1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
local ffi = require "ffi"
require "resty.openssl.include.ossl_typ"
require "resty.openssl.include.stack"
local asn1_macro = require "resty.openssl.include.asn1"
ffi.cdef [[
// STACK_OF(OPENSSL_STRING)
OPENSSL_STACK *X509_get1_ocsp(X509 *x);
void X509_email_free(OPENSSL_STACK *sk);
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
typedef struct EDIPartyName_st EDIPARTYNAME;
typedef struct otherName_st OTHERNAME;
typedef struct GENERAL_NAME_st {
int type;
union {
char *ptr;
OTHERNAME *otherName; /* otherName */
ASN1_IA5STRING *rfc822Name;
ASN1_IA5STRING *dNSName;
ASN1_TYPE *x400Address;
X509_NAME *directoryName;
EDIPARTYNAME *ediPartyName;
ASN1_IA5STRING *uniformResourceIdentifier;
ASN1_OCTET_STRING *iPAddress;
ASN1_OBJECT *registeredID;
/* Old names */
ASN1_OCTET_STRING *ip; /* iPAddress */
X509_NAME *dirn; /* dirn */
ASN1_IA5STRING *ia5; /* rfc822Name, dNSName,
* uniformResourceIdentifier */
ASN1_OBJECT *rid; /* registeredID */
ASN1_TYPE *other; /* x400Address */
} d;
} GENERAL_NAME;
// STACK_OF(GENERAL_NAME)
typedef struct stack_st GENERAL_NAMES;
// STACK_OF(X509_EXTENSION)
int X509V3_add1_i2d(OPENSSL_STACK **x, int nid, void *value,
int crit, unsigned long flags);
void *X509V3_EXT_d2i(X509_EXTENSION *ext);
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
int indent);
int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
unsigned long flags);
// although the struct has plural form, it's not a stack
typedef struct BASIC_CONSTRAINTS_st {
int ca;
ASN1_INTEGER *pathlen;
} BASIC_CONSTRAINTS;
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
X509_REQ *req, X509_CRL *crl, int flags);
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
const char *value);
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
const char *value);
int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
int indent);
void *X509V3_get_d2i(const OPENSSL_STACK *x, int nid, int *crit, int *idx);
int X509v3_get_ext_by_NID(const OPENSSL_STACK *x,
int nid, int lastpos);
X509_EXTENSION *X509v3_get_ext(const OPENSSL_STACK *x, int loc);
// STACK_OF(ACCESS_DESCRIPTION)
typedef struct stack_st AUTHORITY_INFO_ACCESS;
typedef struct ACCESS_DESCRIPTION_st {
ASN1_OBJECT *method;
GENERAL_NAME *location;
} ACCESS_DESCRIPTION;
typedef struct DIST_POINT_NAME_st {
int type;
union {
GENERAL_NAMES *fullname;
// STACK_OF(X509_NAME_ENTRY)
OPENSSL_STACK *relativename;
} name;
/* If relativename then this contains the full distribution point name */
X509_NAME *dpname;
} DIST_POINT_NAME;
typedef struct DIST_POINT_st {
DIST_POINT_NAME *distpoint;
ASN1_BIT_STRING *reasons;
GENERAL_NAMES *CRLissuer;
int dp_reasons;
} DIST_POINT;
]]
asn1_macro.declare_asn1_functions("GENERAL_NAME")
asn1_macro.declare_asn1_functions("BASIC_CONSTRAINTS")
asn1_macro.declare_asn1_functions("AUTHORITY_INFO_ACCESS") -- OCSP responder and CA
asn1_macro.declare_asn1_functions("ACCESS_DESCRIPTION")
asn1_macro.declare_asn1_functions("DIST_POINT") -- CRL distribution points
|
