Remove OPENSSL_NO_RFCF3779.
Also, makevms.com was ignored by some of the other cleanups, so
I caught it up. Sorry I ignored you, poor little VMS...
Reviewed-by: Richard Levitte <levitte@openssl.org>
ret->ex_pathlen = -1;
ret->skid = NULL;
ret->akid = NULL;
-#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
-#endif
ret->aux = NULL;
ret->crldp = NULL;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
-#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
-#endif
if (ret->name != NULL)
OPENSSL_free(ret->name);
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
-# ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
-# endif
# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
# endif
if (!ok)
goto end;
-#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok)
ok = v3_addr_validate_path(ctx);
if (!ok)
goto end;
-#endif
/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
#endif
&v3_sxnet,
&v3_info,
-#ifndef OPENSSL_NO_RFC3779
&v3_addr,
&v3_asid,
-#endif
#ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce,
&v3_ocsp_crlid,
#include <openssl/buffer.h>
#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
/*
* How much buffer space do we need for a raw address?
*/
-# define ADDR_RAW_BUF_LEN 16
+#define ADDR_RAW_BUF_LEN 16
/*
* What's the address length associated with this AFI?
/*
* Extract the prefix length from a bitstring.
*/
-# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
/*
* i2r handler for one address bitstring.
/*
* Validation error handling via callback.
*/
-# define validation_err(_err_) \
+#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
return ret;
}
-# undef validation_err
+#undef validation_err
/*
* RFC 3779 2.3 path validation -- called from X509_verify_cert().
return 0;
return v3_addr_validate_path_internal(NULL, chain, ext);
}
-
-#endif /* OPENSSL_NO_RFC3779 */
#include <openssl/x509.h>
#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
/*
* Validation error handling via callback.
*/
-# define validation_err(_err_) \
+#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
return ret;
}
-# undef validation_err
+#undef validation_err
/*
* RFC 3779 3.3 path validation -- called from X509_verify_cert().
return 0;
return v3_asid_validate_path_internal(NULL, chain, ext);
}
-
-#endif /* OPENSSL_NO_RFC3779 */
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
-#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
-#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
x->ex_flags |= EXFLAG_INVALID;
setup_crldp(x);
-#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
NULL, NULL);
-#endif
for (i = 0; i < X509_get_ext_count(x); i++) {
ex = X509_get_ext(x, i);
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)
-# ifndef OPENSSL_NO_RFC3779
-
typedef struct ASRange_st {
ASN1_INTEGER *min, *max;
} ASRange;
-# define ASIdOrRange_id 0
-# define ASIdOrRange_range 1
+# define ASIdOrRange_id 0
+# define ASIdOrRange_range 1
typedef struct ASIdOrRange_st {
int type;
typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
DECLARE_STACK_OF(ASIdOrRange)
-# define ASIdentifierChoice_inherit 0
-# define ASIdentifierChoice_asIdsOrRanges 1
+# define ASIdentifierChoice_inherit 0
+# define ASIdentifierChoice_asIdsOrRanges 1
typedef struct ASIdentifierChoice_st {
int type;
ASN1_BIT_STRING *min, *max;
} IPAddressRange;
-# define IPAddressOrRange_addressPrefix 0
-# define IPAddressOrRange_addressRange 1
+# define IPAddressOrRange_addressPrefix 0
+# define IPAddressOrRange_addressRange 1
typedef struct IPAddressOrRange_st {
int type;
typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
DECLARE_STACK_OF(IPAddressOrRange)
-# define IPAddressChoice_inherit 0
-# define IPAddressChoice_addressesOrRanges 1
+# define IPAddressChoice_inherit 0
+# define IPAddressChoice_addressesOrRanges 1
typedef struct IPAddressChoice_st {
int type;
/*
* API tag for elements of the ASIdentifer SEQUENCE.
*/
-# define V3_ASID_ASNUM 0
-# define V3_ASID_RDI 1
+# define V3_ASID_ASNUM 0
+# define V3_ASID_RDI 1
/*
* AFI values, assigned by IANA. It'd be nice to make the AFI
* that would need to be defined for other address families for it to
* be worth the trouble.
*/
-# define IANA_AFI_IPV4 1
-# define IANA_AFI_IPV6 2
+# define IANA_AFI_IPV4 1
+# define IANA_AFI_IPV6 2
/*
* Utilities to construct and extract values from RFC3779 extensions,
int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance);
-# endif /* OPENSSL_NO_RFC3779 */
-
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
$ CONFIG_LOGICALS := AES,-
ASM,INLINE_ASM,-
BF,-
- BIO,-
- BUFFER,-
- BUF_FREELISTS,-
CAMELLIA,-
CAST,-
CMS,-
RC2,-
RC4,-
RC5,-
- RFC3779,-
RIPEMD,-
RSA,-
SEED,-
STDIO,-
STORE,-
TLSEXT,-
- WHIRLPOOL,-
- X509
+ WHIRLPOOL
$! Add a few that we know about
$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
THREADS
"FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
# Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP",
- # RFC3779
- "RFC3779",
# TLS
"TLSEXT", "PSK", "SRP", "HEARTBEATS",
# CMS
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method;
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
- elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; }
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
- if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }
projects / oweals / openssl.git / commitdiff