-char keyid=0, issuer=0;
-int i;
-CONF_VALUE *cnf;
-ASN1_OCTET_STRING *ikeyid = NULL;
-X509_NAME *isname = NULL;
-STACK_OF(GENERAL_NAME) * gens = NULL;
-GENERAL_NAME *gen = NULL;
-ASN1_INTEGER *serial = NULL;
-X509_EXTENSION *ext;
-X509 *cert;
-AUTHORITY_KEYID *akeyid;
-for(i = 0; i < sk_num(values); i++) {
- cnf = (CONF_VALUE *)sk_value(values, i);
- if(!strcmp(cnf->name, "keyid")) {
- keyid = 1;
- if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
- } else if(!strcmp(cnf->name, "issuer")) {
- issuer = 1;
- if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
- } else {
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
- ERR_add_error_data(2, "name=", cnf->name);
- return NULL;
- }
-}
-
-
-
-if(!ctx || !ctx->issuer_cert) {
- if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
- return NULL;
-}
-
-cert = ctx->issuer_cert;
-
-if(keyid) {
- i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
- if((i >= 0) && (ext = X509_get_ext(cert, i)))
- ikeyid = X509V3_EXT_d2i(ext);
- if(keyid==2 && !ikeyid) {
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
- return NULL;
- }
+ char keyid = 0, issuer = 0;
+ int i;
+ CONF_VALUE *cnf;
+ ASN1_OCTET_STRING *ikeyid = NULL;
+ X509_NAME *isname = NULL;
+ GENERAL_NAMES *gens = NULL;
+ GENERAL_NAME *gen = NULL;
+ ASN1_INTEGER *serial = NULL;
+ X509_EXTENSION *ext;
+ X509 *cert;
+ AUTHORITY_KEYID *akeyid;
+
+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+ cnf = sk_CONF_VALUE_value(values, i);
+ if (strcmp(cnf->name, "keyid") == 0) {
+ keyid = 1;
+ if (cnf->value && strcmp(cnf->value, "always") == 0)
+ keyid = 2;
+ } else if (strcmp(cnf->name, "issuer") == 0) {
+ issuer = 1;
+ if (cnf->value && strcmp(cnf->value, "always") == 0)
+ issuer = 2;
+ } else {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION);
+ ERR_add_error_data(2, "name=", cnf->name);
+ return NULL;
+ }
+ }
+
+ if (!ctx || !ctx->issuer_cert) {
+ if (ctx && (ctx->flags == CTX_TEST))
+ return AUTHORITY_KEYID_new();
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+ X509V3_R_NO_ISSUER_CERTIFICATE);
+ return NULL;
+ }
+
+ cert = ctx->issuer_cert;
+
+ if (keyid) {
+ i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+ if ((i >= 0) && (ext = X509_get_ext(cert, i)))
+ ikeyid = X509V3_EXT_d2i(ext);
+ if (keyid == 2 && !ikeyid) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+ X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+ return NULL;
+ }
+ }
+
+ if ((issuer && !ikeyid) || (issuer == 2)) {
+ isname = X509_NAME_dup(X509_get_issuer_name(cert));
+ serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+ if (!isname || !serial) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+ X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+ goto err;
+ }
+ }
+
+ if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
+ goto err;
+
+ if (isname) {
+ if ((gens = sk_GENERAL_NAME_new_null()) == NULL
+ || (gen = GENERAL_NAME_new()) == NULL
+ || !sk_GENERAL_NAME_push(gens, gen)) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ gen->type = GEN_DIRNAME;
+ gen->d.dirn = isname;
+ }
+
+ akeyid->issuer = gens;
+ akeyid->serial = serial;
+ akeyid->keyid = ikeyid;
+
+ return akeyid;
+
+ err:
+ X509_NAME_free(isname);
+ ASN1_INTEGER_free(serial);
+ ASN1_OCTET_STRING_free(ikeyid);
+ return NULL;