aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509/x509_ext.cpp
diff options
context:
space:
mode:
authorRenĂ© Korthaus <[email protected]>2016-04-05 11:55:59 +0200
committerRenĂ© Korthaus <[email protected]>2016-04-06 16:25:52 +0200
commit6bb53f89ef97bb8c5bee8d78c85ccb96a29e8f46 (patch)
tree70ac1d4719b160135a0e19c68b68457d09e61c7a /src/lib/cert/x509/x509_ext.cpp
parent6a902a886c5b71ac16f2d957b5bdd319ab6eae0b (diff)
Generate error on unknown critical extension during path validation
Previously unknown critical extensions were rejected during X509_Certificate constructor, which inhibited inspecting other parts of such a certificate. Refactored the certificate extensions code so that the path validation routine performs this check only. Additionally, added an interface for extensions to inspect the path during path validation. TODOs were added in places where existing path validation code can use the new interface. Fixes GH #449.
Diffstat (limited to 'src/lib/cert/x509/x509_ext.cpp')
-rw-r--r--src/lib/cert/x509/x509_ext.cpp17
1 files changed, 16 insertions, 1 deletions
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp
index 47fd909eb..0125719cc 100644
--- a/src/lib/cert/x509/x509_ext.cpp
+++ b/src/lib/cert/x509/x509_ext.cpp
@@ -55,7 +55,7 @@ Extensions::Extensions(const Extensions& extensions) : ASN1_Object()
* Extensions Assignment Operator
*/
Extensions& Extensions::operator=(const Extensions& other)
- {
+ {
m_extensions.clear();
for(size_t i = 0; i != other.m_extensions.size(); ++i)
@@ -63,6 +63,7 @@ Extensions& Extensions::operator=(const Extensions& other)
std::make_pair(std::unique_ptr<Certificate_Extension>(other.m_extensions[i].first->copy()),
other.m_extensions[i].second));
+ m_extensions_raw = other.m_extensions_raw;
m_throw_on_unknown_critical = other.m_throw_on_unknown_critical;
return (*this);
@@ -82,6 +83,15 @@ void Extensions::add(Certificate_Extension* extn, bool critical)
m_extensions_raw.emplace(extn->oid_of(), std::make_pair(extn->encode_inner(), critical));
}
+std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> Extensions::extensions() const
+ {
+ std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> exts;
+ for(auto& ext : m_extensions)
+ {
+ exts.push_back(std::make_pair(std::unique_ptr<Certificate_Extension>(ext.first->copy()), ext.second));
+ }
+ return exts;
+ }
std::map<OID, std::pair<std::vector<byte>, bool>> Extensions::extensions_raw() const
{
@@ -174,6 +184,11 @@ void Extensions::contents_to(Data_Store& subject_info,
}
}
+bool Extensions::is_known_extension(const OID& oid)
+ {
+ return get_extension(oid) != nullptr;
+ }
+
namespace Cert_Extension {