Cache RFC 3779 extensions in X509 structure so we don't have to expand

them every time we check a certificate chain. Rewrite ASID path validation to use cached extensions, to allow null inheritance, and to start with the target certificate. Still need to rewrite address path validation. svn path=/openssl/README; revision=154
author: Rob Austein <sra@hactrn.net> 2006-08-16 01:09:27 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-16 01:09:27 +0000
commit: 19a1b0eab24ab520c0daff2f808153e6bbfcf4a6 (patch)
tree: 54afc11d3a4587910197437fc80a8a0889396068 /openssl/trunk/crypto/asn1/x_x509.c
parent: 44ff60bdd4686d90cfe86da3d88445a3a9cb6a97 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/openssl/trunk/crypto/asn1/x_x509.c b/openssl/trunk/crypto/asn1/x_x509.c
index 12d1a256..01c586f4 100644
--- a/openssl/trunk/crypto/asn1/x_x509.c
+++ b/openssl/trunk/crypto/asn1/x_x509.c
@@ -94,6 +94,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		ret->ex_pathlen = -1;
 		ret->skid = NULL;
 		ret->akid = NULL;
+		ret->rfc3779_addr = NULL;
+		ret->rfc3779_asid = NULL;
 		ret->aux = NULL;
 		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
 		break;
@@ -109,6 +111,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		ASN1_OCTET_STRING_free(ret->skid);
 		AUTHORITY_KEYID_free(ret->akid);
 		policy_cache_free(ret->policy_cache);
+		sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+		ASIdentifiers_free(ret->rfc3779_asid);
 
 		if (ret->name != NULL) OPENSSL_free(ret->name);
 		break;
author	Rob Austein <sra@hactrn.net>	2006-08-16 01:09:27 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-16 01:09:27 +0000
commit	19a1b0eab24ab520c0daff2f808153e6bbfcf4a6 (patch)
tree	54afc11d3a4587910197437fc80a8a0889396068 /openssl/trunk/crypto/asn1/x_x509.c
parent	44ff60bdd4686d90cfe86da3d88445a3a9cb6a97 (diff)