GitHub/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-05-07 20:12:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Constify X509_NAME

Browse Source 
There are still a few casts away from const where things do not actually
end up mutating the object, we'll deal with that later.

Part of #28654 and #29117
Fixes openssl/project#1781

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Wed Feb 25 09:58:35 2026
(Merged from https://github.com/openssl/openssl/pull/29468)
This commit is contained in:
Bob Beck
2025-09-30 16:20:16 -06:00
committed by Tomas Mraz
parent 55b87dd7f4
commit b0f2107b44
22 changed files with 136 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/ca.c
+11 -5
View File
@@ -1468,10 +1468,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
const X509_NAME *name = NULL;
X509_NAME *CAname = NULL, *subject = NULL;
const ASN1_TIME *tm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
const ASN1_STRING *str, *str2;
const ASN1_OBJECT *obj;
X509 *ret = NULL;
X509_NAME_ENTRY *ne, *tne;
const X509_NAME_ENTRY *ne, *tne;
EVP_PKEY *pktmp;
int ok = -1, i, j, last, nid;
const char *p;
@@ -1554,7 +1554,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
last = -1;
for (;;) {
X509_NAME_ENTRY *push = NULL;
const X509_NAME_ENTRY *push = NULL;
/* lookup the object in the supplied name list */
j = X509_NAME_get_index_by_OBJ(name, obj, last);
@@ -1996,7 +1996,9 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
/*
* Build up the subject name set.
*/
n = X509_REQ_get_subject_name(req);
n = X509_NAME_new();
if (n == NULL)
goto end;
for (i = 0;; i++) {
if (sk_CONF_VALUE_num(sk) <= i)
@@ -2038,6 +2040,9 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
goto end;
}
if (!X509_REQ_set_subject_name(req, n))
goto end;
/*
* Now extract the key from the SPKI structure.
*/
@@ -2066,6 +2071,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
ext_copy, 0, dateopt);
end:
X509_REQ_free(req);
X509_NAME_free(n);
CONF_free(parms);
NETSCAPE_SPKI_free(spki);
X509_NAME_ENTRY_free(ne);
apps/req.c
+53 -24
View File
@@ -48,7 +48,7 @@
#define UNSET_DAYS -2 /* -1 may be used for testing expiration checks */
#define EXT_COPY_UNSET -1
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj,
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, const X509_NAME *fsubj,
int mutlirdn, int attribs, unsigned long chtype);
static int prompt_info(X509_REQ *req,
STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
@@ -292,7 +292,7 @@ int req_main(int argc, char **argv)
char *passin = NULL, *passout = NULL;
char *nofree_passin = NULL, *nofree_passout = NULL;
char *subj = NULL;
X509_NAME *fsubj = NULL;
const X509_NAME *fsubj = NULL;
char *template = default_config_file, *keyout = NULL;
const char *keyalg = NULL;
OPTION_CHOICE o;
@@ -816,9 +816,10 @@ int req_main(int argc, char **argv)
EVP_PKEY *pub_key = X509_REQ_get0_pubkey(req);
EVP_PKEY *issuer_key = CAcert != NULL ? CAkey : pkey;
X509V3_CTX ext_ctx;
X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) : X509_REQ_get_subject_name(req);
X509_NAME *n_subj = fsubj != NULL ? fsubj : X509_REQ_get_subject_name(req);
const X509_NAME *n_subj = fsubj != NULL ? fsubj : X509_REQ_get_subject_name(req);
const X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert)
: X509_REQ_get_subject_name(req);
if (CAcert != NULL && keyfile != NULL)
BIO_puts(bio_err,
"Warning: Not using -key or -newkey for signing since -CA option is given\n");
@@ -1060,7 +1061,7 @@ end:
lh_OPENSSL_STRING_free(addexts);
OPENSSL_free(keyalgstr);
X509_REQ_free(req);
X509_NAME_free(fsubj);
X509_NAME_free((X509_NAME *)fsubj);
X509_free(new_x509);
X509_free(CAcert);
EVP_PKEY_free(CAkey);
@@ -1072,7 +1073,7 @@ end:
return ret;
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj,
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, const X509_NAME *fsubj,
int multirdn, int attribs, unsigned long chtype)
{
int ret = 0, i;
@@ -1137,7 +1138,11 @@ static int prompt_info(X509_REQ *req,
char *type, *value;
const char *def;
CONF_VALUE *v;
X509_NAME *subj = X509_REQ_get_subject_name(req);
X509_NAME *subj;
int ret = 0;
if ((subj = X509_NAME_new()) == NULL)
goto err;
if (!batch) {
BIO_puts(bio_err,
@@ -1188,32 +1193,37 @@ static int prompt_info(X509_REQ *req,
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start;
if (!join(buf, sizeof(buf), v->name, "_default", "Name"))
return 0;
goto err;
if ((def = app_conf_try_string(req_conf, dn_sect, buf)) == NULL)
def = "";
if (!join(buf, sizeof(buf), v->name, "_value", "Name"))
return 0;
goto err;
if ((value = app_conf_try_string(req_conf, dn_sect, buf)) == NULL)
value = NULL;
if (!join(buf, sizeof(buf), v->name, "_min", "Name"))
return 0;
goto err;
if (!app_conf_try_number(req_conf, dn_sect, buf, &n_min))
n_min = -1;
if (!join(buf, sizeof(buf), v->name, "_max", "Name"))
return 0;
goto err;
if (!app_conf_try_number(req_conf, dn_sect, buf, &n_max))
n_max = -1;
if (!add_DN_object(subj, v->value, def, value, nid,
n_min, n_max, chtype, mval))
return 0;
goto err;
}
if (X509_NAME_entry_count(subj) == 0) {
BIO_puts(bio_err, "Error: No objects specified in config file\n");
return 0;
goto err;
}
if (X509_REQ_set_subject_name(req, subj) == 0) {
BIO_printf(bio_err, "Error: Can't set subject name\n");
goto err;
}
if (attribs) {
@@ -1243,31 +1253,38 @@ static int prompt_info(X509_REQ *req,
def = "";
if (!join(buf, sizeof(buf), type, "_value", "Name"))
return 0;
goto err;
;
value = app_conf_try_string(req_conf, attr_sect, buf);
if (!join(buf, sizeof(buf), type, "_min", "Name"))
return 0;
goto err;
;
if (!app_conf_try_number(req_conf, attr_sect, buf, &n_min))
n_min = -1;
if (!join(buf, sizeof(buf), type, "_max", "Name"))
return 0;
goto err;
;
if (!app_conf_try_number(req_conf, attr_sect, buf, &n_max))
n_max = -1;
if (!add_attribute_object(req,
v->value, def, value, nid, n_min,
n_max, chtype))
return 0;
goto err;
;
}
}
} else {
BIO_puts(bio_err, "No template, please set one up.\n");
return 0;
goto err;
}
return 1;
ret = 1;
err:
X509_NAME_free(subj);
return ret;
}
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
@@ -1279,8 +1296,10 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
char *type;
CONF_VALUE *v;
X509_NAME *subj;
int ret = 0;
subj = X509_REQ_get_subject_name(req);
if ((subj = X509_NAME_new()) == NULL)
goto err;
for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
int mval;
@@ -1318,7 +1337,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
(unsigned char *)v->value, -1, -1,
mval))
return 0;
goto err;
}
if (!X509_NAME_entry_count(subj)) {
@@ -1330,10 +1349,20 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
v = sk_CONF_VALUE_value(attr_sk, i);
if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
(unsigned char *)v->value, -1))
return 0;
goto err;
}
}
return 1;
if (X509_REQ_set_subject_name(req, subj) == 0) {
BIO_printf(bio_err, "Error: Can't set subject name\n");
goto err;
}
ret = 1;
err:
X509_NAME_free(subj);
return ret;
}
static int add_DN_object(X509_NAME *n, char *text, const char *def,
apps/s_server.c
+1 -1
View File
@@ -711,7 +711,7 @@ static int get_ocsp_resp_from_responder_single(SSL *s, X509 *x,
int use_ssl;
STACK_OF(OPENSSL_STRING) *aia = NULL;
X509 *cert;
X509_NAME *iname;
const X509_NAME *iname;
STACK_OF(X509) *chain = NULL;
SSL_CTX *ssl_ctx;
X509_STORE_CTX *inctx = NULL;
crypto/asn1/a_strex.c
+1 -1
View File
@@ -422,7 +422,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
{
int i, prev = -1, orflags, cnt;
int fn_opt, fn_nid;
ASN1_OBJECT *fn;
const ASN1_OBJECT *fn;
const ASN1_STRING *val;
const X509_NAME_ENTRY *ent;
char objtmp[80];
crypto/store/store_lib.c
+3 -3
View File
@@ -938,7 +938,7 @@ int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
}
/* Search term constructors */
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(const X509_NAME *name)
{
OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
@@ -950,7 +950,7 @@ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
return search;
}
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(const X509_NAME *name,
const ASN1_INTEGER *serial)
{
OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
@@ -1022,7 +1022,7 @@ int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
return criterion->search_type;
}
X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
const X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
{
return criterion->name;
}
crypto/store/store_local.h
+1 -1
View File
@@ -54,7 +54,7 @@ struct ossl_store_search_st {
* Used by OSSL_STORE_SEARCH_BY_NAME and
* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
*/
X509_NAME *name;
const X509_NAME *name;
/* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
const ASN1_INTEGER *serial;
crypto/x509/v3_ncons.c
+8 -6
View File
@@ -280,7 +280,7 @@ static int add_lengths(int *out, int a, int b)
int NAME_CONSTRAINTS_check(const X509 *x, NAME_CONSTRAINTS *nc)
{
int r, i, name_count, constraint_count;
X509_NAME *nm;
const X509_NAME *nm;
nm = X509_get_subject_name(x);
@@ -299,7 +299,8 @@ int NAME_CONSTRAINTS_check(const X509 *x, NAME_CONSTRAINTS *nc)
if (X509_NAME_entry_count(nm) > 0) {
GENERAL_NAME gntmp;
gntmp.type = GEN_DIRNAME;
gntmp.d.directoryName = nm;
/* XXX casts away const (but does not mutate) */
gntmp.d.directoryName = (X509_NAME *)nm;
r = nc_match(&gntmp, nc);
@@ -317,7 +318,8 @@ int NAME_CONSTRAINTS_check(const X509 *x, NAME_CONSTRAINTS *nc)
if (i == -1)
break;
ne = X509_NAME_get_entry(nm, i);
gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
/* XXX casts away const (but does not mutate) */
gntmp.d.rfc822Name = (ASN1_STRING *)X509_NAME_ENTRY_get_data(ne);
if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
@@ -338,7 +340,7 @@ int NAME_CONSTRAINTS_check(const X509 *x, NAME_CONSTRAINTS *nc)
return X509_V_OK;
}
static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
static int cn2dnsid(const ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
{
int utf8_length;
unsigned char *utf8_value;
@@ -449,8 +451,8 @@ int NAME_CONSTRAINTS_check_CN(const X509 *x, NAME_CONSTRAINTS *nc)
/* Process any commonName attributes in subject name */
for (i = -1;;) {
X509_NAME_ENTRY *ne;
ASN1_STRING *cn;
const X509_NAME_ENTRY *ne;
const ASN1_STRING *cn;
unsigned char *idval;
size_t idlen;
crypto/x509/v3_san.c
+10 -6
View File
@@ -418,7 +418,7 @@ err:
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
{
X509_NAME *nm;
const X509_NAME *nm;
ASN1_IA5STRING *email = NULL;
X509_NAME_ENTRY *ne;
GENERAL_NAME *gen = NULL;
@@ -432,18 +432,22 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
return 0;
}
/* Find the subject name */
nm = ctx->subject_cert != NULL ? X509_get_subject_name(ctx->subject_cert) : X509_REQ_get_subject_name(ctx->subject_req);
nm = ctx->subject_cert != NULL ? X509_get_subject_name(ctx->subject_cert)
: X509_REQ_get_subject_name(ctx->subject_req);
/* Now add any email address(es) to STACK */
while ((i = X509_NAME_get_index_by_NID(nm,
NID_pkcs9_emailAddress, i))
>= 0) {
ne = X509_NAME_get_entry(nm, i);
/* XXX Casts away const */
ne = (X509_NAME_ENTRY *)X509_NAME_get_entry(nm, i);
email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
if (move_p) {
X509_NAME_delete_entry(nm, i);
X509_NAME_ENTRY_free(ne);
i--;
/* We should really not support deleting things in a const object
* to rip the pointer out of it. If we truly want a new object
* without this in it, we should just construct one without it.
*/
return 0;
}
if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) {
ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
crypto/x509/v3_utl.c
+1 -1
View File
@@ -497,7 +497,7 @@ static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name,
GENERAL_NAMES *gens)
{
STACK_OF(OPENSSL_STRING) *ret = NULL;
X509_NAME_ENTRY *ne;
const X509_NAME_ENTRY *ne;
const ASN1_IA5STRING *email;
GENERAL_NAME *gen;
int i = -1;
crypto/x509/x509_cmp.c
+2 -2
View File
@@ -97,7 +97,7 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
return rv < 0 ? -1 : rv > 0;
}
X509_NAME *X509_get_issuer_name(const X509 *a)
const X509_NAME *X509_get_issuer_name(const X509 *a)
{
return a->cert_info.issuer;
}
@@ -114,7 +114,7 @@ unsigned long X509_issuer_name_hash_old(const X509 *x)
}
#endif
X509_NAME *X509_get_subject_name(const X509 *a)
const X509_NAME *X509_get_subject_name(const X509 *a)
{
return a->cert_info.subject;
}
crypto/x509/x509_req.c
+1 -1
View File
@@ -308,7 +308,7 @@ long X509_REQ_get_version(const X509_REQ *req)
return ASN1_INTEGER_get(req->req_info.version);
}
X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
const X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
{
return req->req_info.subject;
}
crypto/x509/x509_vfy.c
+8 -7
View File
@@ -831,8 +831,9 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
* (RFC 3820: 3.4, 4.1.3 (a)(4))
*/
if ((x->ex_flags & EXFLAG_PROXY) != 0) {
X509_NAME *tmpsubject = X509_get_subject_name(x);
X509_NAME *tmpissuer = X509_get_issuer_name(x);
const X509_NAME *tmpsubject = X509_get_subject_name(x);
const X509_NAME *tmpissuer = X509_get_issuer_name(x);
X509_NAME *tmpsubject2;
X509_NAME_ENTRY *tmpentry = NULL;
int last_nid = 0;
int err = X509_V_OK;
@@ -869,23 +870,23 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
* Check that the last subject RDN is a commonName, and that
* all the previous RDNs match the issuer exactly
*/
tmpsubject = X509_NAME_dup(tmpsubject);
if (tmpsubject == NULL) {
tmpsubject2 = X509_NAME_dup(tmpsubject);
if (tmpsubject2 == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
ctx->error = X509_V_ERR_OUT_OF_MEM;
return -1;
}
tmpentry = X509_NAME_delete_entry(tmpsubject, last_loc);
tmpentry = X509_NAME_delete_entry(tmpsubject2, last_loc);
last_nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry));
if (last_nid != NID_commonName
|| X509_NAME_cmp(tmpsubject, tmpissuer) != 0) {
|| X509_NAME_cmp(tmpsubject2, tmpissuer) != 0) {
err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
}
X509_NAME_ENTRY_free(tmpentry);
X509_NAME_free(tmpsubject);
X509_NAME_free(tmpsubject2);
proxy_name_done:
CB_FAIL_IF(err != X509_V_OK, ctx, x, i, err);
crypto/x509/x509cset.c
+1 -1
View File
@@ -110,7 +110,7 @@ ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
}
#endif
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
const X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
{
return crl->crl.issuer;
}
crypto/x509/x509name.c
+3 -3
View File
@@ -94,7 +94,7 @@ int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj,
return -1;
}
X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
const X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
{
if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
|| loc < 0)
@@ -346,14 +346,14 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
return 1;
}
ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
const ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
{
if (ne == NULL)
return NULL;
return ne->object;
}
ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
const ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
{
if (ne == NULL)
return NULL;
doc/man3/OSSL_STORE_SEARCH.pod
+3 -3
View File
@@ -22,8 +22,8 @@ OSSL_STORE_SEARCH_get0_digest
typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(const X509_NAME *name);
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(const X509_NAME *name,
const ASN1_INTEGER
*serial);
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
@@ -34,7 +34,7 @@ OSSL_STORE_SEARCH_get0_digest
void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
const X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
*criterion);
const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
doc/man3/X509_NAME_ENTRY_get_object.pod
+2 -2
View File
@@ -11,8 +11,8 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
#include <openssl/x509.h>
ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
const ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
const ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
doc/man3/X509_NAME_get_index_by_NID.pod
+1 -1
View File
@@ -15,7 +15,7 @@ X509_NAME lookup and enumeration functions
const ASN1_OBJECT *obj, int lastpos);
int X509_NAME_entry_count(const X509_NAME *name);
X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
cont X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
Deprecated Functions:
doc/man3/X509_get_subject_name.pod
+4 -4
View File
@@ -17,18 +17,18 @@ get X509_NAME hashes or get and set issuer or subject names
unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx,
const char *propq, int *ok);
X509_NAME *X509_get_subject_name(const X509 *x);
const X509_NAME *X509_get_subject_name(const X509 *x);
int X509_set_subject_name(X509 *x, const X509_NAME *name);
unsigned long X509_subject_name_hash(const X509 *x);
X509_NAME *X509_get_issuer_name(const X509 *x);
const X509_NAME *X509_get_issuer_name(const X509 *x);
int X509_set_issuer_name(X509 *x, const X509_NAME *name);
unsigned long X509_issuer_name_hash(const X509 *x);
X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
const X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name);
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
const X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name);
#include <openssl/x509_acert.h>
include/openssl/store.h
+3 -3
View File
@@ -227,8 +227,8 @@ int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type);
* The input is considered to be owned by the caller, and must therefore
* remain present throughout the lifetime of the returned OSSL_STORE_SEARCH
*/
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(const X509_NAME *name);
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(const X509_NAME *name,
const ASN1_INTEGER
*serial);
OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
@@ -242,7 +242,7 @@ void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
/* Search term accessors */
int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion);
const X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion);
const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
*criterion);
const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
include/openssl/x509.h.in
+7 -7
View File
@@ -663,9 +663,9 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
ASN1_INTEGER *X509_get_serialNumber(X509 *x);
const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
int X509_set_issuer_name(X509 *x, const X509_NAME *name);
X509_NAME *X509_get_issuer_name(const X509 *a);
const X509_NAME *X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, const X509_NAME *name);
X509_NAME *X509_get_subject_name(const X509 *a);
const X509_NAME *X509_get_subject_name(const X509 *a);
const ASN1_TIME *X509_get0_notBefore(const X509 *x);
ASN1_TIME *X509_getm_notBefore(X509 *x);
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
@@ -701,7 +701,7 @@ const ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
long X509_REQ_get_version(const X509_REQ *req);
int X509_REQ_set_version(X509_REQ *x, long version);
X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
const X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name);
void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg);
@@ -759,7 +759,7 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
#endif
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
const X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(const X509_CRL *crl);
const X509_ALGOR *X509_CRL_get0_tbs_sigalg(const X509_CRL *crl);
@@ -857,7 +857,7 @@ OSSL_DEPRECATEDIN_4_0 int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos);
int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj,
int lastpos);
X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
const X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
int loc, int set);
@@ -885,8 +885,8 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
const unsigned char *bytes, int len);
ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
const ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
const ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder,
ssl/ssl_cert.c
+9 -6
View File
@@ -774,6 +774,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
{
BIO *in = BIO_new(BIO_s_file());
X509 *x = NULL;
const X509_NAME *cxn = NULL;
X509_NAME *xn = NULL;
STACK_OF(X509_NAME) *ret = NULL;
LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
@@ -812,10 +813,10 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
goto err;
}
}
if ((xn = X509_get_subject_name(x)) == NULL)
if ((cxn = X509_get_subject_name(x)) == NULL)
goto err;
/* check for duplicates */
xn = X509_NAME_dup(xn);
xn = X509_NAME_dup(cxn);
if (xn == NULL)
goto err;
if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
@@ -856,6 +857,7 @@ static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
{
BIO *in;
X509 *x = NULL;
const X509_NAME *cxn = NULL;
X509_NAME *xn = NULL;
int ret = 1;
@@ -872,9 +874,9 @@ static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
for (;;) {
if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
break;
if ((xn = X509_get_subject_name(x)) == NULL)
if ((cxn = X509_get_subject_name(x)) == NULL)
goto err;
xn = X509_NAME_dup(xn);
xn = X509_NAME_dup(cxn);
if (xn == NULL)
goto err;
if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
@@ -1023,6 +1025,7 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
int ok = 1;
OSSL_STORE_CTX *ctx = NULL;
X509 *x = NULL;
const X509_NAME *cxn = NULL;
X509_NAME *xn = NULL;
OSSL_STORE_INFO *info = NULL;
@@ -1046,8 +1049,8 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
depth - 1);
} else if (infotype == OSSL_STORE_INFO_CERT) {
if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL
|| (xn = X509_get_subject_name(x)) == NULL
|| (xn = X509_NAME_dup(xn)) == NULL)
|| (cxn = X509_get_subject_name(x)) == NULL
|| (xn = X509_NAME_dup(cxn)) == NULL)
goto err;
if (sk_X509_NAME_find(stack, xn) >= 0) {
/* Duplicate. */
test/sslapitest.c
+3 -1
View File
@@ -10825,13 +10825,14 @@ static int create_cert_key(int idx, char *certfilename, char *privkeyfilename)
|| !TEST_true(X509_gmtime_adj(X509_getm_notBefore(x509), 0))
|| !TEST_true(X509_gmtime_adj(X509_getm_notAfter(x509), 31536000L))
|| !TEST_true(X509_set_pubkey(x509, pkey))
|| !TEST_ptr(name = X509_get_subject_name(x509))
|| !TEST_ptr(name = X509_NAME_new())
|| !TEST_true(X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
(unsigned char *)"CH", -1, -1, 0))
|| !TEST_true(X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
(unsigned char *)"test.org", -1, -1, 0))
|| !TEST_true(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
(unsigned char *)"localhost", -1, -1, 0))
|| !TEST_true(X509_set_subject_name(x509, name))
|| !TEST_true(X509_set_issuer_name(x509, name))
|| !TEST_true(X509_sign(x509, pkey, EVP_sha1()))
|| !TEST_ptr(keybio = BIO_new_file(privkeyfilename, "wb"))
@@ -10842,6 +10843,7 @@ static int create_cert_key(int idx, char *certfilename, char *privkeyfilename)
EVP_PKEY_free(pkey);
X509_free(x509);
X509_NAME_free(name);
EVP_PKEY_CTX_free(evpctx);
BIO_free(keybio);
BIO_free(certbio);