diff -ur globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy.c globus_gsi_proxy_core-4.4/library/globus_gsi_proxy.c
--- globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy.c 2010-01-04 23:03:15.000000000 +0100
+++ globus_gsi_proxy_core-4.4/library/globus_gsi_proxy.c 2010-06-02 11:34:26.412124609 +0200
@@ -355,11 +355,11 @@
if(GLOBUS_GSI_CERT_UTILS_IS_GSI_3_PROXY(handle->type))
{
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID);
}
else if(!GLOBUS_GSI_CERT_UTILS_IS_GSI_2_PROXY(handle->type))
{
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID);
}
if(pci_NID != NID_undef)
@@ -370,9 +370,12 @@
unsigned char * der_data;
X509_EXTENSION * pci_ext;
STACK_OF(X509_EXTENSION) * extensions;
- X509V3_EXT_METHOD * ext_method;
+ const X509V3_EXT_METHOD * ext_method;
ext_method = X509V3_EXT_get_nid(pci_NID);
+
+ if (ext_method->i2d)
+ {
length = ext_method->i2d(handle->proxy_cert_info, NULL);
if(length < 0)
@@ -440,6 +443,95 @@
ASN1_OCTET_STRING_free(ext_data);
+ }
+ else
+ {
+ X509V3_CTX ctx;
+ X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL };
+ long db = 0;
+
+ char language[80];
+ int pathlen;
+ unsigned char *policy = NULL;
+ int policy_len;
+ char *value;
+ char *tmp;
+
+ OBJ_obj2txt(language, 80,
+ handle->proxy_cert_info->policy->policy_language, 1);
+ value = globus_common_create_string("language:%s", language);
+ if (!value)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ goto error_exit;
+ }
+
+ pathlen = ASN1_INTEGER_get(handle->proxy_cert_info->path_length);
+ if (pathlen > 0)
+ {
+ tmp = globus_common_create_string("%s,pathlen:%d",
+ value, pathlen);
+ if (!tmp)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ globus_libc_free(value);
+ goto error_exit;
+ }
+ globus_libc_free(value);
+ value = tmp;
+ }
+
+ if (handle->proxy_cert_info->policy->policy)
+ {
+ policy_len = M_ASN1_STRING_length(
+ handle->proxy_cert_info->policy->policy);
+ policy = globus_malloc(policy_len + 1);
+ if(!policy)
+ {
+ GLOBUS_GSI_PROXY_MALLOC_ERROR(policy_len + 1);
+ goto error_exit;
+ }
+ memcpy(
+ policy,
+ M_ASN1_STRING_data(handle->proxy_cert_info->policy->policy),
+ policy_len);
+ policy[policy_len] = '\0';
+ tmp = globus_common_create_string("%s,policy:text:%s",
+ value, policy);
+ if (!tmp)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ globus_libc_free(value);
+ globus_libc_free(policy);
+ goto error_exit;
+ }
+ globus_libc_free(value);
+ globus_libc_free(policy);
+ value = tmp;
+ }
+
+ X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L);
+ ctx.db_meth = &method;
+ ctx.db = &db;
+ pci_ext = X509V3_EXT_conf_nid(NULL, &ctx, pci_NID, value);
+
+ globus_libc_free(value);
+
+ if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(handle->type))
+ {
+ X509_EXTENSION_set_critical(pci_ext, 1);
+ }
+ }
+
extensions = sk_X509_EXTENSION_new_null();
sk_X509_EXTENSION_push(extensions, pci_ext);
@@ -588,8 +680,8 @@
req_extensions = X509_REQ_get_extensions(handle->req);
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN);
- pci_old_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID);
+ pci_old_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID);
for(i=0;i<sk_X509_EXTENSION_num(req_extensions);i++)
{
@@ -645,17 +737,17 @@
if(nid == pci_old_NID)
{
- if(policy_nid == OBJ_sn2nid(IMPERSONATION_PROXY_SN))
+ if(policy_nid == OBJ_txt2nid(IMPERSONATION_PROXY_OID))
{
handle->type=
GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_IMPERSONATION_PROXY;
}
- else if(policy_nid == OBJ_sn2nid(INDEPENDENT_PROXY_SN))
+ else if(policy_nid == OBJ_txt2nid(INDEPENDENT_PROXY_OID))
{
handle->type =
GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_INDEPENDENT_PROXY;
}
- else if(policy_nid == OBJ_sn2nid(LIMITED_PROXY_SN))
+ else if(policy_nid == OBJ_txt2nid(LIMITED_PROXY_OID))
{
handle->type =
GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_LIMITED_PROXY;
@@ -668,17 +760,17 @@
}
else
{
- if(policy_nid == OBJ_sn2nid(IMPERSONATION_PROXY_SN))
+ if(policy_nid == OBJ_txt2nid(IMPERSONATION_PROXY_OID))
{
handle->type=
GLOBUS_GSI_CERT_UTILS_TYPE_RFC_IMPERSONATION_PROXY;
}
- else if(policy_nid == OBJ_sn2nid(INDEPENDENT_PROXY_SN))
+ else if(policy_nid == OBJ_txt2nid(INDEPENDENT_PROXY_OID))
{
handle->type =
GLOBUS_GSI_CERT_UTILS_TYPE_RFC_INDEPENDENT_PROXY;
}
- else if(policy_nid == OBJ_sn2nid(LIMITED_PROXY_SN))
+ else if(policy_nid == OBJ_txt2nid(LIMITED_PROXY_OID))
{
handle->type =
GLOBUS_GSI_CERT_UTILS_TYPE_RFC_LIMITED_PROXY;
@@ -1156,11 +1248,11 @@
if(GLOBUS_GSI_CERT_UTILS_IS_GSI_3_PROXY(proxy_type))
{
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID);
}
else if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(proxy_type))
{
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID);
}
if(pci_NID != NID_undef)
@@ -1169,7 +1261,7 @@
unsigned char md[SHA_DIGEST_LENGTH];
long sub_hash;
unsigned int len;
- X509V3_EXT_METHOD * ext_method;
+ const X509V3_EXT_METHOD * ext_method;
ext_method = X509V3_EXT_get_nid(pci_NID);
@@ -1205,6 +1297,9 @@
ASN1_INTEGER_set(serial_number, sub_hash);
+ if(ext_method->i2d)
+ {
+
pci_DER_length = ext_method->i2d(handle->proxy_cert_info,
NULL);
if(pci_DER_length < 0)
@@ -1268,6 +1363,95 @@
goto done;
}
+ }
+ else
+ {
+ X509V3_CTX ctx;
+ X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL };
+ long db = 0;
+
+ char language[80];
+ int pathlen;
+ unsigned char *policy = NULL;
+ int policy_len;
+ char *value;
+ char *tmp;
+
+ OBJ_obj2txt(language, 80,
+ handle->proxy_cert_info->policy->policy_language, 1);
+ value = globus_common_create_string("language:%s", language);
+ if (!value)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ goto done;
+ }
+
+ pathlen = ASN1_INTEGER_get(handle->proxy_cert_info->path_length);
+ if (pathlen > 0)
+ {
+ tmp = globus_common_create_string("%s,pathlen:%d",
+ value, pathlen);
+ if (!tmp)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ globus_libc_free(value);
+ goto done;
+ }
+ globus_libc_free(value);
+ value = tmp;
+ }
+
+ if (handle->proxy_cert_info->policy->policy)
+ {
+ policy_len = M_ASN1_STRING_length(
+ handle->proxy_cert_info->policy->policy);
+ policy = globus_malloc(policy_len + 1);
+ if(!policy)
+ {
+ GLOBUS_GSI_PROXY_MALLOC_ERROR(policy_len + 1);
+ goto done;
+ }
+ memcpy(
+ policy,
+ M_ASN1_STRING_data(handle->proxy_cert_info->policy->policy),
+ policy_len);
+ policy[policy_len] = '\0';
+ tmp = globus_common_create_string("%s,policy:text:%s",
+ value, policy);
+ if (!tmp)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ globus_libc_free(value);
+ globus_libc_free(policy);
+ goto done;
+ }
+ globus_libc_free(value);
+ globus_libc_free(policy);
+ value = tmp;
+ }
+
+ X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L);
+ ctx.db_meth = &method;
+ ctx.db = &db;
+ pci_ext = X509V3_EXT_conf_nid(NULL, &ctx, pci_NID, value);
+
+ globus_libc_free(value);
+
+ if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(proxy_type))
+ {
+ X509_EXTENSION_set_critical(pci_ext, 1);
+ }
+ }
+
if(!X509_add_ext(*signed_cert, pci_ext, 0))
{
GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
@@ -1618,12 +1802,12 @@
if(pci_DER)
{
free(pci_DER);
- pci_DER = NULL;
+ pci_DER = NULL;
}
pci_DER_string->data = NULL;
pci_DER_string->length = 0;
ASN1_OCTET_STRING_free(pci_DER_string);
- pci_DER_string = NULL;
+ pci_DER_string = NULL;
}
#else
diff -ur globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy_handle.c globus_gsi_proxy_core-4.4/library/globus_gsi_proxy_handle.c
--- globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy_handle.c 2008-09-15 17:06:26.000000000 +0200
+++ globus_gsi_proxy_core-4.4/library/globus_gsi_proxy_handle.c 2010-05-15 20:32:02.694503160 +0200
@@ -646,19 +646,19 @@
case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_IMPERSONATION_PROXY:
case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_IMPERSONATION_PROXY:
result = globus_gsi_proxy_handle_set_policy(
- handle, NULL, 0, OBJ_sn2nid(IMPERSONATION_PROXY_SN));
+ handle, NULL, 0, OBJ_txt2nid(IMPERSONATION_PROXY_OID));
break;
case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_INDEPENDENT_PROXY:
case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_INDEPENDENT_PROXY:
result = globus_gsi_proxy_handle_set_policy(
- handle, NULL, 0, OBJ_sn2nid(INDEPENDENT_PROXY_SN));
+ handle, NULL, 0, OBJ_txt2nid(INDEPENDENT_PROXY_OID));
break;
case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_LIMITED_PROXY:
case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_LIMITED_PROXY:
result = globus_gsi_proxy_handle_set_policy(
- handle, NULL, 0, OBJ_sn2nid(LIMITED_PROXY_SN));
+ handle, NULL, 0, OBJ_txt2nid(LIMITED_PROXY_OID));
break;
default:
break;