s4:heimdal: import lorikeet-heimdal-200911122202 (commit 9291fd2d101f3eecec550178634f...

[samba.git] / source4 / heimdal / lib / hx509 / cert.c

diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c
index 7eaf6eb3c843f38c146816fc76d4cc6d75991691..ebf02a99e34ced6df2ada3690c4e71ffdfd65c93 100644 (file)
--- a/source4/heimdal/lib/hx509/cert.c
+++ b/source4/heimdal/lib/hx509/cert.c
@@ -283,6 +283,7 @@ hx509_cert_init_data(hx509_context context,
        return ret;
     }
     if (size != len) {
+       free_Certificate(&t);
        hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE,
                               "Extra data after certificate");
        return HX509_EXTRA_DATA_AFTER_STRUCTURE;
@@ -445,7 +446,7 @@ hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set)
 {
     if (ctx->trust_anchors)
        hx509_certs_free(&ctx->trust_anchors);
-    ctx->trust_anchors = _hx509_certs_ref(set);
+    ctx->trust_anchors = hx509_certs_ref(set);
 }
 
 /**
@@ -1926,9 +1927,9 @@ hx509_verify_path(hx509_context context,
      *
      */
     if (ctx->trust_anchors)
-       anchors = _hx509_certs_ref(ctx->trust_anchors);
+       anchors = hx509_certs_ref(ctx->trust_anchors);
     else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx))
-       anchors = _hx509_certs_ref(context->default_trust_anchors);
+       anchors = hx509_certs_ref(context->default_trust_anchors);
     else {
        ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors);
        if (ret)
@@ -3451,3 +3452,66 @@ out:
     hx509_env_free(&envcert);
     return ret;
 }
+
+/**
+ * Print a simple representation of a certificate
+ *
+ * @param context A hx509 context, can be NULL
+ * @param cert certificate to print
+ * @param out the stdio output stream, if NULL, stdout is used
+ *
+ * @return An hx509 error code
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_print_cert(hx509_context context, hx509_cert cert, FILE *out)
+{
+    hx509_name name;
+    char *str;
+    int ret;
+
+    if (out == NULL)
+       out = stderr;
+
+    ret = hx509_cert_get_issuer(cert, &name);
+    if (ret)
+       return ret;
+    hx509_name_to_string(name, &str);
+    hx509_name_free(&name);
+    fprintf(out, "    issuer:  \"%s\"\n", str);
+    free(str);
+
+    ret = hx509_cert_get_subject(cert, &name);
+    if (ret)
+       return ret;
+    hx509_name_to_string(name, &str);
+    hx509_name_free(&name);
+    fprintf(out, "    subject: \"%s\"\n", str);
+    free(str);
+
+    {
+       heim_integer serialNumber;
+
+       ret = hx509_cert_get_serialnumber(cert, &serialNumber);
+       if (ret)
+           return ret;
+       ret = der_print_hex_heim_integer(&serialNumber, &str);
+       if (ret)
+           return ret;
+       der_free_heim_integer(&serialNumber);
+       fprintf(out, "    serial: %s\n", str);
+       free(str);
+    }
+
+    printf("    keyusage: ");
+    ret = hx509_cert_keyusage_print(context, cert, &str);
+    if (ret == 0) {
+       fprintf(out, "%s\n", str);
+       free(str);
+    } else
+       fprintf(out, "no");
+
+    return 0;
+}