Log Message: |
Try to parse issuerUniqueID, subjectUniqueID and
extensions for every X.509 certificate version (v1, v2 and v3).
If they aren't present, we are fine, but we don't want to throw an error if
they are. v1 and v2 certificates with the corresponding extra fields are
ill-formed per RFC 5280 s. 4.1, but we suspect they could exist in the real
world. Other X.509 parsers (e.g., within OpenSSL or Microsoft CryptoAPI)
aren't picky about these certificates. As long as we are only willing to
display the certificate data in the 'svn auth' command, we can also be less
strict about them.
* subversion/libsvn_subr/x509parse.c
(svn_x509_parse_cert): Try to parse issuerUniqueID, subjectUniqueID and
extensions for all known X.509 versions (v1, v2, v3).
(x509parse_get_hostnames): Do not check CRT->DNSNAMES for null, because
it is no longer necessary.
subversion/tests/libsvn_subr/x509-test.c
(cert_tests): Add a new test case.
Patch by: kotkov
|