Remove check in cryptAddCertAttribute() which disallows adding DER blobs

when the extension is natively supported by Cryptlib. This is to work around the apparent impossiblity of adding multiple DNSName entries to the Subject Alt Name field. Sorry DigitalMan, you'll have to compile the Win32 libraries again. :-)

Remove check in cryptAddCertAttribute() which disallows adding DER blobs
f0204ee5 · deuce · 479b2dd7 · f0204ee5 · f0204ee5
Commit f0204ee5 authored 7 years ago by deuce
--- a/3rdp/build/GNUmakefile
+++ b/3rdp/build/GNUmakefile
@@ -67,7 +67,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
 $(CRYPT_IDIR): | $(3RDPODIR)
 	$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)

-$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-getseed64.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile2.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
+$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-getseed64.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile2.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
 	@echo Creating $@ ...
 	$(QUIET)-rm -rf $(CRYPT_SRC)/*
 	$(QUIET)unzip -oa $(3RDPDISTDIR)$(DIRSEP)cryptlib.zip -d $(CRYPT_SRC)
@@ -86,6 +86,7 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)b
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-win32-noasm.patch
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-zz-country.patch
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-algorithms.patch
+	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-allow-duplicate-ext.patch
 ifeq ($(CC),mingw32-gcc)
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts

--- a/3rdp/build/cl-allow-duplicate-ext.patch
+++ b/3rdp/build/cl-allow-duplicate-ext.patch
+--- cert/ext_add.c.orig	2018-02-24 01:38:55.995138000 -0500
+++ cert/ext_add.c	2018-02-24 01:39:08.783152000 -0500
+@@ -451,9 +451,11 @@
+ 	   a non-blob.  In addition it forces the caller to use the (recommended)
+ 	   normal attribute handling mechanism, which allows for proper type
+ 	   checking */
+#if 0
+ 	if( !( flags & ATTR_FLAG_BLOB ) && \
+ 		oidToAttribute( attributeType, oid, oidLength ) != NULL )
+ 		return( CRYPT_ERROR_PERMISSION );
+#endif
+ 
+ 	/* Find the correct place in the list to insert the new element */
+ 	if( DATAPTR_ISSET( listHead ) )