Permalink
Browse files

renumbered new error codes and dynamic data types

  • Loading branch information...
2 parents e8e575f + baddc07 commit 0a31dc3a374b1a27b30440f37937d36d30cf3330 @ejohnstown ejohnstown committed May 24, 2012
View
@@ -21,10 +21,6 @@ exampledir = $(docdir)/@PACKAGE@/example
example_DATA=
EXTRA_DIST+= $(example_DATA)
-certsdir = $(sysconfdir)/ssl/certs
-certs_DATA=
-EXTRA_DIST+= $(certs_DATA)
-
EXTRA_DIST+= $(doc_DATA)
ACLOCAL_AMFLAGS= -I m4 --install
View
@@ -2,12 +2,11 @@
# All paths should be given relative to the root
#
-certs_DATA+= \
+EXTRA_DIST += \
certs/crl/crl.pem \
certs/crl/cliCrl.pem
-certs_DATA+= \
+EXTRA_DIST += \
certs/crl/crl.revoked
-EXTRA_DIST+= ${certs_DATA}
View
@@ -2,7 +2,7 @@
# All paths should be given relative to the root
#
-certs_DATA+= \
+EXTRA_DIST += \
certs/ca-cert.pem \
certs/ca-key.pem \
certs/client-cert.pem \
@@ -23,7 +23,7 @@ certs_DATA+= \
certs/server-keyPkcs8Enc.pem \
certs/server-keyPkcs8.pem
-certs_DATA+= \
+EXTRA_DIST += \
certs/ca-key.der \
certs/client-cert.der \
certs/client-key.der \
@@ -32,7 +32,6 @@ certs_DATA+= \
certs/dsa2048.der \
certs/ecc-key.der
-EXTRA_DIST+= ${certs_DATA}
doc_DATA+= certs/taoCert.txt
View
@@ -500,7 +500,7 @@ AC_ARG_ENABLE(crl,
if test "$ENABLED_CRL" = "yes"
then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL -DHAVE_CRL_MONITOR"
fi
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
View
@@ -1538,7 +1538,7 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b)
/* like atoi but only use first byte */
/* Make sure before and after dates are valid */
-static int ValidateDate(const byte* date, byte format, int dateType)
+int ValidateDate(const byte* date, byte format, int dateType)
{
time_t ltime;
struct tm certTime;
@@ -4652,15 +4652,16 @@ static int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx)
/* Get raw Date only, no processing, 0 on success */
-static int GetBasicDate(const byte* source, word32* idx, byte* date, int maxIdx)
+static int GetBasicDate(const byte* source, word32* idx, byte* date,
+ byte* format, int maxIdx)
{
int length;
- byte b = source[*idx];
CYASSL_ENTER("GetBasicDate");
+ *format = source[*idx];
*idx += 1;
- if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME)
+ if (*format != ASN_UTC_TIME && *format != ASN_GENERALIZED_TIME)
return ASN_TIME_E;
if (GetLength(source, idx, &length, maxIdx) < 0)
@@ -4815,12 +4816,17 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, long sz)
if (GetNameHash(buff, &idx, dcrl->issuerHash, sz) < 0)
return ASN_PARSE_E;
- if (GetBasicDate(buff, &idx, dcrl->lastDate, sz) < 0)
+ if (GetBasicDate(buff, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
return ASN_PARSE_E;
- if (GetBasicDate(buff, &idx, dcrl->nextDate, sz) < 0)
+ if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
return ASN_PARSE_E;
+ if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
+ CYASSL_MSG("CRL after date is no longer valid");
+ return ASN_AFTER_DATE_E;
+ }
+
if (idx != dcrl->sigIndex && buff[idx] != CRL_EXTENSIONS) {
if (GetSequence(buff, &idx, &len, sz) < 0)
return ASN_PARSE_E;
View
@@ -297,6 +297,7 @@ CYASSL_LOCAL void FreeSigners(Signer*, void*);
CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length);
CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
+CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
#ifdef HAVE_ECC
/* ASN sig helpers */
@@ -436,6 +437,8 @@ struct DecodedCRL {
byte crlHash[MD5_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
+ byte lastDateFormat; /* format of last date */
+ byte nextDateFormat; /* format of next date */
RevokedCert* certs; /* revoked cert list */
int totalCerts; /* number on list */
};
View
@@ -206,8 +206,9 @@ enum {
DYNAMIC_TYPE_REVOKED = 23,
DYNAMIC_TYPE_CRL_ENTRY = 24,
DYNAMIC_TYPE_CERT_MANAGER = 25,
- DYNAMIC_TYPE_CERT_STATUS = 26, /* OCSP Certificate Status */
- DYNAMIC_TYPE_OCSP_ENTRY = 27 /* OCSP CA Entry */
+ DYNAMIC_TYPE_CRL_MONITOR = 26,
+ DYNAMIC_TYPE_OCSP_STATUS = 27,
+ DYNAMIC_TYPE_OCSP_ENTRY = 28
};
/* stack protection */
View
@@ -95,9 +95,11 @@ enum CyaSSL_ErrorCodes {
OCSP_CERT_REVOKED = -260, /* OCSP Certificate revoked */
CRL_CERT_REVOKED = -261, /* CRL Certificate revoked */
CRL_MISSING = -262, /* CRL Not loaded */
- OCSP_NEED_URL = -263, /* OCSP need an URL for lookup */
- OCSP_CERT_UNKNOWN = -264, /* OCSP responder doesn't know */
- OCSP_LOOKUP_FAIL = -265, /* OCSP lookup not successful */
+ MONITOR_RUNNING_E = -263, /* CRL Monitor already running */
+ THREAD_CREATE_E = -264, /* Thread Create Error */
+ OCSP_NEED_URL = -265, /* OCSP need an URL for lookup */
+ OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
+ OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
/* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */
View
@@ -633,16 +633,31 @@ struct CRL_Entry {
byte crlHash[MD5_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
+ byte lastDateFormat; /* last date format */
+ byte nextDateFormat; /* next date format */
RevokedCert* certs; /* revoked cert list */
int totalCerts; /* number on list */
};
+typedef struct CRL_Monitor CRL_Monitor;
+
+/* CRL directory monitor */
+struct CRL_Monitor {
+ char* path; /* full dir path, if valid pointer we're using */
+ int type; /* PEM or ASN1 type */
+};
+
+
/* CyaSSL CRL controller */
struct CYASSL_CRL {
CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
CRL_Entry* crlList; /* our CRL list */
CyaSSL_Mutex crlLock; /* CRL list lock */
+ CRL_Monitor monitors[2]; /* PEM and DER possible */
+#ifdef HAVE_CRL_MONITOR
+ pthread_t tid; /* monitoring thread */
+#endif
};
View
@@ -807,7 +807,8 @@ CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
-
+#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
+#define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */
#ifdef CYASSL_CALLBACKS
View
@@ -577,7 +577,7 @@ static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
#ifdef HAVE_CRL
-static void CRL_CallBack(char* url)
+static void CRL_CallBack(const char* url)
{
printf("CRL callback url = %s\n", url);
}
View
@@ -208,7 +208,7 @@ void client_test(void* args)
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
- CyaSSL_EnableCRL(ssl, 0);
+ CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif
View
@@ -147,6 +147,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif /* NO_FILESYSTEM */
ssl = SSL_new(ctx);
+#ifdef HAVE_CRL
+ CyaSSL_EnableCRL(ssl, 0);
+ CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
+ CYASSL_CRL_START_MON);
+ CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
+#endif
tcp_accept(&sockfd, &clientfd, (func_args*)args);
#ifndef CYASSL_DTLS
CloseSocket(sockfd);
Oops, something went wrong.

0 comments on commit 0a31dc3

Please sign in to comment.