From b28487db1f5f3cb130dcce55d291670c991d65e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Apr 2014 12:19:09 +0200 Subject: [PATCH 1/7] Start printing extensions in x509_crt_info() --- include/polarssl/x509.h | 13 +++-- include/polarssl/x509_crt.h | 6 +-- library/x509_crt.c | 69 ++++++++++++++++++++++---- tests/suites/test_suite_x509parse.data | 66 ++++++++++++------------ 4 files changed, 103 insertions(+), 51 deletions(-) diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 008e795e1..ad8049a0e 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -110,24 +110,27 @@ /* * X.509 extension types + * + * Comments refer to the status for using certificates. Status can be + * different for writing certificates or reading CRLs or CSRs. */ #define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) #define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) -#define EXT_KEY_USAGE (1 << 2) +#define EXT_KEY_USAGE (1 << 2) /* Parsed but not used */ #define EXT_CERTIFICATE_POLICIES (1 << 3) #define EXT_POLICY_MAPPINGS (1 << 4) -#define EXT_SUBJECT_ALT_NAME (1 << 5) +#define EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */ #define EXT_ISSUER_ALT_NAME (1 << 6) #define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) -#define EXT_BASIC_CONSTRAINTS (1 << 8) +#define EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */ #define EXT_NAME_CONSTRAINTS (1 << 9) #define EXT_POLICY_CONSTRAINTS (1 << 10) -#define EXT_EXTENDED_KEY_USAGE (1 << 11) +#define EXT_EXTENDED_KEY_USAGE (1 << 11) /* Parsed but not used */ #define EXT_CRL_DISTRIBUTION_POINTS (1 << 12) #define EXT_INIHIBIT_ANYPOLICY (1 << 13) #define EXT_FRESHEST_CRL (1 << 14) -#define EXT_NS_CERT_TYPE (1 << 16) +#define EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ /* * Storage format identifiers diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h index ee8f9e6cd..e3c8b1877 100644 --- a/include/polarssl/x509_crt.h +++ b/include/polarssl/x509_crt.h @@ -72,18 +72,18 @@ typedef struct _x509_crt x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ - x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */ + x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */ int ext_types; /**< Bit string containing detected and parsed extensions */ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ - unsigned char key_usage; /**< Optional key usage extension value: See the values below */ + unsigned char key_usage; /**< Optional key usage extension value: See the values in x509.h */ x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ - unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values below */ + unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */ x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 4668cdf45..7886b3709 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1102,8 +1102,8 @@ static int compat_snprintf(char *str, size_t size, const char *format, ...) /* * Return an informational string about the certificate. */ -#define BEFORE_COLON 14 -#define BC "14" +#define BEFORE_COLON 18 +#define BC "18" int x509_crt_info( char *buf, size_t size, const char *prefix, const x509_crt *crt ) { @@ -1116,41 +1116,41 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - ret = snprintf( p, n, "%scert. version : %d\n", + ret = snprintf( p, n, "%scert. version : %d\n", prefix, crt->version ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "%sserial number : ", + ret = snprintf( p, n, "%sserial number : ", prefix ); SAFE_SNPRINTF(); ret = x509_serial_gets( p, n, &crt->serial); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%sissuer name : ", prefix ); + ret = snprintf( p, n, "\n%sissuer name : ", prefix ); SAFE_SNPRINTF(); ret = x509_dn_gets( p, n, &crt->issuer ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%ssubject name : ", prefix ); + ret = snprintf( p, n, "\n%ssubject name : ", prefix ); SAFE_SNPRINTF(); ret = x509_dn_gets( p, n, &crt->subject ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%sissued on : " \ + ret = snprintf( p, n, "\n%sissued on : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crt->valid_from.year, crt->valid_from.mon, crt->valid_from.day, crt->valid_from.hour, crt->valid_from.min, crt->valid_from.sec ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%sexpires on : " \ + ret = snprintf( p, n, "\n%sexpires on : " \ "%04d-%02d-%02d %02d:%02d:%02d", prefix, crt->valid_to.year, crt->valid_to.mon, crt->valid_to.day, crt->valid_to.hour, crt->valid_to.min, crt->valid_to.sec ); SAFE_SNPRINTF(); - ret = snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = snprintf( p, n, "\n%ssigned using : ", prefix ); SAFE_SNPRINTF(); ret = oid_get_sig_alg_desc( &crt->sig_oid1, &desc ); @@ -1160,16 +1160,65 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, ret = snprintf( p, n, "%s", desc ); SAFE_SNPRINTF(); + /* Key size */ if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON, pk_get_name( &crt->pk ) ) ) != 0 ) { return( ret ); } - ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, + ret = snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, (int) pk_get_size( &crt->pk ) ); SAFE_SNPRINTF(); + /* + * Optional extensions + */ + + if( crt->ext_types & EXT_BASIC_CONSTRAINTS ) + { + ret = snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, + crt->ca_istrue ? "true" : "false" ); + SAFE_SNPRINTF(); + + if( crt->max_pathlen > 0 ) + { + ret = snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); + SAFE_SNPRINTF(); + } + } + + if( crt->ext_types & EXT_SUBJECT_ALT_NAME ) + { + ret = snprintf( p, n, "\n%ssubject alt name : ", prefix ); + SAFE_SNPRINTF(); + /* TODO */ + } + + if( crt->ext_types & EXT_NS_CERT_TYPE ) + { + ret = snprintf( p, n, "\n%scert. type : ", prefix ); + SAFE_SNPRINTF(); + /* TODO */ + } + + if( crt->ext_types & EXT_KEY_USAGE ) + { + ret = snprintf( p, n, "\n%skey usage : ", prefix ); + SAFE_SNPRINTF(); + /* TODO */ + } + + if( crt->ext_types & EXT_EXTENDED_KEY_USAGE ) + { + ret = snprintf( p, n, "\n%sext key usage : ", prefix ); + SAFE_SNPRINTF(); + /* TODO */ + } + + ret = snprintf( p, n, "\n" ); + SAFE_SNPRINTF(); + return( (int) ( size - n ) ); } diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 83320e2fe..1d8497b49 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1,78 +1,78 @@ X509 Certificate information #1 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information #2 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information #3 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 Certificate information MD2 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information MD4 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information MD5 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA1 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA224 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA256 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA384 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA512 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA1 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED -x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n" +x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA224 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED -x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n" +x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA256 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED -x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n" +x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA384 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED -x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n" +x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA512 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED -x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n" +x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information RSA signed by EC depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC signed by RSA depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n" +x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" X509 certificate v1 with extension depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 -x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" +x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRL information #1 depends_on:POLARSSL_PEM_PARSE_C @@ -663,59 +663,59 @@ x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d01010205003 X509 Certificate ASN1 (correct) depends_on:POLARSSL_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (GeneralizedTime instead of UTCTime) depends_on:POLARSSL_RSA_C -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 CN) depends_on:POLARSSL_RSA_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 C) depends_on:POLARSSL_RSA_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 L) depends_on:POLARSSL_RSA_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 ST) depends_on:POLARSSL_RSA_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 O) depends_on:POLARSSL_RSA_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 OU) depends_on:POLARSSL_RSA_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with unknown X520 part) depends_on:POLARSSL_RSA_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with PKCS9 email) depends_on:POLARSSL_RSA_C -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with unknown PKCS9 part) depends_on:POLARSSL_RSA_C -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (ECDSA signature, RSA key) depends_on:POLARSSL_RSA_C -x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 +x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 X509 Certificate ASN1 (ECDSA signature, EC key) depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 +x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 X509 Certificate ASN1 (RSA signature, EC key) depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":POLARSSL_ERR_X509_INVALID_FORMAT From 919f8f5829d286633238e639bd663c6acf220470 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Apr 2014 13:01:11 +0200 Subject: [PATCH 2/7] Print NS Cert Type in x509_crt_info() --- library/x509_crt.c | 60 +++++++++++++++++++++++++- tests/suites/test_suite_x509parse.data | 4 ++ 2 files changed, 62 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 7886b3709..025f3e0e1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1099,6 +1099,60 @@ static int compat_snprintf(char *str, size_t size, const char *format, ...) p += (unsigned int) ret; \ } +static int x509_info_cert_type( char **buf, size_t *size, + unsigned char ns_cert_type ) +{ + int ret; + size_t n = *size; + char *p = *buf; + + if( ns_cert_type & NS_CERT_TYPE_SSL_CLIENT ) + { + ret = snprintf( p, n, " SSL Client" ); + SAFE_SNPRINTF(); + } + if( ns_cert_type & NS_CERT_TYPE_SSL_SERVER ) + { + ret = snprintf( p, n, " SSL Server" ); + SAFE_SNPRINTF(); + } + if( ns_cert_type & NS_CERT_TYPE_EMAIL ) + { + ret = snprintf( p, n, " Email" ); + SAFE_SNPRINTF(); + } + if( ns_cert_type & NS_CERT_TYPE_OBJECT_SIGNING ) + { + ret = snprintf( p, n, " Object Signing" ); + SAFE_SNPRINTF(); + } + if( ns_cert_type & NS_CERT_TYPE_RESERVED ) + { + ret = snprintf( p, n, " Reserved" ); + SAFE_SNPRINTF(); + } + if( ns_cert_type & NS_CERT_TYPE_SSL_CA ) + { + ret = snprintf( p, n, " SSL CA" ); + SAFE_SNPRINTF(); + } + if( ns_cert_type & NS_CERT_TYPE_EMAIL_CA ) + { + ret = snprintf( p, n, " Email CA" ); + SAFE_SNPRINTF(); + } + if( ns_cert_type & NS_CERT_TYPE_OBJECT_SIGNING_CA ) + { + ret = snprintf( p, n, " Object Signing CA" ); + SAFE_SNPRINTF(); + } + + *size = n; + *buf = p; + + return( 0 ); +} + /* * Return an informational string about the certificate. */ @@ -1197,9 +1251,11 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_NS_CERT_TYPE ) { - ret = snprintf( p, n, "\n%scert. type : ", prefix ); + ret = snprintf( p, n, "\n%scert. type :", prefix ); SAFE_SNPRINTF(); - /* TODO */ + + if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) + return( ret ); } if( crt->ext_types & EXT_KEY_USAGE ) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1d8497b49..083e8d1b0 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -62,6 +62,10 @@ X509 Certificate information EC, SHA512 Digest depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" +X509 Certificate information, NS Cert Type +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C +x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" + X509 Certificate information RSA signed by EC depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" From bce2b30855580efc97a37fcc94c8b2c699f952e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Apr 2014 13:43:28 +0200 Subject: [PATCH 3/7] Print subject alt name in x509_crt_info() --- library/x509_crt.c | 54 +++++++++++++++++++++----- tests/suites/test_suite_x509parse.data | 6 ++- 2 files changed, 50 insertions(+), 10 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 025f3e0e1..436812d6d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -341,20 +341,15 @@ static int x509_get_subject_alt_name( unsigned char **p, return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ); + /* Skip everything but DNS name */ if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) ) { *p += tag_len; continue; } - buf = &(cur->buf); - buf->tag = tag; - buf->p = *p; - buf->len = tag_len; - *p += buf->len; - /* Allocate and assign next pointer */ - if (*p < end) + if( cur->buf.p != NULL ) { cur->next = (asn1_sequence *) polarssl_malloc( sizeof( asn1_sequence ) ); @@ -366,6 +361,12 @@ static int x509_get_subject_alt_name( unsigned char **p, memset( cur->next, 0, sizeof( asn1_sequence ) ); cur = cur->next; } + + buf = &(cur->buf); + buf->tag = tag; + buf->p = *p; + buf->len = tag_len; + *p += buf->len; } /* Set final sequence entry's next pointer to NULL */ @@ -1099,6 +1100,38 @@ static int compat_snprintf(char *str, size_t size, const char *format, ...) p += (unsigned int) ret; \ } +static int x509_info_subject_alt_name( char **buf, size_t *size, + const x509_sequence *subject_alt_name ) +{ + size_t i; + size_t n = *size; + char *p = *buf; + const x509_sequence *cur = subject_alt_name; + + while( cur != NULL ) + { + if( cur->buf.len + 1 >= n ) + { + *p = '\0'; + return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); + } + + n -= cur->buf.len + 1; + *p++ = ' '; + for( i = 0; i < cur->buf.len; i++ ) + *p++ = cur->buf.p[i]; + + cur = cur->next; + } + + *p = '\0'; + + *size = n; + *buf = p; + + return( 0 ); +} + static int x509_info_cert_type( char **buf, size_t *size, unsigned char ns_cert_type ) { @@ -1244,9 +1277,12 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_SUBJECT_ALT_NAME ) { - ret = snprintf( p, n, "\n%ssubject alt name : ", prefix ); + ret = snprintf( p, n, "\n%ssubject alt name :", prefix ); SAFE_SNPRINTF(); - /* TODO */ + + if( ( ret = x509_info_subject_alt_name( &p, &n, + &crt->subject_alt_names ) ) != 0 ) + return( ret ); } if( crt->ext_types & EXT_NS_CERT_TYPE ) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 083e8d1b0..387c4a26b 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -66,6 +66,10 @@ X509 Certificate information, NS Cert Type depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" +X509 Certificate information, NS Cert Type +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C +x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com example.net *.example.org\n" + X509 Certificate information RSA signed by EC depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" @@ -76,7 +80,7 @@ x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number X509 certificate v1 with extension depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 -x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org www.identity-check.org\n" X509 CRL information #1 depends_on:POLARSSL_PEM_PARSE_C From 65c2ddc318e2d9ff18adb940c8f896769df6777f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Apr 2014 14:12:11 +0200 Subject: [PATCH 4/7] Print key_usage in x509_crt_info() --- library/x509_crt.c | 55 +++++++++++++++++++++++++- tests/suites/test_suite_x509parse.data | 10 ++++- 2 files changed, 62 insertions(+), 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 436812d6d..e88bd4611 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1186,6 +1186,55 @@ static int x509_info_cert_type( char **buf, size_t *size, return( 0 ); } +static int x509_info_key_usage( char **buf, size_t *size, + unsigned char key_usage ) +{ + int ret; + size_t n = *size; + char *p = *buf; + + if( key_usage & KU_DIGITAL_SIGNATURE ) + { + ret = snprintf( p, n, " digitalSignature" ); + SAFE_SNPRINTF(); + } + if( key_usage & KU_NON_REPUDIATION ) + { + ret = snprintf( p, n, " nonRepudiation" ); + SAFE_SNPRINTF(); + } + if( key_usage & KU_KEY_ENCIPHERMENT ) + { + ret = snprintf( p, n, " keyEncipherment" ); + SAFE_SNPRINTF(); + } + if( key_usage & KU_DATA_ENCIPHERMENT ) + { + ret = snprintf( p, n, " dataEncipherment" ); + SAFE_SNPRINTF(); + } + if( key_usage & KU_KEY_AGREEMENT ) + { + ret = snprintf( p, n, " keyAgreement" ); + SAFE_SNPRINTF(); + } + if( key_usage & KU_KEY_CERT_SIGN ) + { + ret = snprintf( p, n, " keyCertSign" ); + SAFE_SNPRINTF(); + } + if( key_usage & KU_CRL_SIGN ) + { + ret = snprintf( p, n, " cRLSign" ); + SAFE_SNPRINTF(); + } + + *size = n; + *buf = p; + + return( 0 ); +} + /* * Return an informational string about the certificate. */ @@ -1296,9 +1345,11 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_KEY_USAGE ) { - ret = snprintf( p, n, "\n%skey usage : ", prefix ); + ret = snprintf( p, n, "\n%skey usage :", prefix ); SAFE_SNPRINTF(); - /* TODO */ + + if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) + return( ret ); } if( crt->ext_types & EXT_EXTENDED_KEY_USAGE ) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 387c4a26b..4ec46ac55 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -66,10 +66,18 @@ X509 Certificate information, NS Cert Type depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" -X509 Certificate information, NS Cert Type +X509 Certificate information, Key Usage +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C +x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: digitalSignature nonRepudiation keyEncipherment\n" + +X509 Certificate information, Subject Alt Name depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com example.net *.example.org\n" +X509 Certificate information, Subject Alt Name + Key Usage +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C +x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de www.massimo-abate.eu\nkey usage \: digitalSignature nonRepudiation keyEncipherment\n" + X509 Certificate information RSA signed by EC depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" From f6f4ab40d3de7448d337185cee3a8479d57e5b7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Apr 2014 17:32:44 +0200 Subject: [PATCH 5/7] Print extended key usage in x509_crt_info() --- library/x509_crt.c | 33 ++++++++++++++++++++++++-- tests/data_files/server1.ext_ku.crt | 22 +++++++++++++++++ tests/suites/test_suite_x509parse.data | 4 ++++ 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/server1.ext_ku.crt diff --git a/library/x509_crt.c b/library/x509_crt.c index e88bd4611..34f70c4ac 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1235,6 +1235,32 @@ static int x509_info_key_usage( char **buf, size_t *size, return( 0 ); } +static int x509_info_ext_key_usage( char **buf, size_t *size, + const x509_sequence *extended_key_usage ) +{ + int ret; + const char *desc; + size_t n = *size; + char *p = *buf; + const x509_sequence *cur = extended_key_usage; + + while( cur != NULL ) + { + if( oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) + desc = "???"; + + ret = snprintf( p, n, " %s", desc ); + SAFE_SNPRINTF(); + + cur = cur->next; + } + + *size = n; + *buf = p; + + return( 0 ); +} + /* * Return an informational string about the certificate. */ @@ -1354,9 +1380,12 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_EXTENDED_KEY_USAGE ) { - ret = snprintf( p, n, "\n%sext key usage : ", prefix ); + ret = snprintf( p, n, "\n%sext key usage :", prefix ); SAFE_SNPRINTF(); - /* TODO */ + + if( ( ret = x509_info_ext_key_usage( &p, &n, + &crt->ext_key_usage ) ) != 0 ) + return( ret ); } ret = snprintf( p, n, "\n" ); diff --git a/tests/data_files/server1.ext_ku.crt b/tests/data_files/server1.ext_ku.crt new file mode 100644 index 000000000..3c4f854a2 --- /dev/null +++ b/tests/data_files/server1.ext_ku.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIBITANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTQwNDAxMTQ0NDQzWhcNMjQwMzI5MTQ0NDQzWjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o4G0MIGxMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm +MGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQG +EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg +Q0GCAQAwCwYDVR0PBAQDAgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3 +DQEBCwUAA4IBAQANtiYR2P6+a7rEtJARIgpurw1URYejATbbp3ZhaHBW603Wyb2+ +KJtm1KPCzoju/qTRt65YYkt+tu1wTzamyrkPxt8bBKmxiWnu5j1HLxdjOz8VW9lf +vTb5egR4dU9eNXni/5QkzrdkMO+ob4puDXY7ytPuGX6YfNVhCkrhBlYDJNE57CkK +vpCNj3+Te8PEkWPAEaUhqCnQk6qvPvpBfc/hqgwzlRMt3u5NkiVOuH72dtr4fOI1 +nlAU8D2wuvDVr3X5281ONNEtHU6rXe98vlUzS9QV9lBDdsO9nRYJzv2Nb1cjRIM5 +JZl0ILLR2tc6E/W5YXalNp37jfrFii1U9WrJ +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 4ec46ac55..e5aaf4707 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -78,6 +78,10 @@ X509 Certificate information, Subject Alt Name + Key Usage depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de www.massimo-abate.eu\nkey usage \: digitalSignature nonRepudiation keyEncipherment\n" +X509 Certificate information, Key Usage + Extended Key Usage +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C +x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: digitalSignature nonRepudiation keyEncipherment\next key usage \: TLS Web Server Authentication\n" + X509 Certificate information RSA signed by EC depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" From 7b30cfc5b00161097024702e78b61ceedbaeab3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Apr 2014 18:00:07 +0200 Subject: [PATCH 6/7] x509_crt_info() list output cosmectics --- library/x509_crt.c | 72 ++++++++++++++++++-------- tests/suites/test_suite_x509parse.data | 8 +-- 2 files changed, 53 insertions(+), 27 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 34f70c4ac..c6fbf6bf1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1107,20 +1107,26 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, size_t n = *size; char *p = *buf; const x509_sequence *cur = subject_alt_name; + const char *sep = ""; + size_t sep_len = 0; while( cur != NULL ) { - if( cur->buf.len + 1 >= n ) + if( cur->buf.len + sep_len >= n ) { *p = '\0'; return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); } - n -= cur->buf.len + 1; - *p++ = ' '; + n -= cur->buf.len + sep_len; + for( i = 0; i < sep_len; i++ ) + *p++ = sep[i]; for( i = 0; i < cur->buf.len; i++ ) *p++ = cur->buf.p[i]; + sep = ", "; + sep_len = 2; + cur = cur->next; } @@ -1138,46 +1144,55 @@ static int x509_info_cert_type( char **buf, size_t *size, int ret; size_t n = *size; char *p = *buf; + const char *sep = ""; if( ns_cert_type & NS_CERT_TYPE_SSL_CLIENT ) { - ret = snprintf( p, n, " SSL Client" ); + ret = snprintf( p, n, "%sSSL Client", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( ns_cert_type & NS_CERT_TYPE_SSL_SERVER ) { - ret = snprintf( p, n, " SSL Server" ); + ret = snprintf( p, n, "%sSSL Server", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( ns_cert_type & NS_CERT_TYPE_EMAIL ) { - ret = snprintf( p, n, " Email" ); + ret = snprintf( p, n, "%sEmail", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( ns_cert_type & NS_CERT_TYPE_OBJECT_SIGNING ) { - ret = snprintf( p, n, " Object Signing" ); + ret = snprintf( p, n, "%sObject Signing", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( ns_cert_type & NS_CERT_TYPE_RESERVED ) { - ret = snprintf( p, n, " Reserved" ); + ret = snprintf( p, n, "%sReserved", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( ns_cert_type & NS_CERT_TYPE_SSL_CA ) { - ret = snprintf( p, n, " SSL CA" ); + ret = snprintf( p, n, "%sSSL CA", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( ns_cert_type & NS_CERT_TYPE_EMAIL_CA ) { - ret = snprintf( p, n, " Email CA" ); + ret = snprintf( p, n, "%sEmail CA", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( ns_cert_type & NS_CERT_TYPE_OBJECT_SIGNING_CA ) { - ret = snprintf( p, n, " Object Signing CA" ); + ret = snprintf( p, n, "%sObject Signing CA", sep ); SAFE_SNPRINTF(); + sep = ", "; } *size = n; @@ -1192,41 +1207,49 @@ static int x509_info_key_usage( char **buf, size_t *size, int ret; size_t n = *size; char *p = *buf; + const char *sep = ""; if( key_usage & KU_DIGITAL_SIGNATURE ) { - ret = snprintf( p, n, " digitalSignature" ); + ret = snprintf( p, n, "%sDigital Signature", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( key_usage & KU_NON_REPUDIATION ) { - ret = snprintf( p, n, " nonRepudiation" ); + ret = snprintf( p, n, "%sNon Repudiation", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( key_usage & KU_KEY_ENCIPHERMENT ) { - ret = snprintf( p, n, " keyEncipherment" ); + ret = snprintf( p, n, "%sKey Encipherment", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( key_usage & KU_DATA_ENCIPHERMENT ) { - ret = snprintf( p, n, " dataEncipherment" ); + ret = snprintf( p, n, "%sData Encipherment", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( key_usage & KU_KEY_AGREEMENT ) { - ret = snprintf( p, n, " keyAgreement" ); + ret = snprintf( p, n, "%sKey Agreement", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( key_usage & KU_KEY_CERT_SIGN ) { - ret = snprintf( p, n, " keyCertSign" ); + ret = snprintf( p, n, "%sKey Cert Sign", sep ); SAFE_SNPRINTF(); + sep = ", "; } if( key_usage & KU_CRL_SIGN ) { - ret = snprintf( p, n, " cRLSign" ); + ret = snprintf( p, n, "%sCRL Sign", sep ); SAFE_SNPRINTF(); + sep = ", "; } *size = n; @@ -1243,15 +1266,18 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, size_t n = *size; char *p = *buf; const x509_sequence *cur = extended_key_usage; + const char *sep = ""; while( cur != NULL ) { if( oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) desc = "???"; - ret = snprintf( p, n, " %s", desc ); + ret = snprintf( p, n, "%s%s", sep, desc ); SAFE_SNPRINTF(); + sep = ", "; + cur = cur->next; } @@ -1352,7 +1378,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_SUBJECT_ALT_NAME ) { - ret = snprintf( p, n, "\n%ssubject alt name :", prefix ); + ret = snprintf( p, n, "\n%ssubject alt name : ", prefix ); SAFE_SNPRINTF(); if( ( ret = x509_info_subject_alt_name( &p, &n, @@ -1362,7 +1388,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_NS_CERT_TYPE ) { - ret = snprintf( p, n, "\n%scert. type :", prefix ); + ret = snprintf( p, n, "\n%scert. type : ", prefix ); SAFE_SNPRINTF(); if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) @@ -1371,7 +1397,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_KEY_USAGE ) { - ret = snprintf( p, n, "\n%skey usage :", prefix ); + ret = snprintf( p, n, "\n%skey usage : ", prefix ); SAFE_SNPRINTF(); if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) @@ -1380,7 +1406,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_EXTENDED_KEY_USAGE ) { - ret = snprintf( p, n, "\n%sext key usage :", prefix ); + ret = snprintf( p, n, "\n%sext key usage : ", prefix ); SAFE_SNPRINTF(); if( ( ret = x509_info_ext_key_usage( &p, &n, diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index e5aaf4707..03caa74cf 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -68,19 +68,19 @@ x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nseria X509 Certificate information, Key Usage depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: digitalSignature nonRepudiation keyEncipherment\n" +x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 Certificate information, Subject Alt Name depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com example.net *.example.org\n" +x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com, example.net, *.example.org\n" X509 Certificate information, Subject Alt Name + Key Usage depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de www.massimo-abate.eu\nkey usage \: digitalSignature nonRepudiation keyEncipherment\n" +x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de, www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 Certificate information, Key Usage + Extended Key Usage depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C -x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: digitalSignature nonRepudiation keyEncipherment\next key usage \: TLS Web Server Authentication\n" +x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" X509 Certificate information RSA signed by EC depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C From 0db29b05b504ad1337e9376c384cac13299d4468 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Apr 2014 18:12:24 +0200 Subject: [PATCH 7/7] More compact code using macros --- library/x509_crt.c | 120 ++++++++++++--------------------------------- 1 file changed, 30 insertions(+), 90 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c6fbf6bf1..7f5a01550 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1138,6 +1138,17 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, return( 0 ); } +#define PRINT_ITEM(i) \ + { \ + ret = snprintf( p, n, "%s" i, sep ); \ + SAFE_SNPRINTF(); \ + sep = ", "; \ + } + +#define CERT_TYPE(type,name) \ + if( ns_cert_type & type ) \ + PRINT_ITEM( name ); + static int x509_info_cert_type( char **buf, size_t *size, unsigned char ns_cert_type ) { @@ -1146,54 +1157,14 @@ static int x509_info_cert_type( char **buf, size_t *size, char *p = *buf; const char *sep = ""; - if( ns_cert_type & NS_CERT_TYPE_SSL_CLIENT ) - { - ret = snprintf( p, n, "%sSSL Client", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( ns_cert_type & NS_CERT_TYPE_SSL_SERVER ) - { - ret = snprintf( p, n, "%sSSL Server", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( ns_cert_type & NS_CERT_TYPE_EMAIL ) - { - ret = snprintf( p, n, "%sEmail", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( ns_cert_type & NS_CERT_TYPE_OBJECT_SIGNING ) - { - ret = snprintf( p, n, "%sObject Signing", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( ns_cert_type & NS_CERT_TYPE_RESERVED ) - { - ret = snprintf( p, n, "%sReserved", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( ns_cert_type & NS_CERT_TYPE_SSL_CA ) - { - ret = snprintf( p, n, "%sSSL CA", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( ns_cert_type & NS_CERT_TYPE_EMAIL_CA ) - { - ret = snprintf( p, n, "%sEmail CA", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( ns_cert_type & NS_CERT_TYPE_OBJECT_SIGNING_CA ) - { - ret = snprintf( p, n, "%sObject Signing CA", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } + CERT_TYPE( NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); + CERT_TYPE( NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); + CERT_TYPE( NS_CERT_TYPE_EMAIL, "Email" ); + CERT_TYPE( NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); + CERT_TYPE( NS_CERT_TYPE_RESERVED, "Reserved" ); + CERT_TYPE( NS_CERT_TYPE_SSL_CA, "SSL CA" ); + CERT_TYPE( NS_CERT_TYPE_EMAIL_CA, "Email CA" ); + CERT_TYPE( NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); *size = n; *buf = p; @@ -1201,6 +1172,10 @@ static int x509_info_cert_type( char **buf, size_t *size, return( 0 ); } +#define KEY_USAGE(code,name) \ + if( key_usage & code ) \ + PRINT_ITEM( name ); + static int x509_info_key_usage( char **buf, size_t *size, unsigned char key_usage ) { @@ -1209,48 +1184,13 @@ static int x509_info_key_usage( char **buf, size_t *size, char *p = *buf; const char *sep = ""; - if( key_usage & KU_DIGITAL_SIGNATURE ) - { - ret = snprintf( p, n, "%sDigital Signature", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( key_usage & KU_NON_REPUDIATION ) - { - ret = snprintf( p, n, "%sNon Repudiation", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( key_usage & KU_KEY_ENCIPHERMENT ) - { - ret = snprintf( p, n, "%sKey Encipherment", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( key_usage & KU_DATA_ENCIPHERMENT ) - { - ret = snprintf( p, n, "%sData Encipherment", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( key_usage & KU_KEY_AGREEMENT ) - { - ret = snprintf( p, n, "%sKey Agreement", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( key_usage & KU_KEY_CERT_SIGN ) - { - ret = snprintf( p, n, "%sKey Cert Sign", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } - if( key_usage & KU_CRL_SIGN ) - { - ret = snprintf( p, n, "%sCRL Sign", sep ); - SAFE_SNPRINTF(); - sep = ", "; - } + KEY_USAGE( KU_DIGITAL_SIGNATURE, "Digital Signature" ); + KEY_USAGE( KU_NON_REPUDIATION, "Non Repudiation" ); + KEY_USAGE( KU_KEY_ENCIPHERMENT, "Key Encipherment" ); + KEY_USAGE( KU_DATA_ENCIPHERMENT, "Data Encipherment" ); + KEY_USAGE( KU_KEY_AGREEMENT, "Key Agreement" ); + KEY_USAGE( KU_KEY_CERT_SIGN, "Key Cert Sign" ); + KEY_USAGE( KU_CRL_SIGN, "CRL Sign" ); *size = n; *buf = p;