Cache RFC 3779 extensions in X509 structure so we don't have to expand

them every time we check a certificate chain. Rewrite ASID path validation to use cached extensions, to allow null inheritance, and to start with the target certificate. Still need to rewrite address path validation. svn path=/openssl/README; revision=154
author: Rob Austein <sra@hactrn.net> 2006-08-16 01:09:27 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-16 01:09:27 +0000
commit: 19a1b0eab24ab520c0daff2f808153e6bbfcf4a6 (patch)
tree: 54afc11d3a4587910197437fc80a8a0889396068 /openssl/trunk/crypto/x509v3/v3_purp.c
parent: 44ff60bdd4686d90cfe86da3d88445a3a9cb6a97 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/openssl/trunk/crypto/x509v3/v3_purp.c b/openssl/trunk/crypto/x509v3/v3_purp.c
index ae05b39b..5ad2047e 100644
--- a/openssl/trunk/crypto/x509v3/v3_purp.c
+++ b/openssl/trunk/crypto/x509v3/v3_purp.c
@@ -413,6 +413,9 @@ static void x509v3_cache_extensions(X509 *x)
 	}
 	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
 	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+	x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
+	x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
+					  NULL, NULL);
 	for (i = 0; i < X509_get_ext_count(x); i++)
 		{
 		ex = X509_get_ext(x, i);
author	Rob Austein <sra@hactrn.net>	2006-08-16 01:09:27 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-16 01:09:27 +0000
commit	19a1b0eab24ab520c0daff2f808153e6bbfcf4a6 (patch)
tree	54afc11d3a4587910197437fc80a8a0889396068 /openssl/trunk/crypto/x509v3/v3_purp.c
parent	44ff60bdd4686d90cfe86da3d88445a3a9cb6a97 (diff)