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+{
+ int err;
+ int seq = 0;
+ gnutls_datum_t data;
+
+ for (;;)
+ {
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err < 0)
+ {
+ addf (str, "error: get_aia: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ addf (str, _("\t\t\tAccess Method: %.*s"), data.size, data.data);
+ if (data.size == sizeof (GNUTLS_OID_AD_OCSP) &&
+ memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0)
+ adds (str, " (id-ad-ocsp)\n");
+ else if (data.size == sizeof (GNUTLS_OID_AD_CAISSUERS) &&
+ memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0)
+ adds (str, " (id-ad-caIssuers)\n");
+ else
+ adds (str, " (UNKNOWN)\n");
+
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL);
+ if (err < 0)
+ {
+ addf (str, "error: get_aia type: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ if (data.size == sizeof ("uniformResourceIdentifier") &&
+ memcmp (data.data, "uniformResourceIdentifier", data.size) == 0)
+ {
+ adds (str, "\t\t\tAccess Location URI: ");
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_URI, &data, NULL);
+ if (err < 0)
+ {
+ addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err));
+ return;
+ }
+ addf (str, "%.*s\n", data.size, data.data);
+ }
+ else
+ adds (str, "\t\t\tUnsupported accessLocation type\n");
+
+ seq++;
+ }
+}
+
static void
print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
proxy_idx++;
}
+ else if (strcmp (oid, "1.3.6.1.5.5.7.1.1") == 0)
+ {
+ addf (str, _("%s\t\tAuthority Information "
+ "Access Information (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_aia (str, cert.crt);
+ }
else
{
char *buffer;
char nptr[ASN1_MAX_NAME_SIZE];
int result;
gnutls_datum_t d;
+ const char *oid = NULL;
seq++; /* 0->1, 1->2 etc */
switch (what)
snprintf (nptr, sizeof (nptr), "?%u.accessLocation", seq);
break;
+ case GNUTLS_IA_CAISSUERS_URI:
+ oid = GNUTLS_OID_AD_CAISSUERS;
+ /* fall through */
+
case GNUTLS_IA_OCSP_URI:
+ if (oid == NULL)
+ oid = GNUTLS_OID_AD_OCSP;
{
char *tmpoid[20];
snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq);
gnutls_assert ();
return _gnutls_asn2err (result);
}
- if (len != sizeof (GNUTLS_OID_AD_OCSP) ||
- memcmp (tmpoid, GNUTLS_OID_AD_OCSP, len) != 0)
+ if (len != strlen (oid) + 1 || memcmp (tmpoid, oid, len) != 0)
return GNUTLS_E_UNKNOWN_ALGORITHM;
}
/* fall through */
* should be #gnutls_info_access_what_t values.
*
* If @what is %GNUTLS_IA_ACCESSMETHOD_OID then @data will hold the
- * accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1" for id-ad-ocsp meaning
- * OCSP).
+ * accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1").
*
* If @what is %GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, @data will
* hold the accessLocation GeneralName type (e.g.,
*
* If @what is %GNUTLS_IA_OCSP_URI, @data will hold the OCSP URI.
* Requesting this @what value leads to an error if the accessMethod
- * is not OSCP or accessLocation is not of the
- * "uniformResourceIdentifier" type.
+ * is not 1.3.6.1.5.5.7.48.1 aka OSCP, or if accessLocation is not of
+ * the "uniformResourceIdentifier" type.
+ *
+ * If @what is %GNUTLS_IA_CAISSUERS_URI, @data will hold the caIssuers
+ * URI. Requesting this @what value leads to an error if the
+ * accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if
+ * accessLocation is not of the "uniformResourceIdentifier" type.
*
* More @what values may be allocated in the future as needed.
*
/* even more specific query */
ret = gnutls_x509_crt_get_authority_info_access
(crt, 0, GNUTLS_IA_OCSP_URI, &data, NULL);
- printf ("ret %d\n", ret);
if (ret < 0)
{
fail ("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_OCSP_URI\n");