pike.git / lib / modules / Tools.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Tools.pmod/X509.pmod:1:   #pike __REAL_VERSION__   //#pragma strict_types      /* -  * $Id: X509.pmod,v 1.35 2004/03/25 21:07:06 bill Exp $ +  * $Id: X509.pmod,v 1.36 2004/03/25 21:36:01 bill Exp $    *    * Some random functions for creating RFC-2459 style X.509 certificates.    *    */      constant dont_dump_module = 1;      #if constant(Standards.ASN1.Types.Sequence) && constant(Crypto.Hash)      import Standards.ASN1.Types;
pike.git/lib/modules/Tools.pmod/X509.pmod:602:    m->error_cert = idx;    return m;    }    chain_cert += ({cert});    chain_obj += ({tbs});    }       foreach(chain_obj; int idx; TBSCertificate tbs)    {    object v; - /* +  + #if 0    // NOTE: disabled due to unreliable presence of cA constraint.    //    // if we are a CA certificate (we don't care about the end cert)    // make sure the CA constraint is set.    //    // should we be considering self signed certificates?    if(idx != (sizeof(chain_obj)-1))    {    int caok = 0;   
pike.git/lib/modules/Tools.pmod/X509.pmod:640:    }       if(! caok)    {    X509_WERR("a CA certificate does not have the CA basic constraint.\n");    m->error_code = CERT_UNAUTHORIZED_CA;    m->error_cert = idx;    return m;    }    } - */ + #endif /* 0 */ +     if(idx == 0) // The root cert    {    v = authorities[tbs->issuer->get_der()];       // if we don't know the issuer of the root certificate, and we    // require trust, we're done.    if(!v && require_trust)    {    X509_WERR("we require trust, but haven't got it.\n");    m->error_code = CERT_ROOT_UNTRUSTED;