|
 |
209844 |
From 9312d1892c611d9f0e814cb915488182da2b76cc Mon Sep 17 00:00:00 2001
|
|
|
209844 |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
209844 |
Date: Mon, 4 Oct 2021 15:55:44 +0200
|
|
|
209844 |
Subject: [PATCH] Use extensions template from NSS
|
|
|
209844 |
|
|
|
209844 |
Drop certmonger's custom extension template and use the sequence of X509v3
|
|
|
209844 |
extensions template from NSS.
|
|
|
209844 |
|
|
|
209844 |
The certmonger template had a bug that caused certmonger to create CSRs
|
|
|
209844 |
with invalid DER. It was encoding extension's critical element even for
|
|
|
209844 |
default value FALSE.
|
|
|
209844 |
|
|
|
209844 |
Fixes: https://pagure.io/certmonger/issue/223
|
|
|
209844 |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
209844 |
---
|
|
|
209844 |
src/certext.c | 41 +----------------------------------------
|
|
|
209844 |
1 file changed, 1 insertion(+), 40 deletions(-)
|
|
|
209844 |
|
|
|
209844 |
diff --git a/src/certext.c b/src/certext.c
|
|
|
209844 |
index be536987..0d66971e 100644
|
|
|
209844 |
--- a/src/certext.c
|
|
|
209844 |
+++ b/src/certext.c
|
|
|
209844 |
@@ -203,45 +203,6 @@ cm_ms_template_template[] = {
|
|
|
209844 |
{0, 0, NULL, 0},
|
|
|
209844 |
};
|
|
|
209844 |
|
|
|
209844 |
-/* RFC 5280, 4.1 */
|
|
|
209844 |
-const SEC_ASN1Template
|
|
|
209844 |
-cm_certext_cert_extension_template[] = {
|
|
|
209844 |
- {
|
|
|
209844 |
- .kind = SEC_ASN1_SEQUENCE,
|
|
|
209844 |
- .offset = 0,
|
|
|
209844 |
- .sub = NULL,
|
|
|
209844 |
- .size = sizeof(CERTCertExtension),
|
|
|
209844 |
- },
|
|
|
209844 |
- {
|
|
|
209844 |
- .kind = SEC_ASN1_OBJECT_ID,
|
|
|
209844 |
- .offset = offsetof(CERTCertExtension, id),
|
|
|
209844 |
- .sub = NULL,
|
|
|
209844 |
- .size = sizeof(SECItem),
|
|
|
209844 |
- },
|
|
|
209844 |
- {
|
|
|
209844 |
- .kind = SEC_ASN1_BOOLEAN,
|
|
|
209844 |
- .offset = offsetof(CERTCertExtension, critical),
|
|
|
209844 |
- .sub = NULL,
|
|
|
209844 |
- .size = sizeof(SECItem),
|
|
|
209844 |
- },
|
|
|
209844 |
- {
|
|
|
209844 |
- .kind = SEC_ASN1_OCTET_STRING,
|
|
|
209844 |
- .offset = offsetof(CERTCertExtension, value),
|
|
|
209844 |
- .sub = NULL,
|
|
|
209844 |
- .size = sizeof(SECItem),
|
|
|
209844 |
- },
|
|
|
209844 |
- {0, 0, NULL, 0},
|
|
|
209844 |
-};
|
|
|
209844 |
-const SEC_ASN1Template
|
|
|
209844 |
-cm_certext_sequence_of_cert_extension_template[] = {
|
|
|
209844 |
- {
|
|
|
209844 |
- .kind = SEC_ASN1_SEQUENCE_OF,
|
|
|
209844 |
- .offset = 0,
|
|
|
209844 |
- .sub = cm_certext_cert_extension_template,
|
|
|
209844 |
- .size = sizeof(CERTCertExtension **),
|
|
|
209844 |
- },
|
|
|
209844 |
-};
|
|
|
209844 |
-
|
|
|
209844 |
/* Windows 2000-style UPN */
|
|
|
209844 |
static unsigned char oid_ms_upn_name_bytes[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03};
|
|
|
209844 |
static const SECOidData oid_ms_upn_name = {
|
|
|
209844 |
@@ -1960,7 +1921,7 @@ cm_certext_build_csr_extensions(struct cm_store_entry *entry,
|
|
|
209844 |
/* Encode the sequence. */
|
|
|
209844 |
memset(&encoded, 0, sizeof(encoded));
|
|
|
209844 |
if (i > 1) {
|
|
|
209844 |
- template = cm_certext_sequence_of_cert_extension_template;
|
|
|
209844 |
+ template = CERT_SequenceOfCertExtensionTemplate;
|
|
|
209844 |
if (SEC_ASN1EncodeItem(arena, &encoded, &exts_ptr,
|
|
|
209844 |
template) == &encoded) {
|
|
|
209844 |
*extensions = talloc_memdup(entry, encoded.data,
|
|
|
209844 |
--
|
|
|
209844 |
2.31.1
|
|
|
209844 |
|