subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bre...@apache.org
Subject svn commit: r1605640 - /subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
Date Thu, 26 Jun 2014 00:25:32 GMT
Author: breser
Date: Thu Jun 26 00:25:32 2014
New Revision: 1605640

URL: http://svn.apache.org/r1605640
Log:
On the svn-auth-x509 branch, don't fail on certs with v3 extensions.

* subversion/libsvn_subr/x509parse.c
  (x509_skip_ext): New function.
  (svn_x509_parse_cert): Call x509_skip_ext() in the case of v3 certs.

Modified:
    subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c

Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c?rev=1605640&r1=1605639&r2=1605640&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c (original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c Thu Jun 26 00:25:32
2014
@@ -467,6 +467,38 @@ x509_get_uid(const unsigned char **p,
 }
 
 /*
+ * X.509 v3 extensions (not parsed)
+ */
+static svn_error_t *
+x509_skip_ext(const unsigned char **p,
+             const unsigned char *end)
+{
+  svn_error_t *err;
+  int len;
+
+  if (*p == *end)
+    return SVN_NO_ERROR;
+
+  err = asn1_get_tag(p, end, &len,
+                     ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3);
+  if (err)
+    {
+      if (err->apr_err == SVN_ERR_ASN1_UNEXPECTED_TAG)
+        {
+          svn_error_clear(err);
+          return SVN_NO_ERROR;
+        }
+
+      return svn_error_trace(err);
+    }
+
+  /* Skip extensions */
+  *p += len;
+
+  return SVN_NO_ERROR;
+}
+
+/*
  * Store the name in printable form into buf; no more
  * than (end - buf) characters will be written
  */
@@ -687,6 +719,10 @@ svn_x509_parse_cert(apr_hash_t **certinf
     SVN_ERR(x509_get_uid(&p, end, &crt->subject_id, 2));
   }
 
+  if (crt->version == 3) {
+    SVN_ERR(x509_skip_ext(&p, end));
+  }
+
   if (p != end) {
     err = svn_error_create(SVN_ERR_X509_CERT_INVALID_FORMAT, NULL, NULL);
     return svn_error_create(SVN_ERR_ASN1_LENGTH_MISMATCH, err, NULL);



Mime
View raw message