isn't fully implemented (yet).
Changes between 0.9.2b and 0.9.3
+ *) Initial support for Certificate Policies extension: print works but
+ setting doesn't work fully (yet). Also various additions to support
+ the r2i method this extension will use.
+ [Steve Henson]
+
*) A lot of constification, and fix a bug in X509_NAME_oneline() that could
return a const string when you are expecting an allocated buffer.
[Ben Laurie]
extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
if(extensions) {
/* Check syntax of file */
- if(!X509V3_EXT_check_conf(conf, extensions)) {
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_conf_lhash(&ctx, conf);
+ if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
extensions);
crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
if(crl_ext) {
/* Check syntax of file */
- if(!X509V3_EXT_check_conf(conf, crl_ext)) {
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_conf_lhash(&ctx, conf);
+ if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
crl_ext);
extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if(extensions) {
/* Check syntax of file */
- if(!X509V3_EXT_check_conf(req_conf, extensions)) {
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_conf_lhash(&ctx, req_conf);
+ if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
#define ASN1_F_D2I_NETSCAPE_RSA_2 142
#define ASN1_F_D2I_NETSCAPE_SPKAC 143
#define ASN1_F_D2I_NETSCAPE_SPKI 144
+#define ASN1_F_D2I_NOTICEREF 268
#define ASN1_F_D2I_PBE2PARAM 262
#define ASN1_F_D2I_PBEPARAM 249
#define ASN1_F_D2I_PBKDF2PARAM 263
#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154
#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250
#define ASN1_F_D2I_PKEY_USAGE_PERIOD 239
+#define ASN1_F_D2I_POLICYINFO 269
+#define ASN1_F_D2I_POLICYQUALINFO 270
#define ASN1_F_D2I_PRIVATEKEY 155
#define ASN1_F_D2I_PUBLICKEY 156
#define ASN1_F_D2I_RSAPRIVATEKEY 157
#define ASN1_F_D2I_RSAPUBLICKEY 158
#define ASN1_F_D2I_SXNET 241
#define ASN1_F_D2I_SXNETID 243
+#define ASN1_F_D2I_USERNOTICE 271
#define ASN1_F_D2I_X509 159
#define ASN1_F_D2I_X509_ALGOR 160
#define ASN1_F_D2I_X509_ATTRIBUTE 161
#define ASN1_F_NETSCAPE_PKEY_NEW 189
#define ASN1_F_NETSCAPE_SPKAC_NEW 190
#define ASN1_F_NETSCAPE_SPKI_NEW 191
+#define ASN1_F_NOTICEREF_NEW 272
#define ASN1_F_PBE2PARAM_NEW 264
#define ASN1_F_PBEPARAM_NEW 251
#define ASN1_F_PBKDF2PARAM_NEW 265
#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201
#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252
#define ASN1_F_PKEY_USAGE_PERIOD_NEW 240
+#define ASN1_F_POLICYINFO_NEW 273
+#define ASN1_F_POLICYQUALINFO_NEW 274
#define ASN1_F_SXNETID_NEW 244
#define ASN1_F_SXNET_NEW 242
+#define ASN1_F_USERNOTICE_NEW 275
#define ASN1_F_X509_ALGOR_NEW 202
#define ASN1_F_X509_ATTRIBUTE_NEW 203
#define ASN1_F_X509_CINF_NEW 204
#define ASN1_F_D2I_NETSCAPE_RSA_2 142
#define ASN1_F_D2I_NETSCAPE_SPKAC 143
#define ASN1_F_D2I_NETSCAPE_SPKI 144
+#define ASN1_F_D2I_NOTICEREF 268
#define ASN1_F_D2I_PBE2PARAM 262
#define ASN1_F_D2I_PBEPARAM 249
#define ASN1_F_D2I_PBKDF2PARAM 263
#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154
#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250
#define ASN1_F_D2I_PKEY_USAGE_PERIOD 239
+#define ASN1_F_D2I_POLICYINFO 269
+#define ASN1_F_D2I_POLICYQUALINFO 270
#define ASN1_F_D2I_PRIVATEKEY 155
#define ASN1_F_D2I_PUBLICKEY 156
#define ASN1_F_D2I_RSAPRIVATEKEY 157
#define ASN1_F_D2I_RSAPUBLICKEY 158
#define ASN1_F_D2I_SXNET 241
#define ASN1_F_D2I_SXNETID 243
+#define ASN1_F_D2I_USERNOTICE 271
#define ASN1_F_D2I_X509 159
#define ASN1_F_D2I_X509_ALGOR 160
#define ASN1_F_D2I_X509_ATTRIBUTE 161
#define ASN1_F_NETSCAPE_PKEY_NEW 189
#define ASN1_F_NETSCAPE_SPKAC_NEW 190
#define ASN1_F_NETSCAPE_SPKI_NEW 191
+#define ASN1_F_NOTICEREF_NEW 272
#define ASN1_F_PBE2PARAM_NEW 264
#define ASN1_F_PBEPARAM_NEW 251
#define ASN1_F_PBKDF2PARAM_NEW 265
#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201
#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252
#define ASN1_F_PKEY_USAGE_PERIOD_NEW 240
+#define ASN1_F_POLICYINFO_NEW 273
+#define ASN1_F_POLICYQUALINFO_NEW 274
#define ASN1_F_SXNETID_NEW 244
#define ASN1_F_SXNET_NEW 242
+#define ASN1_F_USERNOTICE_NEW 275
#define ASN1_F_X509_ALGOR_NEW 202
#define ASN1_F_X509_ATTRIBUTE_NEW 203
#define ASN1_F_X509_CINF_NEW 204
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "D2I_NETSCAPE_SPKAC"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "D2I_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0), "D2I_NOTICEREF"},
{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0), "D2I_PBE2PARAM"},
{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0), "D2I_PBEPARAM"},
{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0), "D2I_PBKDF2PARAM"},
{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0), "D2I_PKCS7_SIGN_ENVELOPE"},
{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0), "D2I_PKCS8_PRIV_KEY_INFO"},
{ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0), "D2I_PKEY_USAGE_PERIOD"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0), "D2I_POLICYINFO"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0), "D2I_POLICYQUALINFO"},
{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "D2I_PRIVATEKEY"},
{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "D2I_PUBLICKEY"},
{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0), "D2I_RSAPRIVATEKEY"},
{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0), "D2I_RSAPUBLICKEY"},
{ERR_PACK(0,ASN1_F_D2I_SXNET,0), "D2I_SXNET"},
{ERR_PACK(0,ASN1_F_D2I_SXNETID,0), "D2I_SXNETID"},
+{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0), "D2I_USERNOTICE"},
{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"},
{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0), "D2I_X509_ALGOR"},
{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0), "D2I_X509_ATTRIBUTE"},
{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0), "NETSCAPE_PKEY_NEW"},
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_NEW"},
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_NEW"},
+{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0), "NOTICEREF_NEW"},
{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0), "PBE2PARAM_NEW"},
{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0), "PBEPARAM_NEW"},
{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0), "PBKDF2PARAM_NEW"},
{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"},
{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0), "PKCS8_PRIV_KEY_INFO_NEW"},
{ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0), "PKEY_USAGE_PERIOD_NEW"},
+{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0), "POLICYINFO_NEW"},
+{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0), "POLICYQUALINFO_NEW"},
{ERR_PACK(0,ASN1_F_SXNETID_NEW,0), "SXNETID_NEW"},
{ERR_PACK(0,ASN1_F_SXNET_NEW,0), "SXNET_NEW"},
+{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0), "USERNOTICE_NEW"},
{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0), "X509_ALGOR_NEW"},
{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0), "X509_ATTRIBUTE_NEW"},
{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"},
LIB=$(TOP)/libcrypto.a
LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c v3_int.c v3_enum.c v3_sxnet.c
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c
LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o v3_sxnet.o
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o
SRC= $(LIBSRC)
if(!ext_struc) return NULL;
} else if(method->s2i) {
if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+ } else if(method->r2i) {
+ if(!ctx->db) {
+ X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
+ return NULL;
+ }
+ if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
} else {
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
return 1;
}
-/* Just check syntax of config file as far as possible */
-int X509V3_EXT_check_conf(conf, section)
-LHASH *conf;
-char *section;
-{
- static X509V3_CTX ctx_tst = { CTX_TEST, NULL, NULL, NULL, NULL };
- return X509V3_EXT_add_conf(conf, &ctx_tst, section, NULL);
-}
-
/* Config database functions */
char * X509V3_get_string(ctx, name, section)
return NULL;
}
-void X509V3_free_string(ctx, str)
+void X509V3_string_free(ctx, str)
X509V3_CTX *ctx;
char *str;
{
+ if(!str) return;
if(ctx->db_meth->free_string)
return ctx->db_meth->free_string(ctx->db, str);
}
-void X509V3_free_section(ctx, section)
+void X509V3_section_free(ctx, section)
X509V3_CTX *ctx;
STACK *section;
{
+ if(!section) return;
if(ctx->db_meth->free_section)
return ctx->db_meth->free_section(ctx->db, section);
}
--- /dev/null
+/* v3_cpols.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "conf.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+#include "x509v3.h"
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs);
+
+X509V3_EXT_METHOD v3_cpols = {
+NID_certificate_policies, 0,
+(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
+CERTIFICATEPOLICIES_free,
+(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
+i2d_CERTIFICATEPOLICIES,
+NULL, NULL,
+NULL, NULL,
+(X509V3_EXT_I2R)i2r_certpol,
+(X509V3_EXT_R2I)r2i_certpol,
+NULL
+};
+
+
+/*
+ * ASN1err(ASN1_F_POLICYINFO_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_POLICYINFO,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_POLICYQUALINFO_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_POLICYQUALINFO,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_USERNOTICE_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_USERNOTICE,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_NOTICEREF_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_NOTICEREF,ERR_R_MALLOC_FAILURE);
+ */
+
+static STACK_OF(POLICYINFO) *r2i_certpol(method, ctx, value)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+char *value;
+{
+ STACK_OF(POLICYINFO) *pols = NULL;
+ char *pstr;
+ POLICYINFO *pol;
+ ASN1_OBJECT *pobj;
+ STACK *vals;
+ CONF_VALUE *cnf;
+ int i;
+ pols = sk_POLICYINFO_new_null();
+ vals = X509V3_parse_list(value);
+ for(i = 0; i < sk_num(vals); i++) {
+ cnf = (CONF_VALUE *)sk_value(vals, i);
+ if(cnf->value || !cnf->name ) {
+ X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pstr = cnf->name;
+ if(*pstr == '@') {
+ STACK *polsect;
+ polsect = X509V3_get_section(ctx, pstr + 1);
+ if(!polsect) {
+ X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
+
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pol = policy_section(ctx, polsect);
+ X509V3_section_free(ctx, polsect);
+ if(!pol) goto err;
+ } else {
+ if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+ X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pol = POLICYINFO_new();
+ pol->policyid = pobj;
+ }
+ sk_POLICYINFO_push(pols, pol);
+ }
+ sk_pop_free(vals, X509V3_conf_free);
+ return pols;
+ err:
+ sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+ return NULL;
+}
+
+static POLICYINFO *policy_section(ctx, polstrs)
+X509V3_CTX *ctx;
+STACK *polstrs;
+{
+ int i;
+ CONF_VALUE *cnf;
+ for(i = 0; i < sk_num(polstrs); i++) {
+ cnf = (CONF_VALUE *)sk_value(polstrs, i);
+ }
+ return NULL;
+}
+
+
+static int i2r_certpol(method, pol, out, indent)
+X509V3_EXT_METHOD *method;
+STACK_OF(POLICYINFO) *pol;
+BIO *out;
+int indent;
+{
+ int i;
+ POLICYINFO *pinfo;
+ /* First print out the policy OIDs */
+ for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
+ pinfo = sk_POLICYINFO_value(pol, i);
+ BIO_printf(out, "%*sPolicy: ", indent, "");
+ i2a_ASN1_OBJECT(out, pinfo->policyid);
+ BIO_puts(out, "\n");
+ if(pinfo->qualifiers)
+ print_qualifiers(out, pinfo->qualifiers, indent + 2);
+ }
+ return 1;
+}
+
+
+int i2d_CERTIFICATEPOLICIES(a, pp)
+STACK_OF(POLICYINFO) *a;
+unsigned char **pp;
+{
+
+return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);}
+
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new()
+{
+ return sk_POLICYINFO_new_null();
+}
+
+void CERTIFICATEPOLICIES_free(a)
+STACK_OF(POLICYINFO) *a;
+{
+ sk_POLICYINFO_pop_free(a, POLICYINFO_free);
+}
+
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(a,pp,length)
+STACK_OF(POLICYINFO) **a;
+unsigned char **pp;
+long length;
+{
+return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
+ POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+
+}
+
+IMPLEMENT_STACK_OF(POLICYINFO)
+IMPLEMENT_ASN1_SET_OF(POLICYINFO)
+
+int i2d_POLICYINFO(a,pp)
+POLICYINFO *a;
+unsigned char **pp;
+{
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
+ i2d_POLICYQUALINFO);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
+ i2d_POLICYQUALINFO);
+
+ M_ASN1_I2D_finish();
+}
+
+POLICYINFO *POLICYINFO_new()
+{
+ POLICYINFO *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, POLICYINFO);
+ ret->policyid = NULL;
+ ret->qualifiers = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
+}
+
+POLICYINFO *d2i_POLICYINFO(a,pp,length)
+POLICYINFO **a;
+unsigned char **pp;
+long length;
+{
+ M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
+ if(!M_ASN1_D2I_end_sequence()) {
+ M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
+ d2i_POLICYQUALINFO, POLICYQUALINFO_free);
+ }
+ M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
+}
+
+void POLICYINFO_free(a)
+POLICYINFO *a;
+{
+ if (a == NULL) return;
+ ASN1_OBJECT_free(a->policyid);
+ sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
+ Free (a);
+}
+
+static void print_qualifiers(out, quals, indent)
+BIO *out;
+STACK_OF(POLICYQUALINFO) *quals;
+int indent;
+{
+ POLICYQUALINFO *qualinfo;
+ int i;
+ for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+ qualinfo = sk_POLICYQUALINFO_value(quals, i);
+ switch(OBJ_obj2nid(qualinfo->pqualid))
+ {
+ case NID_id_qt_cps:
+ BIO_printf(out, "%*sCPS: %s\n", indent, "",
+ qualinfo->d.cpsuri->data);
+ break;
+
+ case NID_id_qt_unotice:
+ BIO_printf(out, "%*sUser Notice:\n", indent, "");
+ print_notice(out, qualinfo->d.usernotice, indent + 2);
+ break;
+
+ default:
+ BIO_printf(out, "%*sUnknown Qualifier: ",
+ indent + 2, "");
+
+ i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+ BIO_puts(out, "\n");
+ break;
+ }
+ }
+}
+
+static void print_notice(out, notice, indent)
+BIO *out;
+USERNOTICE *notice;
+int indent;
+{
+ int i;
+ if(notice->noticeref) {
+ NOTICEREF *ref;
+ ref = notice->noticeref;
+ BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+ ref->organization->data);
+ BIO_printf(out, "%*sNumber%s: ", indent, "",
+ (sk_num(ref->noticenos) > 1) ? "s" : "");
+ for(i = 0; i < sk_num(ref->noticenos); i++) {
+ ASN1_INTEGER *num;
+ char *tmp;
+ num = (ASN1_INTEGER *)sk_value(ref->noticenos, i);
+ if(i) BIO_puts(out, ", ");
+ tmp = i2s_ASN1_INTEGER(NULL, num);
+ BIO_puts(out, tmp);
+ Free(tmp);
+ }
+ BIO_puts(out, "\n");
+ }
+ if(notice->exptext)
+ BIO_printf(out, "%*sNotice Reference: %s\n", indent, "",
+ notice->exptext->data);
+}
+
+
+
+int i2d_POLICYQUALINFO(a,pp)
+POLICYQUALINFO *a;
+unsigned char **pp;
+{
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
+ switch(OBJ_obj2nid(a->pqualid)) {
+ case NID_id_qt_cps:
+ M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
+ break;
+
+ case NID_id_qt_unotice:
+ M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
+ break;
+
+ default:
+ M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
+ break;
+ }
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
+ switch(OBJ_obj2nid(a->pqualid)) {
+ case NID_id_qt_cps:
+ M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
+ break;
+
+ case NID_id_qt_unotice:
+ M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
+ break;
+
+ default:
+ M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
+ break;
+ }
+
+ M_ASN1_I2D_finish();
+}
+
+POLICYQUALINFO *POLICYQUALINFO_new()
+{
+ POLICYQUALINFO *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, POLICYQUALINFO);
+ ret->pqualid = NULL;
+ ret->d.other = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
+}
+
+POLICYQUALINFO *d2i_POLICYQUALINFO(a,pp,length)
+POLICYQUALINFO **a;
+unsigned char **pp;
+long length;
+{
+ M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
+ switch(OBJ_obj2nid(ret->pqualid)) {
+ case NID_id_qt_cps:
+ M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
+ break;
+
+ case NID_id_qt_unotice:
+ M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
+ break;
+
+ default:
+ M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
+ break;
+ }
+ M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
+}
+
+void POLICYQUALINFO_free(a)
+POLICYQUALINFO *a;
+{
+ if (a == NULL) return;
+ switch(OBJ_obj2nid(a->pqualid)) {
+ case NID_id_qt_cps:
+ ASN1_IA5STRING_free(a->d.cpsuri);
+ break;
+
+ case NID_id_qt_unotice:
+ USERNOTICE_free(a->d.usernotice);
+ break;
+
+ default:
+ ASN1_TYPE_free(a->d.other);
+ break;
+ }
+
+ ASN1_OBJECT_free(a->pqualid);
+ Free (a);
+}
+
+int i2d_USERNOTICE(a,pp)
+USERNOTICE *a;
+unsigned char **pp;
+{
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
+ M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
+ M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
+
+ M_ASN1_I2D_finish();
+}
+
+USERNOTICE *USERNOTICE_new()
+{
+ USERNOTICE *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, USERNOTICE);
+ ret->noticeref = NULL;
+ ret->exptext = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
+}
+
+USERNOTICE *d2i_USERNOTICE(a,pp,length)
+USERNOTICE **a;
+unsigned char **pp;
+long length;
+{
+ M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
+ if (!M_ASN1_D2I_end_sequence()) {
+ M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
+ }
+ M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
+}
+
+void USERNOTICE_free(a)
+USERNOTICE *a;
+{
+ if (a == NULL) return;
+ NOTICEREF_free(a->noticeref);
+ DISPLAYTEXT_free(a->exptext);
+ Free (a);
+}
+
+int i2d_NOTICEREF(a,pp)
+NOTICEREF *a;
+unsigned char **pp;
+{
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
+ M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
+ M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+
+ M_ASN1_I2D_finish();
+}
+
+NOTICEREF *NOTICEREF_new()
+{
+ NOTICEREF *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, NOTICEREF);
+ ret->organization = NULL;
+ ret->noticenos = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
+}
+
+NOTICEREF *d2i_NOTICEREF(a,pp,length)
+NOTICEREF **a;
+unsigned char **pp;
+long length;
+{
+ M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ /* This is to cope with some broken encodings that use IA5STRING for
+ * the organization field
+ */
+ M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
+ V_ASN1_IA5STRING);
+ if(!ret->organization) {
+ M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
+ }
+ M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free);
+ M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
+}
+
+void NOTICEREF_free(a)
+NOTICEREF *a;
+{
+ if (a == NULL) return;
+ DISPLAYTEXT_free(a->organization);
+ sk_pop_free(a->noticenos, ASN1_STRING_free);
+ Free (a);
+}
+
+IMPLEMENT_STACK_OF(POLICYQUALINFO)
+IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols;
int X509V3_add_standard_extensions()
{
X509V3_EXT_add(&v3_crl_num);
X509V3_EXT_add(&v3_sxnet);
X509V3_EXT_add(&v3_crl_reason);
+ X509V3_EXT_add(&v3_cpols);
return 1;
}
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"},
{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"},
{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"},
{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"},
{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
-{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
{0,NULL},
};
{X509V3_R_INVALID_NULL_NAME ,"invalid null name"},
{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"},
{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
+{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"},
+{X509V3_R_INVALID_SECTION ,"invalid section"},
{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"},
{X509V3_R_MISSING_VALUE ,"missing value"},
+{X509V3_R_NO_CONFIG_DATABASE ,"no config database"},
{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"},
{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"},
{X509V3_R_NO_PUBLIC_KEY ,"no public key"},
#define X509V3_F_HEX_TO_STRING 111
#define X509V3_F_I2S_ASN1_ENUMERATED 121
#define X509V3_F_I2S_ASN1_INTEGER 120
+#define X509V3_F_R2I_CERTPOL 130
#define X509V3_F_S2I_ASN1_IA5STRING 100
#define X509V3_F_S2I_ASN1_INTEGER 108
#define X509V3_F_S2I_ASN1_OCTET_STRING 112
#define X509V3_F_V2I_GENERAL_NAME 117
#define X509V3_F_V2I_GENERAL_NAMES 118
#define X509V3_F_V3_GENERIC_EXTENSION 116
-#define X509V3_F_X509V3_EXT_ADD 104
#define X509V3_F_X509V3_ADD_VALUE 105
+#define X509V3_F_X509V3_EXT_ADD 104
#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
#define X509V3_F_X509V3_EXT_CONF 107
-#define X509V3_F_X509V3_PARSE_LIST 109
#define X509V3_F_X509V3_GET_VALUE_BOOL 110
+#define X509V3_F_X509V3_PARSE_LIST 109
/* Reason codes. */
#define X509V3_R_BAD_IP_ADDRESS 118
#define X509V3_R_INVALID_NULL_NAME 108
#define X509V3_R_INVALID_NULL_VALUE 109
#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
+#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
+#define X509V3_R_INVALID_SECTION 135
#define X509V3_R_ISSUER_DECODE_ERROR 126
#define X509V3_R_MISSING_VALUE 124
+#define X509V3_R_NO_CONFIG_DATABASE 136
#define X509V3_R_NO_ISSUER_CERTIFICATE 121
#define X509V3_R_NO_ISSUER_DETAILS 127
#define X509V3_R_NO_PUBLIC_KEY 114
} NOTICEREF;
typedef struct USERNOTICE_st {
- NOTICEREF *notref;
+ NOTICEREF *noticeref;
ASN1_STRING *exptext;
} USERNOTICE;
} POLICYQUALINFO;
DECLARE_STACK_OF(POLICYQUALINFO)
+DECLARE_ASN1_SET_OF(POLICYQUALINFO)
typedef struct POLICYINFO_st {
ASN1_OBJECT *policyid;
- STACK_OF(POLICYQUALINFO) qualifiers;
+ STACK_OF(POLICYQUALINFO) *qualifiers;
} POLICYINFO;
DECLARE_STACK_OF(POLICYINFO);
#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
",name:", val->name, ",value:", val->value);
+#define X509V3_set_ctx_test(ctx) \
+ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
+
#define EXT_BITSTRING(nid, table) { nid, 0, \
(X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \
(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
void ext_ku_free(STACK *a);
STACK *ext_ku_new(void);
+int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp);
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void);
+void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a);
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length);
+
+int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp);
+POLICYINFO *POLICYINFO_new(void);
+POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length);
+void POLICYINFO_free(POLICYINFO *a);
+
+int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp);
+POLICYQUALINFO *POLICYQUALINFO_new(void);
+POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
+ long length);
+void POLICYQUALINFO_free(POLICYQUALINFO *a);
+
+int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp);
+USERNOTICE *USERNOTICE_new(void);
+USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length);
+void USERNOTICE_free(USERNOTICE *a);
+
+int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp);
+NOTICEREF *NOTICEREF_new(void);
+NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length);
+void NOTICEREF_free(NOTICEREF *a);
+
#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
void X509V3_conf_free(CONF_VALUE *val);
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-int X509V3_EXT_check_conf(LHASH *conf, char *section);
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
STACK * X509V3_get_section(X509V3_CTX *ctx, char *section);
-void X509V3_free_string(X509V3_CTX *ctx, char *str);
-void X509V3_free_section( X509V3_CTX *ctx, STACK *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free( X509V3_CTX *ctx, STACK *section);
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
X509_REQ *req, X509_CRL *crl, int flags);
X509_EXTENSION *X509V3_EXT_conf_nid();
X509_EXTENSION *X509V3_EXT_conf();
int X509V3_EXT_add_conf();
-int X509V3_EXT_check_conf();
int X509V3_get_value_bool();
int X509V3_get_value_int();
void X509V3_set_conf_lhash();
#endif
+int i2d_CERTIFICATEPOLICIES();
+STACK *CERTIFICATEPOLICIES_new();
+void CERTIFICATEPOLICIES_free();
+STACK *d2i_CERTIFICATEPOLICIES();
+
+int i2d_POLICYINFO();
+POLICYINFO *POLICYINFO_new();
+POLICYINFO *d2i_POLICYINFO();
+void POLICYINFO_free();
+
+int i2d_POLICYQUALINFO();
+POLICYQUALINFO *POLICYQUALINFO_new();
+POLICYQUALINFO *d2i_POLICYQUALINFO();
+void POLICYQUALINFO_free();
+
+int i2d_USERNOTICE();
+USERNOTICE *USERNOTICE_new();
+USERNOTICE *d2i_USERNOTICE();
+void USERNOTICE_free();
+
+int i2d_NOTICEREF();
+NOTICEREF *NOTICEREF_new();
+NOTICEREF *d2i_NOTICEREF();
+void NOTICEREF_free();
+
char * X509V3_get_string();
STACK * X509V3_get_section();
-void X509V3_free_string();
-void X509V3_free_section();
+void X509V3_string_free();
+void X509V3_section_free();
void X509V3_set_ctx();
int X509V3_add_value();
#define X509V3_F_HEX_TO_STRING 111
#define X509V3_F_I2S_ASN1_ENUMERATED 121
#define X509V3_F_I2S_ASN1_INTEGER 120
+#define X509V3_F_R2I_CERTPOL 130
#define X509V3_F_S2I_ASN1_IA5STRING 100
#define X509V3_F_S2I_ASN1_INTEGER 108
#define X509V3_F_S2I_ASN1_OCTET_STRING 112
#define X509V3_F_V2I_GENERAL_NAME 117
#define X509V3_F_V2I_GENERAL_NAMES 118
#define X509V3_F_V3_GENERIC_EXTENSION 116
-#define X509V3_F_X509V3_EXT_ADD 104
#define X509V3_F_X509V3_ADD_VALUE 105
+#define X509V3_F_X509V3_EXT_ADD 104
#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
#define X509V3_F_X509V3_EXT_CONF 107
-#define X509V3_F_X509V3_PARSE_LIST 109
#define X509V3_F_X509V3_GET_VALUE_BOOL 110
+#define X509V3_F_X509V3_PARSE_LIST 109
/* Reason codes. */
#define X509V3_R_BAD_IP_ADDRESS 118
#define X509V3_R_INVALID_NULL_NAME 108
#define X509V3_R_INVALID_NULL_VALUE 109
#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
+#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
+#define X509V3_R_INVALID_SECTION 135
#define X509V3_R_ISSUER_DECODE_ERROR 126
#define X509V3_R_MISSING_VALUE 124
+#define X509V3_R_NO_CONFIG_DATABASE 136
#define X509V3_R_NO_ISSUER_CERTIFICATE 121
#define X509V3_R_NO_ISSUER_DETAILS 127
#define X509V3_R_NO_PUBLIC_KEY 114