/[Apache-SVN]
ViewVC logotype

Revision 1655918


Jump to revision: Previous Next
Author: breser
Date: Fri Jan 30 02:37:47 2015 UTC (9 years, 1 month ago)
Changed paths: 2
Log Message:
Try to parse issuerUniqueID, subjectUniqueID and
extensions for every X.509 certificate version (v1, v2 and v3).

If they aren't present, we are fine, but we don't want to throw an error if
they are.  v1 and v2 certificates with the corresponding extra fields are
ill-formed per RFC 5280 s. 4.1, but we suspect they could exist in the real
world.  Other X.509 parsers (e.g., within OpenSSL or Microsoft CryptoAPI)
aren't picky about these certificates.  As long as we are only willing to
display the certificate data in the 'svn auth' command, we can also be less
strict about them.

* subversion/libsvn_subr/x509parse.c
  (svn_x509_parse_cert): Try to parse issuerUniqueID, subjectUniqueID and
   extensions for all known X.509 versions (v1, v2, v3).
  (x509parse_get_hostnames): Do not check CRT->DNSNAMES for null, because
   it is no longer necessary.

  subversion/tests/libsvn_subr/x509-test.c
  (cert_tests): Add a new test case.

Patch by: kotkov


Changed paths

Path Details
Directorysubversion/trunk/subversion/libsvn_subr/x509parse.c modified , text changed
Directorysubversion/trunk/subversion/tests/libsvn_subr/x509-test.c modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26