From: Dr. Stephen Henson Date: Fri, 23 Feb 2001 13:04:24 +0000 (+0000) Subject: Make OCSP cert id code tolerate a missing issuer certificate X-Git-Tag: OpenSSL_0_9_6a-beta1~23^2~3 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d7c06e9ec74ef7e71d36b0ffdf95167e67804f1f;p=oweals%2Fopenssl.git Make OCSP cert id code tolerate a missing issuer certificate or serial number. --- diff --git a/CHANGES b/CHANGES index 0e54372fe9..c5cd00a9bc 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,12 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and + OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate + ID to be generated from the issuer certificate alone which can then be + passed to OCSP_id_issuer_cmp(). + [Steve Henson] + *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new ASN1 modules to export functions returning ASN1_ITEM pointers instead of the ASN1_ITEM structures themselves. This adds several diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 4cdc5f0111..0ddf1b2906 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -80,8 +80,16 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) #ifndef OPENSSL_NO_SHA1 if(!dgst) dgst = EVP_sha1(); #endif - iname = X509_get_issuer_name(subject); - serial = X509_get_serialNumber(subject); + if (subject) + { + iname = X509_get_issuer_name(subject); + serial = X509_get_serialNumber(subject); + } + else + { + iname = X509_get_subject_name(issuer); + serial = NULL; + } ikey = X509_get0_pubkey_bitstr(issuer); return OCSP_cert_id_new(dgst, iname, ikey, serial); } @@ -118,9 +126,12 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst); if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err; - - if (cid->serialNumber != NULL) ASN1_INTEGER_free(cid->serialNumber); - if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err; + + if (serialNumber) + { + ASN1_INTEGER_free(cid->serialNumber); + if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err; + } return cid; digerr: OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);