diff options
author | René Korthaus <[email protected]> | 2016-04-05 11:55:59 +0200 |
---|---|---|
committer | René Korthaus <[email protected]> | 2016-04-06 16:25:52 +0200 |
commit | 6bb53f89ef97bb8c5bee8d78c85ccb96a29e8f46 (patch) | |
tree | 70ac1d4719b160135a0e19c68b68457d09e61c7a /src/lib/cert/x509/x509_ext.cpp | |
parent | 6a902a886c5b71ac16f2d957b5bdd319ab6eae0b (diff) |
Generate error on unknown critical extension during path validation
Previously unknown critical extensions were rejected during
X509_Certificate constructor, which inhibited inspecting other
parts of such a certificate. Refactored the certificate extensions
code so that the path validation routine performs this check only.
Additionally, added an interface for extensions to inspect the path
during path validation. TODOs were added in places where existing path
validation code can use the new interface.
Fixes GH #449.
Diffstat (limited to 'src/lib/cert/x509/x509_ext.cpp')
-rw-r--r-- | src/lib/cert/x509/x509_ext.cpp | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp index 47fd909eb..0125719cc 100644 --- a/src/lib/cert/x509/x509_ext.cpp +++ b/src/lib/cert/x509/x509_ext.cpp @@ -55,7 +55,7 @@ Extensions::Extensions(const Extensions& extensions) : ASN1_Object() * Extensions Assignment Operator */ Extensions& Extensions::operator=(const Extensions& other) - { + { m_extensions.clear(); for(size_t i = 0; i != other.m_extensions.size(); ++i) @@ -63,6 +63,7 @@ Extensions& Extensions::operator=(const Extensions& other) std::make_pair(std::unique_ptr<Certificate_Extension>(other.m_extensions[i].first->copy()), other.m_extensions[i].second)); + m_extensions_raw = other.m_extensions_raw; m_throw_on_unknown_critical = other.m_throw_on_unknown_critical; return (*this); @@ -82,6 +83,15 @@ void Extensions::add(Certificate_Extension* extn, bool critical) m_extensions_raw.emplace(extn->oid_of(), std::make_pair(extn->encode_inner(), critical)); } +std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> Extensions::extensions() const + { + std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> exts; + for(auto& ext : m_extensions) + { + exts.push_back(std::make_pair(std::unique_ptr<Certificate_Extension>(ext.first->copy()), ext.second)); + } + return exts; + } std::map<OID, std::pair<std::vector<byte>, bool>> Extensions::extensions_raw() const { @@ -174,6 +184,11 @@ void Extensions::contents_to(Data_Store& subject_info, } } +bool Extensions::is_known_extension(const OID& oid) + { + return get_extension(oid) != nullptr; + } + namespace Cert_Extension { |