Add the ASN.1 structures and functions for CertificatePair, which is

defined as follows (according to X.509_4thEditionDraftV6.pdf):

CertificatePair ::= SEQUENCE {
	forward		[0]	Certificate OPTIONAL,
	reverse		[1]	Certificate OPTIONAL,
	-- at least one of the pair shall be present -- }

The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on.  For now, I'm thinking explicit, but will
gladly stand corrected.

Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".

This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.

diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
index 0c9aa4fd0c412cfc27472bf481ca82768969baac..40f50514b6ac49c45514fb13d3078baf16926c3e 100644 (file)
--- a/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
@@ -172,3 +172,9 @@ void X509_reject_clear(X509 *x)
        }
 }
 
+ASN1_SEQUENCE(X509_CERT_PAIR) = {
+       ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
+       ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
+} ASN1_SEQUENCE_END(X509_CERT_PAIR);
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)

diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index 5be8d6a957a30ccc403a1276e9c42260bef7cea4..02dd9f2b67e40eeb26e33c035fb0da9c7ce65d2b 100644 (file)
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -113,6 +113,7 @@ extern "C" {
 
 #define PEM_STRING_X509_OLD    "X509 CERTIFICATE"
 #define PEM_STRING_X509                "CERTIFICATE"
+#define PEM_STRING_X509_PAIR   "CERTIFICATE PAIR"
 #define PEM_STRING_X509_TRUSTED        "TRUSTED CERTIFICATE"
 #define PEM_STRING_X509_REQ_OLD        "NEW CERTIFICATE REQUEST"
 #define PEM_STRING_X509_REQ    "CERTIFICATE REQUEST"
@@ -548,6 +549,8 @@ DECLARE_PEM_rw(X509, X509)
 
 DECLARE_PEM_rw(X509_AUX, X509)
 
+DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
+
 DECLARE_PEM_rw(X509_REQ, X509_REQ)
 DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
 

diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c
index 2f579b542130797bcfc034a5b4aa12513b0c97a0..63ce660cf1a2fe6c867eabef7f1492bd7cea58f0 100644 (file)
--- a/crypto/pem/pem_xaux.c
+++ b/crypto/pem/pem_xaux.c
@@ -66,3 +66,4 @@
 #include <openssl/pem.h>
 
 IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
+IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)

diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 39a9c4c0ab4175d8fdeafe6a3097813d45cb5094..f1ccc0f0418ce72db3c7e795a110e2fac49f3f3a 100644 (file)
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -306,6 +306,11 @@ typedef struct x509_trust_st {
 
 DECLARE_STACK_OF(X509_TRUST)
 
+typedef struct x509_cert_pair_st {
+       X509 *forward;
+       X509 *reverse;
+} X509_CERT_PAIR;
+
 /* standard trust ids */
 
 #define X509_TRUST_DEFAULT     -1      /* Only valid in purpose settings */
@@ -920,6 +925,8 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF)
 DECLARE_ASN1_FUNCTIONS(X509)
 DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
+DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
+
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int X509_set_ex_data(X509 *r, int idx, void *arg);