#define ENV_NAMEOPT "name_opt"
#define ENV_CERTOPT "cert_opt"
#define ENV_EXTCOPY "copy_extensions"
+#define ENV_UNIQUE_SUBJECT "unique_subject"
#define ENV_DATABASE "database"
{
ENGINE *e = NULL;
char *key=NULL,*passargin=NULL;
+ int create_ser = 0;
int free_key = 0;
int total=0;
int total_done=0;
subj= *(++argv);
/* preserve=1; */
}
+ else if (strcmp(*argv,"-create_serial") == 0)
+ create_ser = 1;
else if (strcmp(*argv,"-multivalue-rdn") == 0)
multirdn=1;
else if (strcmp(*argv,"-startdate") == 0)
if (configfile == NULL)
{
const char *s=X509_get_default_cert_area();
+ size_t len;
#ifdef OPENSSL_SYS_VMS
- tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+ len = strlen(s)+sizeof(CONFIG_FILE);
+ tofree=OPENSSL_malloc(len);
strcpy(tofree,s);
#else
- tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
- strcpy(tofree,s);
- strcat(tofree,"/");
+ len = strlen(s)+sizeof(CONFIG_FILE)+1;
+ tofree=OPENSSL_malloc(len);
+ BUF_strlcpy(tofree,s,len);
+ BUF_strlcat(tofree,"/",len);
#endif
- strcat(tofree,CONFIG_FILE);
+ BUF_strlcat(tofree,CONFIG_FILE,len);
configfile=tofree;
}
app_RAND_load_file(randfile, bio_err, 0);
db_attr.unique_subject = 1;
- p = NCONF_get_string(conf, section, "unique_subject");
+ p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
if (p)
{
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
#endif
- switch(*p)
- {
- case 'f': /* false */
- case 'F': /* FALSE */
- case 'n': /* no */
- case 'N': /* NO */
- db_attr.unique_subject = 0;
- break;
- case 't': /* true */
- case 'T': /* TRUE */
- case 'y': /* yes */
- case 'Y': /* YES */
- default:
- db_attr.unique_subject = 1;
- break;
- }
+ db_attr.unique_subject = parse_yesno(p,1);
}
-#ifdef RL_DEBUG
else
+ ERR_clear_error();
+#ifdef RL_DEBUG
+ if (!p)
BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
#endif
#ifdef RL_DEBUG
goto err;
}
- if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
+ if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
{
BIO_printf(bio_err,"error while loading serial number\n");
goto err;
for (i=0; i<sk_X509_num(cert_sk); i++)
{
int k;
- unsigned char *n;
+ char *n;
x=sk_X509_value(cert_sk,i);
strcpy(buf[2],outdir);
#ifndef OPENSSL_SYS_VMS
- strcat(buf[2],"/");
+ BUF_strlcat(buf[2],"/",sizeof(buf[2]));
#endif
- n=(unsigned char *)&(buf[2][strlen(buf[2])]);
+ n=(char *)&(buf[2][strlen(buf[2])]);
if (j > 0)
{
for (k=0; k<j; k++)
{
- sprintf((char *)n,"%02X",(unsigned char)*(p++));
+ if (n >= &(buf[2][sizeof(buf[2])]))
+ break;
+ BIO_snprintf(n,
+ &buf[2][0] + sizeof(buf[2]) - n,
+ "%02X",(unsigned char)*(p++));
n+=2;
}
}
if (subj)
{
- X509_NAME *n = do_subject(subj, MBSTRING_ASC, multirdn);
+ X509_NAME *n = parse_name(subj, MBSTRING_ASC, multirdn);
if (!n)
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
- strcpy(row[DB_file],"unknown");
+ BUF_strlcpy(row[DB_file],"unknown",8);
row[DB_type][0]='V';
row[DB_type][1]='\0';
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
- strcpy(row[DB_file],"unknown");
+ BUF_strlcpy(row[DB_file],"unknown",8);
row[DB_type][0]='V';
row[DB_type][1]='\0';
if (!str) return NULL;
- strcpy(str, (char *)revtm->data);
+ BUF_strlcpy(str, (char *)revtm->data, i);
if (reason)
{
- strcat(str, ",");
- strcat(str, reason);
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, reason, i);
}
if (other)
{
- strcat(str, ",");
- strcat(str, other);
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, other, i);
}
ASN1_UTCTIME_free(revtm);
return str;
return ret;
}
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-X509_NAME *do_subject(char *subject, long chtype, int multirdn)
- {
- size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
- char *buf = OPENSSL_malloc(buflen);
- size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
- char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
- char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
- int *mval = OPENSSL_malloc (max_ne * sizeof (int));
-
- char *sp = subject, *bp = buf;
- int i, ne_num = 0;
-
- X509_NAME *n = NULL;
- int nid;
-
- if (!buf || !ne_types || !ne_values)
- {
- BIO_printf(bio_err, "malloc error\n");
- goto error;
- }
-
- if (*subject != '/')
- {
- BIO_printf(bio_err, "Subject does not start with '/'.\n");
- goto error;
- }
- sp++; /* skip leading / */
-
- /* no multivalued RDN by default */
- mval[ne_num] = 0;
-
- while (*sp)
- {
- /* collect type */
- ne_types[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\') /* is there anything to escape in the type...? */
- {
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error;
- }
- }
- else if (*sp == '=')
- {
- sp++;
- *bp++ = '\0';
- break;
- }
- else
- *bp++ = *sp++;
- }
- if (!*sp)
- {
- BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
- goto error;
- }
- ne_values[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\')
- {
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error;
- }
- }
- else if (*sp == '/')
- {
- sp++;
- /* no multivalued RDN by default */
- mval[ne_num+1] = 0;
- break;
- }
- else if (*sp == '+' && multirdn)
- {
- /* a not escaped + signals a mutlivalued RDN */
- sp++;
- mval[ne_num+1] = -1;
- break;
- }
- else
- *bp++ = *sp++;
- }
- *bp++ = '\0';
- ne_num++;
- }
-
- if (!(n = X509_NAME_new()))
- goto error;
-
- for (i = 0; i < ne_num; i++)
- {
- if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
- {
- BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!*ne_values[i])
- {
- BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
- goto error;
- }
-
- OPENSSL_free(ne_values);
- OPENSSL_free(ne_types);
- OPENSSL_free(buf);
- return n;
-
-error:
- X509_NAME_free(n);
- if (ne_values)
- OPENSSL_free(ne_values);
- if (ne_types)
- OPENSSL_free(ne_types);
- if (buf)
- OPENSSL_free(buf);
- return NULL;
-}
-
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
{
char buf[25],*pbuf, *p;