1 /* v3_alt.c */
2 /*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6 /* ====================================================================
7 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com). */
57
58 #include <stdio.h>
59 #include <string.h>
60
61 #include <openssl/conf.h>
62 #include <openssl/err.h>
63 #include <openssl/mem.h>
64 #include <openssl/obj.h>
65 #include <openssl/x509v3.h>
66
67 #include "internal.h"
68
69
70 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
71 X509V3_CTX *ctx,
72 STACK_OF(CONF_VALUE) *nval);
73 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
74 X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *nval);
76 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
77 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
78 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
79 static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
80
81 const X509V3_EXT_METHOD v3_alt[] = {
82 {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
83 0, 0, 0, 0,
84 0, 0,
85 (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
86 (X509V3_EXT_V2I)v2i_subject_alt,
87 NULL, NULL, NULL},
88
89 {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
90 0, 0, 0, 0,
91 0, 0,
92 (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
93 (X509V3_EXT_V2I)v2i_issuer_alt,
94 NULL, NULL, NULL},
95
96 {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
97 0, 0, 0, 0,
98 0, 0,
99 (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
100 NULL, NULL, NULL, NULL},
101 };
102
STACK_OF(CONF_VALUE)103 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
104 GENERAL_NAMES *gens,
105 STACK_OF(CONF_VALUE) *ret)
106 {
107 size_t i;
108 GENERAL_NAME *gen;
109 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
110 gen = sk_GENERAL_NAME_value(gens, i);
111 ret = i2v_GENERAL_NAME(method, gen, ret);
112 }
113 if (!ret)
114 return sk_CONF_VALUE_new_null();
115 return ret;
116 }
117
STACK_OF(CONF_VALUE)118 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
119 GENERAL_NAME *gen,
120 STACK_OF(CONF_VALUE) *ret)
121 {
122 unsigned char *p;
123 char oline[256], htmp[5];
124 int i;
125 switch (gen->type) {
126 case GEN_OTHERNAME:
127 if (!X509V3_add_value("othername", "<unsupported>", &ret))
128 return NULL;
129 break;
130
131 case GEN_X400:
132 if (!X509V3_add_value("X400Name", "<unsupported>", &ret))
133 return NULL;
134 break;
135
136 case GEN_EDIPARTY:
137 if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))
138 return NULL;
139 break;
140
141 case GEN_EMAIL:
142 if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
143 return NULL;
144 break;
145
146 case GEN_DNS:
147 if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
148 return NULL;
149 break;
150
151 case GEN_URI:
152 if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
153 return NULL;
154 break;
155
156 case GEN_DIRNAME:
157 if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL
158 || !X509V3_add_value("DirName", oline, &ret))
159 return NULL;
160 break;
161
162 case GEN_IPADD:
163 p = gen->d.ip->data;
164 if (gen->d.ip->length == 4)
165 BIO_snprintf(oline, sizeof oline,
166 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
167 else if (gen->d.ip->length == 16) {
168 oline[0] = 0;
169 for (i = 0; i < 8; i++) {
170 BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]);
171 p += 2;
172 BUF_strlcat(oline, htmp, sizeof(oline));
173 if (i != 7)
174 BUF_strlcat(oline, ":", sizeof(oline));
175 }
176 } else {
177 if (!X509V3_add_value("IP Address", "<invalid>", &ret))
178 return NULL;
179 break;
180 }
181 if (!X509V3_add_value("IP Address", oline, &ret))
182 return NULL;
183 break;
184
185 case GEN_RID:
186 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
187 if (!X509V3_add_value("Registered ID", oline, &ret))
188 return NULL;
189 break;
190 }
191 return ret;
192 }
193
GENERAL_NAME_print(BIO * out,GENERAL_NAME * gen)194 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
195 {
196 unsigned char *p;
197 int i;
198 switch (gen->type) {
199 case GEN_OTHERNAME:
200 BIO_printf(out, "othername:<unsupported>");
201 break;
202
203 case GEN_X400:
204 BIO_printf(out, "X400Name:<unsupported>");
205 break;
206
207 case GEN_EDIPARTY:
208 /* Maybe fix this: it is supported now */
209 BIO_printf(out, "EdiPartyName:<unsupported>");
210 break;
211
212 case GEN_EMAIL:
213 BIO_printf(out, "email:");
214 ASN1_STRING_print(out, gen->d.ia5);
215 break;
216
217 case GEN_DNS:
218 BIO_printf(out, "DNS:");
219 ASN1_STRING_print(out, gen->d.ia5);
220 break;
221
222 case GEN_URI:
223 BIO_printf(out, "URI:");
224 ASN1_STRING_print(out, gen->d.ia5);
225 break;
226
227 case GEN_DIRNAME:
228 BIO_printf(out, "DirName: ");
229 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
230 break;
231
232 case GEN_IPADD:
233 p = gen->d.ip->data;
234 if (gen->d.ip->length == 4)
235 BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
236 else if (gen->d.ip->length == 16) {
237 BIO_printf(out, "IP Address");
238 for (i = 0; i < 8; i++) {
239 BIO_printf(out, ":%X", p[0] << 8 | p[1]);
240 p += 2;
241 }
242 BIO_puts(out, "\n");
243 } else {
244 BIO_printf(out, "IP Address:<invalid>");
245 break;
246 }
247 break;
248
249 case GEN_RID:
250 BIO_printf(out, "Registered ID");
251 i2a_ASN1_OBJECT(out, gen->d.rid);
252 break;
253 }
254 return 1;
255 }
256
v2i_issuer_alt(X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)257 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
258 X509V3_CTX *ctx,
259 STACK_OF(CONF_VALUE) *nval)
260 {
261 GENERAL_NAMES *gens = NULL;
262 CONF_VALUE *cnf;
263 size_t i;
264 if (!(gens = sk_GENERAL_NAME_new_null())) {
265 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
266 return NULL;
267 }
268 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
269 cnf = sk_CONF_VALUE_value(nval, i);
270 if (!x509v3_name_cmp(cnf->name, "issuer") && cnf->value &&
271 !strcmp(cnf->value, "copy")) {
272 if (!copy_issuer(ctx, gens))
273 goto err;
274 } else {
275 GENERAL_NAME *gen;
276 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
277 goto err;
278 sk_GENERAL_NAME_push(gens, gen);
279 }
280 }
281 return gens;
282 err:
283 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
284 return NULL;
285 }
286
287 /* Append subject altname of issuer to issuer alt name of subject */
288
copy_issuer(X509V3_CTX * ctx,GENERAL_NAMES * gens)289 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
290 {
291 GENERAL_NAMES *ialt;
292 GENERAL_NAME *gen;
293 X509_EXTENSION *ext;
294 int i;
295 size_t j;
296 if (ctx && (ctx->flags == CTX_TEST))
297 return 1;
298 if (!ctx || !ctx->issuer_cert) {
299 OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_DETAILS);
300 goto err;
301 }
302 i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
303 if (i < 0)
304 return 1;
305 if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
306 !(ialt = X509V3_EXT_d2i(ext))) {
307 OPENSSL_PUT_ERROR(X509V3, X509V3_R_ISSUER_DECODE_ERROR);
308 goto err;
309 }
310
311 for (j = 0; j < sk_GENERAL_NAME_num(ialt); j++) {
312 gen = sk_GENERAL_NAME_value(ialt, j);
313 if (!sk_GENERAL_NAME_push(gens, gen)) {
314 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
315 goto err;
316 }
317 }
318 sk_GENERAL_NAME_free(ialt);
319
320 return 1;
321
322 err:
323 return 0;
324
325 }
326
v2i_subject_alt(X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)327 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
328 X509V3_CTX *ctx,
329 STACK_OF(CONF_VALUE) *nval)
330 {
331 GENERAL_NAMES *gens = NULL;
332 CONF_VALUE *cnf;
333 size_t i;
334 if (!(gens = sk_GENERAL_NAME_new_null())) {
335 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
336 return NULL;
337 }
338 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
339 cnf = sk_CONF_VALUE_value(nval, i);
340 if (!x509v3_name_cmp(cnf->name, "email") && cnf->value &&
341 !strcmp(cnf->value, "copy")) {
342 if (!copy_email(ctx, gens, 0))
343 goto err;
344 } else if (!x509v3_name_cmp(cnf->name, "email") && cnf->value &&
345 !strcmp(cnf->value, "move")) {
346 if (!copy_email(ctx, gens, 1))
347 goto err;
348 } else {
349 GENERAL_NAME *gen;
350 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
351 goto err;
352 sk_GENERAL_NAME_push(gens, gen);
353 }
354 }
355 return gens;
356 err:
357 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
358 return NULL;
359 }
360
361 /*
362 * Copy any email addresses in a certificate or request to GENERAL_NAMES
363 */
364
copy_email(X509V3_CTX * ctx,GENERAL_NAMES * gens,int move_p)365 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
366 {
367 X509_NAME *nm;
368 ASN1_IA5STRING *email = NULL;
369 X509_NAME_ENTRY *ne;
370 GENERAL_NAME *gen = NULL;
371 int i;
372 if (ctx != NULL && ctx->flags == CTX_TEST)
373 return 1;
374 if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
375 OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_SUBJECT_DETAILS);
376 goto err;
377 }
378 /* Find the subject name */
379 if (ctx->subject_cert)
380 nm = X509_get_subject_name(ctx->subject_cert);
381 else
382 nm = X509_REQ_get_subject_name(ctx->subject_req);
383
384 /* Now add any email address(es) to STACK */
385 i = -1;
386 while ((i = X509_NAME_get_index_by_NID(nm,
387 NID_pkcs9_emailAddress, i)) >= 0) {
388 ne = X509_NAME_get_entry(nm, i);
389 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
390 if (move_p) {
391 X509_NAME_delete_entry(nm, i);
392 X509_NAME_ENTRY_free(ne);
393 i--;
394 }
395 if (!email || !(gen = GENERAL_NAME_new())) {
396 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
397 goto err;
398 }
399 gen->d.ia5 = email;
400 email = NULL;
401 gen->type = GEN_EMAIL;
402 if (!sk_GENERAL_NAME_push(gens, gen)) {
403 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
404 goto err;
405 }
406 gen = NULL;
407 }
408
409 return 1;
410
411 err:
412 GENERAL_NAME_free(gen);
413 M_ASN1_IA5STRING_free(email);
414 return 0;
415
416 }
417
v2i_GENERAL_NAMES(const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)418 GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
419 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
420 {
421 GENERAL_NAME *gen;
422 GENERAL_NAMES *gens = NULL;
423 CONF_VALUE *cnf;
424 size_t i;
425 if (!(gens = sk_GENERAL_NAME_new_null())) {
426 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
427 return NULL;
428 }
429 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
430 cnf = sk_CONF_VALUE_value(nval, i);
431 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
432 goto err;
433 sk_GENERAL_NAME_push(gens, gen);
434 }
435 return gens;
436 err:
437 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
438 return NULL;
439 }
440
v2i_GENERAL_NAME(const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,CONF_VALUE * cnf)441 GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
442 X509V3_CTX *ctx, CONF_VALUE *cnf)
443 {
444 return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
445 }
446
a2i_GENERAL_NAME(GENERAL_NAME * out,const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,int gen_type,char * value,int is_nc)447 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
448 const X509V3_EXT_METHOD *method,
449 X509V3_CTX *ctx, int gen_type, char *value,
450 int is_nc)
451 {
452 char is_string = 0;
453 GENERAL_NAME *gen = NULL;
454
455 if (!value) {
456 OPENSSL_PUT_ERROR(X509V3, X509V3_R_MISSING_VALUE);
457 return NULL;
458 }
459
460 if (out)
461 gen = out;
462 else {
463 gen = GENERAL_NAME_new();
464 if (gen == NULL) {
465 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
466 return NULL;
467 }
468 }
469
470 switch (gen_type) {
471 case GEN_URI:
472 case GEN_EMAIL:
473 case GEN_DNS:
474 is_string = 1;
475 break;
476
477 case GEN_RID:
478 {
479 ASN1_OBJECT *obj;
480 if (!(obj = OBJ_txt2obj(value, 0))) {
481 OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_OBJECT);
482 ERR_add_error_data(2, "value=", value);
483 goto err;
484 }
485 gen->d.rid = obj;
486 }
487 break;
488
489 case GEN_IPADD:
490 if (is_nc)
491 gen->d.ip = a2i_IPADDRESS_NC(value);
492 else
493 gen->d.ip = a2i_IPADDRESS(value);
494 if (gen->d.ip == NULL) {
495 OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_IP_ADDRESS);
496 ERR_add_error_data(2, "value=", value);
497 goto err;
498 }
499 break;
500
501 case GEN_DIRNAME:
502 if (!do_dirname(gen, value, ctx)) {
503 OPENSSL_PUT_ERROR(X509V3, X509V3_R_DIRNAME_ERROR);
504 goto err;
505 }
506 break;
507
508 case GEN_OTHERNAME:
509 if (!do_othername(gen, value, ctx)) {
510 OPENSSL_PUT_ERROR(X509V3, X509V3_R_OTHERNAME_ERROR);
511 goto err;
512 }
513 break;
514 default:
515 OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_TYPE);
516 goto err;
517 }
518
519 if (is_string) {
520 if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
521 !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
522 strlen(value))) {
523 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
524 goto err;
525 }
526 }
527
528 gen->type = gen_type;
529
530 return gen;
531
532 err:
533 if (!out)
534 GENERAL_NAME_free(gen);
535 return NULL;
536 }
537
v2i_GENERAL_NAME_ex(GENERAL_NAME * out,const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,CONF_VALUE * cnf,int is_nc)538 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
539 const X509V3_EXT_METHOD *method,
540 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
541 {
542 int type;
543
544 char *name, *value;
545
546 name = cnf->name;
547 value = cnf->value;
548
549 if (!value) {
550 OPENSSL_PUT_ERROR(X509V3, X509V3_R_MISSING_VALUE);
551 return NULL;
552 }
553
554 if (!x509v3_name_cmp(name, "email"))
555 type = GEN_EMAIL;
556 else if (!x509v3_name_cmp(name, "URI"))
557 type = GEN_URI;
558 else if (!x509v3_name_cmp(name, "DNS"))
559 type = GEN_DNS;
560 else if (!x509v3_name_cmp(name, "RID"))
561 type = GEN_RID;
562 else if (!x509v3_name_cmp(name, "IP"))
563 type = GEN_IPADD;
564 else if (!x509v3_name_cmp(name, "dirName"))
565 type = GEN_DIRNAME;
566 else if (!x509v3_name_cmp(name, "otherName"))
567 type = GEN_OTHERNAME;
568 else {
569 OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION);
570 ERR_add_error_data(2, "name=", name);
571 return NULL;
572 }
573
574 return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
575
576 }
577
do_othername(GENERAL_NAME * gen,char * value,X509V3_CTX * ctx)578 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
579 {
580 char *objtmp = NULL, *p;
581 int objlen;
582 if (!(p = strchr(value, ';')))
583 return 0;
584 if (!(gen->d.otherName = OTHERNAME_new()))
585 return 0;
586 /*
587 * Free this up because we will overwrite it. no need to free type_id
588 * because it is static
589 */
590 ASN1_TYPE_free(gen->d.otherName->value);
591 if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
592 return 0;
593 objlen = p - value;
594 objtmp = OPENSSL_malloc(objlen + 1);
595 if (objtmp == NULL)
596 return 0;
597 BUF_strlcpy(objtmp, value, objlen + 1);
598 gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
599 OPENSSL_free(objtmp);
600 if (!gen->d.otherName->type_id)
601 return 0;
602 return 1;
603 }
604
do_dirname(GENERAL_NAME * gen,char * value,X509V3_CTX * ctx)605 static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
606 {
607 int ret = 0;
608 STACK_OF(CONF_VALUE) *sk = NULL;
609 X509_NAME *nm = X509_NAME_new();
610 if (nm == NULL)
611 goto err;
612 sk = X509V3_get_section(ctx, value);
613 if (sk == NULL) {
614 OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND);
615 ERR_add_error_data(2, "section=", value);
616 goto err;
617 }
618 /* FIXME: should allow other character types... */
619 if (!X509V3_NAME_from_section(nm, sk, MBSTRING_ASC))
620 goto err;
621 gen->d.dirn = nm;
622 ret = 1;
623
624 err:
625 if (!ret)
626 X509_NAME_free(nm);
627 X509V3_section_free(ctx, sk);
628 return ret;
629 }
630