Fix the very basic operations for encoding and decoding a

certificate policies extension, though it's really not supported
at all.

Remove test code from secmem.h

Fix building the examples

5 files changed, 28 insertions, 95 deletions

diff --git a/checks/nist_tests/Makefile b/checks/nist_tests/Makefile
index 6d0ebb78f..3fcdf212b 100644
--- a/checks/nist_tests/Makefile
+++ b/checks/nist_tests/Makefile
@@ -1,10 +1,8 @@
 
-BOTAN_CONFIG=botan-config
-
 CC=g++
 FLAGS=-g -Os -W -Wall -ansi
-LDFLAGS=$(shell $(BOTAN_CONFIG) --libs)
-CFLAGS=$(shell $(BOTAN_CONFIG) --cflags)
+LDFLAGS=-L../.. -lbotan-1.9
+CFLAGS=-I../../build/include
 
 x509test: x509test.cpp
 	$(CC) $(FLAGS) $(CFLAGS) x509test.cpp $(LDFLAGS) -o x509test
diff --git a/checks/nist_tests/x509test.cpp b/checks/nist_tests/x509test.cpp
index 7f4fe94ee..0c4c04029 100644
--- a/checks/nist_tests/x509test.cpp
+++ b/checks/nist_tests/x509test.cpp
@@ -1,7 +1,7 @@
 /*
-  Code to run the X.509v3 processing tests described in "Conformance Testing of
-  Relying Party Client Certificate Path Proccessing Logic", which is available
-  on NIST's web site.
+  Code to run the X.509v3 processing tests described in "Conformance
+  Testing of Relying Party Client Certificate Path Proccessing Logic",
+  which is available on NIST's web site.
 */
 
 #include <botan/x509stor.h>
@@ -18,10 +18,6 @@ using namespace Botan;
 
 #include <dirent.h>
 
-#define POLICY_TEST1 1000
-#define POLICY_TEST2 2000
-#define POLICY_TEST3 3000
-
 std::vector<std::string> dir_listing(const std::string&);
 
 void run_one_test(u32bit, X509_Code,
@@ -265,13 +261,14 @@ void populate_expected_results()
    expected_results[33] = VERIFIED;
 
    /*
-    Policy tests: a little trickier because there are other inputs which
-    affect the result.
+    Policy tests: a little trickier because there are other inputs
+    which affect the result.
 
-    In the case of the tests currently in the suite, the default method (with
-    acceptable policy being "any-policy" and with no explict policy required),
-    will almost always result in a verified status. This is not particularly
-    helpful. So, we do several different tests for each test set:
+    In the case of the tests currently in the suite, the default
+    method (with acceptable policy being "any-policy" and with no
+    explict policy required), will almost always result in a verified
+    status. This is not particularly helpful. So, we should do several
+    different tests for each test set:
 
        1) With the user policy as any-policy and no explicit policy
        2) With the user policy as any-policy and an explicit policy required
@@ -283,88 +280,28 @@ void populate_expected_results()
      This provides reasonably good coverage of the possible outcomes.
    */
 
-   /*
    expected_results[34] = VERIFIED;
-   expected_results[34+POLICY_TEST1] = ;
-   expected_results[34+POLICY_TEST2] = ;
-   expected_results[34+POLICY_TEST3] = ;
    expected_results[35] = VERIFIED;
-   expected_results[35+POLICY_TEST1] = ;
-   expected_results[35+POLICY_TEST2] = ;
-   expected_results[35+POLICY_TEST3] = ;
    expected_results[36] = VERIFIED;
-   expected_results[36+POLICY_TEST1] = ;
-   expected_results[36+POLICY_TEST2] = ;
-   expected_results[36+POLICY_TEST3] = ;
    expected_results[37] = VERIFIED;
-   expected_results[37+POLICY_TEST1] = ;
-   expected_results[37+POLICY_TEST2] = ;
-   expected_results[37+POLICY_TEST3] = ;
    expected_results[38] = VERIFIED;
-   expected_results[38+POLICY_TEST1] = ;
-   expected_results[38+POLICY_TEST2] = ;
-   expected_results[38+POLICY_TEST3] = ;
    expected_results[39] = VERIFIED;
-   expected_results[39+POLICY_TEST1] = ;
-   expected_results[39+POLICY_TEST2] = ;
-   expected_results[39+POLICY_TEST3] = ;
    expected_results[40] = VERIFIED;
-   expected_results[40+POLICY_TEST1] = ;
-   expected_results[40+POLICY_TEST2] = ;
-   expected_results[40+POLICY_TEST3] = ;
    expected_results[41] = VERIFIED;
-   expected_results[41+POLICY_TEST1] = ;
-   expected_results[41+POLICY_TEST2] = ;
-   expected_results[41+POLICY_TEST3] = ;
    expected_results[42] = VERIFIED;
-   expected_results[42+POLICY_TEST1] = ;
-   expected_results[42+POLICY_TEST2] = ;
-   expected_results[42+POLICY_TEST3] = ;
    expected_results[43] = VERIFIED;
-   expected_results[43+POLICY_TEST1] = ;
-   expected_results[43+POLICY_TEST2] = ;
-   expected_results[43+POLICY_TEST3] = ;
    expected_results[44] = VERIFIED;
-   expected_results[44+POLICY_TEST1] = ;
-   expected_results[44+POLICY_TEST2] = ;
-   expected_results[44+POLICY_TEST3] = ;
-   expected_results[45] = EXPLICT_POLICY_REQUIRED;
-   expected_results[45+POLICY_TEST1] = ;
-   expected_results[45+POLICY_TEST2] = ;
-   expected_results[45+POLICY_TEST3] = ;
-   expected_results[46] = ACCEPT;
-   expected_results[46+POLICY_TEST1] = ;
-   expected_results[46+POLICY_TEST2] = ;
-   expected_results[46+POLICY_TEST3] = ;
-   expected_results[47] = EXPLICT_POLICY_REQUIRED;
-   expected_results[47+POLICY_TEST1] = ;
-   expected_results[47+POLICY_TEST2] = ;
-   expected_results[47+POLICY_TEST3] = ;
+
+   //expected_results[45] = EXPLICT_POLICY_REQUIRED;
+   //expected_results[46] = ACCEPT;
+   //expected_results[47] = EXPLICT_POLICY_REQUIRED;
+
    expected_results[48] = VERIFIED;
-   expected_results[48+POLICY_TEST1] = ;
-   expected_results[48+POLICY_TEST2] = ;
-   expected_results[48+POLICY_TEST3] = ;
    expected_results[49] = VERIFIED;
-   expected_results[49+POLICY_TEST1] = ;
-   expected_results[49+POLICY_TEST2] = ;
-   expected_results[49+POLICY_TEST3] = ;
    expected_results[50] = VERIFIED;
-   expected_results[50+POLICY_TEST1] = ;
-   expected_results[50+POLICY_TEST2] = ;
-   expected_results[50+POLICY_TEST3] = ;
    expected_results[51] = VERIFIED;
-   expected_results[51+POLICY_TEST1] = ;
-   expected_results[51+POLICY_TEST2] = ;
-   expected_results[51+POLICY_TEST3] = ;
    expected_results[52] = VERIFIED;
-   expected_results[52+POLICY_TEST1] = ;
-   expected_results[52+POLICY_TEST2] = ;
-   expected_results[52+POLICY_TEST3] = ;
    expected_results[53] = VERIFIED;
-   expected_results[53+POLICY_TEST1] = ;
-   expected_results[53+POLICY_TEST2] = ;
-   expected_results[53+POLICY_TEST3] = ;
-   */
 
    expected_results[54] = CERT_CHAIN_TOO_LONG;
    expected_results[55] = CERT_CHAIN_TOO_LONG;
diff --git a/doc/examples/GNUmakefile b/doc/examples/GNUmakefile
index 44fcfeea5..94af4513a 100644
--- a/doc/examples/GNUmakefile
+++ b/doc/examples/GNUmakefile
@@ -3,7 +3,7 @@ BOTAN_CONFIG = botan-config
 
 CXX       = g++
 CFLAGS    = -O2 -ansi -W -Wall -I../../build/include
-LIBS      = -L../.. -lbotan
+LIBS      = -L../.. -lbotan-1.9
 
 SRCS=$(wildcard *.cpp)
 
diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h
index b06be0d55..80e8e59aa 100644
--- a/src/alloc/secmem.h
+++ b/src/alloc/secmem.h
@@ -34,7 +34,6 @@ class MemoryRegion
       */
       bool empty() const { return (used == 0); }
 
-#if 1
       /**
       * Get a pointer to the first element in the buffer.
       * @return pointer to the first element in the buffer
@@ -46,12 +45,6 @@ class MemoryRegion
       * @return constant pointer to the first element in the buffer
       */
       operator const T* () const { return buf; }
-#else
-
-      T&       operator[](size_t n) { return buf[n]; }
-      const T& operator[](size_t n) const { return buf[n]; }
-
-#endif
 
       /**
       * Get a pointer to the first element in the buffer.
diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp
index 462b29669..6e0befaf3 100644
--- a/src/cert/x509cert/x509_ext.cpp
+++ b/src/cert/x509cert/x509_ext.cpp
@@ -443,6 +443,9 @@ class Policy_Information : public ASN1_Object
    public:
       OID oid;
 
+      Policy_Information() {}
+      Policy_Information(const OID& oid) : oid(oid) {}
+
       void encode_into(DER_Encoder& codec) const
          {
          codec.start_cons(SEQUENCE)
@@ -466,18 +469,16 @@ class Policy_Information : public ASN1_Object
 */
 MemoryVector<byte> Certificate_Policies::encode_inner() const
    {
-   // FIXME
-#if 1
-   throw Internal_Error("Certificate_Policies::encode_inner: Bugged");
-#else
    std::vector<Policy_Information> policies;
 
+   for(size_t i = 0; i != oids.size(); ++i)
+      policies.push_back(oids[i]);
+
    return DER_Encoder()
       .start_cons(SEQUENCE)
          .encode_list(policies)
       .end_cons()
    .get_contents();
-#endif
    }
 
 /*
@@ -491,6 +492,10 @@ void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in)
       .start_cons(SEQUENCE)
          .decode_list(policies)
       .end_cons();
+
+   oids.clear();
+   for(size_t i = 0; i != policies.size(); ++i)
+      oids.push_back(policies[i].oid);
    }
 
 /*