Commit ed04580650 for openssl.org
commit ed04580650907bcd5c11ba09996a9fb6fb9b4972
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Nov 27 12:19:55 2025 +0100
Move CRL extensions from v3_ocsp.c to v3_crldp.c
Otherwise they will not be handled by no-ocsp build.
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29234)
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
index 4f54b7ceab..4c83df4d9f 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -24,8 +24,6 @@ static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
BIO *out, int indent);
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
BIO *out, int indent);
-static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
- int indent);
static void *ocsp_nonce_new(void);
static int i2d_ocsp_nonce(const void *a, unsigned char **pp);
@@ -59,24 +57,6 @@ const X509V3_EXT_METHOD ossl_v3_ocsp_acutoff = {
NULL
};
-const X509V3_EXT_METHOD ossl_v3_crl_invdate = {
- NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
- 0, 0, 0, 0,
- 0, 0,
- 0, 0,
- i2r_ocsp_acutoff, 0,
- NULL
-};
-
-const X509V3_EXT_METHOD ossl_v3_crl_hold = {
- NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
- 0, 0, 0, 0,
- 0, 0,
- 0, 0,
- i2r_object, 0,
- NULL
-};
-
const X509V3_EXT_METHOD ossl_v3_ocsp_nonce = {
NID_id_pkix_OCSP_Nonce, 0, NULL,
ocsp_nonce_new,
@@ -150,16 +130,6 @@ static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
return 1;
}
-static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
- int ind)
-{
- if (BIO_printf(bp, "%*s", ind, "") <= 0)
- return 0;
- if (i2a_ASN1_OBJECT(bp, oid) <= 0)
- return 0;
- return 1;
-}
-
/*
* OCSP nonce. This is needs special treatment because it doesn't have an
* ASN1 encoding at all: it just contains arbitrary data.
diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h
index aef70c2598..b9b8ada307 100644
--- a/crypto/x509/standard_exts.h
+++ b/crypto/x509/standard_exts.h
@@ -34,9 +34,7 @@ static const X509V3_EXT_METHOD *const standard_exts[] = {
&ossl_v3_ext_ku,
&ossl_v3_delta_crl,
&ossl_v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
&ossl_v3_crl_invdate,
-#endif
&ossl_v3_sxnet,
&ossl_v3_info,
&ossl_v3_audit_identity,
@@ -56,9 +54,7 @@ static const X509V3_EXT_METHOD *const standard_exts[] = {
&ossl_v3_policy_constraints,
&ossl_v3_targeting_information,
&ossl_v3_no_rev_avail,
-#ifndef OPENSSL_NO_OCSP
&ossl_v3_crl_hold,
-#endif
&ossl_v3_pci,
&ossl_v3_name_constraints,
&ossl_v3_policy_mappings,
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index 140b279d2f..ef13215aed 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -481,6 +481,49 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
return 1;
}
+static int i2r_crl_invdate(const X509V3_EXT_METHOD *method, void *date,
+ BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+ int indent);
+
+const X509V3_EXT_METHOD ossl_v3_crl_invdate = {
+ NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_crl_invdate, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD ossl_v3_crl_hold = {
+ NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_object, 0,
+ NULL
+};
+
+static int i2r_crl_invdate(const X509V3_EXT_METHOD *method, void *date,
+ BIO *bp, int ind)
+{
+ if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ return 0;
+ if (!ASN1_GENERALIZEDTIME_print(bp, date))
+ return 0;
+ return 1;
+}
+
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+ int ind)
+{
+ if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ return 0;
+ if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+ return 0;
+ return 1;
+}
+
/* Append any nameRelativeToCRLIssuer in dpn to iname, set in dpn->dpname */
int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname)
{