pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:1385:    add("basicConstraints", Sequence(({Boolean(1)})), 1);       return sign_key(dn, c, c, h||Crypto.SHA256, dn, serial, ttl, extensions);   }      //! Decodes a certificate and verifies that it is structually sound.   //! Returns a @[TBSCertificate] object if ok, otherwise @expr{0@}.   TBSCertificate decode_certificate(string|.PKCS.Signature.Signed cert)   {    if (stringp (cert)) +  {    cert = .PKCS.Signature.decode_signed(cert, x509_types); -  +  if(!cert) +  return NULL("ASN.1 had trailing data.\n"); +  }    -  TBSCertificate tbs=TBSCertificate([object(.PKCS.Signature.Signed)]cert->tbs); -  -  // FIXME: The re-encoding and algorithm checks are more appropriate -  // in verify_certificate, but the full certificate doesn't reach -  // there. -  if (!tbs) -  return NULL("Failed to generate TBSCertificate.\n"); -  -  return tbs; +  return TBSCertificate([object(.PKCS.Signature.Signed)]cert->tbs);   }      //! Decodes a certificate, checks the signature. Returns the   //! TBSCertificate structure, or 0 if decoding or verification failes.   //! The valid time range for the certificate is not checked.   //!   //! Authorities is a mapping from (DER-encoded) names to a verifiers.   //!   //! @note   //! This function allows self-signed certificates, and it doesn't