Allow additional information to be attached to a

certificate: currently this includes trust settings
and a "friendly name".

1 files changed, 36 insertions, 0 deletions

diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 3352c61..ee32130 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -118,6 +118,7 @@ X509 *X509_new(void)
 	ret->valid=0;
 	ret->ex_flags = 0;
 	ret->name=NULL;
+	ret->aux=NULL;
 	M_ASN1_New(ret->cert_info,X509_CINF_new);
 	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
 	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
@@ -149,6 +150,7 @@ void X509_free(X509 *a)
 	X509_CINF_free(a->cert_info);
 	X509_ALGOR_free(a->sig_alg);
 	M_ASN1_BIT_STRING_free(a->signature);
+	X509_CERT_AUX_free(a->aux);
 
 	if (a->name != NULL) Free(a->name);
 	Free((char *)a);
@@ -172,3 +174,37 @@ char *X509_get_ex_data(X509 *r, int idx)
 	return(CRYPTO_get_ex_data(&r->ex_data,idx));
 	}
 
+/* X509_AUX ASN1 routines. X509_AUX is the name given to
+ * a certificate with extra info tagged on the end. Since these
+ * functions set how a certificate is trusted they should only
+ * be used when the certificate comes from a reliable source
+ * such as local storage.
+ *
+ */
+
+X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length)
+{
+	unsigned char *q;
+	X509 *ret;
+	/* Save start position */
+	q = *pp;
+	ret = d2i_X509(a, pp, length);
+	/* If certificate unreadable then forget it */
+	if(!ret) return NULL;
+	/* update length */
+	length -= *pp - q;
+	if(!length) return ret;
+	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+	return ret;
+	err:
+	X509_free(ret);
+	return NULL;
+}
+
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+	int length;
+	length = i2d_X509(a, pp);
+	if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+	return length;
+}