mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-27 03:42:40 +00:00
X509: simplify revised validation logic and add to CRL validation
This commit is contained in:
parent
340deffc98
commit
247e969366
@ -2182,7 +2182,7 @@ class File_X509
|
|||||||
switch (true) {
|
switch (true) {
|
||||||
case !is_array($authorityKey):
|
case !is_array($authorityKey):
|
||||||
case !$subjectKeyID:
|
case !$subjectKeyID:
|
||||||
case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
||||||
$signingCert = $this->currentCert; // working cert
|
$signingCert = $this->currentCert; // working cert
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2200,8 +2200,8 @@ class File_X509
|
|||||||
switch (true) {
|
switch (true) {
|
||||||
case !is_array($authorityKey):
|
case !is_array($authorityKey):
|
||||||
case !$subjectKeyID:
|
case !$subjectKeyID:
|
||||||
case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
||||||
if (isset($authorityKey['authorityCertSerialNumber']) && $authorityKey['authorityCertSerialNumber'] != $ca['tbsCertificate']['serialNumber']) {
|
if (is_array($authorityKey) && isset($authorityKey['authorityCertSerialNumber']) && $authorityKey['authorityCertSerialNumber'] != $ca['tbsCertificate']['serialNumber']) {
|
||||||
break 2; // serial mismatch - check other ca
|
break 2; // serial mismatch - check other ca
|
||||||
}
|
}
|
||||||
$signingCert = $ca; // working cert
|
$signingCert = $ca; // working cert
|
||||||
@ -2249,7 +2249,11 @@ class File_X509
|
|||||||
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
|
$subjectKeyID = $this->getExtension('id-ce-subjectKeyIdentifier', $ca);
|
||||||
switch (true) {
|
switch (true) {
|
||||||
case !is_array($authorityKey):
|
case !is_array($authorityKey):
|
||||||
case is_array($authorityKey) && isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
case !$subjectKeyID:
|
||||||
|
case isset($authorityKey['keyIdentifier']) && $authorityKey['keyIdentifier'] === $subjectKeyID:
|
||||||
|
if (is_array($authorityKey) && isset($authorityKey['authorityCertSerialNumber']) && $authorityKey['authorityCertSerialNumber'] != $ca['tbsCertificate']['serialNumber']) {
|
||||||
|
break 2; // serial mismatch - check other ca
|
||||||
|
}
|
||||||
$signingCert = $ca; // working cert
|
$signingCert = $ca; // working cert
|
||||||
break 3;
|
break 3;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user