pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:1391:    || (cert[0]->type_name != "SEQUENCE")    || (cert[1]->type_name != "SEQUENCE")    || (!sizeof(cert[1]))    || (cert[1][0]->type_name != "OBJECT IDENTIFIER")    || (cert[2]->type_name != "BIT STRING")    || cert[2]->unused)    return NULL("Certificate has the wrong ASN.1 structure.\n");       TBSCertificate tbs = TBSCertificate()->init(cert[0]);    +  // FIXME: The re-encoding and algorithm checks are more appropriate +  // in verify_certificate, but the full certificate doesn't reach +  // there.    if (!tbs || (cert[1]->get_der() != tbs->algorithm->get_der()))    return NULL("Failed to generate TBSCertificate.\n");    -  +  if(tbs->algorithm->get_der() != cert[1]->get_der()) +  return NULL("Mismatching algorithm identifiers.\n"); +     return tbs;   }      //! Decodes a certificate, checks the signature. Returns the   //! TBSCertificate structure, or 0 if decoding or verification failes.   //! The valid time range for the certificate is not checked.   //!   //! Authorities is a mapping from (DER-encoded) names to a verifiers.   //!   //! @note