This commit is contained in:
purplerain 2023-07-06 21:55:14 +00:00
parent f1b2576417
commit 2a351e0cdc
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
347 changed files with 9596 additions and 5486 deletions

View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_purp.c,v 1.27 2023/06/25 13:52:27 tb Exp $ */
/* $OpenBSD: x509_purp.c,v 1.28 2023/07/02 17:12:17 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
@ -99,18 +99,72 @@ static int xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b);
static void xptable_free(X509_PURPOSE *p);
static X509_PURPOSE xstandard[] = {
{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
{
.purpose = X509_PURPOSE_SSL_CLIENT,
.trust = X509_TRUST_SSL_CLIENT,
.check_purpose = check_purpose_ssl_client,
.name = "SSL client",
.sname = "sslclient",
},
{
.purpose = X509_PURPOSE_SSL_SERVER,
.trust = X509_TRUST_SSL_SERVER,
.check_purpose = check_purpose_ssl_server,
.name = "SSL server",
.sname = "sslserver",
},
{
.purpose = X509_PURPOSE_NS_SSL_SERVER,
.trust = X509_TRUST_SSL_SERVER,
.check_purpose = check_purpose_ns_ssl_server,
.name = "Netscape SSL server",
.sname = "nssslserver",
},
{
.purpose = X509_PURPOSE_SMIME_SIGN,
.trust = X509_TRUST_EMAIL,
.check_purpose = check_purpose_smime_sign,
.name = "S/MIME signing",
.sname = "smimesign",
},
{
.purpose = X509_PURPOSE_SMIME_ENCRYPT,
.trust = X509_TRUST_EMAIL,
.check_purpose = check_purpose_smime_encrypt,
.name = "S/MIME encryption",
.sname = "smimeencrypt",
},
{
.purpose = X509_PURPOSE_CRL_SIGN,
.trust = X509_TRUST_COMPAT,
.check_purpose = check_purpose_crl_sign,
.name = "CRL signing",
.sname = "crlsign",
},
{
.purpose = X509_PURPOSE_ANY,
.trust = X509_TRUST_DEFAULT,
.check_purpose = no_check,
.name = "Any Purpose",
.sname = "any",
},
{
.purpose = X509_PURPOSE_OCSP_HELPER,
.trust = X509_TRUST_COMPAT,
.check_purpose = ocsp_helper,
.name = "OCSP helper",
.sname = "ocsphelper",
},
{
.purpose = X509_PURPOSE_TIMESTAMP_SIGN,
.trust = X509_TRUST_TSA,
.check_purpose = check_purpose_timestamp_sign,
.name = "Time Stamp signing",
.sname = "timestampsign",
},
};
#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
#define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(xstandard[0]))
static STACK_OF(X509_PURPOSE) *xptable = NULL;

View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_trs.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */
/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -80,17 +80,56 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
*/
static X509_TRUST trstandard[] = {
{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
{
.trust = X509_TRUST_COMPAT,
.check_trust = trust_compat,
.name = "compatible",
},
{
.trust = X509_TRUST_SSL_CLIENT,
.check_trust = trust_1oidany,
.name = "SSL Client",
.arg1 = NID_client_auth,
},
{
.trust = X509_TRUST_SSL_SERVER,
.check_trust = trust_1oidany,
.name = "SSL Server",
.arg1 = NID_server_auth,
},
{
.trust = X509_TRUST_EMAIL,
.check_trust = trust_1oidany,
.name = "S/MIME email",
.arg1 = NID_email_protect,
},
{
.trust = X509_TRUST_OBJECT_SIGN,
.check_trust = trust_1oidany,
.name = "Object Signer",
.arg1 = NID_code_sign,
},
{
.trust = X509_TRUST_OCSP_SIGN,
.check_trust = trust_1oid,
.name = "OCSP responder",
.arg1 = NID_OCSP_sign,
},
{
.trust = X509_TRUST_OCSP_REQUEST,
.check_trust = trust_1oid,
.name = "OCSP request",
.arg1 = NID_ad_OCSP,
},
{
.trust = X509_TRUST_TSA,
.check_trust = trust_1oidany,
.name = "TSA server",
.arg1 = NID_time_stamp,
},
};
#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
#define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0]))
static STACK_OF(X509_TRUST) *trtable = NULL;