ref: 675ee1db15ca969a4b03718cf71af8d4589f0306
parent: 67158d5b05ee71278d673034f4bc00171d4a98d3
author: cinap_lenrek <[email protected]>
date: Thu May 12 08:41:32 EDT 2016
auth/rsa2x509: generate x509v3 cert as extension field might not otherwise not be expected
--- a/sys/src/libsec/port/x509.c
+++ b/sys/src/libsec/port/x509.c
@@ -2673,6 +2673,15 @@
}
static Elem
+mkcont(Elem e, int num)
+{
+ e = mkseq(mkel(e, nil));
+ e.tag.class = Context;
+ e.tag.num = num;
+ return e;
+}
+
+static Elem
mkaltname(char *s)
{
Elem e;
@@ -2679,16 +2688,12 @@
int i;
for(i=0; i<nelem(DN_oid); i++){
- if(strstr(s, DN_oid[i].prefix) != nil){
- e = mkseq(mkel(mkDN(s),nil));
- e.tag.class = Context;
- e.tag.num = 4; /* DN */
- return e;
- }
+ if(strstr(s, DN_oid[i].prefix) != nil)
+ return mkcont(mkDN(s), 4); /* DN */
}
e = mkstring(s, IA5String);
e.tag.class = Context;
- e.tag.num = strchr(s, '@') != nil ? 1 : 2; /* email : DNS */
+ e.tag.num = strchr(s, '@') != nil ? 1 : 2; /* email : DNS */
return e;
}
@@ -2738,17 +2743,12 @@
mkextensions(char *alts)
{
Elist *sl, *xl;
- Elem e;
xl = nil;
if((sl = mkaltnames(alts)) != nil)
xl = mkextel(mkseq(sl), (Ints*)&oid_subjectAltName, xl);
- if(xl != nil){
- e = mkseq(mkel(mkseq(xl), nil));
- e.tag.class = Context;
- e.tag.num = 3; /* Extensions */
- return mkel(e, nil);
- }
+ if(xl != nil)
+ return mkel(mkcont(mkseq(xl), 3), nil);
return nil;
}
@@ -2791,6 +2791,7 @@
freevalfields(&e.val);
e = mkseq(
+ mkel(mkcont(mkint(2), 0),
mkel(mkint(serial),
mkel(mkalg(sigalg),
mkel(mkDN(subj),
@@ -2803,7 +2804,7 @@
mkel(mkalg(ALG_rsaEncryption),
mkel(mkbits(pkbytes->data, pkbytes->len),
nil))),
- mkextensions(alts))))))));
+ mkextensions(alts)))))))));
freebytes(pkbytes);
if(encode(e, &certinfobytes) != ASN_OK)
goto errret;