You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by dr...@apache.org on 2010/04/02 01:09:12 UTC

svn commit: r930131 - /httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c

Author: drh
Date: Thu Apr  1 23:09:11 2010
New Revision: 930131

URL: http://svn.apache.org/viewvc?rev=930131&view=rev
Log:
Code tidy, certificate extension decode can be done with the single
function X509_get_ext_d2i().

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=930131&r1=930130&r2=930131&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Thu Apr  1 23:09:11 2010
@@ -292,26 +292,22 @@ char *SSL_make_ciphersuite(apr_pool_t *p
 BOOL SSL_X509_isSGC(X509 *cert)
 {
 #ifdef HAVE_SSL_X509V3_EXT_d2i
-    X509_EXTENSION *ext;
     int ext_nid;
     EXTENDED_KEY_USAGE *sk;
     BOOL is_sgc;
-    int idx;
     int i;
 
     is_sgc = FALSE;
-    idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
-    if (idx >= 0) {
-        ext = X509_get_ext(cert, idx);
-        if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {
-            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
-                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i));
-                if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
-                    is_sgc = TRUE;
-                    break;
-                }
+    sk = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
+    if (sk) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
+            ext_nid = OBJ_obj2nid(sk_ASN1_OBJECT_value(sk, i));
+            if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
+                is_sgc = TRUE;
+                break;
             }
         }
+    EXTENDED_KEY_USAGE_free(sk);
     }
     return is_sgc;
 #else
@@ -323,18 +319,13 @@ BOOL SSL_X509_isSGC(X509 *cert)
 BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
 {
 #ifdef HAVE_SSL_X509V3_EXT_d2i
-    X509_EXTENSION *ext;
     BASIC_CONSTRAINTS *bc;
     int idx;
     BIGNUM *bn = NULL;
     char *cp;
 
-    if ((idx = X509_get_ext_by_NID(cert, NID_basic_constraints, -1)) < 0)
-        return FALSE;
-    ext = X509_get_ext(cert, idx);
-    if (ext == NULL)
-        return FALSE;
-    if ((bc = (BASIC_CONSTRAINTS *)X509V3_EXT_d2i(ext)) == NULL)
+    bc = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+    if (bc == NULL);
         return FALSE;
     *ca = bc->ca;
     *pathlen = -1 /* unlimited */;