Initial support for Certificate Policies extension: print out works but setting

[oweals/openssl.git] / crypto / asn1 / x_cinf.c

diff --git a/crypto/asn1/x_cinf.c b/crypto/asn1/x_cinf.c
index 4fc2cc9f6e46f380690e96e8f7f1d2d3eaf3beb1..88099ea9f780f99e7129e789a9049b7ffedcbb4a 100644 (file)
--- a/crypto/asn1/x_cinf.c
+++ b/crypto/asn1/x_cinf.c
@@ -61,8 +61,8 @@
 #include "asn1_mac.h"
 
 /*
- * ASN1err(ASN1_F_D2I_X509_CINF,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CINF_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_X509_CINF,ERR_R_ASN1_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_CINF_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
  */
 
 int i2d_X509_CINF(a,pp)
@@ -81,7 +81,7 @@ unsigned char **pp;
        M_ASN1_I2D_len(a->key,                  i2d_X509_PUBKEY);
        M_ASN1_I2D_len_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING);
        M_ASN1_I2D_len_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING);
-       M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+       M_ASN1_I2D_len_EXP_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
 
        M_ASN1_I2D_seq_total();
 
@@ -94,7 +94,7 @@ unsigned char **pp;
        M_ASN1_I2D_put(a->key,                  i2d_X509_PUBKEY);
        M_ASN1_I2D_put_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING,1);
        M_ASN1_I2D_put_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING,2);
-       M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+       M_ASN1_I2D_put_EXP_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
 
        M_ASN1_I2D_finish();
        }
@@ -140,21 +140,28 @@ long length;
                if (ret->subjectUID != NULL)
                        {
                        ASN1_BIT_STRING_free(ret->subjectUID);
-                       ret->issuerUID=NULL;
+                       ret->subjectUID=NULL;
                        }
                M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
                        V_ASN1_BIT_STRING);
                M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
                        V_ASN1_BIT_STRING);
                }
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
        if (ver >= 2) /* version 3 extensions */
+#endif
                {
                if (ret->extensions != NULL)
                        while (sk_num(ret->extensions))
                                X509_EXTENSION_free((X509_EXTENSION *)
                                        sk_pop(ret->extensions));
-               M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,3,
-                       V_ASN1_SEQUENCE);
+               M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
+                       X509_EXTENSION_free,3,V_ASN1_SEQUENCE);
                }
        M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
        }
@@ -162,6 +169,7 @@ long length;
 X509_CINF *X509_CINF_new()
        {
        X509_CINF *ret=NULL;
+       ASN1_CTX c;
 
        M_ASN1_New_Malloc(ret,X509_CINF);
        ret->version=NULL;