aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/pkix
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/pkix')
-rw-r--r--lib/ssl/pkix/Makefile121
-rw-r--r--lib/ssl/pkix/OTP-PKIX.asn1config2
-rw-r--r--lib/ssl/pkix/OTP-PKIX.set.asn6
-rwxr-xr-xlib/ssl/pkix/PKCS-1.asn154
-rw-r--r--lib/ssl/pkix/PKIX1Algorithms88.asn1274
-rw-r--r--lib/ssl/pkix/PKIX1Algorithms88.hrl94
-rw-r--r--lib/ssl/pkix/PKIX1Explicit88.asn1619
-rw-r--r--lib/ssl/pkix/PKIX1Explicit88.hrl163
-rw-r--r--lib/ssl/pkix/PKIX1Implicit88.asn1349
-rw-r--r--lib/ssl/pkix/PKIX1Implicit88.hrl93
-rw-r--r--lib/ssl/pkix/PKIXAttributeCertificate.asn1189
-rw-r--r--lib/ssl/pkix/PKIXAttributeCertificate.hrl64
-rw-r--r--lib/ssl/pkix/README49
-rw-r--r--lib/ssl/pkix/SSL-PKIX.asn1704
-rw-r--r--lib/ssl/pkix/mk_ssl_pkix_oid.erl94
-rw-r--r--lib/ssl/pkix/prebuild.skip5
16 files changed, 0 insertions, 2880 deletions
diff --git a/lib/ssl/pkix/Makefile b/lib/ssl/pkix/Makefile
deleted file mode 100644
index 260361c025..0000000000
--- a/lib/ssl/pkix/Makefile
+++ /dev/null
@@ -1,121 +0,0 @@
-#
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 2003-2009. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-#
-
-#
-
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../vsn.mk
-VSN=$(SSL_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/lib/ssl-$(VSN)
-
-# ----------------------------------------------------
-# Common Macros
-# ----------------------------------------------------
-
-.SUFFIXES: .asn1
-.PRECIOUS: %.erl
-
-ASN_TOP = OTP-PKIX
-ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \
- PKIXAttributeCertificate SSL-PKIX
-ASN_ASNS = $(ASN_MODULES:%=%.asn1)
-ASN_ERLS = $(ASN_TOP).erl
-ASN_HRLS = $(ASN_TOP).hrl
-ASN_CONFIGS = OTP-PKIX.asn1config
-ASN_DBS = $(ASN_MODULES:%=%.asn1db)
-ASN_TABLES = $(ASN_MODULES:%=%.table)
-
-GEN_MODULES = ssl_pkix_oid $(ORBER_TMP_FIX_ERL)
-GEN_ERLS = $(GEN_MODULES:%=%.erl)
-ERL_MODULES = $(ASN_TOP) $(GEN_MODULES)
-
-TARGET_FILES= $(ERL_MODULES:%=$(EBIN)/%.$(EMULATOR))
-
-HRL_FILES = $(ASN_HRLS:%=$(INCLUDE)/%)
-
-ORBER_TMP_FIX_HRL = PKIX1Algorithms88.hrl PKIX1Explicit88.hrl \
- PKIX1Implicit88.hrl PKIXAttributeCertificate.hrl
-
-INCLUDE = ../include
-EBIN = ../ebin
-
-# ----------------------------------------------------
-# FLAGS
-# ----------------------------------------------------
-EXTRA_ERLC_FLAGS =
-ERL_COMPILE_FLAGS += $(EXTRA_ERLC_FLAGS)
-
-ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj +asn1config +inline
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-
-debug opt: $(TARGET_FILES) $(HRL_FILES)
-
-clean:
- -rm -f $(ASN_ERLS) $(GEN_ERLS) $(ASN_HRLS) $(HRL_FILES) $(ASN_DBS) \
- $(ASN_TABLES) $(TARGET_FILES) *.beam *~
-
-docs:
-
-%.erl: %.set.asn
- erlc $(ASN_FLAGS) $<
-
-ssl_pkix_oid.erl: mk_ssl_pkix_oid.beam $(EBIN)/OTP-PKIX.beam
- erl -pa $(EBIN) -noshell -s mk_ssl_pkix_oid make -s erlang halt
-
-$(HRL_FILES): $(ASN_HRLS)
- cp -p $(ASN_HRLS) $(INCLUDE)
-
-# ----------------------------------------------------
-# Release Target
-# ----------------------------------------------------
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-release_spec: opt
- $(INSTALL_DIR) $(RELSYSDIR)/include
- $(INSTALL_DATA) $(HRL_FILES) $(RELSYSDIR)/include
- $(INSTALL_DIR) $(RELSYSDIR)/pkix
- $(INSTALL_DATA) $(ASN_ASNS) $(ASN_ERLS) $(ASN_HRLS) $(ASN_CONFIGS) \
- $(ORBER_TMP_FIX_HRL) $(GEN_ERLS) mk_ssl_pkix_oid.erl $(RELSYSDIR)/pkix
- $(INSTALL_DIR) $(RELSYSDIR)/ebin
- $(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin
-
-release_docs_spec:
-
-#
-# Dependencies
-
-$(EBIN)/OTP-PKIX.beam: OTP-PKIX.erl OTP-PKIX.hrl
-OTP-PKIX.erl OTP-PKIX.hrl: OTP-PKIX.asn1db
-OTP-PKIX.asn1db: PKIX1Algorithms88.asn1 \
- PKIX1Explicit88.asn1 \
- PKIX1Implicit88.asn1 \
- PKIXAttributeCertificate.asn1 \
- SSL-PKIX.asn1
diff --git a/lib/ssl/pkix/OTP-PKIX.asn1config b/lib/ssl/pkix/OTP-PKIX.asn1config
deleted file mode 100644
index 0caa158f52..0000000000
--- a/lib/ssl/pkix/OTP-PKIX.asn1config
+++ /dev/null
@@ -1,2 +0,0 @@
-{exclusive_decode,{'OTP-PKIX',
- [{decode_TBSCert_exclusive,['Certificate',[{tbsCertificate,undecoded}]]}]}}.
diff --git a/lib/ssl/pkix/OTP-PKIX.set.asn b/lib/ssl/pkix/OTP-PKIX.set.asn
deleted file mode 100644
index 1c3483d519..0000000000
--- a/lib/ssl/pkix/OTP-PKIX.set.asn
+++ /dev/null
@@ -1,6 +0,0 @@
-SSL-PKIX.asn1
-PKIX1Explicit88.asn1
-PKIX1Implicit88.asn1
-PKIXAttributeCertificate.asn1
-PKIX1Algorithms88.asn1
-PKCS-1.asn1
diff --git a/lib/ssl/pkix/PKCS-1.asn1 b/lib/ssl/pkix/PKCS-1.asn1
deleted file mode 100755
index 547cc2e072..0000000000
--- a/lib/ssl/pkix/PKCS-1.asn1
+++ /dev/null
@@ -1,54 +0,0 @@
-PKCS-1 {
- iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
- modules(0) pkcs-1(1)
-}
-
-
-DEFINITIONS IMPLICIT TAGS ::= BEGIN
-
--- EXPORTS ALL --
-
-IMPORTS
- AlgorithmIdentifier
- FROM PKIX1Explicit88 {iso(1) identified-organization(3)
- dod(6) internet(1) security(5) mechanisms(5)
- pkix(7) id-mod(0) id-pkix1-explicit-88(1)} ;
-
-pkcs-1 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
-
-RSAPrivateKey ::= SEQUENCE {
- version Version,
- modulus INTEGER, -- n
- publicExponent INTEGER, -- e
- privateExponent INTEGER, -- d
- prime1 INTEGER, -- p
- prime2 INTEGER, -- q
- exponent1 INTEGER, -- d mod (p-1)
- exponent2 INTEGER, -- d mod (q-1)
- coefficient INTEGER, -- (inverse of q) mod p
- otherPrimeInfos OtherPrimeInfos OPTIONAL
-}
-
-Version ::= INTEGER { two-prime(0), multi(1) }
- (CONSTRAINED BY {
- -- version must be multi if otherPrimeInfos present --
- })
-
-OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
-
-OtherPrimeInfo ::= SEQUENCE {
- prime INTEGER, -- ri
- exponent INTEGER, -- di
- coefficient INTEGER -- ti
-}
-
-DigestInfo ::= SEQUENCE {
- digestAlgorithm DigestAlgorithmIdentifier,
- digest OCTET STRING
-}
-
-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-
-END -- PKCS1Definitions
-
diff --git a/lib/ssl/pkix/PKIX1Algorithms88.asn1 b/lib/ssl/pkix/PKIX1Algorithms88.asn1
deleted file mode 100644
index e78de69b0e..0000000000
--- a/lib/ssl/pkix/PKIX1Algorithms88.asn1
+++ /dev/null
@@ -1,274 +0,0 @@
- PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
- internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
- id-mod-pkix1-algorithms(17) }
-
- DEFINITIONS EXPLICIT TAGS ::= BEGIN
-
- -- EXPORTS All;
-
- -- IMPORTS NONE;
-
- --
- -- One-way Hash Functions
- --
-
- md2 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549)
- digestAlgorithm(2) 2 }
-
- md5 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549)
- digestAlgorithm(2) 5 }
-
- id-sha1 OBJECT IDENTIFIER ::= {
- iso(1) identified-organization(3) oiw(14) secsig(3)
- algorithms(2) 26 }
-
- --
- -- DSA Keys and Signatures
- --
-
- -- OID for DSA public key
-
- id-dsa OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
-
- -- encoding for DSA public key
-
- DSAPublicKey ::= INTEGER -- public key, y
-
- Dss-Parms ::= SEQUENCE {
- p INTEGER,
- q INTEGER,
- g INTEGER }
-
- -- OID for DSA signature generated with SHA-1 hash
-
- id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
-
- -- encoding for DSA signature generated with SHA-1 hash
-
- Dss-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER }
-
- --
- -- RSA Keys and Signatures
- --
-
- -- arc for RSA public key and RSA signature OIDs
-
- pkcs-1 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
-
- -- OID for RSA public keys
-
- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
-
- -- OID for RSA signature generated with MD2 hash
-
- md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
-
- -- OID for RSA signature generated with MD5 hash
-
- md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
-
- -- OID for RSA signature generated with SHA-1 hash
-
- sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
-
- -- encoding for RSA public key
-
- RSAPublicKey ::= SEQUENCE {
- modulus INTEGER, -- n
- publicExponent INTEGER } -- e
-
- --
- -- Diffie-Hellman Keys
- --
-
- dhpublicnumber OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) ansi-x942(10046)
- number-type(2) 1 }
-
- -- encoding for DSA public key
-
- DHPublicKey ::= INTEGER -- public key, y = g^x mod p
-
- DomainParameters ::= SEQUENCE {
- p INTEGER, -- odd prime, p=jq +1
- g INTEGER, -- generator, g
- q INTEGER, -- factor of p-1
- j INTEGER OPTIONAL, -- subgroup factor, j>= 2
- validationParms ValidationParms OPTIONAL }
-
- ValidationParms ::= SEQUENCE {
- seed BIT STRING,
- pgenCounter INTEGER }
-
- --
- -- KEA Keys
- --
-
- id-keyExchangeAlgorithm OBJECT IDENTIFIER ::=
- { 2 16 840 1 101 2 1 1 22 }
-
- KEA-Parms-Id ::= OCTET STRING
-
- --
- -- Elliptic Curve Keys, Signatures, and Curves
- --
-
- ansi-X9-62 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) 10045 }
-
- FieldID ::= SEQUENCE { -- Finite field
- fieldType OBJECT IDENTIFIER,
- parameters ANY DEFINED BY fieldType }
-
- -- Arc for ECDSA signature OIDS
-
- id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) }
-
- -- OID for ECDSA signatures with SHA-1
-
- ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
-
- -- OID for an elliptic curve signature
- -- format for the value of an ECDSA signature value
-
- ECDSA-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER }
-
- -- recognized field type OIDs are defined in the following arc
-
- id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) }
-
- -- where fieldType is prime-field, the parameters are of type Prime-p
-
- prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
-
- Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime
-
- -- where fieldType is characteristic-two-field, the parameters are
- -- of type Characteristic-two
-
- characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 }
-
- Characteristic-two ::= SEQUENCE {
- m INTEGER, -- Field size 2^m
- basis OBJECT IDENTIFIER,
- parameters ANY DEFINED BY basis }
-
- -- recognized basis type OIDs are defined in the following arc
-
- id-characteristic-two-basis OBJECT IDENTIFIER ::= {
- characteristic-two-field basisType(3) }
-
- -- gnbasis is identified by OID gnBasis and indicates
- -- parameters are NULL
-
- gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 1 }
-
- -- parameters for this basis are NULL
-
- -- trinomial basis is identified by OID tpBasis and indicates
- -- parameters of type Pentanomial
-
- tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 2 }
-
- -- Trinomial basis representation of F2^m
- -- Integer k for reduction polynomial xm + xk + 1
-
- Trinomial ::= INTEGER
-
- -- for pentanomial basis is identified by OID ppBasis and indicates
- -- parameters of type Pentanomial
-
- ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 3 }
-
- -- Pentanomial basis representation of F2^m
- -- reduction polynomial integers k1, k2, k3
- -- f(x) = x**m + x**k3 + x**k2 + x**k1 + 1
-
- Pentanomial ::= SEQUENCE {
- k1 INTEGER,
- k2 INTEGER,
- k3 INTEGER }
-
- -- The object identifiers gnBasis, tpBasis and ppBasis name
- -- three kinds of basis for characteristic-two finite fields
-
- FieldElement ::= OCTET STRING -- Finite field element
-
- ECPoint ::= OCTET STRING -- Elliptic curve point
-
- -- Elliptic Curve parameters may be specified explicitly,
- -- specified implicitly through a "named curve", or
- -- inherited from the CA
-
- EcpkParameters ::= CHOICE {
- ecParameters ECParameters,
- namedCurve OBJECT IDENTIFIER,
- implicitlyCA NULL }
-
- ECParameters ::= SEQUENCE { -- Elliptic curve parameters
- version ECPVer,
- fieldID FieldID,
- curve Curve,
- base ECPoint, -- Base point G
- order INTEGER, -- Order n of the base point
- cofactor INTEGER OPTIONAL } -- The integer h = #E(Fq)/n
-
- ECPVer ::= INTEGER {ecpVer1(1)}
-
- Curve ::= SEQUENCE {
- a FieldElement, -- Elliptic curve coefficient a
- b FieldElement, -- Elliptic curve coefficient b
- seed BIT STRING OPTIONAL }
-
- id-publicKeyType OBJECT IDENTIFIER ::= { ansi-X9-62 keyType(2) }
-
- id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
-
- -- Named Elliptic Curves in ANSI X9.62.
-
- ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) }
-
- c-TwoCurve OBJECT IDENTIFIER ::= {
- ellipticCurve characteristicTwo(0) }
-
- c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 }
- c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 }
- c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 }
- c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 }
- c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 }
- c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 }
- c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 }
- c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 }
- c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 }
- c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 }
- c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 }
- c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 }
- c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 }
- c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 }
- c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 }
- c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 }
- c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 }
- c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 }
- c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 }
- c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 }
-
- primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) }
-
- prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 }
- prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 }
- prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 }
- prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 }
- prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 }
- prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 }
- prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 }
-
- END
diff --git a/lib/ssl/pkix/PKIX1Algorithms88.hrl b/lib/ssl/pkix/PKIX1Algorithms88.hrl
deleted file mode 100644
index a11793618d..0000000000
--- a/lib/ssl/pkix/PKIX1Algorithms88.hrl
+++ /dev/null
@@ -1,94 +0,0 @@
-%% Generated by the Erlang ASN.1 compiler version:1.4.4.8
-%% Purpose: Erlang record definitions for each named and unnamed
-%% SEQUENCE and SET, and macro definitions for each value
-%% definition,in module PKIX1Algorithms88
-
-
-
--record('Dss-Parms',{
-p, q, g}).
-
--record('Dss-Sig-Value',{
-r, s}).
-
--record('RSAPublicKey',{
-modulus, publicExponent}).
-
--record('DomainParameters',{
-p, g, q, j = asn1_NOVALUE, validationParms = asn1_NOVALUE}).
-
--record('ValidationParms',{
-seed, pgenCounter}).
-
--record('FieldID',{
-fieldType, parameters}).
-
--record('ECDSA-Sig-Value',{
-r, s}).
-
--record('Characteristic-two',{
-m, basis, parameters}).
-
--record('Pentanomial',{
-k1, k2, k3}).
-
--record('ECParameters',{
-version, fieldID, curve, base, order, cofactor = asn1_NOVALUE}).
-
--record('Curve',{
-a, b, seed = asn1_NOVALUE}).
-
--define('md2', {1,2,840,113549,2,2}).
--define('md5', {1,2,840,113549,2,5}).
--define('id-sha1', {1,3,14,3,2,26}).
--define('id-dsa', {1,2,840,10040,4,1}).
--define('id-dsa-with-sha1', {1,2,840,10040,4,3}).
--define('pkcs-1', {1,2,840,113549,1,1}).
--define('rsaEncryption', {1,2,840,113549,1,1,1}).
--define('md2WithRSAEncryption', {1,2,840,113549,1,1,2}).
--define('md5WithRSAEncryption', {1,2,840,113549,1,1,4}).
--define('sha1WithRSAEncryption', {1,2,840,113549,1,1,5}).
--define('dhpublicnumber', {1,2,840,10046,2,1}).
--define('id-keyExchangeAlgorithm', {2,16,840,1,101,2,1,1,22}).
--define('ansi-X9-62', {1,2,840,10045}).
--define('id-ecSigType', {1,2,840,10045,4}).
--define('ecdsa-with-SHA1', {1,2,840,10045,4,1}).
--define('id-fieldType', {1,2,840,10045,1}).
--define('prime-field', {1,2,840,10045,1,1}).
--define('characteristic-two-field', {1,2,840,10045,1,2}).
--define('id-characteristic-two-basis', {1,2,840,10045,1,2,3}).
--define('gnBasis', {1,2,840,10045,1,2,3,1}).
--define('tpBasis', {1,2,840,10045,1,2,3,2}).
--define('ppBasis', {1,2,840,10045,1,2,3,3}).
--define('id-publicKeyType', {1,2,840,10045,2}).
--define('id-ecPublicKey', {1,2,840,10045,2,1}).
--define('ellipticCurve', {1,2,840,10045,3}).
--define('c-TwoCurve', {1,2,840,10045,3,0}).
--define('c2pnb163v1', {1,2,840,10045,3,0,1}).
--define('c2pnb163v2', {1,2,840,10045,3,0,2}).
--define('c2pnb163v3', {1,2,840,10045,3,0,3}).
--define('c2pnb176w1', {1,2,840,10045,3,0,4}).
--define('c2tnb191v1', {1,2,840,10045,3,0,5}).
--define('c2tnb191v2', {1,2,840,10045,3,0,6}).
--define('c2tnb191v3', {1,2,840,10045,3,0,7}).
--define('c2onb191v4', {1,2,840,10045,3,0,8}).
--define('c2onb191v5', {1,2,840,10045,3,0,9}).
--define('c2pnb208w1', {1,2,840,10045,3,0,10}).
--define('c2tnb239v1', {1,2,840,10045,3,0,11}).
--define('c2tnb239v2', {1,2,840,10045,3,0,12}).
--define('c2tnb239v3', {1,2,840,10045,3,0,13}).
--define('c2onb239v4', {1,2,840,10045,3,0,14}).
--define('c2onb239v5', {1,2,840,10045,3,0,15}).
--define('c2pnb272w1', {1,2,840,10045,3,0,16}).
--define('c2pnb304w1', {1,2,840,10045,3,0,17}).
--define('c2tnb359v1', {1,2,840,10045,3,0,18}).
--define('c2pnb368w1', {1,2,840,10045,3,0,19}).
--define('c2tnb431r1', {1,2,840,10045,3,0,20}).
--define('primeCurve', {1,2,840,10045,3,1}).
--define('prime192v1', {1,2,840,10045,3,1,1}).
--define('prime192v2', {1,2,840,10045,3,1,2}).
--define('prime192v3', {1,2,840,10045,3,1,3}).
--define('prime239v1', {1,2,840,10045,3,1,4}).
--define('prime239v2', {1,2,840,10045,3,1,5}).
--define('prime239v3', {1,2,840,10045,3,1,6}).
--define('prime256v1', {1,2,840,10045,3,1,7}).
diff --git a/lib/ssl/pkix/PKIX1Explicit88.asn1 b/lib/ssl/pkix/PKIX1Explicit88.asn1
deleted file mode 100644
index 9b8068fed0..0000000000
--- a/lib/ssl/pkix/PKIX1Explicit88.asn1
+++ /dev/null
@@ -1,619 +0,0 @@
-PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1)
- security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }
-
-DEFINITIONS EXPLICIT TAGS ::=
-
-BEGIN
-
--- EXPORTS ALL --
-
--- IMPORTS NONE --
-
--- UNIVERSAL Types defined in 1993 and 1998 ASN.1
--- and required by this specification
-
--- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
- -- UniversalString is defined in ASN.1:1993
-
--- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
- -- BMPString is the subtype of UniversalString and models
- -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
-
--- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
- -- The content of this type conforms to RFC 2279.
-
--- PKIX specific OIDs
-
-id-pkix OBJECT IDENTIFIER ::=
- { iso(1) identified-organization(3) dod(6) internet(1)
- security(5) mechanisms(5) pkix(7) }
-
--- PKIX arcs
-
-id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
- -- arc for private certificate extensions
-id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
- -- arc for policy qualifier types
-id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
- -- arc for extended key purpose OIDS
-id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
- -- arc for access descriptors
-
--- policyQualifierIds for Internet policy qualifiers
-
-id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
- -- OID for CPS qualifier
-id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
- -- OID for user notice qualifier
-
--- access descriptor definitions
-
-id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
-id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
-id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
-id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
-
--- attribute data types
-
-Attribute ::= SEQUENCE {
- type AttributeType,
- values SET OF AttributeValue }
- -- at least one value is required
-
-AttributeType ::= OBJECT IDENTIFIER
-
-AttributeValue ::= ANY
-
-AttributeTypeAndValue ::= SEQUENCE {
- type AttributeType,
- value AttributeValue }
-
--- suggested naming attributes: Definition of the following
--- information object set may be augmented to meet local
--- requirements. Note that deleting members of the set may
--- prevent interoperability with conforming implementations.
--- presented in pairs: the AttributeType followed by the
--- type definition for the corresponding AttributeValue
---Arc for standard naming attributes
-id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
-
--- Naming attributes of type X520name
-
-id-at-name AttributeType ::= { id-at 41 }
-id-at-surname AttributeType ::= { id-at 4 }
-id-at-givenName AttributeType ::= { id-at 42 }
-id-at-initials AttributeType ::= { id-at 43 }
-id-at-generationQualifier AttributeType ::= { id-at 44 }
-
-X520name ::= CHOICE {
- teletexString TeletexString (SIZE (1..ub-name)),
- printableString PrintableString (SIZE (1..ub-name)),
- universalString UniversalString (SIZE (1..ub-name)),
- utf8String UTF8String (SIZE (1..ub-name)),
- bmpString BMPString (SIZE (1..ub-name)) }
-
--- Naming attributes of type X520CommonName
-
-id-at-commonName AttributeType ::= { id-at 3 }
-
-X520CommonName ::= CHOICE {
- teletexString TeletexString (SIZE (1..ub-common-name)),
- printableString PrintableString (SIZE (1..ub-common-name)),
- universalString UniversalString (SIZE (1..ub-common-name)),
- utf8String UTF8String (SIZE (1..ub-common-name)),
- bmpString BMPString (SIZE (1..ub-common-name)) }
-
--- Naming attributes of type X520LocalityName
-
-id-at-localityName AttributeType ::= { id-at 7 }
-
-X520LocalityName ::= CHOICE {
- teletexString TeletexString (SIZE (1..ub-locality-name)),
- printableString PrintableString (SIZE (1..ub-locality-name)),
- universalString UniversalString (SIZE (1..ub-locality-name)),
- utf8String UTF8String (SIZE (1..ub-locality-name)),
- bmpString BMPString (SIZE (1..ub-locality-name)) }
-
--- Naming attributes of type X520StateOrProvinceName
-
-id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
-
-X520StateOrProvinceName ::= CHOICE {
- teletexString TeletexString (SIZE (1..ub-state-name)),
- printableString PrintableString (SIZE (1..ub-state-name)),
- universalString UniversalString (SIZE (1..ub-state-name)),
- utf8String UTF8String (SIZE (1..ub-state-name)),
- bmpString BMPString (SIZE(1..ub-state-name)) }
-
--- Naming attributes of type X520OrganizationName
-
-id-at-organizationName AttributeType ::= { id-at 10 }
-
-X520OrganizationName ::= CHOICE {
- teletexString TeletexString
- (SIZE (1..ub-organization-name)),
- printableString PrintableString
- (SIZE (1..ub-organization-name)),
- universalString UniversalString
- (SIZE (1..ub-organization-name)),
- utf8String UTF8String
- (SIZE (1..ub-organization-name)),
- bmpString BMPString
- (SIZE (1..ub-organization-name)) }
-
--- Naming attributes of type X520OrganizationalUnitName
-
-id-at-organizationalUnitName AttributeType ::= { id-at 11 }
-
-X520OrganizationalUnitName ::= CHOICE {
- teletexString TeletexString
- (SIZE (1..ub-organizational-unit-name)),
- printableString PrintableString
- (SIZE (1..ub-organizational-unit-name)),
- universalString UniversalString
- (SIZE (1..ub-organizational-unit-name)),
- utf8String UTF8String
- (SIZE (1..ub-organizational-unit-name)),
- bmpString BMPString
- (SIZE (1..ub-organizational-unit-name)) }
-
--- Naming attributes of type X520Title
-
-id-at-title AttributeType ::= { id-at 12 }
-
-X520Title ::= CHOICE {
- teletexString TeletexString (SIZE (1..ub-title)),
- printableString PrintableString (SIZE (1..ub-title)),
- universalString UniversalString (SIZE (1..ub-title)),
- utf8String UTF8String (SIZE (1..ub-title)),
- bmpString BMPString (SIZE (1..ub-title)) }
-
--- Naming attributes of type X520dnQualifier
-
-id-at-dnQualifier AttributeType ::= { id-at 46 }
-
-X520dnQualifier ::= PrintableString
-
--- Naming attributes of type X520countryName (digraph from IS 3166)
-
-id-at-countryName AttributeType ::= { id-at 6 }
-
-X520countryName ::= PrintableString (SIZE (2))
-
--- Naming attributes of type X520SerialNumber
-
-id-at-serialNumber AttributeType ::= { id-at 5 }
-
-X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))
-
--- Naming attributes of type X520Pseudonym
-
-id-at-pseudonym AttributeType ::= { id-at 65 }
-
-X520Pseudonym ::= CHOICE {
- teletexString TeletexString (SIZE (1..ub-pseudonym)),
- printableString PrintableString (SIZE (1..ub-pseudonym)),
- universalString UniversalString (SIZE (1..ub-pseudonym)),
- utf8String UTF8String (SIZE (1..ub-pseudonym)),
- bmpString BMPString (SIZE (1..ub-pseudonym)) }
-
--- Naming attributes of type DomainComponent (from RFC 2247)
-
-id-domainComponent AttributeType ::=
- { 0 9 2342 19200300 100 1 25 }
-
-DomainComponent ::= IA5String
-
--- Legacy attributes
-
-pkcs-9 OBJECT IDENTIFIER ::=
- { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
-
-id-emailAddress AttributeType ::= { pkcs-9 1 }
-
-EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length))
-
--- naming data types --
-
-Name ::= CHOICE { -- only one possibility for now --
- rdnSequence RDNSequence }
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-DistinguishedName ::= RDNSequence
-
-RelativeDistinguishedName ::=
- SET SIZE (1 .. MAX) OF AttributeTypeAndValue
-
--- Directory string type --
-
-DirectoryString ::= CHOICE {
- teletexString TeletexString (SIZE (1..MAX)),
- printableString PrintableString (SIZE (1..MAX)),
- universalString UniversalString (SIZE (1..MAX)),
- utf8String UTF8String (SIZE (1..MAX)),
- bmpString BMPString (SIZE (1..MAX)) }
-
--- certificate and CRL specific structures begin here
-
-Certificate ::= SEQUENCE {
- tbsCertificate TBSCertificate,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING }
-
-TBSCertificate ::= SEQUENCE {
- version [0] Version DEFAULT v1,
- serialNumber CertificateSerialNumber,
- signature AlgorithmIdentifier,
- issuer Name,
- validity Validity,
- subject Name,
- subjectPublicKeyInfo SubjectPublicKeyInfo,
- issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- -- If present, version MUST be v2 or v3
- subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- -- If present, version MUST be v2 or v3
- extensions [3] Extensions OPTIONAL
- -- If present, version MUST be v3 -- }
-
-Version ::= INTEGER { v1(0), v2(1), v3(2) }
-
-CertificateSerialNumber ::= INTEGER
-
-Validity ::= SEQUENCE {
- notBefore Time,
- notAfter Time }
-
-Time ::= CHOICE {
- utcTime UTCTime,
- generalTime GeneralizedTime }
-
-UniqueIdentifier ::= BIT STRING
-
-SubjectPublicKeyInfo ::= SEQUENCE {
- algorithm AlgorithmIdentifier,
- subjectPublicKey BIT STRING }
-
-Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
-
-Extension ::= SEQUENCE {
- extnID OBJECT IDENTIFIER,
- critical BOOLEAN DEFAULT FALSE,
- extnValue OCTET STRING }
-
--- CRL structures
-
-CertificateList ::= SEQUENCE {
- tbsCertList TBSCertList,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING }
-
-TBSCertList ::= SEQUENCE {
- version Version OPTIONAL,
- -- if present, MUST be v2
- signature AlgorithmIdentifier,
- issuer Name,
- thisUpdate Time,
- nextUpdate Time OPTIONAL,
- revokedCertificates SEQUENCE OF SEQUENCE {
- userCertificate CertificateSerialNumber,
- revocationDate Time,
- crlEntryExtensions Extensions OPTIONAL
- -- if present, MUST be v2
- } OPTIONAL,
- crlExtensions [0] Extensions OPTIONAL }
- -- if present, MUST be v2
-
--- Version, Time, CertificateSerialNumber, and Extensions were
--- defined earlier for use in the certificate structure
-
-AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL }
- -- contains a value of the type
- -- registered for use with the
- -- algorithm object identifier value
-
--- X.400 address syntax starts here
-
-ORAddress ::= SEQUENCE {
- built-in-standard-attributes BuiltInStandardAttributes,
- built-in-domain-defined-attributes
- BuiltInDomainDefinedAttributes OPTIONAL,
- -- see also teletex-domain-defined-attributes
- extension-attributes ExtensionAttributes OPTIONAL }
-
--- Built-in Standard Attributes
-
-BuiltInStandardAttributes ::= SEQUENCE {
- country-name CountryName OPTIONAL,
- administration-domain-name AdministrationDomainName OPTIONAL,
- network-address [0] IMPLICIT NetworkAddress OPTIONAL,
- -- see also extended-network-address
- terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL,
- private-domain-name [2] PrivateDomainName OPTIONAL,
- organization-name [3] IMPLICIT OrganizationName OPTIONAL,
- -- see also teletex-organization-name
- numeric-user-identifier [4] IMPLICIT NumericUserIdentifier
- OPTIONAL,
- personal-name [5] IMPLICIT PersonalName OPTIONAL,
- -- see also teletex-personal-name
- organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
- OPTIONAL }
- -- see also teletex-organizational-unit-names
-
-CountryName ::= [APPLICATION 1] CHOICE {
- x121-dcc-code NumericString
- (SIZE (ub-country-name-numeric-length)),
- iso-3166-alpha2-code PrintableString
- (SIZE (ub-country-name-alpha-length)) }
-
-AdministrationDomainName ::= [APPLICATION 2] CHOICE {
- numeric NumericString (SIZE (0..ub-domain-name-length)),
- printable PrintableString (SIZE (0..ub-domain-name-length)) }
-
-NetworkAddress ::= X121Address -- see also extended-network-address
-
-X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
-
-TerminalIdentifier ::= PrintableString (SIZE
-(1..ub-terminal-id-length))
-
-PrivateDomainName ::= CHOICE {
- numeric NumericString (SIZE (1..ub-domain-name-length)),
- printable PrintableString (SIZE (1..ub-domain-name-length)) }
-
-OrganizationName ::= PrintableString
- (SIZE (1..ub-organization-name-length))
- -- see also teletex-organization-name
-
-NumericUserIdentifier ::= NumericString
- (SIZE (1..ub-numeric-user-id-length))
-
-PersonalName ::= SET {
- surname [0] IMPLICIT PrintableString
- (SIZE (1..ub-surname-length)),
- given-name [1] IMPLICIT PrintableString
- (SIZE (1..ub-given-name-length)) OPTIONAL,
- initials [2] IMPLICIT PrintableString
- (SIZE (1..ub-initials-length)) OPTIONAL,
- generation-qualifier [3] IMPLICIT PrintableString
- (SIZE (1..ub-generation-qualifier-length))
- OPTIONAL }
- -- see also teletex-personal-name
-
-OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
- OF OrganizationalUnitName
- -- see also teletex-organizational-unit-names
-
-OrganizationalUnitName ::= PrintableString (SIZE
- (1..ub-organizational-unit-name-length))
-
--- Built-in Domain-defined Attributes
-
-BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
- (1..ub-domain-defined-attributes) OF
- BuiltInDomainDefinedAttribute
-
-BuiltInDomainDefinedAttribute ::= SEQUENCE {
- type PrintableString (SIZE
- (1..ub-domain-defined-attribute-type-length)),
- value PrintableString (SIZE
- (1..ub-domain-defined-attribute-value-length)) }
-
--- Extension Attributes
-
-ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
- ExtensionAttribute
-
-ExtensionAttribute ::= SEQUENCE {
- extension-attribute-type [0] IMPLICIT INTEGER
- (0..ub-extension-attributes),
- extension-attribute-value [1]
- ANY DEFINED BY extension-attribute-type }
-
--- Extension types and attribute values
-
-common-name INTEGER ::= 1
-
-CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
-
-teletex-common-name INTEGER ::= 2
-
-TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
-
-teletex-organization-name INTEGER ::= 3
-
-TeletexOrganizationName ::=
- TeletexString (SIZE (1..ub-organization-name-length))
-
-teletex-personal-name INTEGER ::= 4
-
-TeletexPersonalName ::= SET {
- surname [0] IMPLICIT TeletexString
- (SIZE (1..ub-surname-length)),
- given-name [1] IMPLICIT TeletexString
- (SIZE (1..ub-given-name-length)) OPTIONAL,
- initials [2] IMPLICIT TeletexString
- (SIZE (1..ub-initials-length)) OPTIONAL,
- generation-qualifier [3] IMPLICIT TeletexString
- (SIZE (1..ub-generation-qualifier-length))
- OPTIONAL }
-
-teletex-organizational-unit-names INTEGER ::= 5
-
-TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
- (1..ub-organizational-units) OF TeletexOrganizationalUnitName
-
-TeletexOrganizationalUnitName ::= TeletexString
- (SIZE (1..ub-organizational-unit-name-length))
-
-pds-name INTEGER ::= 7
-
-PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
-
-physical-delivery-country-name INTEGER ::= 8
-
-PhysicalDeliveryCountryName ::= CHOICE {
- x121-dcc-code NumericString (SIZE
-(ub-country-name-numeric-length)),
- iso-3166-alpha2-code PrintableString
- (SIZE (ub-country-name-alpha-length)) }
-
-postal-code INTEGER ::= 9
-
-PostalCode ::= CHOICE {
- numeric-code NumericString (SIZE (1..ub-postal-code-length)),
- printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
-
-physical-delivery-office-name INTEGER ::= 10
-
-PhysicalDeliveryOfficeName ::= PDSParameter
-
-physical-delivery-office-number INTEGER ::= 11
-
-PhysicalDeliveryOfficeNumber ::= PDSParameter
-
-extension-OR-address-components INTEGER ::= 12
-
-ExtensionORAddressComponents ::= PDSParameter
-
-physical-delivery-personal-name INTEGER ::= 13
-
-PhysicalDeliveryPersonalName ::= PDSParameter
-
-physical-delivery-organization-name INTEGER ::= 14
-
-PhysicalDeliveryOrganizationName ::= PDSParameter
-
-extension-physical-delivery-address-components INTEGER ::= 15
-
-ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
-
-unformatted-postal-address INTEGER ::= 16
-
-UnformattedPostalAddress ::= SET {
- printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
- OF PrintableString (SIZE (1..ub-pds-parameter-length))
- OPTIONAL,
- teletex-string TeletexString
- (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
-
-street-address INTEGER ::= 17
-
-StreetAddress ::= PDSParameter
-
-post-office-box-address INTEGER ::= 18
-
-PostOfficeBoxAddress ::= PDSParameter
-
-poste-restante-address INTEGER ::= 19
-
-PosteRestanteAddress ::= PDSParameter
-
-unique-postal-name INTEGER ::= 20
-
-UniquePostalName ::= PDSParameter
-
-local-postal-attributes INTEGER ::= 21
-
-LocalPostalAttributes ::= PDSParameter
-
-PDSParameter ::= SET {
- printable-string PrintableString
- (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
- teletex-string TeletexString
- (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
-
-extended-network-address INTEGER ::= 22
-
-ExtendedNetworkAddress ::= CHOICE {
- e163-4-address SEQUENCE {
- number [0] IMPLICIT NumericString
- (SIZE (1..ub-e163-4-number-length)),
- sub-address [1] IMPLICIT NumericString
- (SIZE (1..ub-e163-4-sub-address-length))
- OPTIONAL },
- psap-address [0] IMPLICIT PresentationAddress }
-
-PresentationAddress ::= SEQUENCE {
- pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
- sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
- tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
- nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
-
-terminal-type INTEGER ::= 23
-
-TerminalType ::= INTEGER {
- telex (3),
- teletex (4),
- g3-facsimile (5),
- g4-facsimile (6),
- ia5-terminal (7),
- videotex (8) } (0..ub-integer-options)
-
--- Extension Domain-defined Attributes
-
-teletex-domain-defined-attributes INTEGER ::= 6
-
-TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
- (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
-
-TeletexDomainDefinedAttribute ::= SEQUENCE {
- type TeletexString
- (SIZE (1..ub-domain-defined-attribute-type-length)),
- value TeletexString
- (SIZE (1..ub-domain-defined-attribute-value-length)) }
-
--- specifications of Upper Bounds MUST be regarded as mandatory
--- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
--- Upper Bounds
-
--- Upper Bounds
-ub-name INTEGER ::= 32768
-ub-common-name INTEGER ::= 64
-ub-locality-name INTEGER ::= 128
-ub-state-name INTEGER ::= 128
-ub-organization-name INTEGER ::= 64
-ub-organizational-unit-name INTEGER ::= 64
-ub-title INTEGER ::= 64
-ub-serial-number INTEGER ::= 64
-ub-match INTEGER ::= 128
-ub-emailaddress-length INTEGER ::= 128
-ub-common-name-length INTEGER ::= 64
-ub-country-name-alpha-length INTEGER ::= 2
-ub-country-name-numeric-length INTEGER ::= 3
-ub-domain-defined-attributes INTEGER ::= 4
-ub-domain-defined-attribute-type-length INTEGER ::= 8
-ub-domain-defined-attribute-value-length INTEGER ::= 128
-ub-domain-name-length INTEGER ::= 16
-ub-extension-attributes INTEGER ::= 256
-ub-e163-4-number-length INTEGER ::= 15
-ub-e163-4-sub-address-length INTEGER ::= 40
-ub-generation-qualifier-length INTEGER ::= 3
-ub-given-name-length INTEGER ::= 16
-ub-initials-length INTEGER ::= 5
-ub-integer-options INTEGER ::= 256
-ub-numeric-user-id-length INTEGER ::= 32
-ub-organization-name-length INTEGER ::= 64
-ub-organizational-unit-name-length INTEGER ::= 32
-ub-organizational-units INTEGER ::= 4
-ub-pds-name-length INTEGER ::= 16
-ub-pds-parameter-length INTEGER ::= 30
-ub-pds-physical-address-lines INTEGER ::= 6
-ub-postal-code-length INTEGER ::= 16
-ub-pseudonym INTEGER ::= 128
-ub-surname-length INTEGER ::= 40
-ub-terminal-id-length INTEGER ::= 24
-ub-unformatted-address-length INTEGER ::= 180
-ub-x121-address-length INTEGER ::= 16
-
--- Note - upper bounds on string types, such as TeletexString, are
--- measured in characters. Excepting PrintableString or IA5String, a
--- significantly greater number of octets will be required to hold
--- such a value. As a minimum, 16 octets, or twice the specified
--- upper bound, whichever is the larger, should be allowed for
--- TeletexString. For UTF8String or UniversalString at least four
--- times the upper bound should be allowed.
-
-END
diff --git a/lib/ssl/pkix/PKIX1Explicit88.hrl b/lib/ssl/pkix/PKIX1Explicit88.hrl
deleted file mode 100644
index 5940c1e245..0000000000
--- a/lib/ssl/pkix/PKIX1Explicit88.hrl
+++ /dev/null
@@ -1,163 +0,0 @@
-%% Generated by the Erlang ASN.1 compiler version:1.4.4.8
-%% Purpose: Erlang record definitions for each named and unnamed
-%% SEQUENCE and SET, and macro definitions for each value
-%% definition,in module PKIX1Explicit88
-
-
-
--record('Attribute',{
-type, values}).
-
--record('AttributeTypeAndValue',{
-type, value}).
-
--record('Certificate',{
-tbsCertificate, signatureAlgorithm, signature}).
-
--record('TBSCertificate',{
-version = asn1_DEFAULT, serialNumber, signature, issuer, validity, subject, subjectPublicKeyInfo, issuerUniqueID = asn1_NOVALUE, subjectUniqueID = asn1_NOVALUE, extensions = asn1_NOVALUE}).
-
--record('Validity',{
-notBefore, notAfter}).
-
--record('SubjectPublicKeyInfo',{
-algorithm, subjectPublicKey}).
-
--record('Extension',{
-extnID, critical = asn1_DEFAULT, extnValue}).
-
--record('CertificateList',{
-tbsCertList, signatureAlgorithm, signature}).
-
--record('TBSCertList',{
-version = asn1_NOVALUE, signature, issuer, thisUpdate, nextUpdate = asn1_NOVALUE, revokedCertificates = asn1_NOVALUE, crlExtensions = asn1_NOVALUE}).
-
--record('TBSCertList_revokedCertificates_SEQOF',{
-userCertificate, revocationDate, crlEntryExtensions = asn1_NOVALUE}).
-
--record('AlgorithmIdentifier',{
-algorithm, parameters = asn1_NOVALUE}).
-
--record('ORAddress',{
-'built-in-standard-attributes', 'built-in-domain-defined-attributes' = asn1_NOVALUE, 'extension-attributes' = asn1_NOVALUE}).
-
--record('BuiltInStandardAttributes',{
-'country-name' = asn1_NOVALUE, 'administration-domain-name' = asn1_NOVALUE, 'network-address' = asn1_NOVALUE, 'terminal-identifier' = asn1_NOVALUE, 'private-domain-name' = asn1_NOVALUE, 'organization-name' = asn1_NOVALUE, 'numeric-user-identifier' = asn1_NOVALUE, 'personal-name' = asn1_NOVALUE, 'organizational-unit-names' = asn1_NOVALUE}).
-
--record('PersonalName',{
-surname, 'given-name' = asn1_NOVALUE, initials = asn1_NOVALUE, 'generation-qualifier' = asn1_NOVALUE}).
-
--record('BuiltInDomainDefinedAttribute',{
-type, value}).
-
--record('ExtensionAttribute',{
-'extension-attribute-type', 'extension-attribute-value'}).
-
--record('TeletexPersonalName',{
-surname, 'given-name' = asn1_NOVALUE, initials = asn1_NOVALUE, 'generation-qualifier' = asn1_NOVALUE}).
-
--record('UnformattedPostalAddress',{
-'printable-address' = asn1_NOVALUE, 'teletex-string' = asn1_NOVALUE}).
-
--record('PDSParameter',{
-'printable-string' = asn1_NOVALUE, 'teletex-string' = asn1_NOVALUE}).
-
--record('ExtendedNetworkAddress_e163-4-address',{
-number, 'sub-address' = asn1_NOVALUE}).
-
--record('PresentationAddress',{
-pSelector = asn1_NOVALUE, sSelector = asn1_NOVALUE, tSelector = asn1_NOVALUE, nAddresses}).
-
--record('TeletexDomainDefinedAttribute',{
-type, value}).
-
--define('id-pkix', {1,3,6,1,5,5,7}).
--define('id-pe', {1,3,6,1,5,5,7,1}).
--define('id-qt', {1,3,6,1,5,5,7,2}).
--define('id-kp', {1,3,6,1,5,5,7,3}).
--define('id-ad', {1,3,6,1,5,5,7,48}).
--define('id-qt-cps', {1,3,6,1,5,5,7,2,1}).
--define('id-qt-unotice', {1,3,6,1,5,5,7,2,2}).
--define('id-ad-ocsp', {1,3,6,1,5,5,7,48,1}).
--define('id-ad-caIssuers', {1,3,6,1,5,5,7,48,2}).
--define('id-ad-timeStamping', {1,3,6,1,5,5,7,48,3}).
--define('id-ad-caRepository', {1,3,6,1,5,5,7,48,5}).
--define('id-at', {2,5,4}).
--define('id-at-name', {2,5,4,41}).
--define('id-at-surname', {2,5,4,4}).
--define('id-at-givenName', {2,5,4,42}).
--define('id-at-initials', {2,5,4,43}).
--define('id-at-generationQualifier', {2,5,4,44}).
--define('id-at-commonName', {2,5,4,3}).
--define('id-at-localityName', {2,5,4,7}).
--define('id-at-stateOrProvinceName', {2,5,4,8}).
--define('id-at-organizationName', {2,5,4,10}).
--define('id-at-organizationalUnitName', {2,5,4,11}).
--define('id-at-title', {2,5,4,12}).
--define('id-at-dnQualifier', {2,5,4,46}).
--define('id-at-countryName', {2,5,4,6}).
--define('id-at-serialNumber', {2,5,4,5}).
--define('id-at-pseudonym', {2,5,4,65}).
--define('id-domainComponent', {0,9,2342,19200300,100,1,25}).
--define('pkcs-9', {1,2,840,113549,1,9}).
--define('id-emailAddress', {1,2,840,113549,1,9,1}).
--define('common-name', 1).
--define('teletex-common-name', 2).
--define('teletex-organization-name', 3).
--define('teletex-personal-name', 4).
--define('teletex-organizational-unit-names', 5).
--define('pds-name', 7).
--define('physical-delivery-country-name', 8).
--define('postal-code', 9).
--define('physical-delivery-office-name', 10).
--define('physical-delivery-office-number', 11).
--define('extension-OR-address-components', 12).
--define('physical-delivery-personal-name', 13).
--define('physical-delivery-organization-name', 14).
--define('extension-physical-delivery-address-components', 15).
--define('unformatted-postal-address', 16).
--define('street-address', 17).
--define('post-office-box-address', 18).
--define('poste-restante-address', 19).
--define('unique-postal-name', 20).
--define('local-postal-attributes', 21).
--define('extended-network-address', 22).
--define('terminal-type', 23).
--define('teletex-domain-defined-attributes', 6).
--define('ub-name', 32768).
--define('ub-common-name', 64).
--define('ub-locality-name', 128).
--define('ub-state-name', 128).
--define('ub-organization-name', 64).
--define('ub-organizational-unit-name', 64).
--define('ub-title', 64).
--define('ub-serial-number', 64).
--define('ub-match', 128).
--define('ub-emailaddress-length', 128).
--define('ub-common-name-length', 64).
--define('ub-country-name-alpha-length', 2).
--define('ub-country-name-numeric-length', 3).
--define('ub-domain-defined-attributes', 4).
--define('ub-domain-defined-attribute-type-length', 8).
--define('ub-domain-defined-attribute-value-length', 128).
--define('ub-domain-name-length', 16).
--define('ub-extension-attributes', 256).
--define('ub-e163-4-number-length', 15).
--define('ub-e163-4-sub-address-length', 40).
--define('ub-generation-qualifier-length', 3).
--define('ub-given-name-length', 16).
--define('ub-initials-length', 5).
--define('ub-integer-options', 256).
--define('ub-numeric-user-id-length', 32).
--define('ub-organization-name-length', 64).
--define('ub-organizational-unit-name-length', 32).
--define('ub-organizational-units', 4).
--define('ub-pds-name-length', 16).
--define('ub-pds-parameter-length', 30).
--define('ub-pds-physical-address-lines', 6).
--define('ub-postal-code-length', 16).
--define('ub-pseudonym', 128).
--define('ub-surname-length', 40).
--define('ub-terminal-id-length', 24).
--define('ub-unformatted-address-length', 180).
--define('ub-x121-address-length', 16).
diff --git a/lib/ssl/pkix/PKIX1Implicit88.asn1 b/lib/ssl/pkix/PKIX1Implicit88.asn1
deleted file mode 100644
index ced270baf6..0000000000
--- a/lib/ssl/pkix/PKIX1Implicit88.asn1
+++ /dev/null
@@ -1,349 +0,0 @@
-PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1)
- security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }
-
-DEFINITIONS IMPLICIT TAGS ::=
-
-BEGIN
-
--- EXPORTS ALL --
-
-IMPORTS
- id-pe, id-kp, id-qt-unotice, id-qt-cps,
- -- delete following line if "new" types are supported --
- -- BMPString,
- -- UTF8String, end "new" types --
- ORAddress, Name, RelativeDistinguishedName,
- CertificateSerialNumber, Attribute, DirectoryString
- FROM PKIX1Explicit88 { iso(1) identified-organization(3)
- dod(6) internet(1) security(5) mechanisms(5) pkix(7)
- id-mod(0) id-pkix1-explicit(18) };
-
-
--- ISO arc for standard certificate and CRL extensions
-
-id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
-
--- authority key identifier OID and syntax
-
-id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
-
-AuthorityKeyIdentifier ::= SEQUENCE {
- keyIdentifier [0] KeyIdentifier OPTIONAL,
- authorityCertIssuer [1] GeneralNames OPTIONAL,
- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- -- authorityCertIssuer and authorityCertSerialNumber MUST both
- -- be present or both be absent
-
-KeyIdentifier ::= OCTET STRING
-
--- subject key identifier OID and syntax
-
-id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
-
-SubjectKeyIdentifier ::= KeyIdentifier
-
--- key usage extension OID and syntax
-
-id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
-
-KeyUsage ::= BIT STRING {
- digitalSignature (0),
- nonRepudiation (1),
- keyEncipherment (2),
- dataEncipherment (3),
- keyAgreement (4),
- keyCertSign (5),
- cRLSign (6),
- encipherOnly (7),
- decipherOnly (8) }
-
--- private key usage period extension OID and syntax
-
-id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
-
-PrivateKeyUsagePeriod ::= SEQUENCE {
- notBefore [0] GeneralizedTime OPTIONAL,
- notAfter [1] GeneralizedTime OPTIONAL }
- -- either notBefore or notAfter MUST be present
-
--- certificate policies extension OID and syntax
-
-id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
-
-anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
-
-CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
-
-PolicyInformation ::= SEQUENCE {
- policyIdentifier CertPolicyId,
- policyQualifiers SEQUENCE SIZE (1..MAX) OF
- PolicyQualifierInfo OPTIONAL }
-
-CertPolicyId ::= OBJECT IDENTIFIER
-
-PolicyQualifierInfo ::= SEQUENCE {
- policyQualifierId PolicyQualifierId,
- qualifier ANY DEFINED BY policyQualifierId }
-
--- Implementations that recognize additional policy qualifiers MUST
--- augment the following definition for PolicyQualifierId
-
-PolicyQualifierId ::=
- OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
-
--- CPS pointer qualifier
-
-CPSuri ::= IA5String
-
--- user notice qualifier
-
-UserNotice ::= SEQUENCE {
- noticeRef NoticeReference OPTIONAL,
- explicitText DisplayText OPTIONAL}
-
-NoticeReference ::= SEQUENCE {
- organization DisplayText,
- noticeNumbers SEQUENCE OF INTEGER }
-
-DisplayText ::= CHOICE {
- ia5String IA5String (SIZE (1..200)),
- visibleString VisibleString (SIZE (1..200)),
- bmpString BMPString (SIZE (1..200)),
- utf8String UTF8String (SIZE (1..200)) }
-
--- policy mapping extension OID and syntax
-
-id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
-
-PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- issuerDomainPolicy CertPolicyId,
- subjectDomainPolicy CertPolicyId }
-
--- subject alternative name extension OID and syntax
-
-id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
-
-SubjectAltName ::= GeneralNames
-
-GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-
-GeneralName ::= CHOICE {
- otherName [0] AnotherName,
- rfc822Name [1] IA5String,
- dNSName [2] IA5String,
- x400Address [3] ORAddress,
- directoryName [4] Name,
- ediPartyName [5] EDIPartyName,
- uniformResourceIdentifier [6] IA5String,
- iPAddress [7] OCTET STRING,
- registeredID [8] OBJECT IDENTIFIER }
-
--- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
--- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
-
-AnotherName ::= SEQUENCE {
- type-id OBJECT IDENTIFIER,
- value [0] EXPLICIT ANY DEFINED BY type-id }
-
-EDIPartyName ::= SEQUENCE {
- nameAssigner [0] DirectoryString OPTIONAL,
- partyName [1] DirectoryString }
-
--- issuer alternative name extension OID and syntax
-
-id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
-
-IssuerAltName ::= GeneralNames
-
-id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
-
-SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
-
--- basic constraints extension OID and syntax
-
-id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
-
-BasicConstraints ::= SEQUENCE {
- cA BOOLEAN DEFAULT FALSE,
- pathLenConstraint INTEGER (0..MAX) OPTIONAL }
-
--- name constraints extension OID and syntax
-
-id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
-
-NameConstraints ::= SEQUENCE {
- permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- excludedSubtrees [1] GeneralSubtrees OPTIONAL }
-
-GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
-
-GeneralSubtree ::= SEQUENCE {
- base GeneralName,
- minimum [0] BaseDistance DEFAULT 0,
- maximum [1] BaseDistance OPTIONAL }
-
-BaseDistance ::= INTEGER (0..MAX)
-
--- policy constraints extension OID and syntax
-
-id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
-
-PolicyConstraints ::= SEQUENCE {
- requireExplicitPolicy [0] SkipCerts OPTIONAL,
- inhibitPolicyMapping [1] SkipCerts OPTIONAL }
-
-SkipCerts ::= INTEGER (0..MAX)
-
--- CRL distribution points extension OID and syntax
-
-id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
-
-CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-
-DistributionPoint ::= SEQUENCE {
- distributionPoint [0] DistributionPointName OPTIONAL,
- reasons [1] ReasonFlags OPTIONAL,
- cRLIssuer [2] GeneralNames OPTIONAL }
-
-DistributionPointName ::= CHOICE {
- fullName [0] GeneralNames,
- nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
-
-ReasonFlags ::= BIT STRING {
- unused (0),
- keyCompromise (1),
- cACompromise (2),
- affiliationChanged (3),
- superseded (4),
- cessationOfOperation (5),
- certificateHold (6),
- privilegeWithdrawn (7),
- aACompromise (8) }
-
--- extended key usage extension OID and syntax
-
-id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
-
-ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
-
-
-KeyPurposeId ::= OBJECT IDENTIFIER
-
--- permit unspecified key uses
-
-anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
-
--- extended key purpose OIDs
-
-id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
-id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
-id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
-id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
-id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
-id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
-
--- inhibit any policy OID and syntax
-
-id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
-
-InhibitAnyPolicy ::= SkipCerts
-
--- freshest (delta)CRL extension OID and syntax
-
-id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }
-
-FreshestCRL ::= CRLDistributionPoints
-
--- authority info access
-
-id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
-
-AuthorityInfoAccessSyntax ::=
- SEQUENCE SIZE (1..MAX) OF AccessDescription
-
-AccessDescription ::= SEQUENCE {
- accessMethod OBJECT IDENTIFIER,
- accessLocation GeneralName }
-
--- subject info access
-
-id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
-
-SubjectInfoAccessSyntax ::=
- SEQUENCE SIZE (1..MAX) OF AccessDescription
-
--- CRL number extension OID and syntax
-
-id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
-
-CRLNumber ::= INTEGER (0..MAX)
-
--- issuing distribution point extension OID and syntax
-
-id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
-
-IssuingDistributionPoint ::= SEQUENCE {
- distributionPoint [0] DistributionPointName OPTIONAL,
- onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
- onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
- onlySomeReasons [3] ReasonFlags OPTIONAL,
- indirectCRL [4] BOOLEAN DEFAULT FALSE,
- onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
-
-id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
-
-BaseCRLNumber ::= CRLNumber
-
--- CRL reasons extension OID and syntax
-
-id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-
-CRLReason ::= ENUMERATED {
- unspecified (0),
- keyCompromise (1),
- cACompromise (2),
- affiliationChanged (3),
- superseded (4),
- cessationOfOperation (5),
- certificateHold (6),
- removeFromCRL (8),
- privilegeWithdrawn (9),
- aACompromise (10) }
-
--- certificate issuer CRL entry extension OID and syntax
-
-id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
-
-CertificateIssuer ::= GeneralNames
-
--- hold instruction extension OID and syntax
-
-id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
-
-HoldInstructionCode ::= OBJECT IDENTIFIER
-
--- ANSI x9 holdinstructions
-
--- ANSI x9 arc holdinstruction arc
-
-holdInstruction OBJECT IDENTIFIER ::=
- {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
-
--- ANSI X9 holdinstructions referenced by this standard
-
-id-holdinstruction-none OBJECT IDENTIFIER ::=
- {holdInstruction 1} -- deprecated
-
-id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
- {holdInstruction 2}
-
-id-holdinstruction-reject OBJECT IDENTIFIER ::=
- {holdInstruction 3}
-
--- invalidity date CRL entry extension OID and syntax
-
-id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
-
-InvalidityDate ::= GeneralizedTime
-
-END
diff --git a/lib/ssl/pkix/PKIX1Implicit88.hrl b/lib/ssl/pkix/PKIX1Implicit88.hrl
deleted file mode 100644
index 8fa1836284..0000000000
--- a/lib/ssl/pkix/PKIX1Implicit88.hrl
+++ /dev/null
@@ -1,93 +0,0 @@
-%% Generated by the Erlang ASN.1 compiler version:1.4.4.8
-%% Purpose: Erlang record definitions for each named and unnamed
-%% SEQUENCE and SET, and macro definitions for each value
-%% definition,in module PKIX1Implicit88
-
-
-
--record('AuthorityKeyIdentifier',{
-keyIdentifier = asn1_NOVALUE, authorityCertIssuer = asn1_NOVALUE, authorityCertSerialNumber = asn1_NOVALUE}).
-
--record('PrivateKeyUsagePeriod',{
-notBefore = asn1_NOVALUE, notAfter = asn1_NOVALUE}).
-
--record('PolicyInformation',{
-policyIdentifier, policyQualifiers = asn1_NOVALUE}).
-
--record('PolicyQualifierInfo',{
-policyQualifierId, qualifier}).
-
--record('UserNotice',{
-noticeRef = asn1_NOVALUE, explicitText = asn1_NOVALUE}).
-
--record('NoticeReference',{
-organization, noticeNumbers}).
-
--record('PolicyMappings_SEQOF',{
-issuerDomainPolicy, subjectDomainPolicy}).
-
--record('AnotherName',{
-'type-id', value}).
-
--record('EDIPartyName',{
-nameAssigner = asn1_NOVALUE, partyName}).
-
--record('BasicConstraints',{
-cA = asn1_DEFAULT, pathLenConstraint = asn1_NOVALUE}).
-
--record('NameConstraints',{
-permittedSubtrees = asn1_NOVALUE, excludedSubtrees = asn1_NOVALUE}).
-
--record('GeneralSubtree',{
-base, minimum = asn1_DEFAULT, maximum = asn1_NOVALUE}).
-
--record('PolicyConstraints',{
-requireExplicitPolicy = asn1_NOVALUE, inhibitPolicyMapping = asn1_NOVALUE}).
-
--record('DistributionPoint',{
-distributionPoint = asn1_NOVALUE, reasons = asn1_NOVALUE, cRLIssuer = asn1_NOVALUE}).
-
--record('AccessDescription',{
-accessMethod, accessLocation}).
-
--record('IssuingDistributionPoint',{
-distributionPoint = asn1_NOVALUE, onlyContainsUserCerts = asn1_DEFAULT, onlyContainsCACerts = asn1_DEFAULT, onlySomeReasons = asn1_NOVALUE, indirectCRL = asn1_DEFAULT, onlyContainsAttributeCerts = asn1_DEFAULT}).
-
--define('id-ce', {2,5,29}).
--define('id-ce-authorityKeyIdentifier', {2,5,29,35}).
--define('id-ce-subjectKeyIdentifier', {2,5,29,14}).
--define('id-ce-keyUsage', {2,5,29,15}).
--define('id-ce-privateKeyUsagePeriod', {2,5,29,16}).
--define('id-ce-certificatePolicies', {2,5,29,32}).
--define('anyPolicy', {2,5,29,32,0}).
--define('id-ce-policyMappings', {2,5,29,33}).
--define('id-ce-subjectAltName', {2,5,29,17}).
--define('id-ce-issuerAltName', {2,5,29,18}).
--define('id-ce-subjectDirectoryAttributes', {2,5,29,9}).
--define('id-ce-basicConstraints', {2,5,29,19}).
--define('id-ce-nameConstraints', {2,5,29,30}).
--define('id-ce-policyConstraints', {2,5,29,36}).
--define('id-ce-cRLDistributionPoints', {2,5,29,31}).
--define('id-ce-extKeyUsage', {2,5,29,37}).
--define('anyExtendedKeyUsage', {2,5,29,37,0}).
--define('id-kp-serverAuth', {1,3,6,1,5,5,7,3,1}).
--define('id-kp-clientAuth', {1,3,6,1,5,5,7,3,2}).
--define('id-kp-codeSigning', {1,3,6,1,5,5,7,3,3}).
--define('id-kp-emailProtection', {1,3,6,1,5,5,7,3,4}).
--define('id-kp-timeStamping', {1,3,6,1,5,5,7,3,8}).
--define('id-kp-OCSPSigning', {1,3,6,1,5,5,7,3,9}).
--define('id-ce-inhibitAnyPolicy', {2,5,29,54}).
--define('id-ce-freshestCRL', {2,5,29,46}).
--define('id-pe-authorityInfoAccess', {1,3,6,1,5,5,7,1,1}).
--define('id-pe-subjectInfoAccess', {1,3,6,1,5,5,7,1,11}).
--define('id-ce-cRLNumber', {2,5,29,20}).
--define('id-ce-issuingDistributionPoint', {2,5,29,28}).
--define('id-ce-deltaCRLIndicator', {2,5,29,27}).
--define('id-ce-cRLReasons', {2,5,29,21}).
--define('id-ce-certificateIssuer', {2,5,29,29}).
--define('id-ce-holdInstructionCode', {2,5,29,23}).
--define('holdInstruction', {2,2,840,10040,2}).
--define('id-holdinstruction-none', {2,2,840,10040,2,1}).
--define('id-holdinstruction-callissuer', {2,2,840,10040,2,2}).
--define('id-holdinstruction-reject', {2,2,840,10040,2,3}).
--define('id-ce-invalidityDate', {2,5,29,24}).
diff --git a/lib/ssl/pkix/PKIXAttributeCertificate.asn1 b/lib/ssl/pkix/PKIXAttributeCertificate.asn1
deleted file mode 100644
index 7d93e6b37e..0000000000
--- a/lib/ssl/pkix/PKIXAttributeCertificate.asn1
+++ /dev/null
@@ -1,189 +0,0 @@
- PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6)
- internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
- id-mod-attribute-cert(12)}
-
- DEFINITIONS IMPLICIT TAGS ::=
-
- BEGIN
-
- -- EXPORTS ALL --
-
- IMPORTS
-
- -- IMPORTed module OIDs MAY change if [PKIXPROF] changes
- -- PKIX Certificate Extensions
- Attribute, AlgorithmIdentifier, CertificateSerialNumber,
- Extensions, UniqueIdentifier,
- id-pkix, id-pe, id-kp, id-ad, id-at
- FROM PKIX1Explicit88 {iso(1) identified-organization(3)
- dod(6) internet(1) security(5) mechanisms(5)
- pkix(7) id-mod(0) id-pkix1-explicit-88(1)}
-
- GeneralName, GeneralNames, id-ce
- FROM PKIX1Implicit88 {iso(1) identified-organization(3)
- dod(6) internet(1) security(5) mechanisms(5)
- pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ;
-
- id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 }
- id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 }
- id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 }
- id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 }
-
- id-aca OBJECT IDENTIFIER ::= { id-pkix 10 }
- id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 }
- id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 }
- id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 }
- id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 }
- -- { id-aca 5 } is reserved
- id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 }
-
- id-at-role OBJECT IDENTIFIER ::= { id-at 72}
- id-at-clearance OBJECT IDENTIFIER ::=
- { joint-iso-ccitt(2) ds(5) module(1)
- selected-attribute-types(5) clearance (55) }
-
- -- Uncomment this if using a 1988 level ASN.1 compiler
- -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
-
- AttributeCertificate ::= SEQUENCE {
- acinfo AttributeCertificateInfo,
- signatureAlgorithm AlgorithmIdentifier,
- signatureValue BIT STRING
- }
-
- AttributeCertificateInfo ::= SEQUENCE {
- version AttCertVersion, -- version is v2
- holder Holder,
- issuer AttCertIssuer,
- signature AlgorithmIdentifier,
- serialNumber CertificateSerialNumber,
- attrCertValidityPeriod AttCertValidityPeriod,
- attributes SEQUENCE OF Attribute,
- issuerUniqueID UniqueIdentifier OPTIONAL,
- extensions Extensions OPTIONAL
- }
-
- AttCertVersion ::= INTEGER { v2(1) }
-
- Holder ::= SEQUENCE {
- baseCertificateID [0] IssuerSerial OPTIONAL,
- -- the issuer and serial number of
- -- the holder's Public Key Certificate
- entityName [1] GeneralNames OPTIONAL,
- -- the name of the claimant or role
- objectDigestInfo [2] ObjectDigestInfo OPTIONAL
- -- used to directly authenticate the
- -- holder, for example, an executable
- }
-
- ObjectDigestInfo ::= SEQUENCE {
- digestedObjectType ENUMERATED {
- publicKey (0),
- publicKeyCert (1),
- otherObjectTypes (2) },
- -- otherObjectTypes MUST NOT
- -- MUST NOT be used in this profile
- otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
- digestAlgorithm AlgorithmIdentifier,
- objectDigest BIT STRING
- }
-
- AttCertIssuer ::= CHOICE {
- v1Form GeneralNames, -- MUST NOT be used in this
- -- profile
- v2Form [0] V2Form -- v2 only
- }
-
- V2Form ::= SEQUENCE {
- issuerName GeneralNames OPTIONAL,
- baseCertificateID [0] IssuerSerial OPTIONAL,
- objectDigestInfo [1] ObjectDigestInfo OPTIONAL
- -- issuerName MUST be present in this profile
- -- baseCertificateID and objectDigestInfo MUST
- -- NOT be present in this profile
- }
-
- IssuerSerial ::= SEQUENCE {
- issuer GeneralNames,
- serial CertificateSerialNumber,
- issuerUID UniqueIdentifier OPTIONAL
- }
-
- AttCertValidityPeriod ::= SEQUENCE {
- notBeforeTime GeneralizedTime,
- notAfterTime GeneralizedTime
- }
-
- Targets ::= SEQUENCE OF Target
-
- Target ::= CHOICE {
- targetName [0] GeneralName,
- targetGroup [1] GeneralName,
- targetCert [2] TargetCert
- }
-
- TargetCert ::= SEQUENCE {
- targetCertificate IssuerSerial,
- targetName GeneralName OPTIONAL,
- certDigestInfo ObjectDigestInfo OPTIONAL
- }
-
- IetfAttrSyntax ::= SEQUENCE {
- policyAuthority[0] GeneralNames OPTIONAL,
- values SEQUENCE OF CHOICE {
- octets OCTET STRING,
- oid OBJECT IDENTIFIER,
- string UTF8String
- }
- }
-
- SvceAuthInfo ::= SEQUENCE {
- service GeneralName,
- ident GeneralName,
- authInfo OCTET STRING OPTIONAL
- }
-
- RoleSyntax ::= SEQUENCE {
- roleAuthority [0] GeneralNames OPTIONAL,
- roleName [1] GeneralName
- }
-
- Clearance ::= SEQUENCE {
- policyId [0] OBJECT IDENTIFIER,
- classList [1] ClassList DEFAULT {unclassified},
- securityCategories
- [2] SET OF SecurityCategory OPTIONAL
- }
-
- ClassList ::= BIT STRING {
- unmarked (0),
- unclassified (1),
- restricted (2),
- confidential (3),
- secret (4),
- topSecret (5)
- }
-
- SecurityCategory ::= SEQUENCE {
- type [0] IMPLICIT OBJECT IDENTIFIER,
- value [1] ANY DEFINED BY type
- }
-
- AAControls ::= SEQUENCE {
- pathLenConstraint INTEGER (0..MAX) OPTIONAL,
- permittedAttrs [0] AttrSpec OPTIONAL,
- excludedAttrs [1] AttrSpec OPTIONAL,
- permitUnSpecified BOOLEAN DEFAULT TRUE
- }
-
- AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER
-
- ACClearAttrs ::= SEQUENCE {
- acIssuer GeneralName,
- acSerial INTEGER,
- attrs SEQUENCE OF Attribute
- }
-
- ProxyInfo ::= SEQUENCE OF Targets
-
- END
diff --git a/lib/ssl/pkix/PKIXAttributeCertificate.hrl b/lib/ssl/pkix/PKIXAttributeCertificate.hrl
deleted file mode 100644
index 99389c4852..0000000000
--- a/lib/ssl/pkix/PKIXAttributeCertificate.hrl
+++ /dev/null
@@ -1,64 +0,0 @@
-%% Generated by the Erlang ASN.1 compiler version:1.4.4.8
-%% Purpose: Erlang record definitions for each named and unnamed
-%% SEQUENCE and SET, and macro definitions for each value
-%% definition,in module PKIXAttributeCertificate
-
-
-
--record('AttributeCertificate',{
-acinfo, signatureAlgorithm, signatureValue}).
-
--record('AttributeCertificateInfo',{
-version, holder, issuer, signature, serialNumber, attrCertValidityPeriod, attributes, issuerUniqueID = asn1_NOVALUE, extensions = asn1_NOVALUE}).
-
--record('Holder',{
-baseCertificateID = asn1_NOVALUE, entityName = asn1_NOVALUE, objectDigestInfo = asn1_NOVALUE}).
-
--record('ObjectDigestInfo',{
-digestedObjectType, otherObjectTypeID = asn1_NOVALUE, digestAlgorithm, objectDigest}).
-
--record('V2Form',{
-issuerName = asn1_NOVALUE, baseCertificateID = asn1_NOVALUE, objectDigestInfo = asn1_NOVALUE}).
-
--record('IssuerSerial',{
-issuer, serial, issuerUID = asn1_NOVALUE}).
-
--record('AttCertValidityPeriod',{
-notBeforeTime, notAfterTime}).
-
--record('TargetCert',{
-targetCertificate, targetName = asn1_NOVALUE, certDigestInfo = asn1_NOVALUE}).
-
--record('IetfAttrSyntax',{
-policyAuthority = asn1_NOVALUE, values}).
-
--record('SvceAuthInfo',{
-service, ident, authInfo = asn1_NOVALUE}).
-
--record('RoleSyntax',{
-roleAuthority = asn1_NOVALUE, roleName}).
-
--record('Clearance',{
-policyId, classList = asn1_DEFAULT, securityCategories = asn1_NOVALUE}).
-
--record('SecurityCategory',{
-type, value}).
-
--record('AAControls',{
-pathLenConstraint = asn1_NOVALUE, permittedAttrs = asn1_NOVALUE, excludedAttrs = asn1_NOVALUE, permitUnSpecified = asn1_DEFAULT}).
-
--record('ACClearAttrs',{
-acIssuer, acSerial, attrs}).
-
--define('id-pe-ac-auditIdentity', {1,3,6,1,5,5,7,1,4}).
--define('id-pe-aaControls', {1,3,6,1,5,5,7,1,6}).
--define('id-pe-ac-proxying', {1,3,6,1,5,5,7,1,10}).
--define('id-ce-targetInformation', {2,5,29,55}).
--define('id-aca', {1,3,6,1,5,5,7,10}).
--define('id-aca-authenticationInfo', {1,3,6,1,5,5,7,10,1}).
--define('id-aca-accessIdentity', {1,3,6,1,5,5,7,10,2}).
--define('id-aca-chargingIdentity', {1,3,6,1,5,5,7,10,3}).
--define('id-aca-group', {1,3,6,1,5,5,7,10,4}).
--define('id-aca-encAttrs', {1,3,6,1,5,5,7,10,6}).
--define('id-at-role', {2,5,4,72}).
--define('id-at-clearance', {2,5,1,5,55}).
diff --git a/lib/ssl/pkix/README b/lib/ssl/pkix/README
deleted file mode 100644
index 8be2c15de5..0000000000
--- a/lib/ssl/pkix/README
+++ /dev/null
@@ -1,49 +0,0 @@
-The files
-
- PKIX1Algorithms88.asn1
- PKIX1Explicit88.asn1
- PKIX1Implicit88.asn1
- PKIXAttributeCertificate.asn1
-
-are from RFCs 3279, 3280 and 3281.
-
-We have edited PKIX1Explicit88.asn1, PKIX1Implicit88.asn1, and
-PKIXAttributeCertificate.asn1 as follows:
-
-
-1. Removal of definition of UniversalString and BMPString:
-
-diff -r1.1 PKIX1Explicit88.asn1
-15c15
-< UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
----
-> -- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
-18c18
-< BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
----
-> -- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
-
-
-2. Removal of definition of BMPString:
-
-diff -r1.1 PKIX1Implicit88.asn1
-13c13,14
-< BMPString, UTF8String, -- end "new" types --
----
-> -- BMPString,
-> UTF8String, -- end "new" types --
-
-
-3. Addition of definition of UTF8String, and correction of a typo.
-
-diff -r1.1 PKIXAttributeCertificate.asn1
-46c46
-< -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
----
-> UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
-55c55
-< version AttCertVersion -- version is v2,
----
-> version AttCertVersion, -- version is v2
-
-PKIX1Algorithms88.asn1 is unchanged.
diff --git a/lib/ssl/pkix/SSL-PKIX.asn1 b/lib/ssl/pkix/SSL-PKIX.asn1
deleted file mode 100644
index ea6333f953..0000000000
--- a/lib/ssl/pkix/SSL-PKIX.asn1
+++ /dev/null
@@ -1,704 +0,0 @@
-SSL-PKIX {iso(1) identified-organization(3) dod(6) internet(1)
- private(4) enterprices(1) ericsson(193) otp(19) ssl(10)
- pkix1(1)}
-
-DEFINITIONS EXPLICIT TAGS ::=
-
-BEGIN
-
--- EXPORTS ALL
-
-IMPORTS
- -- Certificate (parts of)
- Version,
- CertificateSerialNumber,
- --AlgorithmIdentifier,
- Validity,
- UniqueIdentifier,
-
- -- AttribyteTypeAndValue
- Name,
- AttributeType,
- id-at-name,
- id-at-surname,
- id-at-givenName,
- id-at-initials,
- id-at-generationQualifier, X520name,
- id-at-commonName, X520CommonName,
- id-at-localityName, X520LocalityName,
- id-at-stateOrProvinceName, X520StateOrProvinceName,
- id-at-organizationName, X520OrganizationName,
- id-at-organizationalUnitName, X520OrganizationalUnitName,
- id-at-title, X520Title,
- id-at-dnQualifier, X520dnQualifier,
- id-at-countryName, X520countryName,
- id-at-serialNumber, X520SerialNumber,
- id-at-pseudonym, X520Pseudonym,
- id-domainComponent, DomainComponent,
- id-emailAddress, EmailAddress,
-
- -- Extension Attributes
- common-name, CommonName,
- teletex-common-name, TeletexCommonName,
- teletex-personal-name, TeletexPersonalName,
- pds-name, PDSName,
- physical-delivery-country-name, PhysicalDeliveryCountryName,
- postal-code, PostalCode,
- physical-delivery-office-name, PhysicalDeliveryOfficeName,
- physical-delivery-office-number, PhysicalDeliveryOfficeNumber,
- extension-OR-address-components, ExtensionORAddressComponents,
- physical-delivery-personal-name, PhysicalDeliveryPersonalName,
- physical-delivery-organization-name, PhysicalDeliveryOrganizationName,
- extension-physical-delivery-address-components,
- ExtensionPhysicalDeliveryAddressComponents,
- unformatted-postal-address, UnformattedPostalAddress,
- street-address, StreetAddress,
- post-office-box-address, PostOfficeBoxAddress,
- poste-restante-address, PosteRestanteAddress,
- unique-postal-name, UniquePostalName,
- local-postal-attributes, LocalPostalAttributes,
- extended-network-address, ExtendedNetworkAddress,
- terminal-type, TerminalType,
- teletex-domain-defined-attributes, TeletexDomainDefinedAttributes
-
- FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6)
- internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
- id-pkix1-explicit(18) }
-
- -- Extensions
- id-ce-authorityKeyIdentifier, AuthorityKeyIdentifier,
- id-ce-subjectKeyIdentifier, SubjectKeyIdentifier,
- id-ce-keyUsage, KeyUsage,
- id-ce-privateKeyUsagePeriod, PrivateKeyUsagePeriod,
- id-ce-certificatePolicies, CertificatePolicies,
- id-ce-policyMappings, PolicyMappings,
- id-ce-subjectAltName, SubjectAltName,
- id-ce-issuerAltName, IssuerAltName,
- id-ce-subjectDirectoryAttributes, SubjectDirectoryAttributes,
- id-ce-basicConstraints, BasicConstraints,
- id-ce-nameConstraints, NameConstraints,
- id-ce-policyConstraints, PolicyConstraints,
- id-ce-cRLDistributionPoints, CRLDistributionPoints,
- id-ce-extKeyUsage, ExtKeyUsageSyntax,
- id-ce-inhibitAnyPolicy, InhibitAnyPolicy,
- id-ce-freshestCRL, FreshestCRL,
- id-pe-authorityInfoAccess, AuthorityInfoAccessSyntax,
- id-pe-subjectInfoAccess, SubjectInfoAccessSyntax,
- id-ce-cRLNumber, CRLNumber,
- id-ce-issuingDistributionPoint, IssuingDistributionPoint,
- id-ce-deltaCRLIndicator, BaseCRLNumber,
- id-ce-cRLReasons, CRLReason,
- id-ce-certificateIssuer, CertificateIssuer,
- id-ce-holdInstructionCode, HoldInstructionCode,
- id-ce-invalidityDate, InvalidityDate
-
- FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6)
- internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
- id-pkix1-implicit(19) }
-
- --Keys and Signatures
- id-dsa, Dss-Parms, DSAPublicKey,
- id-dsa-with-sha1,
- md2WithRSAEncryption,
- md5WithRSAEncryption,
- sha1WithRSAEncryption,
- rsaEncryption, RSAPublicKey,
- dhpublicnumber, DomainParameters, DHPublicKey,
- id-keyExchangeAlgorithm, KEA-Parms-Id, --KEA-PublicKey,
- ecdsa-with-SHA1,
- prime-field, Prime-p,
- characteristic-two-field, --Characteristic-two,
- gnBasis,
- tpBasis, Trinomial,
- ppBasis, Pentanomial,
- id-ecPublicKey, EcpkParameters, ECPoint
- FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
- internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
- id-mod-pkix1-algorithms(17) };
-
---
--- Certificate
---
-
-SSLCertificate ::= SEQUENCE {
- tbsCertificate TBSCertificate,
- signatureAlgorithm SignatureAlgorithm,
- signature BIT STRING }
-
-SSLTBSCertificate ::= SEQUENCE {
- version [0] Version DEFAULT v1,
- serialNumber CertificateSerialNumber,
- signature SignatureAlgorithm,
- issuer Name,
- validity Validity,
- subject Name,
- subjectPublicKeyInfo SubjectPublicKeyInfo,
- issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- -- If present, version MUST be v2 or v3
- subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- -- If present, version MUST be v2 or v3
- extensions [3] Extensions OPTIONAL
- -- If present, version MUST be v3 -- }
-
-
--- Attribute type and values
---
-
-ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= CLASS {
- &id AttributeType UNIQUE,
- &Type }
- WITH SYNTAX {
- ID &id
- TYPE &Type }
-
-SSLAttributeTypeAndValue ::= SEQUENCE {
- type ATTRIBUTE-TYPE-AND-VALUE-CLASS.&id
- ({SupportedAttributeTypeAndValues}),
- value ATTRIBUTE-TYPE-AND-VALUE-CLASS.&Type
- ({SupportedAttributeTypeAndValues}{@type}) }
-
-SupportedAttributeTypeAndValues ATTRIBUTE-TYPE-AND-VALUE-CLASS ::=
- { name | surname | givenName | initials | generationQualifier |
- commonName | localityName | stateOrProvinceName | organizationName |
- organizationalUnitName | title | dnQualifier | countryName |
- serialNumber | pseudonym | domainComponent | emailAddress }
-
-name ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-name
- TYPE X520name }
-
-surname ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-surname
- TYPE X520name }
-
-givenName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-givenName
- TYPE X520name }
-
-initials ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-initials
- TYPE X520name }
-
-generationQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-generationQualifier
- TYPE X520name }
-
-commonName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-commonName
- TYPE X520CommonName }
-
-localityName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-localityName
- TYPE X520LocalityName }
-
-stateOrProvinceName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-stateOrProvinceName
- TYPE X520StateOrProvinceName }
-
-organizationName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-organizationName
- TYPE X520OrganizationName }
-
-organizationalUnitName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-organizationalUnitName
- TYPE X520OrganizationalUnitName }
-
-title ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-title
- TYPE X520Title }
-
-dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-dnQualifier
- TYPE X520dnQualifier }
-
-countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-countryName
- TYPE X520countryName }
-
-serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-serialNumber
- TYPE X520SerialNumber }
-
-pseudonym ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-at-pseudonym
- TYPE X520Pseudonym }
-
-domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-domainComponent
- TYPE DomainComponent }
-
-emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
- ID id-emailAddress
- TYPE EmailAddress }
-
---
--- Signature and Public Key Algorithms
---
-
-SSLSubjectPublicKeyInfo ::= SEQUENCE {
- algorithm SEQUENCE {
- algo PUBLIC-KEY-ALGORITHM-CLASS.&id
- ({SupportedPublicKeyAlgorithms}),
- parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type
- ({SupportedPublicKeyAlgorithms}{@.algo})
- OPTIONAL
- },
- subjectPublicKey PUBLIC-KEY-ALGORITHM-CLASS.&PublicKeyType
- ({SupportedPublicKeyAlgorithms}{@algorithm.algo}) }
-
--- The following is needed for conversion of SubjectPublicKeyInfo.
-
-SSLSubjectPublicKeyInfo-Any ::= SEQUENCE {
- algorithm PublicKeyAlgorithm,
- subjectPublicKey ANY }
-
-
-SIGNATURE-ALGORITHM-CLASS ::= CLASS {
- &id OBJECT IDENTIFIER UNIQUE,
- &Type OPTIONAL }
- WITH SYNTAX {
- ID &id
- [TYPE &Type] }
-
-PUBLIC-KEY-ALGORITHM-CLASS ::= CLASS {
- &id OBJECT IDENTIFIER UNIQUE,
- &Type OPTIONAL,
- &PublicKeyType OPTIONAL }
- WITH SYNTAX {
- ID &id
- [TYPE &Type]
- [PUBLIC-KEY-TYPE &PublicKeyType] }
-
-SignatureAlgorithm ::= SEQUENCE {
- algorithm SIGNATURE-ALGORITHM-CLASS.&id
- ({SupportedSignatureAlgorithms}),
- parameters SIGNATURE-ALGORITHM-CLASS.&Type
- ({SupportedSignatureAlgorithms}{@algorithm})
- OPTIONAL }
-
-SignatureAlgorithm-Any ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY OPTIONAL }
-
-PublicKeyAlgorithm ::= SEQUENCE {
- algorithm PUBLIC-KEY-ALGORITHM-CLASS.&id
- ({SupportedPublicKeyAlgorithms}),
- parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type
- ({SupportedPublicKeyAlgorithms}{@algorithm})
- OPTIONAL }
-
-SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= {
- dsa-with-sha1 | md2-with-rsa-encryption |
- md5-with-rsa-encryption | sha1-with-rsa-encryption |
- ecdsa-with-sha1 }
-
-SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= {
- dsa | rsa-encryption | dh | kea | ec-public-key }
-
- -- DSA Keys and Signatures
-
- -- SubjectPublicKeyInfo:
-
- dsa PUBLIC-KEY-ALGORITHM-CLASS ::= {
- ID id-dsa
- TYPE Dss-Parms -- XXX Must be OPTIONAL
- PUBLIC-KEY-TYPE DSAPublicKey }
-
- -- Certificate.signatureAlgorithm
-
- dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= {
- ID id-dsa-with-sha1
- TYPE NULL } -- XXX Must be empty and not NULL
-
- --
- -- RSA Keys and Signatures
- --
-
- -- Certificate.signatureAlgorithm
-
- md2-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
- ID md2WithRSAEncryption
- TYPE NULL }
-
- md5-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
- ID md5WithRSAEncryption
- TYPE NULL }
-
- sha1-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
- ID sha1WithRSAEncryption
- TYPE NULL }
-
- -- Certificate.signature
- -- See PKCS #1 (RFC 2313). XXX
-
- -- SubjectPublicKeyInfo:
-
- rsa-encryption PUBLIC-KEY-ALGORITHM-CLASS ::= {
- ID rsaEncryption
- TYPE NULL
- PUBLIC-KEY-TYPE RSAPublicKey }
-
- --
- -- Diffie-Hellman Keys
- --
-
- -- SubjectPublicKeyInfo:
-
- dh PUBLIC-KEY-ALGORITHM-CLASS ::= {
- ID dhpublicnumber
- TYPE DomainParameters
- PUBLIC-KEY-TYPE DHPublicKey }
-
- -- There are no Diffie-Hellman signature algorithms
-
- --
- -- KEA Keys
- --
-
- -- SubjectPublicKeyInfo:
-
- KEA-PublicKey ::= INTEGER
-
- kea PUBLIC-KEY-ALGORITHM-CLASS ::= {
- ID id-keyExchangeAlgorithm
- TYPE KEA-Parms-Id
- PUBLIC-KEY-TYPE KEA-PublicKey }
-
- -- There are no KEA signature algorithms
-
- --
- -- Elliptic Curve Keys, Signatures, and Curves
- --
-
- -- Certificate.signatureAlgorithm
-
- ecdsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= {
- ID ecdsa-with-SHA1
- TYPE NULL } -- XXX Must be empty and not NULL
-
- FIELD-ID-CLASS ::= CLASS {
- &id OBJECT IDENTIFIER UNIQUE,
- &Type }
- WITH SYNTAX {
- ID &id
- TYPE &Type }
-
- SSLFieldID ::= SEQUENCE { -- Finite field
- fieldType FIELD-ID-CLASS.&id({SupportedFieldIds}),
- parameters FIELD-ID-CLASS.&Type({SupportedFieldIds}{@fieldType}) }
-
- SupportedFieldIds FIELD-ID-CLASS ::= {
- field-prime-field | field-characteristic-two }
-
- field-prime-field FIELD-ID-CLASS ::= {
- ID prime-field
- TYPE Prime-p }
-
- CHARACTERISTIC-TWO-CLASS ::= CLASS {
- &id OBJECT IDENTIFIER UNIQUE,
- &Type }
- WITH SYNTAX {
- ID &id
- TYPE &Type }
-
- SSLCharacteristic-two ::= SEQUENCE { -- Finite field
- m INTEGER, -- Field size 2^m
- basis CHARACTERISTIC-TWO-CLASS.&id({SupportedCharacteristicTwos}),
- parameters CHARACTERISTIC-TWO-CLASS.&Type
- ({SupportedCharacteristicTwos}{@basis}) }
-
- SupportedCharacteristicTwos CHARACTERISTIC-TWO-CLASS ::= {
- gn-basis | tp-basis | pp-basis }
-
- field-characteristic-two FIELD-ID-CLASS ::= {
- ID characteristic-two-field
- TYPE Characteristic-two }
-
- gn-basis CHARACTERISTIC-TWO-CLASS ::= {
- ID gnBasis
- TYPE NULL }
-
- tp-basis CHARACTERISTIC-TWO-CLASS ::= {
- ID tpBasis
- TYPE Trinomial }
-
- pp-basis CHARACTERISTIC-TWO-CLASS ::= {
- ID ppBasis
- TYPE Pentanomial }
-
- -- SubjectPublicKeyInfo.algorithm
-
- ec-public-key PUBLIC-KEY-ALGORITHM-CLASS ::= {
- ID id-ecPublicKey
- TYPE EcpkParameters
- PUBLIC-KEY-TYPE ECPoint }
-
---
--- Extension Attributes
---
-
-EXTENSION-ATTRIBUTE-CLASS ::= CLASS {
- &id INTEGER UNIQUE,
- &Type }
- WITH SYNTAX {
- ID &id
- TYPE &Type }
-
-SSLExtensionAttributes ::= SET SIZE (1..MAX) OF ExtensionAttribute
-
--- XXX Below we should have extension-attribute-type and extension-
--- attribute-value but Erlang ASN1 does not like it.
-SSLExtensionAttribute ::= SEQUENCE {
- extensionAttributeType [0] IMPLICIT EXTENSION-ATTRIBUTE-CLASS.&id
- ({SupportedExtensionAttributes}),
- extensionAttributeValue [1] EXTENSION-ATTRIBUTE-CLASS.&Type
- ({SupportedExtensionAttributes}{@extensionAttributeType}) }
-
-SupportedExtensionAttributes EXTENSION-ATTRIBUTE-CLASS ::= {
- x400-common-name |
- x400-teletex-common-name |
- x400-teletex-personal-name |
- x400-pds-name |
- x400-physical-delivery-country-name |
- x400-postal-code |
- x400-physical-delivery-office-name |
- x400-physical-delivery-office-number |
- x400-extension-OR-address-components |
- x400-physical-delivery-personal-name |
- x400-physical-delivery-organization-name |
- x400-extension-physical-delivery-address-components |
- x400-unformatted-postal-address |
- x400-street-address |
- x400-post-office-box-address |
- x400-poste-restante-address |
- x400-unique-postal-name |
- x400-local-postal-attributes |
- x400-extended-network-address |
- x400-terminal-type |
- x400-teletex-domain-defined-attributes }
-
--- Extension types and attribute values
-
-x400-common-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID common-name
- TYPE CommonName }
-
-x400-teletex-common-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID teletex-common-name
- TYPE TeletexCommonName }
-
-x400-teletex-personal-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID teletex-personal-name
- TYPE TeletexPersonalName }
-
-x400-pds-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID pds-name
- TYPE PDSName }
-
-x400-physical-delivery-country-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID physical-delivery-country-name
- TYPE PhysicalDeliveryCountryName }
-
-x400-postal-code EXTENSION-ATTRIBUTE-CLASS ::= {
- ID postal-code
- TYPE PostalCode }
-
-x400-physical-delivery-office-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID physical-delivery-office-name
- TYPE PhysicalDeliveryOfficeName }
-
-x400-physical-delivery-office-number EXTENSION-ATTRIBUTE-CLASS ::= {
- ID physical-delivery-office-number
- TYPE PhysicalDeliveryOfficeNumber }
-
-x400-extension-OR-address-components EXTENSION-ATTRIBUTE-CLASS ::= {
- ID extension-OR-address-components
- TYPE ExtensionORAddressComponents }
-
-x400-physical-delivery-personal-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID physical-delivery-personal-name
- TYPE PhysicalDeliveryPersonalName }
-
-x400-physical-delivery-organization-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID physical-delivery-organization-name
- TYPE PhysicalDeliveryOrganizationName }
-
-x400-extension-physical-delivery-address-components
- EXTENSION-ATTRIBUTE-CLASS ::= {
- ID extension-physical-delivery-address-components
- TYPE ExtensionPhysicalDeliveryAddressComponents }
-
-x400-unformatted-postal-address EXTENSION-ATTRIBUTE-CLASS ::= {
- ID unformatted-postal-address
- TYPE UnformattedPostalAddress }
-
-x400-street-address EXTENSION-ATTRIBUTE-CLASS ::= {
- ID street-address
- TYPE StreetAddress }
-
-x400-post-office-box-address EXTENSION-ATTRIBUTE-CLASS ::= {
- ID post-office-box-address
- TYPE PostOfficeBoxAddress }
-
-x400-poste-restante-address EXTENSION-ATTRIBUTE-CLASS ::= {
- ID poste-restante-address
- TYPE PosteRestanteAddress }
-
-x400-unique-postal-name EXTENSION-ATTRIBUTE-CLASS ::= {
- ID unique-postal-name
- TYPE UniquePostalName }
-
-x400-local-postal-attributes EXTENSION-ATTRIBUTE-CLASS ::= {
- ID local-postal-attributes
- TYPE LocalPostalAttributes }
-
-x400-extended-network-address EXTENSION-ATTRIBUTE-CLASS ::= {
- ID extended-network-address
- TYPE ExtendedNetworkAddress }
-
-x400-terminal-type EXTENSION-ATTRIBUTE-CLASS ::= {
- ID terminal-type
- TYPE TerminalType }
-
-x400-teletex-domain-defined-attributes EXTENSION-ATTRIBUTE-CLASS ::= {
- ID teletex-domain-defined-attributes
- TYPE TeletexDomainDefinedAttributes }
-
--- Extensions
-
-SSLExtensions ::= SEQUENCE SIZE (1..MAX) OF Extension
-
-EXTENSION-CLASS ::= CLASS {
- &id OBJECT IDENTIFIER UNIQUE,
- &Type OPTIONAL}
- WITH SYNTAX {
- ID &id
- [TYPE &Type] }
-
-SSLExtension ::= SEQUENCE {
- extnID EXTENSION-CLASS.&id({SupportedExtensions}),
- critical BOOLEAN DEFAULT FALSE,
- extnValue EXTENSION-CLASS.&Type({SupportedExtensions}{@extnID}) }
-
--- The following is needed for conversion between Extension and Extension-Cd
-
-ObjId ::= OBJECT IDENTIFIER
-Boolean ::= BOOLEAN
-Any ::= ANY
-
-Extension-Any ::= SEQUENCE {
- extnID OBJECT IDENTIFIER,
- critical BOOLEAN DEFAULT FALSE,
- extnValue ANY }
-
-SupportedExtensions EXTENSION-CLASS ::= { authorityKeyIdentifier |
- subjectKeyIdentifier | keyUsage | privateKeyUsagePeriod |
- certificatePolicies | policyMappings | subjectAltName |
- issuerAltName | subjectDirectoryAttributes | basicConstraints |
- nameConstraints | policyConstraints | cRLDistributionPoints |
- extKeyUsage | inhibitAnyPolicy | freshestCRL | authorityInfoAccess |
- subjectInfoAccess | cRLNumber | issuingDistributionPoint |
- deltaCRLIndicator | cRLReasons | certificateIssuer |
- holdInstructionCode | invalidityDate }
-
-authorityKeyIdentifier EXTENSION-CLASS ::= {
- ID id-ce-authorityKeyIdentifier
- TYPE AuthorityKeyIdentifier }
-
-subjectKeyIdentifier EXTENSION-CLASS ::= {
- ID id-ce-subjectKeyIdentifier
- TYPE SubjectKeyIdentifier }
-
-keyUsage EXTENSION-CLASS ::= {
- ID id-ce-keyUsage
- TYPE KeyUsage }
-
-privateKeyUsagePeriod EXTENSION-CLASS ::= {
- ID id-ce-privateKeyUsagePeriod
- TYPE PrivateKeyUsagePeriod }
-
-certificatePolicies EXTENSION-CLASS ::= {
- ID id-ce-certificatePolicies
- TYPE CertificatePolicies }
-
-policyMappings EXTENSION-CLASS ::= {
- ID id-ce-policyMappings
- TYPE PolicyMappings }
-
-subjectAltName EXTENSION-CLASS ::= {
- ID id-ce-subjectAltName
- TYPE SubjectAltName }
-
-issuerAltName EXTENSION-CLASS ::= {
- ID id-ce-issuerAltName
- TYPE IssuerAltName }
-
-subjectDirectoryAttributes EXTENSION-CLASS ::= {
- ID id-ce-subjectDirectoryAttributes
- TYPE SubjectDirectoryAttributes }
-
-basicConstraints EXTENSION-CLASS ::= {
- ID id-ce-basicConstraints
- TYPE BasicConstraints }
-
-nameConstraints EXTENSION-CLASS ::= {
- ID id-ce-nameConstraints
- TYPE NameConstraints }
-
-policyConstraints EXTENSION-CLASS ::= {
- ID id-ce-policyConstraints
- TYPE PolicyConstraints }
-
-cRLDistributionPoints EXTENSION-CLASS ::= {
- ID id-ce-cRLDistributionPoints
- TYPE CRLDistributionPoints }
-
-extKeyUsage EXTENSION-CLASS ::= {
- ID id-ce-extKeyUsage
- TYPE ExtKeyUsageSyntax }
-
-inhibitAnyPolicy EXTENSION-CLASS ::= {
- ID id-ce-inhibitAnyPolicy
- TYPE InhibitAnyPolicy }
-
-freshestCRL EXTENSION-CLASS ::= {
- ID id-ce-freshestCRL
- TYPE FreshestCRL }
-
-authorityInfoAccess EXTENSION-CLASS ::= {
- ID id-pe-authorityInfoAccess
- TYPE AuthorityInfoAccessSyntax }
-
-subjectInfoAccess EXTENSION-CLASS ::= {
- ID id-pe-subjectInfoAccess
- TYPE SubjectInfoAccessSyntax }
-
-cRLNumber EXTENSION-CLASS ::= {
- ID id-ce-cRLNumber
- TYPE CRLNumber }
-
-issuingDistributionPoint EXTENSION-CLASS ::= {
- ID id-ce-issuingDistributionPoint
- TYPE IssuingDistributionPoint }
-
-deltaCRLIndicator EXTENSION-CLASS ::= {
- ID id-ce-deltaCRLIndicator
- TYPE BaseCRLNumber }
-
-cRLReasons EXTENSION-CLASS ::= {
- ID id-ce-cRLReasons
- TYPE CRLReason }
-
-certificateIssuer EXTENSION-CLASS ::= {
- ID id-ce-certificateIssuer
- TYPE CertificateIssuer }
-
-holdInstructionCode EXTENSION-CLASS ::= {
- ID id-ce-holdInstructionCode
- TYPE HoldInstructionCode }
-
-invalidityDate EXTENSION-CLASS ::= {
- ID id-ce-invalidityDate
- TYPE InvalidityDate }
-
-END
diff --git a/lib/ssl/pkix/mk_ssl_pkix_oid.erl b/lib/ssl/pkix/mk_ssl_pkix_oid.erl
deleted file mode 100644
index 06edc5113a..0000000000
--- a/lib/ssl/pkix/mk_ssl_pkix_oid.erl
+++ /dev/null
@@ -1,94 +0,0 @@
--module(mk_ssl_pkix_oid).
-
--export([make/0]).
-
--define(PKIX_MODULES, ['OTP-PKIX']).
-
-make() ->
- {ok, Fd} = file:open("ssl_pkix_oid.erl", [write]),
- io:fwrite(Fd, "%%% File: ssl_pkix_oid.erl\n"
- "%%% NB This file has been automatically generated by "
- "mk_ssl_pkix_oid.\n"
- "%%% Do not edit it.\n\n", []),
- io:fwrite(Fd, "-module(ssl_pkix_oid).\n", []),
- io:fwrite(Fd, "-export([id2atom/1, atom2id/1, all_atoms/0, "
- "all_ids/0]).\n\n", []),
-
-
- AIds0 = get_atom_ids(?PKIX_MODULES),
-
- AIds1 = modify_atoms(AIds0),
- gen_id2atom(Fd, AIds1),
- gen_atom2id(Fd, AIds1),
- gen_all(Fd, AIds1),
- file:close(Fd).
-
-get_atom_ids(Ms) ->
- get_atom_ids(Ms, []).
-
-get_atom_ids([], AIdss) ->
- lists:flatten(AIdss);
-get_atom_ids([M| Ms], AIdss) ->
- {value, {exports, Exports}} =
- lists:keysearch(exports, 1, M:module_info()),
- As = lists:zf(
- fun ({info, 0}) -> false;
- ({module_info, 0}) -> false;
- ({encoding_rule, 0}) -> false;
- ({F, 0}) ->
- case atom_to_list(F) of
- %% Remove upper-bound (ub-) functions
- "ub-" ++ _Rest ->
- false;
- _ ->
- {true, F}
- end;
- (_) -> false
- end, Exports),
- AIds = lists:map(fun(F) -> {F, M:F()} end, As),
- get_atom_ids(Ms, [AIds| AIdss]).
-
-modify_atoms(AIds) ->
- F = fun({A, I}) ->
- NAS = case atom_to_list(A) of
- "id-" ++ Rest ->
- Rest;
- Any ->
- Any
- end,
- {list_to_atom(NAS), I} end,
- lists:map(F, AIds).
-
-gen_id2atom(Fd, AIds0) ->
- AIds1 = lists:keysort(2, AIds0),
- Txt = join(";\n",
- lists:map(
- fun({Atom, Id}) ->
- io_lib:fwrite("id2atom(~p) ->\n ~p", [Id, Atom])
- end, AIds1)),
- io:fwrite(Fd, "~s;\nid2atom(Any)->\n Any.\n\n", [Txt]).
-
-gen_atom2id(Fd, AIds0) ->
- AIds1 = lists:keysort(1, AIds0),
- Txt = join(";\n",
- lists:map(
- fun({Atom, Id}) ->
- io_lib:fwrite("atom2id(~p) ->\n ~p", [Atom, Id])
- end, AIds1)),
- io:fwrite(Fd, "~s;\natom2id(Any)->\n Any.\n\n", [Txt]).
-
-gen_all(Fd, AIds) ->
- Atoms = lists:sort([A || {A, _} <- AIds]),
- Ids = lists:sort([I || {_, I} <- AIds]),
- F = fun(X) -> io_lib:fwrite(" ~w", [X]) end,
- ATxt = "all_atoms() ->\n" ++ join(",\n", lists:map(F, Atoms)),
- io:fwrite(Fd, "~s.\n\n", [ATxt]),
- ITxt = "all_ids() ->\n" ++ join(",\n", lists:map(F, Ids)),
- io:fwrite(Fd, "~s.\n\n", [ITxt]).
-
-join(Sep, [H1, H2| T]) ->
- [H1, Sep| join(Sep, [H2| T])];
-join(_Sep, [H1]) ->
- H1;
-join(_, []) ->
- [].
diff --git a/lib/ssl/pkix/prebuild.skip b/lib/ssl/pkix/prebuild.skip
deleted file mode 100644
index ffe82be68b..0000000000
--- a/lib/ssl/pkix/prebuild.skip
+++ /dev/null
@@ -1,5 +0,0 @@
-PKIX1Algorithms88.asn1db
-PKIXAttributeCertificate.asn1db
-PKIX1Explicit88.asn1db
-SSL-PKIX.asn1db
-PKIX1Implicit88.asn1db