Start printing extensions in x509_crt_info()

2025-12-23 15:55:10 +01:00 · 2014-04-01 12:19:09 +02:00 · 2014-04-01 12:19:09 +02:00 · b28487db1f
commit b28487db1f
parent 887aa5b381
4 changed files with 103 additions and 51 deletions
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@ -110,24 +110,27 @@

 /*
 * X.509 extension types
+ *
+ * Comments refer to the status for using certificates. Status can be
+ * different for writing certificates or reading CRLs or CSRs.
 */
 #define EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
 #define EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
-#define EXT_KEY_USAGE                   (1 << 2)
+#define EXT_KEY_USAGE                   (1 << 2)    /* Parsed but not used */
 #define EXT_CERTIFICATE_POLICIES        (1 << 3)
 #define EXT_POLICY_MAPPINGS             (1 << 4)
-#define EXT_SUBJECT_ALT_NAME            (1 << 5)
+#define EXT_SUBJECT_ALT_NAME            (1 << 5)    /* Supported (DNS) */
 #define EXT_ISSUER_ALT_NAME             (1 << 6)
 #define EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
-#define EXT_BASIC_CONSTRAINTS           (1 << 8)
+#define EXT_BASIC_CONSTRAINTS           (1 << 8)    /* Supported */
 #define EXT_NAME_CONSTRAINTS            (1 << 9)
 #define EXT_POLICY_CONSTRAINTS          (1 << 10)
-#define EXT_EXTENDED_KEY_USAGE          (1 << 11)
+#define EXT_EXTENDED_KEY_USAGE          (1 << 11)   /* Parsed but not used */
 #define EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
 #define EXT_INIHIBIT_ANYPOLICY          (1 << 13)
 #define EXT_FRESHEST_CRL                (1 << 14)

-#define EXT_NS_CERT_TYPE                (1 << 16)
+#define EXT_NS_CERT_TYPE                (1 << 16)   /* Parsed (and then ?) */

 /*
 * Storage format identifiers
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@ -72,18 +72,18 @@ typedef struct _x509_crt

    x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
    x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
-    x509_buf v3_ext;            /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
+    x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
    x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName supported). */

    int ext_types;              /**< Bit string containing detected and parsed extensions */
    int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
    int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */

-    unsigned char key_usage;    /**< Optional key usage extension value: See the values below */
+    unsigned char key_usage;    /**< Optional key usage extension value: See the values in x509.h */

    x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */

-    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values below */
+    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */

    x509_buf sig_oid2;          /**< Signature algorithm. Must match sig_oid1. */
    x509_buf sig;               /**< Signature: hash of the tbs part signed with the private key. */