Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.

Update docs, change 'ca' to use the new callback parameter. Now moved key_callback
into app.c because some other utilities will use it soon.

diff --git a/STATUS b/STATUS
index 88e729c7be1fb30999095c4ecffbfbc0c6fdcc4b..786d689aa7d90ab1a757a2e7a276b170ff54c223 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/10/30 19:09:01 $
+  ______________                           $Date: 1999/11/11 13:58:22 $
 
   DEVELOPMENT STATE
 
@@ -29,6 +29,7 @@
        Private key, certificate and CRL API and implementation.
        Checking and bugfixing PKCS#7 (S/MIME code).
         Various X509 issues: character sets, certificate request extensions.
+       Documentation for the openssl utility.
 
     o Mark is currently working on:
         Folding in any changes that are in the C2Net code base that were
@@ -60,10 +61,8 @@
 
   NEEDS PATCH
 
-    o  Arne Ansper: d2i_ASN1_bytes bug
     o  salzr@certco.com (Rich Salz): Bug in X509_name_print
        <29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
-    o  NO_FP_API ("Andrija Antonijevic" <TheAntony@bigfoot.com>)
     o  $(PERL) in */Makefile.ssl
     o  "Sign the certificate?" - "n" creates empty certificate file
 

diff --git a/apps/apps.c b/apps/apps.c
index 8fb5e8aaa736fdd802b0f0af13931fa08870d922..3a27f2c6f140b4ae7131e315ebe8c03d7796a410 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -324,3 +324,14 @@ int app_init(long mesgwin)
        return(1);
        }
 #endif
+
+int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key)
+       {
+       int i;
+
+       if (key == NULL) return(0);
+       i=strlen(key);
+       i=(i > len)?len:i;
+       memcpy(buf,key,i);
+       return(i);
+       }

diff --git a/apps/apps.h b/apps/apps.h
index ce1f0fd9afbb08f6aa181c7d142d40aba0af8d9f..0bdf469f0b1e0908bc49fac56a9cdaec995dfd80 100644 (file)
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -142,6 +142,7 @@ int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
+int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2

diff --git a/apps/ca.c b/apps/ca.c
index fc3fae2c199b7119583c3f9db2feefab8e3c4e99..d724d0940776dee0037a3bcf891192116832050f 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -178,7 +178,6 @@ extern int EF_ALIGNMENT;
 
 static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
-static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
 static unsigned long index_serial_hash(char **a);
 static int index_serial_cmp(char **a, char **b);
 static unsigned long index_name_hash(char **a);
@@ -209,7 +208,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 static int do_revoke(X509 *x509, TXT_DB *db);
 static int check_time_format(char *str);
 static LHASH *conf=NULL;
-static char *key=NULL;
 static char *section=NULL;
 
 static int preserve=0;
@@ -217,6 +215,7 @@ static int msie_hack=0;
 
 int MAIN(int argc, char **argv)
        {
+       char *key=NULL;
        int total=0;
        int total_done=0;
        int badops=0;
@@ -535,7 +534,7 @@ bad:
                pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
        else
                {
-               pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL);
+               pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key);
                memset(key,0,strlen(key));
                }
        if (pkey == NULL)
@@ -1250,17 +1249,6 @@ static void lookup_fail(char *name, char *tag)
        BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
        }
 
-static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u)
-       {
-       int i;
-
-       if (key == NULL) return(0);
-       i=strlen(key);
-       i=(i > len)?len:i;
-       memcpy(buf,key,i);
-       return(i);
-       }
-
 static unsigned long index_serial_hash(char **a)
        {
        char *n;

diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c
index 7d8b89168a2d96bda83c2739f34d172f4e818163..25b3ddfea975fd5d6c8cd3262cfa9818bfc1a8d7 100644 (file)
--- a/crypto/conf/conf.c
+++ b/crypto/conf/conf.c
@@ -86,28 +86,21 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
 LHASH *CONF_load(LHASH *h, const char *file, long *line)
        {
        LHASH *ltmp;
-       FILE *in=NULL;
+       BIO *in=NULL;
 
-#ifdef VMS
-       in=fopen(file,"r");
-#else
-       in=fopen(file,"rb");
-#endif
+       in=BIO_new_file(file, "rb");
        if (in == NULL)
                {
-               SYSerr(SYS_F_FOPEN,get_last_sys_error());
-               ERR_set_error_data(BUF_strdup(file),
-                       ERR_TXT_MALLOCED|ERR_TXT_STRING);
                CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
                return NULL;
                }
 
-       ltmp = CONF_load_fp(h, in, line);
-       fclose(in);
+       ltmp = CONF_load_bio(h, in, line);
+       BIO_free(in);
 
        return ltmp;
 }
-
+#ifndef NO_FP_API
 LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
 {
        BIO *btmp;
@@ -120,6 +113,7 @@ LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
        BIO_free(btmp);
        return ltmp;
 }
+#endif
 
 LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
        {

diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index e7c51500970c47ed88bc065e1ace693cd61cf411..21831a92a35d1009f6880f7ef194d982f41917ba 100644 (file)
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -78,7 +78,9 @@ typedef struct
 DECLARE_STACK_OF(CONF_VALUE)
 
 LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
+#ifndef NO_FP_API
 LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
+#endif
 LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
 STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
 char *CONF_get_string(LHASH *conf,char *group,char *name);

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index a4ea21205c8bec3ae43fac12feeca90fe36f2225..0bc1752482f48f0f9111f2374d35de57978780c5 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -816,7 +816,7 @@ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
                return ret;
        }
 }
-
+#ifndef NO_FP_API
 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                              char *kstr, int klen, pem_password_cb *cb, void *u)
 {
@@ -830,3 +830,4 @@ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
        BIO_free(bp);
        return ret;
 }
+#endif

diff --git a/doc/man/ca.pod b/doc/man/ca.pod
index f1b7882f71df30ec28c79bd630c79fa5f30aa564..93baab13ab60a7b574f9dddce9f430bd85e6df7b 100644 (file)
--- a/doc/man/ca.pod
+++ b/doc/man/ca.pod
@@ -130,7 +130,7 @@ for more information.
 
 =item B<-msie_hack>
 
-this is a legacy option for compatability with very old versions of
+this is a legacy option to make B<ca> work with very old versions of
 the IE certificate enrollment control "certenr3". It used UniversalStrings
 for almost everything. Since the old control has various security bugs
 its use is strongly discouraged. The newer control "Xenroll" does not
@@ -138,9 +138,11 @@ need this option.
 
 =item B<-preserveDN>
 
-this option is also for compatability with the older IE enrollment
-control. It only accepts certificates if their DNs match the
-order of the request. This is not needed for Xenroll.
+Normally the DN order of a certificate is the same as the order of the
+fields in the relevant policy section. When this option is set the order 
+is the same as the request. This is largely for compatability with the
+older IE enrollment control which would only accept certificates if their
+DNs match the order of the request. This is not needed for Xenroll.
 
 =item B<-batch>