New options to 'ca' utility to support CRL entry extensions.

Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.

1 files changed, 27 insertions, 1 deletions

diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
index d21b6fb..c3e553a 100644
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -63,11 +63,12 @@
 #include <openssl/ocsp.h>
 #include <openssl/x509v3.h>
 
-/* OCSP extensions.
+/* OCSP extensions and a couple of CRL entry extensions
  */
 
 static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
 static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
 
 static void *ocsp_nonce_new(void);
 static int i2d_ocsp_nonce(void *a, unsigned char **pp);
@@ -97,6 +98,24 @@ X509V3_EXT_METHOD v3_ocsp_acutoff = {
 	NULL
 };
 
+X509V3_EXT_METHOD v3_crl_invdate = {
+	NID_invalidity_date, 0, &ASN1_GENERALIZEDTIME_it,
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_acutoff,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_crl_hold = {
+	NID_hold_instruction_code, 0, &ASN1_OBJECT_it,
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_object,0,
+	NULL
+};
+
 X509V3_EXT_METHOD v3_ocsp_nonce = {
 	NID_id_pkix_OCSP_Nonce, 0, NULL,
 	ocsp_nonce_new,
@@ -161,6 +180,13 @@ static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, in
 }
 
 
+static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+{
+	if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+	if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
+	return 1;
+}
+
 /* OCSP nonce. This is needs special treatment because it doesn't have
  * an ASN1 encoding at all: it just contains arbitrary data.
  */