The unified diff between revisions [851b8c4b..] and [5a1d14c4..] is displayed below. It can also be downloaded as a raw diff.
This diff has been restricted to the following files: 'src/x509stor.cpp'
#
#
# patch "src/x509stor.cpp"
# from [c8679230e37132fe16331f67690cdf23bff164a1]
# to [b885de41c4d7fef9b57d9a6468103d7642358a19]
#
============================================================
--- src/x509stor.cpp c8679230e37132fe16331f67690cdf23bff164a1
+++ src/x509stor.cpp b885de41c4d7fef9b57d9a6468103d7642358a19
@@ -1,6 +1,6 @@
/*************************************************
* X.509 Certificate Store Source File *
-* (C) 1999-2006 The Botan Project *
+* (C) 1999-2007 Jack Lloyd *
*************************************************/
#include <botan/x509stor.h>
@@ -8,7 +8,7 @@
#include <botan/pubkey.h>
#include <botan/look_pk.h>
#include <botan/oids.h>
-#include <botan/conf.h>
+#include <botan/config.h>
#include <botan/util.h>
#include <algorithm>
#include <memory>
@@ -18,6 +18,24 @@ namespace {
namespace {
/*************************************************
+* Do a validity check *
+*************************************************/
+s32bit validity_check(const X509_Time& start, const X509_Time& end,
+ u64bit current_time)
+ {
+ const u32bit ALLOWABLE_SLIP =
+ global_config().option_as_time("x509/validity_slack");
+
+ const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1;
+
+ if(start.cmp(current_time + ALLOWABLE_SLIP) > 0)
+ return NOT_YET_VALID;
+ if(end.cmp(current_time - ALLOWABLE_SLIP) < 0)
+ return EXPIRED;
+ return VALID_TIME;
+ }
+
+/*************************************************
* Compare the value of unique ID fields *
*************************************************/
bool compare_ids(const MemoryVector<byte>& id1,
@@ -294,7 +312,7 @@ X509_Code X509_Store::construct_cert_cha
if(certs[parent].is_trusted())
break;
- if(parent_cert.self_signed())
+ if(parent_cert.is_self_signed())
return CANNOT_ESTABLISH_TRUST;
if(parent_cert.path_limit() < indexes.size() - 1)
@@ -354,9 +372,9 @@ X509_Code X509_Store::check_sig(const Ce
/*************************************************
* Check a CA's signature *
*************************************************/
-X509_Code X509_Store::check_sig(const X509_Object& object, X509_PublicKey* key)
+X509_Code X509_Store::check_sig(const X509_Object& object, Public_Key* key)
{
- std::auto_ptr<X509_PublicKey> pub_key(key);
+ std::auto_ptr<Public_Key> pub_key(key);
std::auto_ptr<PK_Verifier> verifier;
try {
@@ -481,7 +499,7 @@ void X509_Store::add_cert(const X509_Cer
*************************************************/
void X509_Store::add_cert(const X509_Certificate& cert, bool trusted)
{
- if(trusted && !cert.self_signed())
+ if(trusted && !cert.is_self_signed())
throw Invalid_Argument("X509_Store: Trusted certs must be self-signed");
if(find_cert(cert.subject_dn(), cert.subject_key_id()) == NO_CERT_FOUND)
@@ -574,13 +592,13 @@ X509_Code X509_Store::add_crl(const X509
{
CRL_Data revoked_info;
revoked_info.issuer = crl.issuer_dn();
- revoked_info.serial = revoked_certs[j].serial;
+ revoked_info.serial = revoked_certs[j].serial_number();
revoked_info.auth_key_id = crl.authority_key_id();
std::vector<CRL_Data>::iterator p =
std::find(revoked.begin(), revoked.end(), revoked_info);
- if(revoked_certs[j].reason == REMOVE_FROM_CRL)
+ if(revoked_certs[j].reason_code() == REMOVE_FROM_CRL)
{
if(p == revoked.end()) continue;
revoked.erase(p);
@@ -658,7 +676,9 @@ bool X509_Store::Cert_Info::is_verified(
if(result != VERIFIED && result != CERT_NOT_YET_VALID)
return true;
- const u32bit CACHE_TIME = Config::get_time("x509/cache_verify_results");
+ const u32bit CACHE_TIME =
+ global_config().option_as_time("x509/cache_verify_results");
+
const u64bit current_time = system_time();
if(current_time > last_checked + CACHE_TIME)