Add new extension functions which work with NCONF.
Tidy up extension config routines and remove redundant code.
Fix NCONF_get_number().
Todo: more testing of apps to see they still work...
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
+) applies to 0.9.7 only
+ +) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+ to support NCONF routines in extension code. New function CONF_set_nconf()
+ to allow functions which take an NCONF to also handle the old LHASH
+ structure: this means that the old CONF compatible routines can be
+ retained (in particular wrt extensions) without having to duplicate the
+ code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+ [Steve Henson]
+
*) Handle special case when X509_NAME is empty in X509 printing routines.
[Steve Henson]
return BUF_strdup(tpass);
}
-int add_oid_section(BIO *err, LHASH *conf)
+int add_oid_section(BIO *err, CONF *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
- if(!(p=CONF_get_string(conf,NULL,"oid_section")))
+ if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
{
ERR_clear_error();
return 1;
}
- if(!(sktmp = CONF_get_section(conf, p))) {
+ if(!(sktmp = NCONF_get_section(conf, p))) {
BIO_printf(err, "problem loading oid section %s\n", p);
return 0;
}
#else
#define MAIN(a,v) PROG(a,v)
-extern LHASH *config;
+extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, LHASH *conf);
+int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
EVP_PKEY *load_key(BIO *err, const char *file, int format,
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate,char *enddate,
- int days, int batch, char *ext_sect, LHASH *conf,int verbose,
+ long days, int batch, char *ext_sect, CONF *conf,int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,
- char *enddate, int days, int batch, char *ext_sect,
- LHASH *conf,int verbose, unsigned long certopt,
+ char *enddate, long days, int batch, char *ext_sect,
+ CONF *conf,int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy,
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial,char *subj, char *startdate,
- char *enddate, int days, char *ext_sect,LHASH *conf,
+ char *enddate, long days, char *ext_sect,CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
- char *startdate, char *enddate, int days, int batch, int verbose,
- X509_REQ *req, char *ext_sect, LHASH *conf,
+ char *startdate, char *enddate, long days, int batch, int verbose,
+ X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static X509_NAME *do_subject(char *subject);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static LHASH *conf=NULL;
-static LHASH *extconf=NULL;
+static CONF *conf=NULL;
+static CONF *extconf=NULL;
static char *section=NULL;
static int preserve=0;
BIGNUM *serial=NULL;
char *startdate=NULL;
char *enddate=NULL;
- int days=0;
+ long days=0;
int batch=0;
int notext=0;
unsigned long nameopt = 0, certopt = 0;
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
- if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+ conf = NCONF_new(NULL);
+ if (NCONF_load(conf,configfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err,"error loading the config file '%s'\n",
/* Lets get the config section we are using */
if (section == NULL)
{
- section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+ section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
if (section == NULL)
{
lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
if (conf != NULL)
{
- p=CONF_get_string(conf,NULL,"oid_file");
+ p=NCONF_get_string(conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
}
}
- randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
/* report status of cert with serial number given on command line */
if (ser_status)
{
- if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
/*****************************************************************/
/* we definitely need a public key, so let's get it */
- if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
{
lookup_fail(section,ENV_PRIVATE_KEY);
/*****************************************************************/
/* we need a certificate */
- if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+ if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
section,ENV_CERTIFICATE)) == NULL))
{
lookup_fail(section,ENV_CERTIFICATE);
goto err;
}
- f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
preserve=1;
- f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
msie_hack=1;
- f=CONF_get_string(conf,section,ENV_NAMEOPT);
+ f=NCONF_get_string(conf,section,ENV_NAMEOPT);
if (f)
{
else
ERR_clear_error();
- f=CONF_get_string(conf,section,ENV_CERTOPT);
+ f=NCONF_get_string(conf,section,ENV_CERTOPT);
if (f)
{
else
ERR_clear_error();
- f=CONF_get_string(conf,section,ENV_EXTCOPY);
+ f=NCONF_get_string(conf,section,ENV_EXTCOPY);
if (f)
{
{
struct stat sb;
- if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+ if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
== NULL)
{
BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
/*****************************************************************/
/* we need to load the database file */
- if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
/* Read extentions config file */
if (extfile)
{
- if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+ extconf = NCONF_new(NULL);
+ if (NCONF_load(extconf,extfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
/* We can have sections in the ext file */
- if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions")))
+ if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
extensions = "default";
}
if (req)
{
- if ((md == NULL) && ((md=CONF_get_string(conf,
+ if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
if (verbose)
BIO_printf(bio_err,"message digest is %s\n",
OBJ_nid2ln(dgst->type));
- if ((policy == NULL) && ((policy=CONF_get_string(conf,
+ if ((policy == NULL) && ((policy=NCONF_get_string(conf,
section,ENV_POLICY)) == NULL))
{
lookup_fail(section,ENV_POLICY);
if (verbose)
BIO_printf(bio_err,"policy is %s\n",policy);
- if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+ if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
== NULL)
{
lookup_fail(section,ENV_SERIAL);
* in the main configuration file */
if (!extensions)
{
- extensions=CONF_get_string(conf,section,
+ extensions=NCONF_get_string(conf,section,
ENV_EXTENSIONS);
if (!extensions)
ERR_clear_error();
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx, extensions,
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
NULL))
{
BIO_printf(bio_err,
if (startdate == NULL)
{
- startdate=CONF_get_string(conf,section,
+ startdate=NCONF_get_string(conf,section,
ENV_DEFAULT_STARTDATE);
if (startdate == NULL)
ERR_clear_error();
if (enddate == NULL)
{
- enddate=CONF_get_string(conf,section,
+ enddate=NCONF_get_string(conf,section,
ENV_DEFAULT_ENDDATE);
if (enddate == NULL)
ERR_clear_error();
if (days == 0)
{
- days=(int)CONF_get_number(conf,section,
- ENV_DEFAULT_DAYS);
+ if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
+ days = 0;
}
if (!enddate && (days == 0))
{
OPENSSL_free(f);
}
- if ((attribs=CONF_get_section(conf,policy)) == NULL)
+ if ((attribs=NCONF_get_section(conf,policy)) == NULL)
{
BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
goto err;
int crl_v2 = 0;
if (!crl_ext)
{
- crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+ crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
if (!crl_ext)
ERR_clear_error();
}
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
{
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
if (!crldays && !crlhours)
{
- crldays=CONF_get_number(conf,section,
- ENV_DEFAULT_CRL_DAYS);
- crlhours=CONF_get_number(conf,section,
- ENV_DEFAULT_CRL_HOURS);
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_DAYS, &crldays))
+ crldays = 0;
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_HOURS, &crlhours))
+ crlhours = 0;
}
if ((crldays == 0) && (crlhours == 0))
{
if (ci->version == NULL)
if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
- X509V3_set_conf_lhash(&crlctx, conf);
+ X509V3_set_nconf(&crlctx, conf);
- if (!X509V3_EXT_CRL_add_conf(conf, &crlctx,
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
crl_ext, crl)) goto err;
}
if (crl_ext || crl_v2)
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
- CONF_free(conf);
+ NCONF_free(conf);
OBJ_cleanup();
apps_shutdown();
EXIT(ret);
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- int batch, char *ext_sect, LHASH *lconf, int verbose,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- int batch, char *ext_sect, LHASH *lconf, int verbose,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy, ENGINE *e)
{
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
- char *startdate, char *enddate, int days, int batch, int verbose,
- X509_REQ *req, char *ext_sect, LHASH *lconf,
+ char *startdate, char *enddate, long days, int batch, int verbose,
+ X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
BIO_printf(bio_err, "Extra configuration file found\n");
/* Use the extconf configuration db LHASH */
- X509V3_set_conf_lhash(&ctx, extconf);
+ X509V3_set_nconf(&ctx, extconf);
/* Test the structure (needed?) */
/* X509V3_set_ctx_test(&ctx); */
/* Adds exts contained in the configuration file */
- if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret))
+ if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
{
BIO_printf(bio_err,
"ERROR: adding extensions in section %s\n",
else if (ext_sect)
{
/* We found extensions to be set from config file */
- X509V3_set_conf_lhash(&ctx, lconf);
+ X509V3_set_nconf(&ctx, lconf);
- if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret))
+ if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
{
BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
ERR_print_errors(bio_err);
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
STACK_OF(CONF_VALUE) *sk=NULL;
static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
-LHASH *config=NULL;
+CONF *config=NULL;
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
default_config_file=p;
- config=CONF_load(config,p,&errline);
- if (config == NULL) ERR_clear_error();
+ config=NCONF_new(NULL);
+ i=NCONF_load(config,p,&errline);
+ if (i == 0) ERR_clear_error();
prog=prog_init();
end:
if (config != NULL)
{
- CONF_free(config);
+ NCONF_free(config);
config=NULL;
}
if (prog != NULL) lh_free(prog);
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
STACK_OF(CONF_VALUE) *attr, int attribs);
static int add_attribute_object(X509_REQ *req, char *text,
- char *def, char *value, int nid, int min,
- int max);
+ char *def, char *value, int nid, int n_min,
+ int n_max);
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
- int nid,int min,int max);
+ int nid,int n_min,int n_max);
#ifndef OPENSSL_NO_RSA
static void MS_CALLBACK req_cb(int p,int n,void *arg);
#endif
-static int req_check_len(int len,int min,int max);
+static int req_check_len(int len,int n_min,int n_max);
static int check_end(char *str, char *end);
#ifndef MONOLITH
static char *default_config_file=NULL;
-static LHASH *config=NULL;
+static CONF *config=NULL;
#endif
-static LHASH *req_conf=NULL;
+static CONF *req_conf=NULL;
static int batch=0;
#define TYPE_RSA 1
X509 *x509ss=NULL;
X509_REQ *req=NULL;
EVP_PKEY *pkey=NULL;
- int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
+ int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+ long newkey = -1;
BIO *in=NULL,*out=NULL;
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0;
p=config_name;
}
default_config_file=p;
- config=CONF_load(config,p,NULL);
+ config=NCONF_new(NULL);
+ i=NCONF_load(config, p);
#endif
if (template != NULL)
long errline;
BIO_printf(bio_err,"Using configuration from %s\n",template);
- req_conf=CONF_load(NULL,template,&errline);
- if (req_conf == NULL)
+ req_conf=NCONF_new(NULL);
+ i=NCONF_load(req_conf,template,&errline);
+ if (i == 0)
{
BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
goto end;
req_conf=config;
BIO_printf(bio_err,"Using configuration from %s\n",
default_config_file);
- if (req_conf == NULL)
+ if (i == 0)
{
BIO_printf(bio_err,"Unable to load config info\n");
}
if (req_conf != NULL)
{
- p=CONF_get_string(req_conf,NULL,"oid_file");
+ p=NCONF_get_string(req_conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
if (md_alg == NULL)
{
- p=CONF_get_string(req_conf,SECTION,"default_md");
+ p=NCONF_get_string(req_conf,SECTION,"default_md");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
if (!extensions)
{
- extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+ extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if (!extensions)
ERR_clear_error();
}
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, req_conf);
- if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
+ X509V3_set_nconf(&ctx, req_conf);
+ if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
if(!passin)
{
- passin = CONF_get_string(req_conf, SECTION, "input_password");
+ passin = NCONF_get_string(req_conf, SECTION, "input_password");
if (!passin)
ERR_clear_error();
}
if(!passout)
{
- passout = CONF_get_string(req_conf, SECTION, "output_password");
+ passout = NCONF_get_string(req_conf, SECTION, "output_password");
if (!passout)
ERR_clear_error();
}
- p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+ p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
if (!p)
ERR_clear_error();
if(!req_exts)
{
- req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
if (!req_exts)
ERR_clear_error();
}
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, req_conf);
- if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
+ X509V3_set_nconf(&ctx, req_conf);
+ if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
BIO_printf(bio_err,
"Error Loading request extension section %s\n",
req_exts);
}
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
{
- char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+ char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
if (newreq && (pkey == NULL))
{
- char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+ char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
if (newkey <= 0)
{
- newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
- if (newkey <= 0)
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
newkey=DEFAULT_KEY_LENGTH;
}
if (keyout == NULL)
{
- keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
+ keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
if (keyout == NULL)
ERR_clear_error();
}
}
}
- p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+ p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
if (p == NULL)
{
ERR_clear_error();
- p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+ p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
if (p == NULL)
ERR_clear_error();
}
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
- X509V3_set_conf_lhash(&ext_ctx, req_conf);
+ X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if(extensions && !X509V3_EXT_add_conf(req_conf,
+ if(extensions && !X509V3_EXT_add_nconf(req_conf,
&ext_ctx, extensions, x509ss))
{
BIO_printf(bio_err,
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
- X509V3_set_conf_lhash(&ext_ctx, req_conf);
+ X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf,
+ if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
&ext_ctx, req_exts, req))
{
BIO_printf(bio_err,
{
ERR_print_errors(bio_err);
}
- if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
+ if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
char *tmp, *dn_sect,*attr_sect;
- tmp=CONF_get_string(req_conf,SECTION,PROMPT);
+ tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
if (tmp == NULL)
ERR_clear_error();
if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
- dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+ dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
if (dn_sect == NULL)
{
BIO_printf(bio_err,"unable to find '%s' in config\n",
DISTINGUISHED_NAME);
goto err;
}
- dn_sk=CONF_get_section(req_conf,dn_sect);
+ dn_sk=NCONF_get_section(req_conf,dn_sect);
if (dn_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
goto err;
}
- attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+ attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
if (attr_sect == NULL)
{
ERR_clear_error();
}
else
{
- attr_sk=CONF_get_section(req_conf,attr_sect);
+ attr_sk=NCONF_get_section(req_conf,attr_sect);
if (attr_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
int i;
char *p,*q;
char buf[100];
- int nid,min,max;
+ int nid;
+ long n_min,n_max;
char *type,*def,*value;
CONF_VALUE *v;
X509_NAME *subj;
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
sprintf(buf,"%s_default",v->name);
- if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
def="";
}
sprintf(buf,"%s_value",v->name);
- if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
value=NULL;
}
sprintf(buf,"%s_min",v->name);
- min=(int)CONF_get_number(req_conf,dn_sect,buf);
+ if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+ n_min = -1;
sprintf(buf,"%s_max",v->name);
- max=(int)CONF_get_number(req_conf,dn_sect,buf);
+ if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+ n_max = -1;
if (!add_DN_object(subj,v->value,def,value,nid,
- min,max))
+ n_min,n_max))
return 0;
}
if (X509_NAME_entry_count(subj) == 0)
goto start2;
sprintf(buf,"%s_default",type);
- if ((def=CONF_get_string(req_conf,attr_sect,buf))
+ if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
ERR_clear_error();
sprintf(buf,"%s_value",type);
- if ((value=CONF_get_string(req_conf,attr_sect,buf))
+ if ((value=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
ERR_clear_error();
}
sprintf(buf,"%s_min",type);
- min=(int)CONF_get_number(req_conf,attr_sect,buf);
+ if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+ n_min = -1;
sprintf(buf,"%s_max",type);
- max=(int)CONF_get_number(req_conf,attr_sect,buf);
+ if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+ n_max = -1;
if (!add_attribute_object(req,
- v->value,def,value,nid,min,max))
+ v->value,def,value,nid,n_min,n_max))
return 0;
}
}
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
- int nid, int min, int max)
+ int nid, int n_min, int n_max)
{
int i,ret=0;
MS_STATIC char buf[1024];
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, min, max)) goto start;
+ if(!req_check_len(i, n_min, n_max)) goto start;
if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
(unsigned char *) buf, -1,-1,0)) goto err;
ret=1;
}
static int add_attribute_object(X509_REQ *req, char *text,
- char *def, char *value, int nid, int min,
- int max)
+ char *def, char *value, int nid, int n_min,
+ int n_max)
{
int i;
static char buf[1024];
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, min, max)) goto start;
+ if(!req_check_len(i, n_min, n_max)) goto start;
if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
(unsigned char *)buf, -1)) {
}
#endif
-static int req_check_len(int len, int min, int max)
+static int req_check_len(int len, int n_min, int n_max)
{
- if (len < min)
+ if ((n_min > 0) && (len < n_min))
{
- BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
+ BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
return(0);
}
- if ((max != 0) && (len > max))
+ if ((n_max >= 0) && (len > n_max))
{
- BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max);
+ BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
return(0);
}
return(1);
char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
- LHASH *conf = NULL;
+ CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char *engine=NULL;
goto end;
}
- conf = CONF_load_bio(NULL, in, NULL);
+ conf = NCONF_new(NULL);
+ i = NCONF_load_bio(conf, in, NULL);
- if(!conf) {
+ if(!i) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
- spkstr = CONF_get_string(conf, spksect, spkac);
+ spkstr = NCONF_get_string(conf, spksect, spkac);
if(!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
ret = 0;
end:
- CONF_free(conf);
+ NCONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free_all(out);
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
- LHASH *conf, char *section);
+ CONF *conf, char *section);
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
- int create,int days, int clrext, LHASH *conf, char *section,
+ int create,int days, int clrext, CONF *conf, char *section,
ASN1_INTEGER *sno);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int reqfile=0;
int fingerprint=0;
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
- LHASH *extconf = NULL;
+ CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
{
long errorline;
X509V3_CTX ctx2;
- if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+ extconf = NCONF_new(NULL);
+ if (!NCONF_load(extconf, extfile,&errorline))
{
if (errorline <= 0)
BIO_printf(bio_err,
}
if (!extsect)
{
- extsect = CONF_get_string(extconf, "default", "extensions");
+ extsect = NCONF_get_string(extconf, "default", "extensions");
if (!extsect)
{
ERR_clear_error();
}
}
X509V3_set_ctx_test(&ctx2);
- X509V3_set_conf_lhash(&ctx2, extconf);
- if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
+ X509V3_set_nconf(&ctx2, extconf);
+ if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
{
BIO_printf(bio_err,
"Error Loading extension section %s\n",
if (need_rand)
app_RAND_write_file(NULL, bio_err);
OBJ_cleanup();
- CONF_free(extconf);
+ NCONF_free(extconf);
BIO_free_all(out);
BIO_free_all(STDout);
X509_STORE_free(ctx);
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
- int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno)
+ int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
{
int ret=0;
ASN1_INTEGER *bs=NULL;
X509V3_CTX ctx2;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
- X509V3_set_conf_lhash(&ctx2, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+ X509V3_set_nconf(&ctx2, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
}
if (!X509_sign(x,pkey,digest)) goto end;
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
- LHASH *conf, char *section)
+ CONF *conf, char *section)
{
EVP_PKEY *pktmp;
X509V3_CTX ctx;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
- X509V3_set_conf_lhash(&ctx, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
}
if (!X509_sign(x,pkey,digest)) goto err;
return 1;
};
int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf,LHASH *hash);
LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
#ifndef OPENSSL_NO_FP_API
LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
and should therefore be avoided */
long NCONF_get_number(CONF *conf,char *group,char *name);
#else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r);
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
#endif
static CONF_METHOD *default_CONF_method=NULL;
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH *hash)
+ {
+ if (default_CONF_method == NULL)
+ default_CONF_method = NCONF_default();
+
+ default_CONF_method->init(conf);
+ conf->data = hash;
+ }
+
/* The following section contains the "CONF classic" functions,
rewritten in terms of the new CONF interface. */
CONF ctmp;
int ret;
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
+ CONF_set_nconf(&ctmp, conf);
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
ret = NCONF_load_bio(&ctmp, bp, eline);
if (ret)
return ctmp.data;
else
{
CONF ctmp;
-
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
-
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
+ CONF_set_nconf(&ctmp, conf);
return NCONF_get_section(&ctmp, section);
}
}
else
{
CONF ctmp;
-
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
-
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
+ CONF_set_nconf(&ctmp, conf);
return NCONF_get_string(&ctmp, group, name);
}
}
else
{
CONF ctmp;
-
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
-
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
+ CONF_set_nconf(&ctmp, conf);
status = NCONF_get_number_e(&ctmp, group, name, &result);
}
void CONF_free(LHASH *conf)
{
CONF ctmp;
-
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
-
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
+ CONF_set_nconf(&ctmp, conf);
NCONF_free_data(&ctmp);
}
int CONF_dump_bio(LHASH *conf, BIO *out)
{
CONF ctmp;
-
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
-
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
+ CONF_set_nconf(&ctmp, conf);
return NCONF_dump_bio(&ctmp, out);
}
if (str == NULL)
return 0;
- for (;conf->meth->is_number(conf, *str);)
+ for (*result = 0;conf->meth->is_number(conf, *str);)
{
*result = (*result)*10 + conf->meth->to_int(conf, *str);
str++;
static int v3_check_critical(char **value);
static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
static char *conf_lhash_get_string(void *db, char *section, char *value);
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc);
-/* LHASH *conf: Config file */
+/* CONF *conf: Config file */
/* char *name: Name */
/* char *value: Value */
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
char *value)
-{
+ {
int crit;
int ext_type;
X509_EXTENSION *ret;
crit = v3_check_critical(&value);
- if((ext_type = v3_check_generic(&value)))
+ if ((ext_type = v3_check_generic(&value)))
return v3_generic_extension(name, value, crit, ext_type);
- ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
- if(!ret) {
+ ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+ if (!ret)
+ {
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
ERR_add_error_data(4,"name=", name, ", value=", value);
- }
+ }
return ret;
-}
+ }
-/* LHASH *conf: Config file */
+/* CONF *conf: Config file */
/* char *value: Value */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
char *value)
-{
+ {
int crit;
int ext_type;
crit = v3_check_critical(&value);
- if((ext_type = v3_check_generic(&value)))
+ if ((ext_type = v3_check_generic(&value)))
return v3_generic_extension(OBJ_nid2sn(ext_nid),
value, crit, ext_type);
- return do_ext_conf(conf, ctx, ext_nid, crit, value);
-}
+ return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+ }
-/* LHASH *conf: Config file */
+/* CONF *conf: Config file */
/* char *value: Value */
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
int crit, char *value)
-{
+ {
X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
void *ext_struc;
- if(ext_nid == NID_undef) {
+ if (ext_nid == NID_undef)
+ {
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
return NULL;
- }
- if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+ }
+ if (!(method = X509V3_EXT_get_nid(ext_nid)))
+ {
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
return NULL;
- }
+ }
/* Now get internal extension representation based on type */
- if(method->v2i) {
- if(*value == '@') nval = CONF_get_section(conf, value + 1);
+ if (method->v2i)
+ {
+ if(*value == '@') nval = NCONF_get_section(conf, value + 1);
else nval = X509V3_parse_list(value);
- if(!nval) {
+ if(!nval)
+ {
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
return NULL;
- }
+ }
ext_struc = method->v2i(method, ctx, nval);
if(*value != '@') sk_CONF_VALUE_pop_free(nval,
X509V3_conf_free);
if(!ext_struc) return NULL;
- } else if(method->s2i) {
+ }
+ else if(method->s2i)
+ {
if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
- } else if(method->r2i) {
- if(!ctx->db) {
+ }
+ else if(method->r2i)
+ {
+ if(!ctx->db)
+ {
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
return NULL;
- }
+ }
if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
- } else {
+ }
+ else
+ {
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
return NULL;
- }
+ }
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
else method->ext_free(ext_struc);
return ext;
-}
+ }
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc)
-{
+ {
unsigned char *ext_der;
int ext_len;
ASN1_OCTET_STRING *ext_oct;
X509_EXTENSION *ext;
/* Convert internal representation to DER */
- if(method->it) {
+ if (method->it)
+ {
ext_der = NULL;
ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
- if(ext_len < 0) goto merr;
- } else {
+ if (ext_len < 0) goto merr;
+ }
+ else
+ {
unsigned char *p;
ext_len = method->i2d(ext_struc, NULL);
if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
p = ext_der;
method->i2d(ext_struc, &p);
- }
- if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
+ }
+ if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
ext_oct->data = ext_der;
ext_oct->length = ext_len;
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
- if(!ext) goto merr;
+ if (!ext) goto merr;
M_ASN1_OCTET_STRING_free(ext_oct);
return ext;
X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
return NULL;
-}
+ }
/* Given an internal structure, nid and critical flag create an extension */
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
-{
+ {
X509V3_EXT_METHOD *method;
- if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+ if (!(method = X509V3_EXT_get_nid(ext_nid))) {
X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
return NULL;
}
static int v3_check_critical(char **value)
{
char *p = *value;
- if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+ if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
p+=9;
while(isspace((unsigned char)*p)) p++;
*value = p;
static int v3_check_generic(char **value)
{
char *p = *value;
- if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
+ if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
p+=4;
- while(isspace((unsigned char)*p)) p++;
+ while (isspace((unsigned char)*p)) p++;
*value = p;
return 1;
}
/* Create a generic extension: for now just handle DER type */
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
int crit, int type)
-{
-unsigned char *ext_der=NULL;
-long ext_len;
-ASN1_OBJECT *obj=NULL;
-ASN1_OCTET_STRING *oct=NULL;
-X509_EXTENSION *extension=NULL;
-if(!(obj = OBJ_txt2obj(ext, 0))) {
- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
- ERR_add_error_data(2, "name=", ext);
- goto err;
-}
+ {
+ unsigned char *ext_der=NULL;
+ long ext_len;
+ ASN1_OBJECT *obj=NULL;
+ ASN1_OCTET_STRING *oct=NULL;
+ X509_EXTENSION *extension=NULL;
+ if (!(obj = OBJ_txt2obj(ext, 0)))
+ {
+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+ ERR_add_error_data(2, "name=", ext);
+ goto err;
+ }
-if(!(ext_der = string_to_hex(value, &ext_len))) {
- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
- ERR_add_error_data(2, "value=", value);
- goto err;
-}
+ if (!(ext_der = string_to_hex(value, &ext_len)))
+ {
+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+ ERR_add_error_data(2, "value=", value);
+ goto err;
+ }
-if(!(oct = M_ASN1_OCTET_STRING_new())) {
- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
- goto err;
-}
+ if (!(oct = M_ASN1_OCTET_STRING_new()))
+ {
+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
-oct->data = ext_der;
-oct->length = ext_len;
-ext_der = NULL;
+ oct->data = ext_der;
+ oct->length = ext_len;
+ ext_der = NULL;
-extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
-err:
-ASN1_OBJECT_free(obj);
-M_ASN1_OCTET_STRING_free(oct);
-if(ext_der) OPENSSL_free(ext_der);
-return extension;
-}
+ err:
+ ASN1_OBJECT_free(obj);
+ M_ASN1_OCTET_STRING_free(oct);
+ if(ext_der) OPENSSL_free(ext_der);
+ return extension;
+
+ }
/* This is the main function: add a bunch of extensions based on a config file
- * section
+ * section to an extension STACK.
*/
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
- X509 *cert)
-{
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+ STACK_OF(X509_EXTENSION) **sk)
+ {
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
int i;
- if(!(nval = CONF_get_section(conf, section))) return 0;
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ if (!(nval = NCONF_get_section(conf, section))) return 0;
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
+ {
val = sk_CONF_VALUE_value(nval, i);
- if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+ if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
return 0;
- if(cert) X509_add_ext(cert, ext, -1);
+ if (sk) X509v3_add_ext(sk, ext, -1);
X509_EXTENSION_free(ext);
- }
+ }
return 1;
-}
+ }
+
+/* Convenience functions to add extensions to a certificate, CRL and request */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+ X509 *cert)
+ {
+ STACK_OF(X509_EXTENSION) **sk = NULL;
+ if (cert)
+ sk = &cert->cert_info->extensions;
+ return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+ }
/* Same as above but for a CRL */
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl)
-{
- X509_EXTENSION *ext;
- STACK_OF(CONF_VALUE) *nval;
- CONF_VALUE *val;
- int i;
- if(!(nval = CONF_get_section(conf, section))) return 0;
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- val = sk_CONF_VALUE_value(nval, i);
- if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
- return 0;
- if(crl) X509_CRL_add_ext(crl, ext, -1);
- X509_EXTENSION_free(ext);
+ {
+ STACK_OF(X509_EXTENSION) **sk = NULL;
+ if (crl)
+ sk = &crl->crl->extensions;
+ return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
}
- return 1;
-}
/* Add extensions to certificate request */
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_REQ *req)
-{
- X509_EXTENSION *ext;
- STACK_OF(X509_EXTENSION) *extlist = NULL;
- STACK_OF(CONF_VALUE) *nval;
- CONF_VALUE *val;
+ {
+ STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
int i;
- if(!(nval = CONF_get_section(conf, section))) return 0;
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- val = sk_CONF_VALUE_value(nval, i);
- if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
- return 0;
- if(!extlist) extlist = sk_X509_EXTENSION_new_null();
- sk_X509_EXTENSION_push(extlist, ext);
- }
- if(req) i = X509_REQ_add_extensions(req, extlist);
- else i = 1;
+ if (req)
+ sk = &extlist;
+ i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+ if (!i || !sk)
+ return i;
+ i = X509_REQ_add_extensions(req, extlist);
sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
return i;
-}
+ }
/* Config database functions */
char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-{
- if(ctx->db_meth->get_string)
+ {
+ if (ctx->db_meth->get_string)
return ctx->db_meth->get_string(ctx->db, name, section);
return NULL;
-}
+ }
STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
-{
- if(ctx->db_meth->get_section)
+ {
+ if (ctx->db_meth->get_section)
return ctx->db_meth->get_section(ctx->db, section);
return NULL;
-}
+ }
void X509V3_string_free(X509V3_CTX *ctx, char *str)
-{
- if(!str) return;
- if(ctx->db_meth->free_string)
+ {
+ if (!str) return;
+ if (ctx->db_meth->free_string)
ctx->db_meth->free_string(ctx->db, str);
-}
+ }
void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
-{
- if(!section) return;
- if(ctx->db_meth->free_section)
+ {
+ if (!section) return;
+ if (ctx->db_meth->free_section)
ctx->db_meth->free_section(ctx->db, section);
-}
+ }
+
+static char *nconf_get_string(void *db, char *section, char *value)
+ {
+ return NCONF_get_string(db, section, value);
+ }
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+ {
+ return NCONF_get_section(db, section);
+ }
+
+static X509V3_CONF_METHOD nconf_method = {
+nconf_get_string,
+nconf_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+ {
+ ctx->db_meth = &nconf_method;
+ ctx->db = conf;
+ }
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+ X509_CRL *crl, int flags)
+ {
+ ctx->issuer_cert = issuer;
+ ctx->subject_cert = subj;
+ ctx->crl = crl;
+ ctx->subject_req = req;
+ ctx->flags = flags;
+ }
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+ char *value)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+ }
+
+/* LHASH *conf: Config file */
+/* char *value: Value */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+ char *value)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+ }
static char *conf_lhash_get_string(void *db, char *section, char *value)
-{
+ {
return CONF_get_string(db, section, value);
-}
+ }
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-{
+ {
return CONF_get_section(db, section);
-}
+ }
static X509V3_CONF_METHOD conf_lhash_method = {
conf_lhash_get_string,
};
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
-{
+ {
ctx->db_meth = &conf_lhash_method;
ctx->db = lhash;
-}
+ }
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
- X509_CRL *crl, int flags)
-{
- ctx->issuer_cert = issuer;
- ctx->subject_cert = subj;
- ctx->crl = crl;
- ctx->subject_req = req;
- ctx->flags = flags;
-}
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509 *cert)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+ }
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509_CRL *crl)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+ }
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509_REQ *req)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+ }
#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
int X509V3_add_value_bool_nf(char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
#endif
projects / oweals / openssl.git / commitdiff