aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/cert/x509')
-rw-r--r--src/lib/cert/x509/cert_status.h1
-rw-r--r--src/lib/cert/x509/certstor.cpp4
-rw-r--r--src/lib/cert/x509/certstor.h4
-rw-r--r--src/lib/cert/x509/x509path.cpp17
4 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/cert/x509/cert_status.h b/src/lib/cert/x509/cert_status.h
index 0ff5ad5f0..d343d2e58 100644
--- a/src/lib/cert/x509/cert_status.h
+++ b/src/lib/cert/x509/cert_status.h
@@ -38,6 +38,7 @@ enum Certificate_Status_Code {
CRL_NOT_YET_VALID,
CRL_HAS_EXPIRED,
CRL_NOT_FOUND,
+ CRL_BAD_SIGNATURE,
OCSP_CERT_NOT_LISTED,
OCSP_NOT_YET_VALID,
diff --git a/src/lib/cert/x509/certstor.cpp b/src/lib/cert/x509/certstor.cpp
index e8b3a0718..7d708edd9 100644
--- a/src/lib/cert/x509/certstor.cpp
+++ b/src/lib/cert/x509/certstor.cpp
@@ -10,7 +10,7 @@
namespace Botan {
-const X509_CRL* Certificate_Store::find_crl(const X509_Certificate&) const
+const X509_CRL* Certificate_Store::find_crl_for(const X509_Certificate&) const
{
return nullptr;
}
@@ -86,7 +86,7 @@ void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
m_crls.push_back(crl);
}
-const X509_CRL* Certificate_Store_In_Memory::find_crl(const X509_Certificate& subject) const
+const X509_CRL* Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const
{
const std::vector<byte>& key_id = subject.authority_key_id();
diff --git a/src/lib/cert/x509/certstor.h b/src/lib/cert/x509/certstor.h
index fc37d8327..8c9fd9610 100644
--- a/src/lib/cert/x509/certstor.h
+++ b/src/lib/cert/x509/certstor.h
@@ -27,7 +27,7 @@ class BOTAN_DLL Certificate_Store
virtual const X509_Certificate*
find_cert(const X509_DN& subject_dn, const std::vector<byte>& key_id) const = 0;
- virtual const X509_CRL* find_crl(const X509_Certificate& subject) const;
+ virtual const X509_CRL* find_crl_for(const X509_Certificate& subject) const;
bool certificate_known(const X509_Certificate& cert) const
{
@@ -62,7 +62,7 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store
const X509_DN& subject_dn,
const std::vector<byte>& key_id) const override;
- const X509_CRL* find_crl(const X509_Certificate& subject) const override;
+ const X509_CRL* find_crl_for(const X509_Certificate& subject) const override;
private:
// TODO: Add indexing on the DN and key id to avoid linear search
std::vector<X509_Certificate> m_certs;
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index edbceaadd..4f1971311 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -34,15 +34,12 @@ const X509_Certificate* find_issuing_cert(const X509_Certificate& cert,
return nullptr;
}
-const X509_CRL* find_crls_from(const X509_Certificate& cert,
- const std::vector<Certificate_Store*>& certstores)
+const X509_CRL* find_crls_for(const X509_Certificate& cert,
+ const std::vector<Certificate_Store*>& certstores)
{
- const X509_DN issuer_dn = cert.subject_dn();
- const std::vector<byte> auth_key_id = cert.subject_key_id();
-
for(size_t i = 0; i != certstores.size(); ++i)
{
- if(const X509_CRL* crl = certstores[i]->find_crl(cert))
+ if(const X509_CRL* crl = certstores[i]->find_crl_for(cert))
return crl;
}
@@ -152,12 +149,12 @@ Certificate_Status_Code check_chain(const std::vector<X509_Certificate>& cert_pa
}
}
- const X509_CRL* crl_p = find_crls_from(ca, certstores);
+ const X509_CRL* crl_p = find_crls_for(subject, certstores);
if(!crl_p)
{
if(restrictions.require_revocation_information())
- return Certificate_Status_Code::NO_REVOCATION_DATA;
+ return Certificate_Status_Code::CRL_NOT_FOUND;
continue;
}
@@ -173,7 +170,7 @@ Certificate_Status_Code check_chain(const std::vector<X509_Certificate>& cert_pa
return Certificate_Status_Code::CRL_HAS_EXPIRED;
if(crl.check_signature(ca.subject_public_key()) == false)
- return Certificate_Status_Code::SIGNATURE_ERROR;
+ return Certificate_Status_Code::CRL_BAD_SIGNATURE;
if(crl.is_revoked(subject))
return Certificate_Status_Code::CERT_IS_REVOKED;
@@ -333,6 +330,8 @@ std::string Path_Validation_Result::status_string(Certificate_Status_Code code)
return "CRL has expired";
case CRL_NOT_FOUND:
return "CRL not found";
+ case CRL_BAD_SIGNATURE:
+ return "CRL has invalid signature";
case CA_CERT_CANNOT_SIGN:
return "CA certificate cannot sign";
case CA_CERT_NOT_FOR_CERT_ISSUER: