on the command line for various utilities.
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Allow the config file extension section to be overwritten on the
+ command line. Based on an original idea from Massimiliano Pala
+ <madwolf@comune.modena.it>. The new option is called -extensions
+ and can be applied to ca, req and x509. Also -reqexts to override
+ the request extensions in req and -crlexts to override the crl extensions
+ in ca.
+ [Steve Henson]
+
*) Add new feature to the SPKAC handling in ca. Now you can include
the same field multiple times by preceding it by "XXXX." for example:
1.OU="Unit name 1"
" -batch - Don't ask questions\n",
" -msie_hack - msie modifications to handle all those universal strings\n",
" -revoke file - Revoke a certificate (given in file)\n",
+" -extensions .. - Extension section (override value in config file)\n",
+" -crlexts .. - CRL extension section (override value in config file)\n",
NULL
};
infile= *(++argv);
dorevoke=1;
}
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extensions= *(++argv);
+ }
+ else if (strcmp(*argv,"-crlexts") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crl_ext= *(++argv);
+ }
else
{
bad:
lookup_fail(section,ENV_SERIAL);
goto err;
}
-
- extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
+ if(!extensions)
+ extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
if(extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
/*****************************************************************/
if (gencrl)
{
- crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+ if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
if(crl_ext) {
/* Check syntax of file */
X509V3_CTX ctx;
/* ok */
digest=md_alg;
}
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extensions = *(++argv);
+ }
+ else if (strcmp(*argv,"-reqexts") == 0)
+ {
+ if (--argc < 1) goto bad;
+ req_exts = *(++argv);
+ }
else
-
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
BIO_printf(bio_err," have been reported as requiring\n");
BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
+ BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+ BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
goto end;
}
digest=md_alg;
}
- extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+ if(!extensions)
+ extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if(extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
}
}
- req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ if(!req_exts)
+ req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
if(req_exts) {
/* Check syntax of file */
X509V3_CTX ctx;
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
" -extfile - configuration file with X509V3 extensions to add\n",
+" -extensions - section from config file with X509V3 extensions to add\n",
NULL
};
if (--argc < 1) goto bad;
extfile= *(++argv);
}
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extsect= *(++argv);
+ }
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
,errorline,extfile);
goto end;
}
- if(!(extsect = CONF_get_string(extconf, "default",
+ if(!extsect && !(extsect = CONF_get_string(extconf, "default",
"extensions"))) extsect = "default";
X509V3_set_ctx_test(&ctx2);
X509V3_set_conf_lhash(&ctx2, extconf);
projects / oweals / openssl.git / commitdiff