Update X.509

guanzhi · Feb 6, 2024 · 983fa90 · 983fa90
1 parent 69ffa88
commit 983fa90
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 24 deletions.
diff --git a/src/x509_alg.c b/src/x509_alg.c
@@ -557,11 +557,7 @@ int x509_public_key_encryption_algor_print(FILE *fp, int fmt, int ind, const cha
 }
 
 
-
-
-
 static uint32_t oid_ec_public_key[] = { oid_x9_62,2,1 };
-//static uint32_t oid_rsa_encryption[] = { 1,2,840,113549,1,1,1 };
 
 static const ASN1_OID_INFO x509_public_key_algors[] = {
 	{ OID_ec_public_key, "ecPublicKey", oid_ec_public_key, sizeof(oid_ec_public_key)/sizeof(int), 0, "X9.62 ecPublicKey" },

diff --git a/src/x509_ext.c b/src/x509_ext.c
@@ -112,7 +112,6 @@ int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
 	return 1;
 }
 
-// 如果要支持未知的ext_id，应该提供一个callback
 int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
 {
 	int ret;
@@ -1259,9 +1258,7 @@ int x509_key_usage_check(int bits, int cert_type)
 		break;
 	case X509_cert_server_auth:
 	case X509_cert_client_auth:
-		if (!(bits & X509_KU_DIGITAL_SIGNATURE)
-			//&& !(bits & X509_KU_NON_REPUDIATION) // un-comment for compatibility
-			) {
+		if (!(bits & X509_KU_DIGITAL_SIGNATURE)) {
 			error_print();
 			return -1;
 		}
@@ -1274,9 +1271,7 @@ int x509_key_usage_check(int bits, int cert_type)
 
 	case X509_cert_server_key_encipher:
 	case X509_cert_client_key_encipher:
-		if (!(bits & X509_KU_KEY_ENCIPHERMENT)
-			//&& !(bits & X509_KU_KEY_AGREEMENT) // un-comment for compatibility
-			) {
+		if (!(bits & X509_KU_KEY_ENCIPHERMENT)) {
 			error_print();
 			return -1;
 		}
@@ -1292,23 +1287,15 @@ int x509_key_usage_check(int bits, int cert_type)
 			error_print();
 			return -1;
 		}
-		if ((bits & X509_KU_DIGITAL_SIGNATURE)
-			|| (bits & X509_KU_NON_REPUDIATION)) {
-			error_print();
-			//return -1; // comment to print warning
-		}
 		break;
+
 	case X509_cert_crl_sign:
 		if (!(bits & X509_KU_CRL_SIGN)) {
 			error_print();
 			return -1;
 		}
-		if ((bits & X509_KU_DIGITAL_SIGNATURE)
-			|| (bits & X509_KU_NON_REPUDIATION)) {
-			error_print();
-			//return -1; // comment to print warning
-		}
 		break;
+
 	default:
 		error_print();
 		return -1;

diff --git a/src/x509_req.c b/src/x509_req.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -76,12 +76,10 @@ int x509_request_info_from_der(
 		error_print();
 		return -1;
 	}
-	/*
 	if (*version != X509_version_v1) {
 		error_print();
 		return -1;
 	}
-	*/
 	return 1;
 }