#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
+#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && !defined(NETWARE_CLIB)
#include <strings.h>
#endif
#include <sys/types.h>
{
arg->count=20;
arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+ if (arg->data == NULL)
+ return 0;
}
for (i=0; i<arg->count; i++)
arg->data[i]=NULL;
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,BUFSIZ-1);
+ PW_MIN_LENGTH,bufsiz-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,BUFSIZ-1, buf);
+ PW_MIN_LENGTH,bufsiz-1, buf);
}
if (ok >= 0)
do
return(x);
}
-X509_CRL *load_crl(char *infile, int format)
+X509_CRL *load_crl(const char *infile, int format)
{
X509_CRL *x=NULL;
BIO *in=NULL;
len=strlen(t)+strlen(OPENSSL_CONF)+2;
p=OPENSSL_malloc(len);
+ if (p == NULL)
+ return NULL;
BUF_strlcpy(p,t,len);
#ifndef OPENSSL_SYS_VMS
BUF_strlcat(p,"/",len);
char **oldargs = *pargs;
char *arg = **pargs, *argn = (*pargs)[1];
time_t at_time = 0;
- const unsigned char *hostname = NULL, *email = NULL;
+ char *hostname = NULL;
+ char *email = NULL;
char *ipasc = NULL;
if (!strcmp(arg, "-policy"))
{
{
if (!argn)
*badarg = 1;
- hostname = (unsigned char *)argn;
+ hostname = argn;
(*pargs)++;
}
else if (strcmp(arg,"-verify_email") == 0)
{
if (!argn)
*badarg = 1;
- email = (unsigned char *)argn;
+ email = argn;
(*pargs)++;
}
else if (strcmp(arg,"-verify_ip") == 0)
#endif
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#ifndef OPENSSL_NO_TLSEXT
/* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
*outlen = len + 1;
return out;
}
-#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
- const unsigned char *checkhost,
- const unsigned char *checkemail,
+ const char *checkhost,
+ const char *checkemail,
const char *checkip)
{
if (x == NULL)
if (checkhost)
{
BIO_printf(bio, "Hostname %s does%s match certificate\n",
- checkhost, X509_check_host(x, checkhost, 0, 0)
+ checkhost,
+ X509_check_host(x, checkhost, 0, 0, NULL)
? "" : " NOT");
}
}
}
+/* Get first http URL from a DIST_POINT structure */
+
+static const char *get_dp_url(DIST_POINT *dp)
+ {
+ GENERAL_NAMES *gens;
+ GENERAL_NAME *gen;
+ int i, gtype;
+ ASN1_STRING *uri;
+ if (!dp->distpoint || dp->distpoint->type != 0)
+ return NULL;
+ gens = dp->distpoint->name.fullname;
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+ {
+ gen = sk_GENERAL_NAME_value(gens, i);
+ uri = GENERAL_NAME_get0_value(gen, >ype);
+ if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6)
+ {
+ char *uptr = (char *)ASN1_STRING_data(uri);
+ if (!strncmp(uptr, "http://", 7))
+ return uptr;
+ }
+ }
+ return NULL;
+ }
+
+
+/* Look through a CRLDP structure and attempt to find an http URL to downloads
+ * a CRL from.
+ */
+
+static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
+ {
+ int i;
+ const char *urlptr = NULL;
+ for (i = 0; i < sk_DIST_POINT_num(crldp); i++)
+ {
+ DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
+ urlptr = get_dp_url(dp);
+ if (urlptr)
+ return load_crl(urlptr, FORMAT_HTTP);
+ }
+ return NULL;
+ }
+
+/* Example of downloading CRLs from CRLDP: not usable for real world
+ * as it always downloads, doesn't support non-blocking I/O and doesn't
+ * cache anything.
+ */
+
+static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
+ {
+ X509 *x;
+ STACK_OF(X509_CRL) *crls = NULL;
+ X509_CRL *crl;
+ STACK_OF(DIST_POINT) *crldp;
+ x = X509_STORE_CTX_get_current_cert(ctx);
+ crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+ crl = load_crl_crldp(crldp);
+ sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+ if (!crl)
+ return NULL;
+ crls = sk_X509_CRL_new_null();
+ sk_X509_CRL_push(crls, crl);
+ /* Try to download delta CRL */
+ crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
+ crl = load_crl_crldp(crldp);
+ sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+ if (crl)
+ sk_X509_CRL_push(crls, crl);
+ return crls;
+ }
+
+void store_setup_crl_download(X509_STORE *st)
+ {
+ X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
+ }
+
/*
* Platform-specific sections
*/
if (proc==NULL)
{
- if (GetVersion() < 0x80000000)
+ if (check_winnt())
proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
GetCurrentProcessId());
if (proc==NULL) proc = (HANDLE)-1;