Log Message: |
Resolve some edge cases of parsing X.509 certificates.
Multiple attributes of the a Subject or Issuer with the same object id.
Overflow of an object id segment.
Leading zeros in an object id segment.
* subversion/include/svn_x509.h
(SVN_X509_OID_COMMON_NAME, SVN_X509_OID_COUNTRY, SVN_X509_OID_LOCALITY,
SVN_X509_OID_STATE, SVN_X509_OID_ORGANIZATION, SVN_X509_OID_ORG_UNIT,
SVN_X509_OID_EMAIL): Change from string representations to DER encoded
object ids.
(svn_x509_name_attr_t): New opaque struct for storing an attribute
object id and value pair.
(svn_x509_name_attr_dup, svn_x509_name_attr_get_oid,
svn_x509_name_attr_get_value, svn_x509_certinfo_get_subject_attrs,
svn_x509_certinfo_get_issuer_attrs, svn_x509_oid_to_string): New functions.
(svn_x509_certinfo_get_subject_oids, svn_x509_certinfo_get_issuer_oids):
Remove.
* subversion/libsvn_subr/x509.h
(svn_x509_name_attr_t): Add struct.
(svn_x509_certinfo_t): Remove issuer_oids and subject_oids members and
make issuer and subject members into an array.
* subversion/libsvn_subr/x509info.c
(svn_x509_name_attr_dup, deep_copy_name_attrs,
svn_x509_certinfo_get_subject_attrs,
svn_x509_certinfo_get_issuer_attrs): New functions.
(deep_copy_hash, svn_x509_certinfo_get_subject_oids,
svn_x509_certinfo_get_subject_attr, svn_x509_certinfo_get_issuer_oids,
svn_x509_certinfo_get_issuer_attr): Remove functions.
(svn_x509_certinfo_dup): Update to reflect changes to the certinfo
struct.
(asn1_oid): Use the DER encoding of the object id and not a string of dotted
decimal values for the oid.
(CONSTANT_PAIR): Convenience macro.
(asn1_oids): Adjust for the changes to the struct.
(svn_x509_oid_to_string): Moved from asn1_oid_to_strin() and deal with
overflows and leading zeros.
(oid_string_to_asn1_oid): Rename to ...
(oid_to_asn1_oid): ... and adjust to use DER oids instead of strings.
(oid_string_to_best_label): Rename to ...
(oid_to_best_label): ... and adjust to use DER oids instead of strings.
(get_dn, svn_x509_certinfo_get_subject, svn_x509_certinfo_get_issuer):
Adjust to use the new array of svn_x509_name_attr_t instead of an array and
hash for the attributes.
* subversion/libsvn_subr/x509parse.c
(asn1_oid_to_string): Moved to svn_x509_oid_to_string().
(x509_name_to_certinfo): Adjust to reflect the change to the certinfo struct.
(x509parse_get_cn): New function to retrieve the common name.
(x509parse_get_hostnames): Use x509parse_get_cn().
(svn_x509_parse_cert): Reflect changes to certinfo struct.
* subversion/tests/libsvn_subr/x509-test.c
(cert_tests): Add tests for edge cases repaired by this commit.
(compare_oids, compare_results): Update to reflect the API changes.
(broken_cert_tests, test_x509_parse_cert_broken, test_funcs): Disable the XFAIL
test setup since we have none now.
|