]> WPIA git - cassiopeia.git/commitdiff
projects / cassiopeia.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c5e0f54)
add: handle the 'noOCSP' feature in the include section
authorFelix Dörre <felix@dogcraft.de>
Fri, 26 May 2017 11:33:30 +0000 (11:33 +0000)
committerFelix Dörre <felix@dogcraft.de>
Fri, 2 Jun 2017 22:09:46 +0000 (22:09 +0000)
Change-Id: I4b1b92796f7c021c847ba45f67291bc1d5b78860

src/config.cpp patch | blob | history
src/crypto/X509.cpp patch | blob | history
src/crypto/sslUtil.h patch | blob | history
test/genTestData.sh patch | blob | history

diff --git a/src/config.cpp b/src/config.cpp
index ccd2f246aaa3b2b574256266c120dc14e7cda3b1..8b175967de13ad74c672ab90fc0ffcae5b205324 100644 (file)
--- a/src/config.cpp
+++ b/src/config.cpp
@@ -92,6 +92,20 @@ int parseProfiles() {
         prof.id = std::stoi( id );
         prof.eku = map->at( "eku" );
         prof.ku = map->at( "ku" );
+        {
+            std::string include = map->at( "include" );
+            size_t pos = 0;
+            size_t end = 0;
+            std::unordered_set<std::string> include_set;
+
+            while( ( end = include.find( ",", pos ) ) != std::string::npos ) {
+                include_set.emplace( include.substr( pos, end - pos ) );
+                pos = end + 1;
+            }
+
+            include_set.emplace( include.substr( pos ) );
+            prof.include = include_set;
+        }
         prof.maxValidity = std::stoi( map->at( "days" ) ) * /* DAYS */24 * 60 * 60;
 
 
diff --git a/src/crypto/X509.cpp b/src/crypto/X509.cpp
index 9c2ed9a38d88aa7650940bc69049700146a80334..3d0efbcc8fa75f516cab1c01d3fb29eb6200f67f 100644 (file)
--- a/src/crypto/X509.cpp
+++ b/src/crypto/X509.cpp
@@ -185,7 +185,7 @@ void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::sha
     std::string ku = std::string( "critical," ) + prof.ku;
     add_ext( caCert, target, NID_key_usage, ku.c_str() );
     add_ext( caCert, target, NID_ext_key_usage, prof.eku.c_str() );
-    add_ext( caCert, target, NID_info_access, ( ( ocspPath.empty() ? "" : "OCSP;URI:" + ocspPath + "," ) + "caIssuers;URI:" + crtURL ).c_str() );
+    add_ext( caCert, target, NID_info_access, ( ( ocspPath.empty() || prof.include.find( "noOCSP" ) != prof.include.end() ? "" : "OCSP;URI:" + ocspPath + "," ) + "caIssuers;URI:" + crtURL ).c_str() );
     add_ext( caCert, target, NID_crl_distribution_points, ( "URI:" + crlURL ).c_str() );
 
     if( sans.empty() ) {
diff --git a/src/crypto/sslUtil.h b/src/crypto/sslUtil.h
index 2ecba42b9874686014d7c72ac77919de321a1b63..f0eaaf6e6e3d0ccf7584bf227a391b2f75f06b28 100644 (file)
--- a/src/crypto/sslUtil.h
+++ b/src/crypto/sslUtil.h
@@ -6,6 +6,7 @@
 #include <vector>
 #include <cinttypes>
 #include <ctime>
+#include <unordered_set>
 
 #include <openssl/ssl.h>
 
@@ -34,6 +35,7 @@ struct Profile {
 
     std::vector<std::shared_ptr<CAConfig>> ca;
     std::time_t maxValidity;
+    std::unordered_set<std::string> include;
     std::shared_ptr<CAConfig> getCA() {
         std::shared_ptr<CAConfig> min = nullptr;
 
diff --git a/test/genTestData.sh b/test/genTestData.sh
index 9b175f99511bc3656a59ea83b1ac1fa6b5872bbc..0de15bdc61254fc98e8fc2183225f7d9ae90eed4 100755 (executable)
--- a/test/genTestData.sh
+++ b/test/genTestData.sh
@@ -26,6 +26,7 @@ ca=unassured
 eku=
 ku=
 days=10
+include=
 EOF
 
 mkdir -p ca/unassured_2015_2
WPIA Certificate Signing Software