📄 ext_def.c
字号:
FL_MULTIVALUED | FL_SEQEND_3, 0, 0, 0, ( void * ) generalNameInfo },
/* subjectInfoAccess:
OID = 1 3 6 1 5 5 7 1 11
SEQUENCE SIZE (1...MAX) OF {
SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName
}
} */
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x0B" ), CRYPT_CERTINFO_SUBJECTINFOACCESS,
MKDESC( "subjectInfoAccess" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_STANDARD | FL_VALID_CERT | FL_SETOF, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "subjectInfoAccess.accessDescription (timeStamping)" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x03" ), 0,
MKDESC( "subjectInfoAccess.timeStamping (1 3 6 1 5 5 7 48 3)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,
MKDESC( "subjectInfoAccess.accessDescription.accessLocation (timeStamping)" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL | FL_SEQEND, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, 0,
MKDESC( "subjectInfoAccess.accessDescription (caRepository)" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x05" ), 0,
MKDESC( "subjectInfoAccess.caRepository (1 3 6 1 5 5 7 48 5)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,
MKDESC( "subjectInfoAccess.accessDescription.accessLocation (timeStamping)" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL | FL_SEQEND, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, 0,
MKDESC( "subjectInfoAccess.accessDescription (catchAll)" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "subjectInfoAccess.catchAll" )
FIELDTYPE_BLOB, 0, /* Match anything and ignore it */
FL_OPTIONAL | FL_NONENCODING | FL_SEQEND, 0, 0, 0, NULL },
/* ocspNonce:
OID = 1 3 6 1 5 5 7 48 1 2
nonce INTEGER
This value was supposed to be an INTEGER, however alongside a million
other pieces of braindamage OCSP forgot to actually define this
anywhere in the spec. Because of this it's possible to get other
stuff here as well, the worst-case being OpenSSL 0.9.6/0.9.7a-c which
just dump a raw blob (not any valid ASN.1 data) in here. We can't do
anything with this since we need at least something DER-encoded to be
able to read it. OpenSSL 0.9.7d and later used an OCTET STRING, so we
use the same trick as we do for the certPolicy IA5String/VisibleString
duality where we define the field as if it were a CHOICE { INTEGER,
OCTET STRING }, with the INTEGER first to make sure that we encode that
preferentially. In addition although the nonce should be an INTEGER
data value, it's really an INTEGER equivalent of an OCTET STRING hole
so we call it an octet string to make sure that it gets handled
appropriately */
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02" ), CRYPT_CERTINFO_OCSP_NONCE,
MKDESC( "ocspNonce" )
BER_OCTETSTRING, BER_INTEGER, /* Actually an INTEGER hole */
FL_MORE | FL_LEVEL_STANDARD | FL_VALID_OCSPREQ | FL_VALID_OCSPRESP | FL_OPTIONAL, 1, 64, 0, NULL },
{ NULL, CRYPT_CERTINFO_OCSP_NONCE,
MKDESC( "ocspNonce (Kludge)" )
BER_OCTETSTRING, 0,
FL_OPTIONAL, 1, 64, 0, NULL },
/* ocspAcceptableResponses:
OID = 1 3 6 1 5 5 7 48 1 4
SEQUENCE {
oidInstance1 OPTIONAL,
oidInstance2 OPTIONAL,
...
oidInstanceN OPTIONAL
} */
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x04" ), CRYPT_CERTINFO_OCSP_RESPONSE,
MKDESC( "ocspAcceptableResponses" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_STANDARD | FL_VALID_CERTREQ | FL_VALID_CERT, 0, 0, 0, NULL },
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01" ), CRYPT_CERTINFO_OCSP_RESPONSE_OCSP,
MKDESC( "ocspAcceptableResponses.ocsp (1 3 6 1 5 5 7 48 1 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_OPTIONAL, 0, 0, 0, NULL },
/* ocspNoCheck:
OID = 1 3 6 1 5 5 7 48 1 5
critical = FALSE
NULL
This value is treated as a pseudo-numeric value that must be
CRYPT_UNUSED when written and is explicitly set to CRYPT_UNUSED when
read */
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x05" ), CRYPT_CERTINFO_OCSP_NOCHECK,
MKDESC( "ocspNoCheck" )
BER_NULL, 0,
FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERT | FL_VALID_CERTREQ | FL_NONENCODING, CRYPT_UNUSED, CRYPT_UNUSED, 0, NULL },
/* ocspArchiveCutoff:
OID = 1 3 6 1 5 5 7 48 1 6
archiveCutoff GeneralizedTime */
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x06" ), CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF,
MKDESC( "ocspArchiveCutoff" )
BER_TIME_GENERALIZED, 0,
FL_LEVEL_PKIX_PARTIAL | FL_VALID_OCSPRESP, sizeof( time_t ), sizeof( time_t ), 0, NULL },
/* dateOfCertGen
OID = 1 3 36 8 3 1
dateOfCertGen GeneralizedTime */
{ MKOID( "\x06\x05\x2B\x24\x08\x03\x01" ), CRYPT_CERTINFO_SIGG_DATEOFCERTGEN,
MKDESC( "dateOfCertGen" )
BER_TIME_GENERALIZED, 0,
FL_LEVEL_PKIX_FULL | FL_VALID_CERT, sizeof( time_t ), sizeof( time_t ), 0, NULL },
/* procuration
OID = 1 3 36 8 3 2
SEQUENCE OF {
country PrintableString SIZE(2) OPTIONAL,
typeOfSubstitution [0] PrintableString OPTIONAL,
signingFor GeneralName
} */
{ MKOID( "\x06\x05\x2B\x24\x08\x03\x02" ), CRYPT_CERTINFO_SIGG_PROCURATION,
MKDESC( "procuration" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERTREQ | FL_VALID_CERT | FL_SETOF, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY,
MKDESC( "procuration.country" )
BER_STRING_PRINTABLE, 0,
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL, 2, 2, 0, NULL },
{ NULL, CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION,
MKDESC( "procuration.typeOfSubstitution" )
BER_STRING_PRINTABLE, CTAG( 0 ),
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL, 1, 128, 0, NULL },
{ NULL, CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR,
MKDESC( "procuration.signingFor.thirdPerson" )
FIELDTYPE_SUBTYPED, 0,
FL_MULTIVALUED, 0, 0, 0, ( void * ) generalNameInfo },
/* monetaryLimit
OID = 1 3 36 8 3 4
SEQUENCE {
currency PrintableString SIZE(3),
amount INTEGER,
exponent INTEGER
} */
{ MKOID( "\x06\x05\x2B\x24\x08\x03\x04" ), CRYPT_CERTINFO_SIGG_MONETARYLIMIT,
MKDESC( "monetaryLimit" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_FULL | FL_VALID_CERTREQ | FL_VALID_CERT, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SIGG_MONETARY_CURRENCY,
MKDESC( "monetaryLimit.currency" )
BER_STRING_PRINTABLE, 0,
FL_MORE, 3, 3, 0, NULL },
{ NULL, CRYPT_CERTINFO_SIGG_MONETARY_AMOUNT,
MKDESC( "monetaryLimit.amount" )
BER_INTEGER, 0,
FL_MORE, 1, 255, 0, NULL }, /* That's what the spec says */
{ NULL, CRYPT_CERTINFO_SIGG_MONETARY_EXPONENT,
MKDESC( "monetaryLimit.exponent" )
BER_INTEGER, 0,
0, 0, 255, 0, NULL },
/* restriction
OID = 1 3 36 8 3 8
restriction PrintableString */
{ MKOID( "\x06\x05\x2B\x24\x08\x03\x08" ), CRYPT_CERTINFO_SIGG_RESTRICTION,
MKDESC( "restriction" )
BER_STRING_PRINTABLE, 0,
FL_LEVEL_PKIX_FULL | FL_VALID_CERT, 1, 128, 0, NULL },
/* strongExtranet:
OID = 1 3 101 1 4 1
SEQUENCE {
version INTEGER (0),
SEQUENCE OF {
SEQUENCE {
zone INTEGER,
id OCTET STRING (SIZE(1..64))
}
}
} */
{ MKOID( "\x06\x05\x2B\x65\x01\x04\x01" ), CRYPT_CERTINFO_STRONGEXTRANET,
MKDESC( "strongExtranet" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERTREQ | FL_VALID_CERT, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "strongExtranet.version" )
FIELDTYPE_BLOB, 0, /* Always 0 */
FL_MORE | FL_NONENCODING, 0, 0, 3, "\x02\x01\x00" },
{ NULL, 0,
MKDESC( "strongExtranet.sxNetIDList" )
BER_SEQUENCE, 0,
FL_MORE | FL_SETOF, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "strongExtranet.sxNetIDList.sxNetID" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_STRONGEXTRANET_ZONE,
MKDESC( "strongExtranet.sxNetIDList.sxNetID.zone" )
BER_INTEGER, 0,
FL_MORE, 0, INT_MAX, 0, NULL },
{ NULL, CRYPT_CERTINFO_STRONGEXTRANET_ID,
MKDESC( "strongExtranet.sxNetIDList.sxnetID.id" )
BER_OCTETSTRING, 0,
FL_SEQEND_2, 1, 64, 0, NULL },
/* subjectDirectoryAttributes:
OID = 2 5 29 9
SEQUENCE SIZE (1..MAX) OF {
SEQUENCE {
type OBJECT IDENTIFIER,
values SET OF ANY -- SIZE (1)
} */
{ MKOID( "\x06\x03\x55\x1D\x09" ), CRYPT_CERTINFO_SUBJECTDIRECTORYATTRIBUTES,
MKDESC( "subjectDirectoryAttributes" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERT | FL_SETOF, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "subjectDirectoryAttributes.attribute" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SUBJECTDIR_TYPE,
MKDESC( "subjectDirectoryAttributes.attribute.type" )
BER_OBJECT_IDENTIFIER, 0,
FL_MORE | FL_MULTIVALUED, 3, 32, 0, NULL },
{ NULL, 0,
MKDESC( "subjectDirectoryAttributes.attribute.values" )
BER_SET, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SUBJECTDIR_VALUES,
MKDESC( "subjectDirectoryAttributes.attribute.values.value" )
FIELDTYPE_BLOB, 0,
FL_MULTIVALUED | FL_SEQEND, 1, 1024, 0, NULL },
/* subjectKeyIdentifier:
OID = 2 5 29 14
OCTET STRING */
{ MKOID( "\x06\x03\x55\x1D\x0E" ), CRYPT_CERTINFO_SUBJECTKEYIDENTIFIER,
MKDESC( "subjectKeyIdentifier" )
BER_OCTETSTRING, 0,
FL_LEVEL_STANDARD | FL_VALID_CERT, 1, 64, 0, NULL },
/* keyUsage:
OID = 2 5 29 15
critical = TRUE
BITSTRING */
{ MKOID( "\x06\x03\x55\x1D\x0F" ), CRYPT_CERTINFO_KEYUSAGE,
MKDESC( "keyUsage" )
BER_BITSTRING, 0,
FL_CRITICAL | FL_LEVEL_REDUCED | FL_VALID_CERTREQ | FL_VALID_CERT, 0, CRYPT_KEYUSAGE_LAST, 0, NULL },
/* privateKeyUsagePeriod:
OID = 2 5 29 16
SEQUENCE {
notBefore [ 0 ] GeneralizedTime OPTIONAL,
notAfter [ 1 ] GeneralizedTime OPTIONAL
} */
{ MKOID( "\x06\x03\x55\x1D\x10" ), CRYPT_CERTINFO_PRIVATEKEYUSAGEPERIOD,
MKDESC( "privateKeyUsagePeriod" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERT, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_PRIVATEKEY_NOTBEFORE,
MKDESC( "privateKeyUsagePeriod.notBefore" )
BER_TIME_GENERALIZED, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, sizeof( time_t ), sizeof( time_t ), 0, NULL },
{ NULL, CRYPT_CERTINFO_PRIVATEKEY_NOTAFTER,
MKDESC( "privateKeyUsagePeriod.notAfter" )
BER_TIME_GENERALIZED, CTAG( 1 ),
FL_OPTIONAL, sizeof( time_t ), sizeof( time_t ), 0, NULL },
/* subjectAltName:
OID = 2 5 29 17
SEQUENCE OF GeneralName */
{ MKOID( "\x06\x03\x55\x1D\x11" ), FIELDID_FOLLOWS,
MKDESC( "subjectAltName" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_STANDARD | FL_VALID_CERTREQ | FL_VALID_CERT | FL_SETOF, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SUBJECTALTNAME,
MKDESC( "subjectAltName.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MULTIVALUED, 0, 0, 0, ( void * ) generalNameInfo },
/* issuerAltName:
OID = 2 5 29 18
SEQUENCE OF GeneralName */
{ MKOID( "\x06\x03\x55\x1D\x12" ), FIELDID_FOLLOWS,
MKDESC( "issuerAltName" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_STANDARD | FL_VALID_CERT | FL_VALID_CRL | FL_SETOF, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_ISSUERALTNAME,
MKDESC( "issuerAltName.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MULTIVALUED, 0, 0, 0, ( void * ) generalNameInfo },
/* basicConstraints:
OID = 2 5 29 19
critical = TRUE
SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..64) OPTIONAL
} */
{ MKOID( "\x06\x03\x55\x1D\x13" ), CRYPT_CERTINFO_BASICCONSTRAINTS,
MKDESC( "basicConstraints" )
BER_SEQUENCE, 0,
FL_MORE | FL_CRITICAL | FL_LEVEL_REDUCED | FL_VALID_CERTREQ | FL_VALID_CERT | FL_VALID_ATTRCERT, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CA,
MKDESC( "basicConstraints.cA" )
BER_BOOLEAN, 0,
FL_MORE | FL_OPTIONAL | FL_DEFAULT, FALSE, TRUE, FALSE, NULL },
{ NULL, CRYPT_CERTINFO_PATHLENCONSTRAINT,
MKDESC( "basicConstraints.pathLenConstraint" )
BER_INTEGER, 0,
FL_OPTIONAL, 0, 64, 0, NULL },
/* cRLNumber:
OID = 2 5 29 20
INTEGER */
{ MKOID( "\x06\x03\x55\x1D\x14" ), CRYPT_CERTINFO_CRLNUMBER,
MKDESC( "cRLNumber" )
BER_INTEGER, 0,
FL_LEVEL_PKIX_PARTIAL | FL_VALID_CRL, 0, INT_MAX, 0, NULL },
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -