From 6050d83e8a453096462f3731407b3266325b3909 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Thu, 13 Sep 2012 11:50:25 +0000 Subject: [PATCH] Known critical extension check is done by caNl (better than in gridsite). Have to look for RSTx509KnownCriticalExts() call. It might not be needed in future. --- org.gridsite.core/src/canl_mod_gridsite.c | 23 ----------------------- org.gridsite.core/src/grst_canl_x509.c | 1 + 2 files changed, 1 insertion(+), 23 deletions(-) diff --git a/org.gridsite.core/src/canl_mod_gridsite.c b/org.gridsite.core/src/canl_mod_gridsite.c index 1d265d3..2fccc38 100644 --- a/org.gridsite.core/src/canl_mod_gridsite.c +++ b/org.gridsite.core/src/canl_mod_gridsite.c @@ -3492,29 +3492,6 @@ int GRST_callback_SSLVerify_wrapper(int ok, X509_STORE_CTX *ctx) X509_STORE_CTX_set_error(ctx, errnum); } - /* - * New style GSI Proxy handling, with critical ProxyCertInfo - * extension: we use GRSTx509KnownCriticalExts() to check this - */ -#ifndef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION -#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -#endif - if (errnum == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) - { - if (GRSTx509KnownCriticalExts(X509_STORE_CTX_get_current_cert(ctx)) - == GRST_RET_OK) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, - "GRSTx509KnownCriticalExts() accepts previously " - "Unhandled Critical Extension (GSI Proxy?)"); - - sslconn->verify_error = NULL; - ok = TRUE; - errnum = X509_V_OK; - X509_STORE_CTX_set_error(ctx, errnum); - } - } - #if AP_MODULE_MAGIC_AT_LEAST(20051115,0) returned_ok = ok; #else diff --git a/org.gridsite.core/src/grst_canl_x509.c b/org.gridsite.core/src/grst_canl_x509.c index a1219c8..c5028ef 100644 --- a/org.gridsite.core/src/grst_canl_x509.c +++ b/org.gridsite.core/src/grst_canl_x509.c @@ -120,6 +120,7 @@ int GRSTx509NameCmp(char *a, char *b) /// Check critical extensions +/*TODO MBD*/ int GRSTx509KnownCriticalExts(X509 *cert) /// /// Returning GRST_RET_OK if all of extensions are known to us or -- 1.8.2.3