pike.git / lib / modules / Tools.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Tools.pmod/X509.pmod:1:   #pike __REAL_VERSION__   //#pragma strict_types      /* -  * $Id: X509.pmod,v 1.34 2004/03/22 22:22:18 bill Exp $ +  * $Id: X509.pmod,v 1.35 2004/03/25 21:07:06 bill Exp $    *    * Some random functions for creating RFC-2459 style X.509 certificates.    *    */      constant dont_dump_module = 1;      #if constant(Standards.ASN1.Types.Sequence) && constant(Crypto.Hash)      import Standards.ASN1.Types;
pike.git/lib/modules/Tools.pmod/X509.pmod:602:    m->error_cert = idx;    return m;    }    chain_cert += ({cert});    chain_obj += ({tbs});    }       foreach(chain_obj; int idx; TBSCertificate tbs)    {    object v; -  + /* +  // NOTE: disabled due to unreliable presence of cA constraint. +  //    // if we are a CA certificate (we don't care about the end cert)    // make sure the CA constraint is set.    //    // should we be considering self signed certificates?    if(idx != (sizeof(chain_obj)-1))    {    int caok = 0;       if(tbs->extensions && sizeof(tbs->extensions))    { -  +  werror("have extensions.\n");    foreach(tbs->extensions->elements[0]->elements, Sequence c)    { -  +  werror("checking each element...\n");    if(c->elements[0] == Identifiers.ce_id->append(19))    { -  +  werror("have a basic constraints element.\n");    foreach(c->elements[1..], Sequence v)    {    werror("checking for boolean: " + v->type_name + " " + v->value + "\n");    if(v->type_name == "BOOLEAN" && v->value == 1)    caok = 1;    }    }    }    }       if(! caok)    {    X509_WERR("a CA certificate does not have the CA basic constraint.\n");    m->error_code = CERT_UNAUTHORIZED_CA;    m->error_cert = idx;    return m;    }    } -  + */    if(idx == 0) // The root cert    {    v = authorities[tbs->issuer->get_der()];       // if we don't know the issuer of the root certificate, and we    // require trust, we're done.    if(!v && require_trust)    {    X509_WERR("we require trust, but haven't got it.\n");    m->error_code = CERT_ROOT_UNTRUSTED;