diff options
author | Rob Austein <sra@hactrn.net> | 2012-11-28 04:31:07 +0000 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2012-11-28 04:31:07 +0000 |
commit | 361fb25012493242cb6cab9ba8edaf36d232570e (patch) | |
tree | 469da44af098eb838b2f97df58aef3ef870d673c | |
parent | 770ba2f6b7958dab863fc3d311498ef4de1fb206 (diff) |
Check signedObject URI when present. Closes #173.
svn path=/trunk/; revision=4922
-rw-r--r-- | rcynic/rcynic.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c index fd1f7c11..2f37ed79 100644 --- a/rcynic/rcynic.c +++ b/rcynic/rcynic.c @@ -279,6 +279,7 @@ static const struct { QB(wrong_object_version, "Wrong object version") \ QW(aia_doesnt_match_issuer, "AIA doesn't match issuer") \ QW(bad_cms_si_signed_attributes, "Bad CMS SI signed attributes") \ + QW(bad_signed_object_uri, "Bad signedObject URI") \ QW(crldp_names_newer_crl, "CRLDP names newer CRL") \ QW(digest_mismatch, "Digest mismatch") \ QW(ee_certificate_with_1024_bit_key, "EE certificate with 1024 bit key") \ @@ -3610,6 +3611,9 @@ static int check_x509(rcynic_ctx_t *rc, goto done; } + if (certinfo->signedobject.s[0] && strcmp(uri->s, certinfo->signedobject.s)) + log_validation_status(rc, uri, bad_signed_object_uri, generation); + if ((crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL)) != NULL) { ex_count--; if (!extract_crldp_uri(rc, uri, generation, crldp, &certinfo->crldp)) |