diff options
author | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2011-07-14 08:47:05 +0000 |
---|---|---|
committer | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2011-07-14 08:47:05 +0000 |
commit | f8a7d85e1c77d9ed771d805a9cd6c1abfa75a210 (patch) | |
tree | 1f9bae507d43c7c0f97b1ee003e2e2a5a00ad351 /asn1 | |
parent | 6814cd03ee5134a11cc5faa734d0c97a2a8ec018 (diff) |
Update to correct the definition of the clearance attribute used in certificates.
RFC3281 erroneously defined the Clearance attribute to be different to that defined in X.509. This has been recognised and corrected in RFC5755.
The RFC3281 syntax is retained and registered as the "RFC3281Clearance" syntax, which can be used to override the correct syntax in the BER oidtables if necessary.
svn path=/trunk/; revision=38014
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/pkixac/PKIXAttributeCertificate.asn | 8 | ||||
-rw-r--r-- | asn1/pkixac/packet-pkixac-template.c | 2 | ||||
-rw-r--r-- | asn1/pkixac/pkixac.cnf | 4 |
3 files changed, 14 insertions, 0 deletions
diff --git a/asn1/pkixac/PKIXAttributeCertificate.asn b/asn1/pkixac/PKIXAttributeCertificate.asn index d41bee1a17..5a99c7ddb1 100644 --- a/asn1/pkixac/PKIXAttributeCertificate.asn +++ b/asn1/pkixac/PKIXAttributeCertificate.asn @@ -151,12 +151,20 @@ id-at-clearance OBJECT IDENTIFIER ::= } Clearance ::= SEQUENCE { + policyId OBJECT IDENTIFIER, + classList ClassList DEFAULT {unclassified}, + securityCategories + SET OF SecurityCategory OPTIONAL + } + + RFC3281Clearance ::= SEQUENCE { policyId [0] OBJECT IDENTIFIER, classList [1] ClassList DEFAULT {unclassified}, securityCategories [2] SET OF SecurityCategory OPTIONAL } + ClassList ::= BIT STRING { unmarked (0), unclassified (1), diff --git a/asn1/pkixac/packet-pkixac-template.c b/asn1/pkixac/packet-pkixac-template.c index e174bebfbd..5639dd546e 100644 --- a/asn1/pkixac/packet-pkixac-template.c +++ b/asn1/pkixac/packet-pkixac-template.c @@ -76,6 +76,8 @@ void proto_register_pkixac(void) { proto_register_field_array(proto_pkixac, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); +#include "packet-pkixac-syn-reg.c" + } diff --git a/asn1/pkixac/pkixac.cnf b/asn1/pkixac/pkixac.cnf index dfc0c28682..9e0f5b5c04 100644 --- a/asn1/pkixac/pkixac.cnf +++ b/asn1/pkixac/pkixac.cnf @@ -34,6 +34,10 @@ V2Form #.FIELD_RENAME +#.SYNTAX +Clearance +RFC3281Clearance + #.REGISTER AAControls B "1.3.6.1.5.5.7.1.6" "id-pe-aaControls" ProxyInfo B "1.3.6.1.5.5.7.1.10" "id-pe-ac-proxying" |