'-C' is still quite broken

[openssl.git] / apps / ca.c

diff --git a/apps/ca.c b/apps/ca.c
index a6e6976f7f7f5caa8ea0f79d3c15f27d26b30233..04246bbe477df1b364bacd3fda36c15261c72cc2 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -238,7 +238,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
        unsigned long certopt, unsigned long nameopt, int default_op,
        int ext_copy);
-static X509_NAME *do_subject(char *subject, int email_dn);
+static X509_NAME *do_subject(char *subject);
 static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
 static int get_certificate_status(const char *ser_status, TXT_DB *db);
 static int do_updatedb(TXT_DB *db);
@@ -1501,6 +1501,11 @@ bad:
                        if (pkey->type == EVP_PKEY_DSA) 
                                dgst=EVP_dss1();
                        else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+                       if (pkey->type == EVP_PKEY_ECDSA)
+                               dgst=EVP_ecdsa();
+                       else
 #endif
                                dgst=EVP_md5();
                        }
@@ -1859,7 +1864,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 
        if (subj)
                {
-               X509_NAME *n = do_subject(subj, email_dn);
+               X509_NAME *n = do_subject(subj);
 
                if (!n)
                        {
@@ -1909,14 +1914,17 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                        BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
                        goto err;
                        }
-               j=ASN1_PRINTABLE_type(str->data,str->length);
-               if (    ((j == V_ASN1_T61STRING) &&
-                        (str->type != V_ASN1_T61STRING)) ||
-                       ((j == V_ASN1_IA5STRING) &&
-                        (str->type == V_ASN1_PRINTABLESTRING)))
+               if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
                        {
-                       BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
-                       goto err;
+                       j=ASN1_PRINTABLE_type(str->data,str->length);
+                       if (    ((j == V_ASN1_T61STRING) &&
+                                (str->type != V_ASN1_T61STRING)) ||
+                               ((j == V_ASN1_IA5STRING) &&
+                                (str->type == V_ASN1_PRINTABLESTRING)))
+                               {
+                               BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+                               goto err;
+                               }
                        }
 
                if (default_op)
@@ -2060,7 +2068,7 @@ again2:
                        goto err;
                        }
                while((i = X509_NAME_get_index_by_NID(dn_subject,
-                                       NID_pkcs9_emailAddress, -1) >= 0))
+                                       NID_pkcs9_emailAddress, -1)) >= 0)
                        {
                        tmpne = X509_NAME_get_entry(dn_subject, i);
                        X509_NAME_delete_entry(dn_subject, i);
@@ -2267,6 +2275,16 @@ again2:
                EVP_PKEY_copy_parameters(pktmp,pkey);
        EVP_PKEY_free(pktmp);
 #endif
+#ifndef OPENSSL_NO_ECDSA
+       if (pkey->type == EVP_PKEY_ECDSA)
+               dgst = EVP_ecdsa();
+       pktmp = X509_get_pubkey(ret);
+       if (EVP_PKEY_missing_parameters(pktmp) &&
+               !EVP_PKEY_missing_parameters(pkey))
+               EVP_PKEY_copy_parameters(pktmp, pkey);
+       EVP_PKEY_free(pktmp);
+#endif
+
 
        if (!X509_sign(ret,pkey,dgst))
                goto err;
@@ -2990,7 +3008,7 @@ int make_revoked(X509_REVOKED *rev, char *str)
        return ret;
        }
 
-static X509_NAME *do_subject(char *subject, int email_dn)
+static X509_NAME *do_subject(char *subject)
        {
        X509_NAME *n = NULL;
 
@@ -3039,9 +3057,6 @@ static X509_NAME *do_subject(char *subject, int email_dn)
                        continue;
                        }
 
-               if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
-                       continue;
-
                if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_value, -1,-1,0))
                        {
                        X509_NAME_free(n);