v3_alt.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614
  1. /* v3_alt.c */
  2. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  3. * project.
  4. */
  5. /* ====================================================================
  6. * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. All advertising materials mentioning features or use of this
  21. * software must display the following acknowledgment:
  22. * "This product includes software developed by the OpenSSL Project
  23. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. *
  25. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. * endorse or promote products derived from this software without
  27. * prior written permission. For written permission, please contact
  28. * licensing@OpenSSL.org.
  29. *
  30. * 5. Products derived from this software may not be called "OpenSSL"
  31. * nor may "OpenSSL" appear in their names without prior written
  32. * permission of the OpenSSL Project.
  33. *
  34. * 6. Redistributions of any form whatsoever must retain the following
  35. * acknowledgment:
  36. * "This product includes software developed by the OpenSSL Project
  37. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. *
  39. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. * OF THE POSSIBILITY OF SUCH DAMAGE.
  51. * ====================================================================
  52. *
  53. * This product includes cryptographic software written by Eric Young
  54. * (eay@cryptsoft.com). This product includes software written by Tim
  55. * Hudson (tjh@cryptsoft.com).
  56. *
  57. */
  58. #include <stdio.h>
  59. #include "cryptlib.h"
  60. #include <openssl/conf.h>
  61. #include <openssl/x509v3.h>
  62. static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
  63. static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
  64. static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
  65. static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
  66. static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
  67. static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
  68. const X509V3_EXT_METHOD v3_alt[] = {
  69. { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
  70. 0,0,0,0,
  71. 0,0,
  72. (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
  73. (X509V3_EXT_V2I)v2i_subject_alt,
  74. NULL, NULL, NULL},
  75. { NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
  76. 0,0,0,0,
  77. 0,0,
  78. (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
  79. (X509V3_EXT_V2I)v2i_issuer_alt,
  80. NULL, NULL, NULL},
  81. { NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
  82. 0,0,0,0,
  83. 0,0,
  84. (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
  85. NULL, NULL, NULL, NULL},
  86. };
  87. STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
  88. GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
  89. {
  90. int i;
  91. GENERAL_NAME *gen;
  92. for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
  93. gen = sk_GENERAL_NAME_value(gens, i);
  94. ret = i2v_GENERAL_NAME(method, gen, ret);
  95. }
  96. if(!ret) return sk_CONF_VALUE_new_null();
  97. return ret;
  98. }
  99. STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
  100. GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
  101. {
  102. unsigned char *p;
  103. char oline[256], htmp[5];
  104. int i;
  105. switch (gen->type)
  106. {
  107. case GEN_OTHERNAME:
  108. X509V3_add_value("othername","<unsupported>", &ret);
  109. break;
  110. case GEN_X400:
  111. X509V3_add_value("X400Name","<unsupported>", &ret);
  112. break;
  113. case GEN_EDIPARTY:
  114. X509V3_add_value("EdiPartyName","<unsupported>", &ret);
  115. break;
  116. case GEN_EMAIL:
  117. X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
  118. break;
  119. case GEN_DNS:
  120. X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
  121. break;
  122. case GEN_URI:
  123. X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
  124. break;
  125. case GEN_DIRNAME:
  126. X509_NAME_oneline(gen->d.dirn, oline, 256);
  127. X509V3_add_value("DirName",oline, &ret);
  128. break;
  129. case GEN_IPADD:
  130. p = gen->d.ip->data;
  131. if(gen->d.ip->length == 4)
  132. BIO_snprintf(oline, sizeof oline,
  133. "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
  134. else if(gen->d.ip->length == 16)
  135. {
  136. oline[0] = 0;
  137. for (i = 0; i < 8; i++)
  138. {
  139. BIO_snprintf(htmp, sizeof htmp,
  140. "%X", p[0] << 8 | p[1]);
  141. p += 2;
  142. strcat(oline, htmp);
  143. if (i != 7)
  144. strcat(oline, ":");
  145. }
  146. }
  147. else
  148. {
  149. X509V3_add_value("IP Address","<invalid>", &ret);
  150. break;
  151. }
  152. X509V3_add_value("IP Address",oline, &ret);
  153. break;
  154. case GEN_RID:
  155. i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
  156. X509V3_add_value("Registered ID",oline, &ret);
  157. break;
  158. }
  159. return ret;
  160. }
  161. int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
  162. {
  163. unsigned char *p;
  164. int i;
  165. switch (gen->type)
  166. {
  167. case GEN_OTHERNAME:
  168. BIO_printf(out, "othername:<unsupported>");
  169. break;
  170. case GEN_X400:
  171. BIO_printf(out, "X400Name:<unsupported>");
  172. break;
  173. case GEN_EDIPARTY:
  174. /* Maybe fix this: it is supported now */
  175. BIO_printf(out, "EdiPartyName:<unsupported>");
  176. break;
  177. case GEN_EMAIL:
  178. BIO_printf(out, "email:%s",gen->d.ia5->data);
  179. break;
  180. case GEN_DNS:
  181. BIO_printf(out, "DNS:%s",gen->d.ia5->data);
  182. break;
  183. case GEN_URI:
  184. BIO_printf(out, "URI:%s",gen->d.ia5->data);
  185. break;
  186. case GEN_DIRNAME:
  187. BIO_printf(out, "DirName: ");
  188. X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
  189. break;
  190. case GEN_IPADD:
  191. p = gen->d.ip->data;
  192. if(gen->d.ip->length == 4)
  193. BIO_printf(out, "IP Address:%d.%d.%d.%d",
  194. p[0], p[1], p[2], p[3]);
  195. else if(gen->d.ip->length == 16)
  196. {
  197. BIO_printf(out, "IP Address");
  198. for (i = 0; i < 8; i++)
  199. {
  200. BIO_printf(out, ":%X", p[0] << 8 | p[1]);
  201. p += 2;
  202. }
  203. BIO_puts(out, "\n");
  204. }
  205. else
  206. {
  207. BIO_printf(out,"IP Address:<invalid>");
  208. break;
  209. }
  210. break;
  211. case GEN_RID:
  212. BIO_printf(out, "Registered ID");
  213. i2a_ASN1_OBJECT(out, gen->d.rid);
  214. break;
  215. }
  216. return 1;
  217. }
  218. static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
  219. X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
  220. {
  221. GENERAL_NAMES *gens = NULL;
  222. CONF_VALUE *cnf;
  223. int i;
  224. if(!(gens = sk_GENERAL_NAME_new_null())) {
  225. X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);
  226. return NULL;
  227. }
  228. for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
  229. cnf = sk_CONF_VALUE_value(nval, i);
  230. if(!name_cmp(cnf->name, "issuer") && cnf->value &&
  231. !strcmp(cnf->value, "copy")) {
  232. if(!copy_issuer(ctx, gens)) goto err;
  233. } else {
  234. GENERAL_NAME *gen;
  235. if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
  236. goto err;
  237. sk_GENERAL_NAME_push(gens, gen);
  238. }
  239. }
  240. return gens;
  241. err:
  242. sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
  243. return NULL;
  244. }
  245. /* Append subject altname of issuer to issuer alt name of subject */
  246. static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
  247. {
  248. GENERAL_NAMES *ialt;
  249. GENERAL_NAME *gen;
  250. X509_EXTENSION *ext;
  251. int i;
  252. if(ctx && (ctx->flags == CTX_TEST)) return 1;
  253. if(!ctx || !ctx->issuer_cert) {
  254. X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
  255. goto err;
  256. }
  257. i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
  258. if(i < 0) return 1;
  259. if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
  260. !(ialt = X509V3_EXT_d2i(ext)) ) {
  261. X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
  262. goto err;
  263. }
  264. for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
  265. gen = sk_GENERAL_NAME_value(ialt, i);
  266. if(!sk_GENERAL_NAME_push(gens, gen)) {
  267. X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
  268. goto err;
  269. }
  270. }
  271. sk_GENERAL_NAME_free(ialt);
  272. return 1;
  273. err:
  274. return 0;
  275. }
  276. static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
  277. X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
  278. {
  279. GENERAL_NAMES *gens = NULL;
  280. CONF_VALUE *cnf;
  281. int i;
  282. if(!(gens = sk_GENERAL_NAME_new_null())) {
  283. X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);
  284. return NULL;
  285. }
  286. for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
  287. cnf = sk_CONF_VALUE_value(nval, i);
  288. if(!name_cmp(cnf->name, "email") && cnf->value &&
  289. !strcmp(cnf->value, "copy")) {
  290. if(!copy_email(ctx, gens, 0)) goto err;
  291. } else if(!name_cmp(cnf->name, "email") && cnf->value &&
  292. !strcmp(cnf->value, "move")) {
  293. if(!copy_email(ctx, gens, 1)) goto err;
  294. } else {
  295. GENERAL_NAME *gen;
  296. if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
  297. goto err;
  298. sk_GENERAL_NAME_push(gens, gen);
  299. }
  300. }
  301. return gens;
  302. err:
  303. sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
  304. return NULL;
  305. }
  306. /* Copy any email addresses in a certificate or request to
  307. * GENERAL_NAMES
  308. */
  309. static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
  310. {
  311. X509_NAME *nm;
  312. ASN1_IA5STRING *email = NULL;
  313. X509_NAME_ENTRY *ne;
  314. GENERAL_NAME *gen = NULL;
  315. int i;
  316. if(ctx != NULL && ctx->flags == CTX_TEST)
  317. return 1;
  318. if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
  319. X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
  320. goto err;
  321. }
  322. /* Find the subject name */
  323. if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
  324. else nm = X509_REQ_get_subject_name(ctx->subject_req);
  325. /* Now add any email address(es) to STACK */
  326. i = -1;
  327. while((i = X509_NAME_get_index_by_NID(nm,
  328. NID_pkcs9_emailAddress, i)) >= 0) {
  329. ne = X509_NAME_get_entry(nm, i);
  330. email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
  331. if (move_p)
  332. {
  333. X509_NAME_delete_entry(nm, i);
  334. X509_NAME_ENTRY_free(ne);
  335. i--;
  336. }
  337. if(!email || !(gen = GENERAL_NAME_new())) {
  338. X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
  339. goto err;
  340. }
  341. gen->d.ia5 = email;
  342. email = NULL;
  343. gen->type = GEN_EMAIL;
  344. if(!sk_GENERAL_NAME_push(gens, gen)) {
  345. X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
  346. goto err;
  347. }
  348. gen = NULL;
  349. }
  350. return 1;
  351. err:
  352. GENERAL_NAME_free(gen);
  353. M_ASN1_IA5STRING_free(email);
  354. return 0;
  355. }
  356. GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
  357. X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
  358. {
  359. GENERAL_NAME *gen;
  360. GENERAL_NAMES *gens = NULL;
  361. CONF_VALUE *cnf;
  362. int i;
  363. if(!(gens = sk_GENERAL_NAME_new_null())) {
  364. X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
  365. return NULL;
  366. }
  367. for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
  368. cnf = sk_CONF_VALUE_value(nval, i);
  369. if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
  370. sk_GENERAL_NAME_push(gens, gen);
  371. }
  372. return gens;
  373. err:
  374. sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
  375. return NULL;
  376. }
  377. GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  378. CONF_VALUE *cnf)
  379. {
  380. return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
  381. }
  382. GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
  383. const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  384. int gen_type, char *value, int is_nc)
  385. {
  386. char is_string = 0;
  387. GENERAL_NAME *gen = NULL;
  388. if(!value)
  389. {
  390. X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
  391. return NULL;
  392. }
  393. if (out)
  394. gen = out;
  395. else
  396. {
  397. gen = GENERAL_NAME_new();
  398. if(gen == NULL)
  399. {
  400. X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
  401. return NULL;
  402. }
  403. }
  404. switch (gen_type)
  405. {
  406. case GEN_URI:
  407. case GEN_EMAIL:
  408. case GEN_DNS:
  409. is_string = 1;
  410. break;
  411. case GEN_RID:
  412. {
  413. ASN1_OBJECT *obj;
  414. if(!(obj = OBJ_txt2obj(value,0)))
  415. {
  416. X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
  417. ERR_add_error_data(2, "value=", value);
  418. goto err;
  419. }
  420. gen->d.rid = obj;
  421. }
  422. break;
  423. case GEN_IPADD:
  424. if (is_nc)
  425. gen->d.ip = a2i_IPADDRESS_NC(value);
  426. else
  427. gen->d.ip = a2i_IPADDRESS(value);
  428. if(gen->d.ip == NULL)
  429. {
  430. X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
  431. ERR_add_error_data(2, "value=", value);
  432. goto err;
  433. }
  434. break;
  435. case GEN_DIRNAME:
  436. if (!do_dirname(gen, value, ctx))
  437. {
  438. X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR);
  439. goto err;
  440. }
  441. break;
  442. case GEN_OTHERNAME:
  443. if (!do_othername(gen, value, ctx))
  444. {
  445. X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR);
  446. goto err;
  447. }
  448. break;
  449. default:
  450. X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE);
  451. goto err;
  452. }
  453. if(is_string)
  454. {
  455. if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
  456. !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
  457. strlen(value)))
  458. {
  459. X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
  460. goto err;
  461. }
  462. }
  463. gen->type = gen_type;
  464. return gen;
  465. err:
  466. if (!out)
  467. GENERAL_NAME_free(gen);
  468. return NULL;
  469. }
  470. GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
  471. const X509V3_EXT_METHOD *method,
  472. X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
  473. {
  474. int type;
  475. char *name, *value;
  476. name = cnf->name;
  477. value = cnf->value;
  478. if(!value)
  479. {
  480. X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
  481. return NULL;
  482. }
  483. if(!name_cmp(name, "email"))
  484. type = GEN_EMAIL;
  485. else if(!name_cmp(name, "URI"))
  486. type = GEN_URI;
  487. else if(!name_cmp(name, "DNS"))
  488. type = GEN_DNS;
  489. else if(!name_cmp(name, "RID"))
  490. type = GEN_RID;
  491. else if(!name_cmp(name, "IP"))
  492. type = GEN_IPADD;
  493. else if(!name_cmp(name, "dirName"))
  494. type = GEN_DIRNAME;
  495. else if(!name_cmp(name, "otherName"))
  496. type = GEN_OTHERNAME;
  497. else
  498. {
  499. X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
  500. ERR_add_error_data(2, "name=", name);
  501. return NULL;
  502. }
  503. return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
  504. }
  505. static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
  506. {
  507. char *objtmp = NULL, *p;
  508. int objlen;
  509. if (!(p = strchr(value, ';')))
  510. return 0;
  511. if (!(gen->d.otherName = OTHERNAME_new()))
  512. return 0;
  513. /* Free this up because we will overwrite it.
  514. * no need to free type_id because it is static
  515. */
  516. ASN1_TYPE_free(gen->d.otherName->value);
  517. if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
  518. return 0;
  519. objlen = p - value;
  520. objtmp = OPENSSL_malloc(objlen + 1);
  521. strncpy(objtmp, value, objlen);
  522. objtmp[objlen] = 0;
  523. gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
  524. OPENSSL_free(objtmp);
  525. if (!gen->d.otherName->type_id)
  526. return 0;
  527. return 1;
  528. }
  529. static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
  530. {
  531. int ret;
  532. STACK_OF(CONF_VALUE) *sk;
  533. X509_NAME *nm;
  534. if (!(nm = X509_NAME_new()))
  535. return 0;
  536. sk = X509V3_get_section(ctx, value);
  537. if (!sk)
  538. {
  539. X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
  540. ERR_add_error_data(2, "section=", value);
  541. X509_NAME_free(nm);
  542. return 0;
  543. }
  544. /* FIXME: should allow other character types... */
  545. ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
  546. if (!ret)
  547. X509_NAME_free(nm);
  548. gen->d.dirn = nm;
  549. X509V3_section_free(ctx, sk);
  550. return ret;
  551. }