2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* All functions which relate to X.509 certificate verification stuff are
27 #include <gnutls_int.h>
28 #include <gnutls_errors.h>
30 #include <gnutls_global.h>
31 #include <gnutls_num.h> /* MAX */
32 #include <gnutls_sig.h>
33 #include <gnutls_str.h>
34 #include <gnutls_datum.h>
37 #include <gnutls_pk.h>
39 static int is_crl_issuer (gnutls_x509_crl_t crl
,
40 gnutls_x509_crt_t issuer_cert
);
42 static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl
,
43 const gnutls_x509_crt_t
* trusted_cas
,
44 int tcas_size
, unsigned int flags
,
45 unsigned int *output
);
47 /* Checks if two certs are identical. Return 0 on match. */
49 check_if_same_cert (gnutls_x509_crt_t cert1
, gnutls_x509_crt_t cert2
)
51 gnutls_datum_t cert1bin
= { NULL
, 0 }, cert2bin
=
55 uint8_t serial1
[128], serial2
[128];
56 size_t serial1_size
, serial2_size
;
58 serial1_size
= sizeof (serial1
);
59 result
= gnutls_x509_crt_get_serial (cert1
, serial1
, &serial1_size
);
66 serial2_size
= sizeof (serial2
);
67 result
= gnutls_x509_crt_get_serial (cert2
, serial2
, &serial2_size
);
74 if (serial2_size
!= serial1_size
75 || memcmp (serial1
, serial2
, serial1_size
) != 0)
81 result
= _gnutls_x509_der_encode (cert1
->cert
, "", &cert1bin
, 0);
88 result
= _gnutls_x509_der_encode (cert2
->cert
, "", &cert2bin
, 0);
95 if ((cert1bin
.size
== cert2bin
.size
) &&
96 (memcmp (cert1bin
.data
, cert2bin
.data
, cert1bin
.size
) == 0))
102 _gnutls_free_datum (&cert1bin
);
103 _gnutls_free_datum (&cert2bin
);
107 /* Checks if the issuer of a certificate is a
108 * Certificate Authority, or if the certificate is the same
109 * as the issuer (and therefore it doesn't need to be a CA).
111 * Returns true or false, if the issuer is a CA,
115 check_if_ca (gnutls_x509_crt_t cert
, gnutls_x509_crt_t issuer
,
118 gnutls_datum_t cert_signed_data
= { NULL
, 0 };
119 gnutls_datum_t issuer_signed_data
= { NULL
, 0 };
120 gnutls_datum_t cert_signature
= { NULL
, 0 };
121 gnutls_datum_t issuer_signature
= { NULL
, 0 };
124 /* Check if the issuer is the same with the
125 * certificate. This is added in order for trusted
126 * certificates to be able to verify themselves.
130 _gnutls_x509_get_signed_data (issuer
->cert
, "tbsCertificate",
131 &issuer_signed_data
);
139 _gnutls_x509_get_signed_data (cert
->cert
, "tbsCertificate",
148 _gnutls_x509_get_signature (issuer
->cert
, "signature", &issuer_signature
);
156 _gnutls_x509_get_signature (cert
->cert
, "signature", &cert_signature
);
163 /* If the subject certificate is the same as the issuer
166 if (!(flags
& GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
))
167 if (cert_signed_data
.size
== issuer_signed_data
.size
)
169 if ((memcmp (cert_signed_data
.data
, issuer_signed_data
.data
,
170 cert_signed_data
.size
) == 0) &&
171 (cert_signature
.size
== issuer_signature
.size
) &&
172 (memcmp (cert_signature
.data
, issuer_signature
.data
,
173 cert_signature
.size
) == 0))
180 result
= gnutls_x509_crt_get_ca_status (issuer
, NULL
);
186 /* Handle V1 CAs that do not have a basicConstraint, but accept
187 these certs only if the appropriate flags are set. */
188 else if ((result
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
) &&
189 ((flags
& GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT
) ||
190 (!(flags
& GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT
) &&
191 (gnutls_x509_crt_check_issuer (issuer
, issuer
) == 1))))
203 _gnutls_free_datum (&cert_signed_data
);
204 _gnutls_free_datum (&issuer_signed_data
);
205 _gnutls_free_datum (&cert_signature
);
206 _gnutls_free_datum (&issuer_signature
);
211 /* This function checks if 'certs' issuer is 'issuer_cert'.
212 * This does a straight (DER) compare of the issuer/subject fields in
213 * the given certificates.
215 * Returns 1 if they match and (0) if they don't match. Otherwise
216 * a negative error code is returned to indicate error.
219 is_issuer (gnutls_x509_crt_t cert
, gnutls_x509_crt_t issuer_cert
)
221 gnutls_datum_t dn1
= { NULL
, 0 },
229 ret
= gnutls_x509_crt_get_raw_issuer_dn (cert
, &dn1
);
236 ret
= gnutls_x509_crt_get_raw_dn (issuer_cert
, &dn2
);
243 ret
= _gnutls_x509_compare_raw_dn (&dn1
, &dn2
);
247 /* check if the authority key identifier matches the subject key identifier
249 id1_size
= sizeof(id1
);
251 ret
= gnutls_x509_crt_get_authority_key_id(cert
, id1
, &id1_size
, NULL
);
258 id2_size
= sizeof(id2
);
259 ret
= gnutls_x509_crt_get_subject_key_id(issuer_cert
, id2
, &id2_size
, NULL
);
267 if (id1_size
== id2_size
&& memcmp(id1
, id2
, id1_size
) == 0)
274 _gnutls_free_datum (&dn1
);
275 _gnutls_free_datum (&dn2
);
280 /* Checks if the DN of two certificates is the same.
281 * Returns 1 if they match and (0) if they don't match. Otherwise
282 * a negative error code is returned to indicate error.
285 _gnutls_is_same_dn (gnutls_x509_crt_t cert1
, gnutls_x509_crt_t cert2
)
287 gnutls_datum_t dn1
= { NULL
, 0 }, dn2
=
292 ret
= gnutls_x509_crt_get_raw_dn (cert1
, &dn1
);
299 ret
= gnutls_x509_crt_get_raw_dn (cert2
, &dn2
);
306 ret
= _gnutls_x509_compare_raw_dn (&dn1
, &dn2
);
309 _gnutls_free_datum (&dn1
);
310 _gnutls_free_datum (&dn2
);
314 /* Finds an issuer of the certificate. If multiple issuers
315 * are present, returns one that is activated and not expired.
317 static inline gnutls_x509_crt_t
318 find_issuer (gnutls_x509_crt_t cert
,
319 const gnutls_x509_crt_t
* trusted_cas
, int tcas_size
)
322 gnutls_x509_crt_t issuer
= NULL
;
324 /* this is serial search.
327 for (i
= 0; i
< tcas_size
; i
++)
329 if (is_issuer (cert
, trusted_cas
[i
]) == 1)
333 issuer
= trusted_cas
[i
];
337 time_t now
= gnutls_time(0);
339 if (now
< gnutls_x509_crt_get_expiration_time(trusted_cas
[i
]) &&
340 now
>= gnutls_x509_crt_get_activation_time(trusted_cas
[i
]))
342 issuer
= trusted_cas
[i
];
352 check_time (gnutls_x509_crt_t crt
, time_t now
)
357 t
= gnutls_x509_crt_get_activation_time (crt
);
358 if (t
== (time_t) - 1 || now
< t
)
360 status
|= GNUTLS_CERT_NOT_ACTIVATED
;
361 status
|= GNUTLS_CERT_INVALID
;
365 t
= gnutls_x509_crt_get_expiration_time (crt
);
366 if (t
== (time_t) - 1 || now
> t
)
368 status
|= GNUTLS_CERT_EXPIRED
;
369 status
|= GNUTLS_CERT_INVALID
;
377 * Verifies the given certificate again a certificate list of
380 * Returns only 0 or 1. If 1 it means that the certificate
381 * was successfuly verified.
383 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
385 * Output will hold some extra information about the verification
386 * procedure. Issuer will hold the actual issuer from the trusted list.
389 _gnutls_verify_certificate2 (gnutls_x509_crt_t cert
,
390 const gnutls_x509_crt_t
* trusted_cas
,
391 int tcas_size
, unsigned int flags
,
392 unsigned int *output
,
393 gnutls_x509_crt_t
* _issuer
,
395 gnutls_verify_output_function func
)
397 gnutls_datum_t cert_signed_data
= { NULL
, 0 };
398 gnutls_datum_t cert_signature
= { NULL
, 0 };
399 gnutls_x509_crt_t issuer
= NULL
;
400 int issuer_version
, result
, hash_algo
;
401 unsigned int out
= 0, usage
;
407 issuer
= find_issuer (cert
, trusted_cas
, tcas_size
);
411 out
= GNUTLS_CERT_SIGNER_NOT_FOUND
| GNUTLS_CERT_INVALID
;
418 /* issuer is not in trusted certificate
423 out
= GNUTLS_CERT_SIGNER_NOT_FOUND
| GNUTLS_CERT_INVALID
;
434 issuer_version
= gnutls_x509_crt_get_version (issuer
);
435 if (issuer_version
< 0)
438 return issuer_version
;
441 if (!(flags
& GNUTLS_VERIFY_DISABLE_CA_SIGN
) &&
442 ((flags
& GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT
)
443 || issuer_version
!= 1))
445 if (check_if_ca (cert
, issuer
, flags
) == 0)
448 out
= GNUTLS_CERT_SIGNER_NOT_CA
| GNUTLS_CERT_INVALID
;
455 result
= gnutls_x509_crt_get_key_usage(issuer
, &usage
, NULL
);
458 if (!(usage
& GNUTLS_KEY_KEY_CERT_SIGN
))
461 out
= GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE
| GNUTLS_CERT_INVALID
;
471 _gnutls_x509_get_signed_data (cert
->cert
, "tbsCertificate",
480 _gnutls_x509_get_signature (cert
->cert
, "signature", &cert_signature
);
487 result
= _gnutls_x509_get_signature_algorithm(cert
->cert
, "signatureAlgorithm.algorithm");
494 hash_algo
= gnutls_sign_get_hash_algorithm(result
);
497 _gnutls_x509_verify_data (hash_algo
, &cert_signed_data
, &cert_signature
,
499 if (result
== GNUTLS_E_PK_SIG_VERIFY_FAILED
)
502 out
|= GNUTLS_CERT_INVALID
| GNUTLS_CERT_SIGNATURE_FAILURE
;
503 /* error. ignore it */
514 /* If the certificate is not self signed check if the algorithms
515 * used are secure. If the certificate is self signed it doesn't
518 if (is_issuer (cert
, cert
) == 0)
522 sigalg
= gnutls_x509_crt_get_signature_algorithm (cert
);
524 if (((sigalg
== GNUTLS_SIGN_RSA_MD2
) &&
525 !(flags
& GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2
)) ||
526 ((sigalg
== GNUTLS_SIGN_RSA_MD5
) &&
527 !(flags
& GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
)))
529 out
= GNUTLS_CERT_INSECURE_ALGORITHM
| GNUTLS_CERT_INVALID
;
536 /* Check activation/expiration times
538 if (!(flags
& GNUTLS_VERIFY_DISABLE_TIME_CHECKS
))
540 /* check the time of the issuer first */
541 if (!(flags
& GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
))
543 out
|= check_time (issuer
, now
);
547 if (output
) *output
|= out
;
551 out
|= check_time (cert
, now
);
555 if (output
) *output
|= out
;
560 if (result
>= 0 && func
) func(cert
, issuer
, NULL
, out
);
561 _gnutls_free_datum (&cert_signed_data
);
562 _gnutls_free_datum (&cert_signature
);
568 * gnutls_x509_crt_check_issuer:
569 * @cert: is the certificate to be checked
570 * @issuer: is the certificate of a possible issuer
572 * This function will check if the given certificate was issued by the
573 * given issuer. It checks the DN fields and the authority
574 * key identifier and subject key identifier fields match.
576 * Returns: It will return true (1) if the given certificate is issued
577 * by the given issuer, and false (0) if not. A negative error code is
578 * returned in case of an error.
581 gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert
,
582 gnutls_x509_crt_t issuer
)
584 return is_issuer (cert
, issuer
);
587 /* Verify X.509 certificate chain.
589 * Note that the return value is an OR of GNUTLS_CERT_* elements.
591 * This function verifies a X.509 certificate list. The certificate
592 * list should lead to a trusted certificate in order to be trusted.
595 _gnutls_x509_verify_certificate (const gnutls_x509_crt_t
* certificate_list
,
597 const gnutls_x509_crt_t
* trusted_cas
,
600 gnutls_verify_output_function func
)
603 unsigned int status
= 0, output
;
604 time_t now
= gnutls_time (0);
605 gnutls_x509_crt_t issuer
= NULL
;
609 /* Check if the last certificate in the path is self signed.
610 * In that case ignore it (a certificate is trusted only if it
611 * leads to a trusted party by us, not the server's).
613 * This prevents from verifying self signed certificates against
614 * themselves. This (although not bad) caused verification
615 * failures on some root self signed certificates that use the
618 if (gnutls_x509_crt_check_issuer (certificate_list
[clist_size
- 1],
619 certificate_list
[clist_size
- 1]) > 0)
625 /* We want to shorten the chain by removing the cert that matches
626 * one of the certs we trust and all the certs after that i.e. if
627 * cert chain is A signed-by B signed-by C signed-by D (signed-by
628 * self-signed E but already removed above), and we trust B, remove
630 if (!(flags
& GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
))
631 i
= 0; /* also replace the first one */
633 i
= 1; /* do not replace the first one */
635 for (; i
< clist_size
; i
++)
639 for (j
= 0; j
< tcas_size
; j
++)
641 if (check_if_same_cert (certificate_list
[i
], trusted_cas
[j
]) == 0)
643 /* explicity time check for trusted CA that we remove from
644 * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
646 if (!(flags
& GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
)
647 && !(flags
& GNUTLS_VERIFY_DISABLE_TIME_CHECKS
))
649 status
|= check_time (trusted_cas
[j
], now
);
652 if (func
) func(certificate_list
[i
], trusted_cas
[j
], NULL
, status
);
657 if (func
) func(certificate_list
[i
], trusted_cas
[j
], NULL
, status
);
662 /* clist_size may have been changed which gets out of loop */
667 /* The certificate is already present in the trusted certificate list.
668 * Nothing to verify. */
672 /* Verify the last certificate in the certificate path
673 * against the trusted CA certificate list.
675 * If no CAs are present returns CERT_INVALID. Thus works
676 * in self signed etc certificates.
679 ret
= _gnutls_verify_certificate2 (certificate_list
[clist_size
- 1],
680 trusted_cas
, tcas_size
, flags
, &output
,
684 /* if the last certificate in the certificate
685 * list is invalid, then the certificate is not
690 status
|= GNUTLS_CERT_INVALID
;
694 /* Verify the certificate path (chain)
696 for (i
= clist_size
- 1; i
> 0; i
--)
702 /* note that here we disable this V1 CA flag. So that no version 1
703 * certificates can exist in a supplied chain.
705 if (!(flags
& GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT
))
706 flags
&= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
);
708 _gnutls_verify_certificate2 (certificate_list
[i
- 1],
709 &certificate_list
[i
], 1, flags
,
710 &output
, NULL
, now
, func
)) == 0)
713 status
|= GNUTLS_CERT_INVALID
;
721 /* This will return the appropriate hash to verify the given signature.
722 * If signature is NULL it will return an (or the) appropriate hash for
723 * the given parameters.
726 _gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t
* hash
,
727 const gnutls_datum_t
* signature
,
728 gnutls_pk_algorithm_t pk
,
729 gnutls_pk_params_st
* issuer_params
)
731 return _gnutls_pk_hash_algorithm(pk
, signature
, issuer_params
, hash
);
734 /* verifies if the certificate is properly signed.
735 * returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.
737 * 'data' is the signed data
738 * 'signature' is the signature!
741 _gnutls_x509_verify_data (gnutls_digest_algorithm_t algo
,
742 const gnutls_datum_t
* data
,
743 const gnutls_datum_t
* signature
,
744 gnutls_x509_crt_t issuer
)
746 gnutls_pk_params_st issuer_params
;
749 /* Read the MPI parameters from the issuer's certificate.
752 _gnutls_x509_crt_get_mpis (issuer
, &issuer_params
);
760 pubkey_verify_data (gnutls_x509_crt_get_pk_algorithm (issuer
, NULL
), algo
,
761 data
, signature
, &issuer_params
);
767 /* release all allocated MPIs
769 gnutls_pk_params_release(&issuer_params
);
775 * gnutls_x509_crt_list_verify:
776 * @cert_list: is the certificate list to be verified
777 * @cert_list_length: holds the number of certificate in cert_list
778 * @CA_list: is the CA list which will be used in verification
779 * @CA_list_length: holds the number of CA certificate in CA_list
780 * @CRL_list: holds a list of CRLs.
781 * @CRL_list_length: the length of CRL list.
782 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
783 * @verify: will hold the certificate verification output.
785 * This function will try to verify the given certificate list and
786 * return its status. If no flags are specified (0), this function
787 * will use the basicConstraints (2.5.29.19) PKIX extension. This
788 * means that only a certificate authority is allowed to sign a
791 * You must also check the peer's name in order to check if the verified
792 * certificate belongs to the actual peer.
794 * The certificate verification output will be put in @verify and will
795 * be one or more of the gnutls_certificate_status_t enumerated
796 * elements bitwise or'd. For a more detailed verification status use
797 * gnutls_x509_crt_verify() per list element.
799 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
800 * negative error value.
803 gnutls_x509_crt_list_verify (const gnutls_x509_crt_t
* cert_list
,
804 int cert_list_length
,
805 const gnutls_x509_crt_t
* CA_list
,
807 const gnutls_x509_crl_t
* CRL_list
,
808 int CRL_list_length
, unsigned int flags
,
809 unsigned int *verify
)
813 if (cert_list
== NULL
|| cert_list_length
== 0)
814 return GNUTLS_E_NO_CERTIFICATE_FOUND
;
816 /* Verify certificate
819 _gnutls_x509_verify_certificate (cert_list
, cert_list_length
,
820 CA_list
, CA_list_length
,
823 /* Check for revoked certificates in the chain.
825 for (i
= 0; i
< cert_list_length
; i
++)
827 ret
= gnutls_x509_crt_check_revocation (cert_list
[i
],
828 CRL_list
, CRL_list_length
);
831 *verify
|= GNUTLS_CERT_REVOKED
;
832 *verify
|= GNUTLS_CERT_INVALID
;
840 * gnutls_x509_crt_verify:
841 * @cert: is the certificate to be verified
842 * @CA_list: is one certificate that is considered to be trusted one
843 * @CA_list_length: holds the number of CA certificate in CA_list
844 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
845 * @verify: will hold the certificate verification output.
847 * This function will try to verify the given certificate and return
850 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
851 * negative error value.
854 gnutls_x509_crt_verify (gnutls_x509_crt_t cert
,
855 const gnutls_x509_crt_t
* CA_list
,
856 int CA_list_length
, unsigned int flags
,
857 unsigned int *verify
)
859 /* Verify certificate
862 _gnutls_x509_verify_certificate (&cert
, 1,
863 CA_list
, CA_list_length
,
869 * gnutls_x509_crl_check_issuer:
870 * @crl: is the CRL to be checked
871 * @issuer: is the certificate of a possible issuer
873 * This function will check if the given CRL was issued by the given
874 * issuer certificate. It will return true (1) if the given CRL was
875 * issued by the given issuer, and false (0) if not.
877 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
878 * negative error value.
881 gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl
,
882 gnutls_x509_crt_t issuer
)
884 return is_crl_issuer (crl
, issuer
);
888 * gnutls_x509_crl_verify:
889 * @crl: is the crl to be verified
890 * @CA_list: is a certificate list that is considered to be trusted one
891 * @CA_list_length: holds the number of CA certificates in CA_list
892 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
893 * @verify: will hold the crl verification output.
895 * This function will try to verify the given crl and return its status.
896 * See gnutls_x509_crt_list_verify() for a detailed description of
897 * return values. Note that since GnuTLS 3.1.4 this function includes
900 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
901 * negative error value.
904 gnutls_x509_crl_verify (gnutls_x509_crl_t crl
,
905 const gnutls_x509_crt_t
* CA_list
,
906 int CA_list_length
, unsigned int flags
,
907 unsigned int *verify
)
912 ret
= _gnutls_verify_crl2 (crl
, CA_list
, CA_list_length
, flags
, verify
);
923 /* The same as above, but here we've got a CRL.
926 is_crl_issuer (gnutls_x509_crl_t crl
, gnutls_x509_crt_t issuer_cert
)
928 gnutls_datum_t dn1
= { NULL
, 0 }, dn2
=
933 ret
= gnutls_x509_crl_get_raw_issuer_dn (crl
, &dn1
);
940 ret
= gnutls_x509_crt_get_raw_dn (issuer_cert
, &dn2
);
947 ret
= _gnutls_x509_compare_raw_dn (&dn1
, &dn2
);
950 _gnutls_free_datum (&dn1
);
951 _gnutls_free_datum (&dn2
);
956 static inline gnutls_x509_crt_t
957 find_crl_issuer (gnutls_x509_crl_t crl
,
958 const gnutls_x509_crt_t
* trusted_cas
, int tcas_size
)
962 /* this is serial search.
965 for (i
= 0; i
< tcas_size
; i
++)
967 if (is_crl_issuer (crl
, trusted_cas
[i
]) == 1)
968 return trusted_cas
[i
];
976 * Returns only 0 or 1. If 1 it means that the CRL
977 * was successfuly verified.
979 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
981 * Output will hold information about the verification
985 _gnutls_verify_crl2 (gnutls_x509_crl_t crl
,
986 const gnutls_x509_crt_t
* trusted_cas
,
987 int tcas_size
, unsigned int flags
, unsigned int *output
)
989 /* CRL is ignored for now */
990 gnutls_datum_t crl_signed_data
= { NULL
, 0 };
991 gnutls_datum_t crl_signature
= { NULL
, 0 };
992 gnutls_x509_crt_t issuer
;
993 int result
, hash_algo
;
994 time_t now
= gnutls_time(0);
1001 issuer
= find_crl_issuer (crl
, trusted_cas
, tcas_size
);
1006 *output
|= GNUTLS_CERT_SIGNER_NOT_FOUND
| GNUTLS_CERT_INVALID
;
1010 /* issuer is not in trusted certificate
1017 *output
|= GNUTLS_CERT_SIGNER_NOT_FOUND
| GNUTLS_CERT_INVALID
;
1021 if (!(flags
& GNUTLS_VERIFY_DISABLE_CA_SIGN
))
1023 if (gnutls_x509_crt_get_ca_status (issuer
, NULL
) != 1)
1027 *output
|= GNUTLS_CERT_SIGNER_NOT_CA
| GNUTLS_CERT_INVALID
;
1031 result
= gnutls_x509_crt_get_key_usage(issuer
, &usage
, NULL
);
1034 if (!(usage
& GNUTLS_KEY_CRL_SIGN
))
1038 *output
|= GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE
| GNUTLS_CERT_INVALID
;
1045 _gnutls_x509_get_signed_data (crl
->crl
, "tbsCertList", &crl_signed_data
);
1052 result
= _gnutls_x509_get_signature (crl
->crl
, "signature", &crl_signature
);
1059 result
= _gnutls_x509_get_signature_algorithm(crl
->crl
, "signatureAlgorithm.algorithm");
1066 hash_algo
= gnutls_sign_get_hash_algorithm(result
);
1069 _gnutls_x509_verify_data (hash_algo
, &crl_signed_data
, &crl_signature
,
1071 if (result
== GNUTLS_E_PK_SIG_VERIFY_FAILED
)
1074 /* error. ignore it */
1076 *output
|= GNUTLS_CERT_SIGNATURE_FAILURE
;
1079 else if (result
< 0)
1088 sigalg
= gnutls_x509_crl_get_signature_algorithm (crl
);
1090 if (((sigalg
== GNUTLS_SIGN_RSA_MD2
) &&
1091 !(flags
& GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2
)) ||
1092 ((sigalg
== GNUTLS_SIGN_RSA_MD5
) &&
1093 !(flags
& GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
)))
1096 *output
|= GNUTLS_CERT_INSECURE_ALGORITHM
;
1101 if (gnutls_x509_crl_get_this_update (crl
) > now
)
1102 *output
|= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE
;
1104 if (gnutls_x509_crl_get_next_update (crl
) < now
)
1105 *output
|= GNUTLS_CERT_REVOCATION_DATA_TOO_OLD
;
1109 if (*output
) *output
|= GNUTLS_CERT_INVALID
;
1111 _gnutls_free_datum (&crl_signed_data
);
1112 _gnutls_free_datum (&crl_signature
);