diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2015-07-23 17:30:06 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-09-03 16:31:09 -0400 |
commit | 47bbaa5b607f592009ed40f5678fde21c10a873c (patch) | |
tree | f245330f58ec496813a01925af52f9f78e1152df /crypto/x509v3/v3_purp.c | |
parent | 64b25758edca688a30f02c260262150f7ad0bc7d (diff) | |
download | openssl-47bbaa5b607f592009ed40f5678fde21c10a873c.zip openssl-47bbaa5b607f592009ed40f5678fde21c10a873c.tar.gz openssl-47bbaa5b607f592009ed40f5678fde21c10a873c.tar.bz2 |
Revert "OPENSSL_NO_xxx cleanup: RFC3779"
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.
In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/x509v3/v3_purp.c')
-rw-r--r-- | crypto/x509v3/v3_purp.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index b03c323..61d9772 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -322,8 +322,10 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ NID_ext_key_usage, /* 126 */ +#ifndef OPENSSL_NO_RFC3779 NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_autonomousSysNum, /* 291 */ +#endif NID_policy_constraints, /* 401 */ NID_proxyCertInfo, /* 663 */ NID_name_constraints, /* 666 */ @@ -503,9 +505,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; setup_crldp(x); +#ifndef OPENSSL_NO_RFC3779 x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, NULL, NULL); +#endif for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) |