diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-03 13:36:26 -0500 |
|---|---|---|
| committer | Slávek Banko <slavek.banko@axis.cz> | 2017-07-22 15:56:44 +0200 |
| commit | 56e5891a95d38fe6a09276ce3a0bf06daf24f141 (patch) | |
| tree | 7bce5405ab0d4aa330b37003cc1777c90971dd01 /kio/kssl/ksslcertificate.cc | |
| parent | cc48df2a09bbdb6e83f52215b1a41c257d4820bc (diff) | |
| download | tdelibs-56e5891a95d38fe6a09276ce3a0bf06daf24f141.tar.gz tdelibs-56e5891a95d38fe6a09276ce3a0bf06daf24f141.zip | |
Add initial CRL support to KSSLCertificate
(cherry picked from commit 5896a404bcc63085cf0a50d232d2d631a5107228)
Diffstat (limited to 'kio/kssl/ksslcertificate.cc')
| -rw-r--r-- | kio/kssl/ksslcertificate.cc | 57 |
1 files changed, 53 insertions, 4 deletions
diff --git a/kio/kssl/ksslcertificate.cc b/kio/kssl/ksslcertificate.cc index 285bb1d2d..05afec7f3 100644 --- a/kio/kssl/ksslcertificate.cc +++ b/kio/kssl/ksslcertificate.cc @@ -83,6 +83,7 @@ public: bool m_stateCached; #ifdef KSSL_HAVE_SSL X509 *m_cert; + X509_CRL *m_cert_crl; #endif KOSSL *kossl; KSSLCertChain _chain; @@ -161,6 +162,26 @@ KSSLCertificate *n = NULL; return n; } +KSSLCertificate *KSSLCertificate::crlFromString(TQCString cert) { +KSSLCertificate *n = NULL; +#ifdef KSSL_HAVE_SSL + if (cert.length() == 0) + return NULL; + + TQByteArray qba, qbb = cert.copy(); + KCodecs::base64Decode(qbb, qba); + unsigned char *qbap = reinterpret_cast<unsigned char *>(qba.data()); + X509_CRL *x5c = KOSSL::self()->d2i_X509_CRL(NULL, &qbap, qba.size()); + if (!x5c) { + return NULL; + } + + n = new KSSLCertificate; + n->setCRL(x5c); +#endif +return n; +} + TQString KSSLCertificate::getSubject() const { @@ -544,6 +565,17 @@ d->m_stateCached = false; d->m_stateCache = KSSLCertificate::Unknown; } +void KSSLCertificate::setCRL(X509_CRL *c) { +#ifdef KSSL_HAVE_SSL +d->m_cert_crl = c; +if (c) { + d->_extensions.flags = 0; +} +#endif +d->m_stateCached = false; +d->m_stateCache = KSSLCertificate::Unknown; +} + X509 *KSSLCertificate::getCert() { #ifdef KSSL_HAVE_SSL return d->m_cert; @@ -624,7 +656,6 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi X509_STORE *certStore; X509_LOOKUP *certLookup; X509_STORE_CTX *certStoreCTX; - int rc = 0; if (!d->m_cert) { @@ -702,7 +733,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi KSSL_X509CallBack_ca_found = false; certStoreCTX->error = X509_V_OK; - rc = d->kossl->X509_verify_cert(certStoreCTX); + d->kossl->X509_verify_cert(certStoreCTX); int errcode = certStoreCTX->error; if (ca && !KSSL_X509CallBack_ca_found) { ksslv = KSSLCertificate::Irrelevant; @@ -717,7 +748,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi X509_PURPOSE_NS_SSL_SERVER); certStoreCTX->error = X509_V_OK; - rc = d->kossl->X509_verify_cert(certStoreCTX); + d->kossl->X509_verify_cert(certStoreCTX); errcode = certStoreCTX->error; ksslv = processError(errcode); } @@ -885,6 +916,24 @@ return TQDateTime::currentDateTime(); } +TQDateTime KSSLCertificate::getQDTLastUpdate() const { +#ifdef KSSL_HAVE_SSL +return ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(d->m_cert_crl), NULL); +#else +return TQDateTime::currentDateTime(); +#endif +} + + +TQDateTime KSSLCertificate::getQDTNextUpdate() const { +#ifdef KSSL_HAVE_SSL +return ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(d->m_cert_crl), NULL); +#else +return TQDateTime::currentDateTime(); +#endif +} + + int operator==(KSSLCertificate &x, KSSLCertificate &y) { #ifndef KSSL_HAVE_SSL return 1; @@ -1115,7 +1164,7 @@ TQStringList KSSLCertificate::subjAltNames() const { TQString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5); if (!s.isEmpty() && /* skip subjectAltNames with embedded NULs */ - s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) { + s.length() == (unsigned int)d->kossl->ASN1_STRING_length(val->d.ia5)) { rc += s; } } |