rpms/globus-gsi-proxy-core/F-13 globus-gsi-proxy-core-oid.patch, NONE, 1.1 globus-gsi-proxy-core.spec, 1.6, 1.7 import.log, 1.4, 1.5
Mattias Ellert
ellert at fedoraproject.org
Sat Jun 5 15:49:44 UTC 2010
- Previous message: rpms/globus-gsi-proxy-core/devel globus-gsi-proxy-core-oid.patch, NONE, 1.1 globus-gsi-proxy-core.spec, 1.6, 1.7 import.log, 1.4, 1.5
- Next message: rpms/globus-gsi-proxy-core/F-12 globus-gsi-proxy-core-oid.patch, NONE, 1.1 globus-gsi-proxy-core.spec, 1.6, 1.7 import.log, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ellert
Update of /cvs/pkgs/rpms/globus-gsi-proxy-core/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv9385/F-13
Modified Files:
globus-gsi-proxy-core.spec import.log
Added Files:
globus-gsi-proxy-core-oid.patch
Log Message:
* Mon May 31 2010 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.4-2
- Fix OID registration pollution
globus-gsi-proxy-core-oid.patch:
globus_gsi_proxy.c | 216 ++++++++++++++++++++++++++++++++++++++++++----
globus_gsi_proxy_handle.c | 6 -
2 files changed, 203 insertions(+), 19 deletions(-)
--- NEW FILE globus-gsi-proxy-core-oid.patch ---
diff -ur globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy.c globus_gsi_proxy_core-4.4/library/globus_gsi_proxy.c
--- globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy.c 2010-01-04 23:03:15.000000000 +0100
+++ globus_gsi_proxy_core-4.4/library/globus_gsi_proxy.c 2010-06-02 11:34:26.412124609 +0200
@@ -355,11 +355,11 @@
if(GLOBUS_GSI_CERT_UTILS_IS_GSI_3_PROXY(handle->type))
{
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID);
}
else if(!GLOBUS_GSI_CERT_UTILS_IS_GSI_2_PROXY(handle->type))
{
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID);
}
if(pci_NID != NID_undef)
@@ -370,9 +370,12 @@
unsigned char * der_data;
X509_EXTENSION * pci_ext;
STACK_OF(X509_EXTENSION) * extensions;
- X509V3_EXT_METHOD * ext_method;
+ const X509V3_EXT_METHOD * ext_method;
ext_method = X509V3_EXT_get_nid(pci_NID);
+
+ if (ext_method->i2d)
+ {
length = ext_method->i2d(handle->proxy_cert_info, NULL);
if(length < 0)
@@ -440,6 +443,95 @@
ASN1_OCTET_STRING_free(ext_data);
+ }
+ else
+ {
+ X509V3_CTX ctx;
+ X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL };
+ long db = 0;
+
+ char language[80];
+ int pathlen;
+ unsigned char *policy = NULL;
+ int policy_len;
+ char *value;
+ char *tmp;
+
+ OBJ_obj2txt(language, 80,
+ handle->proxy_cert_info->policy->policy_language, 1);
+ value = globus_common_create_string("language:%s", language);
+ if (!value)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ goto error_exit;
+ }
+
+ pathlen = ASN1_INTEGER_get(handle->proxy_cert_info->path_length);
+ if (pathlen > 0)
+ {
+ tmp = globus_common_create_string("%s,pathlen:%d",
+ value, pathlen);
+ if (!tmp)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ globus_libc_free(value);
+ goto error_exit;
+ }
+ globus_libc_free(value);
+ value = tmp;
+ }
+
+ if (handle->proxy_cert_info->policy->policy)
+ {
+ policy_len = M_ASN1_STRING_length(
+ handle->proxy_cert_info->policy->policy);
+ policy = globus_malloc(policy_len + 1);
+ if(!policy)
+ {
+ GLOBUS_GSI_PROXY_MALLOC_ERROR(policy_len + 1);
+ goto error_exit;
+ }
+ memcpy(
+ policy,
+ M_ASN1_STRING_data(handle->proxy_cert_info->policy->policy),
+ policy_len);
+ policy[policy_len] = '\0';
+ tmp = globus_common_create_string("%s,policy:text:%s",
+ value, policy);
+ if (!tmp)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ globus_libc_free(value);
+ globus_libc_free(policy);
+ goto error_exit;
+ }
+ globus_libc_free(value);
+ globus_libc_free(policy);
+ value = tmp;
+ }
+
+ X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L);
+ ctx.db_meth = &method;
+ ctx.db = &db;
+ pci_ext = X509V3_EXT_conf_nid(NULL, &ctx, pci_NID, value);
+
+ globus_libc_free(value);
+
+ if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(handle->type))
+ {
+ X509_EXTENSION_set_critical(pci_ext, 1);
+ }
+ }
+
extensions = sk_X509_EXTENSION_new_null();
sk_X509_EXTENSION_push(extensions, pci_ext);
@@ -588,8 +680,8 @@
req_extensions = X509_REQ_get_extensions(handle->req);
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN);
- pci_old_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID);
+ pci_old_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID);
for(i=0;i<sk_X509_EXTENSION_num(req_extensions);i++)
{
@@ -645,17 +737,17 @@
if(nid == pci_old_NID)
{
- if(policy_nid == OBJ_sn2nid(IMPERSONATION_PROXY_SN))
+ if(policy_nid == OBJ_txt2nid(IMPERSONATION_PROXY_OID))
{
handle->type=
GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_IMPERSONATION_PROXY;
}
- else if(policy_nid == OBJ_sn2nid(INDEPENDENT_PROXY_SN))
+ else if(policy_nid == OBJ_txt2nid(INDEPENDENT_PROXY_OID))
{
handle->type =
GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_INDEPENDENT_PROXY;
}
- else if(policy_nid == OBJ_sn2nid(LIMITED_PROXY_SN))
+ else if(policy_nid == OBJ_txt2nid(LIMITED_PROXY_OID))
{
handle->type =
GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_LIMITED_PROXY;
@@ -668,17 +760,17 @@
}
else
{
- if(policy_nid == OBJ_sn2nid(IMPERSONATION_PROXY_SN))
+ if(policy_nid == OBJ_txt2nid(IMPERSONATION_PROXY_OID))
{
handle->type=
GLOBUS_GSI_CERT_UTILS_TYPE_RFC_IMPERSONATION_PROXY;
}
- else if(policy_nid == OBJ_sn2nid(INDEPENDENT_PROXY_SN))
+ else if(policy_nid == OBJ_txt2nid(INDEPENDENT_PROXY_OID))
{
handle->type =
GLOBUS_GSI_CERT_UTILS_TYPE_RFC_INDEPENDENT_PROXY;
}
- else if(policy_nid == OBJ_sn2nid(LIMITED_PROXY_SN))
+ else if(policy_nid == OBJ_txt2nid(LIMITED_PROXY_OID))
{
handle->type =
GLOBUS_GSI_CERT_UTILS_TYPE_RFC_LIMITED_PROXY;
@@ -1156,11 +1248,11 @@
if(GLOBUS_GSI_CERT_UTILS_IS_GSI_3_PROXY(proxy_type))
{
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID);
}
else if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(proxy_type))
{
- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN);
+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID);
}
if(pci_NID != NID_undef)
@@ -1169,7 +1261,7 @@
unsigned char md[SHA_DIGEST_LENGTH];
long sub_hash;
unsigned int len;
- X509V3_EXT_METHOD * ext_method;
+ const X509V3_EXT_METHOD * ext_method;
ext_method = X509V3_EXT_get_nid(pci_NID);
@@ -1205,6 +1297,9 @@
ASN1_INTEGER_set(serial_number, sub_hash);
+ if(ext_method->i2d)
+ {
+
pci_DER_length = ext_method->i2d(handle->proxy_cert_info,
NULL);
if(pci_DER_length < 0)
@@ -1268,6 +1363,95 @@
goto done;
}
+ }
+ else
+ {
+ X509V3_CTX ctx;
+ X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL };
+ long db = 0;
+
+ char language[80];
+ int pathlen;
+ unsigned char *policy = NULL;
+ int policy_len;
+ char *value;
+ char *tmp;
+
+ OBJ_obj2txt(language, 80,
+ handle->proxy_cert_info->policy->policy_language, 1);
+ value = globus_common_create_string("language:%s", language);
+ if (!value)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ goto done;
+ }
+
+ pathlen = ASN1_INTEGER_get(handle->proxy_cert_info->path_length);
+ if (pathlen > 0)
+ {
+ tmp = globus_common_create_string("%s,pathlen:%d",
+ value, pathlen);
+ if (!tmp)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ globus_libc_free(value);
+ goto done;
+ }
+ globus_libc_free(value);
+ value = tmp;
+ }
+
+ if (handle->proxy_cert_info->policy->policy)
+ {
+ policy_len = M_ASN1_STRING_length(
+ handle->proxy_cert_info->policy->policy);
+ policy = globus_malloc(policy_len + 1);
+ if(!policy)
+ {
+ GLOBUS_GSI_PROXY_MALLOC_ERROR(policy_len + 1);
+ goto done;
+ }
+ memcpy(
+ policy,
+ M_ASN1_STRING_data(handle->proxy_cert_info->policy->policy),
+ policy_len);
+ policy[policy_len] = '\0';
+ tmp = globus_common_create_string("%s,policy:text:%s",
+ value, policy);
+ if (!tmp)
+ {
+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO,
+ (_PCSL("Couldn't create PROXYCERTINFO extension")));
+ globus_libc_free(value);
+ globus_libc_free(policy);
+ goto done;
+ }
+ globus_libc_free(value);
+ globus_libc_free(policy);
+ value = tmp;
+ }
+
+ X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L);
+ ctx.db_meth = &method;
+ ctx.db = &db;
+ pci_ext = X509V3_EXT_conf_nid(NULL, &ctx, pci_NID, value);
+
+ globus_libc_free(value);
+
+ if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(proxy_type))
+ {
+ X509_EXTENSION_set_critical(pci_ext, 1);
+ }
+ }
+
if(!X509_add_ext(*signed_cert, pci_ext, 0))
{
GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT(
@@ -1618,12 +1802,12 @@
if(pci_DER)
{
free(pci_DER);
- pci_DER = NULL;
+ pci_DER = NULL;
}
pci_DER_string->data = NULL;
pci_DER_string->length = 0;
ASN1_OCTET_STRING_free(pci_DER_string);
- pci_DER_string = NULL;
+ pci_DER_string = NULL;
}
#else
diff -ur globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy_handle.c globus_gsi_proxy_core-4.4/library/globus_gsi_proxy_handle.c
--- globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy_handle.c 2008-09-15 17:06:26.000000000 +0200
+++ globus_gsi_proxy_core-4.4/library/globus_gsi_proxy_handle.c 2010-05-15 20:32:02.694503160 +0200
@@ -646,19 +646,19 @@
case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_IMPERSONATION_PROXY:
case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_IMPERSONATION_PROXY:
result = globus_gsi_proxy_handle_set_policy(
- handle, NULL, 0, OBJ_sn2nid(IMPERSONATION_PROXY_SN));
+ handle, NULL, 0, OBJ_txt2nid(IMPERSONATION_PROXY_OID));
break;
case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_INDEPENDENT_PROXY:
case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_INDEPENDENT_PROXY:
result = globus_gsi_proxy_handle_set_policy(
- handle, NULL, 0, OBJ_sn2nid(INDEPENDENT_PROXY_SN));
+ handle, NULL, 0, OBJ_txt2nid(INDEPENDENT_PROXY_OID));
break;
case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_LIMITED_PROXY:
case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_LIMITED_PROXY:
result = globus_gsi_proxy_handle_set_policy(
- handle, NULL, 0, OBJ_sn2nid(LIMITED_PROXY_SN));
+ handle, NULL, 0, OBJ_txt2nid(LIMITED_PROXY_OID));
break;
default:
break;
Index: globus-gsi-proxy-core.spec
===================================================================
RCS file: /cvs/pkgs/rpms/globus-gsi-proxy-core/F-13/globus-gsi-proxy-core.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- globus-gsi-proxy-core.spec 16 Apr 2010 14:59:39 -0000 1.6
+++ globus-gsi-proxy-core.spec 5 Jun 2010 15:49:44 -0000 1.7
@@ -7,7 +7,7 @@
Name: globus-gsi-proxy-core
%global _name %(tr - _ <<< %{name})
Version: 4.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Globus Toolkit - Globus GSI Proxy Core Library
Group: System Environment/Libraries
@@ -23,6 +23,9 @@ Source: %{_name}-%{version}.tar.gz
# This is a workaround for the broken epstopdf script in RHEL5
# See: https://bugzilla.redhat.com/show_bug.cgi?id=450388
Source9: epstopdf-2.9.5gw
+# Fix duplicate OID registrations:
+# http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7032
+Patch0: %{name}-oid.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: globus-openssl%{?_isa} >= 1
@@ -99,6 +102,7 @@ Globus GSI Proxy Core Library Documentat
%prep
%setup -q -n %{_name}-%{version}
+%patch0 -p1
%if "%{rhel}" == "5"
mkdir bin
@@ -200,6 +204,9 @@ rm -rf $RPM_BUILD_ROOT
%dir %{_docdir}/%{name}-%{version}/html
%changelog
+* Mon May 31 2010 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.4-2
+- Fix OID registration pollution
+
* Wed Apr 14 2010 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.4-1
- Update to Globus Toolkit 5.0.1
- Drop patch globus-gsi-proxy-core-typo.patch (fixed upstream)
Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/globus-gsi-proxy-core/F-13/import.log,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- import.log 16 Apr 2010 14:59:40 -0000 1.4
+++ import.log 5 Jun 2010 15:49:44 -0000 1.5
@@ -2,3 +2,4 @@ globus-gsi-proxy-core-3_4-1_fc9:HEAD:glo
globus-gsi-proxy-core-3_4-2_fc9:HEAD:globus-gsi-proxy-core-3.4-2.fc9.src.rpm:1245085941
globus-gsi-proxy-core-4_3-1_fc12:HEAD:globus-gsi-proxy-core-4.3-1.fc12.src.rpm:1265702076
globus-gsi-proxy-core-4_4-1_fc12:F-13:globus-gsi-proxy-core-4.4-1.fc12.src.rpm:1271429963
+globus-gsi-proxy-core-4_4-2_fc12:F-13:globus-gsi-proxy-core-4.4-2.fc12.src.rpm:1275752968
- Previous message: rpms/globus-gsi-proxy-core/devel globus-gsi-proxy-core-oid.patch, NONE, 1.1 globus-gsi-proxy-core.spec, 1.6, 1.7 import.log, 1.4, 1.5
- Next message: rpms/globus-gsi-proxy-core/F-12 globus-gsi-proxy-core-oid.patch, NONE, 1.1 globus-gsi-proxy-core.spec, 1.6, 1.7 import.log, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list