#define ENV_DATABASE "database"
/* Additional revocation information types */
-
-#define REV_NONE 0 /* No addditional information */
-#define REV_CRL_REASON 1 /* Value is CRL reason code */
-#define REV_HOLD 2 /* Value is hold instruction */
-#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
-#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
+typedef enum {
+ REV_VALID = -1, /* Valid (not-revoked) status */
+ REV_NONE = 0, /* No additional information */
+ REV_CRL_REASON = 1, /* Value is CRL reason code */
+ REV_HOLD = 2, /* Value is hold instruction */
+ REV_KEY_COMPROMISE = 3, /* Value is cert key compromise time */
+ REV_CA_COMPROMISE = 4 /* Value is CA key compromise time */
+} REVINFO_TYPE;
static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *conf,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate,
+ long days, int batch, const char *ext_sect, CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign);
-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, int batch, const char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate,
- char *enddate, long days, char *ext_sect, CONF *conf,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, const char *ext_sect, CONF *conf,
int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der,
- int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
- char *subj, unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days,
- int batch, int verbose, X509_REQ *req, char *ext_sect,
+ const char *subj, unsigned long chtype, int multirdn,
+ int email_dn, const char *startdate, const char *enddate, long days,
+ int batch, int verbose, X509_REQ *req, const char *ext_sect,
CONF *conf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign);
-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
static int get_certificate_status(const char *ser_status, CA_DB *db);
static int do_updatedb(CA_DB *db);
static int check_time_format(const char *str);
-char *make_revocation_str(int rev_type, char *rev_arg);
-int make_revoked(X509_REVOKED *rev, const char *str);
+static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
+ const char *extval);
+static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg);
+static int make_revoked(X509_REVOKED *rev, const char *str);
static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static CONF *extconf = NULL;
static int preserve = 0;
OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC,
OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
- OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE,
- OPT_CRL_CA_COMPROMISE
+ /* Do not change the order here; see related case statements below */
+ OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
} OPTION_CHOICE;
-OPTIONS ca_options[] = {
+const OPTIONS ca_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"verbose", OPT_VERBOSE, '-', "Verbose output during processing"},
{"config", OPT_CONFIG, 's', "A config file"},
{"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"},
{"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
{"create_serial", OPT_CREATE_SERIAL, '-',
- "If reading serial fails, create a new random serial"},
+ "If reading serial fails, create a new random serial"},
{"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
"Enable support for multivalued RDNs"},
{"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
{"spkac", OPT_SPKAC, '<',
"File contains DN and signed public key and challenge"},
{"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
- {"valid", OPT_VALID, 's'},
+ {"valid", OPT_VALID, 's',
+ "Add a Valid(not-revoked) DB entry about a cert (given in file)"},
{"extensions", OPT_EXTENSIONS, 's',
"Extension section (override value in config file)"},
{"extfile", OPT_EXTFILE, '<',
ENGINE *e = NULL;
BIGNUM *crlnumber = NULL, *serial = NULL;
EVP_PKEY *pkey = NULL;
- BIO *in = NULL, *out = NULL, *Sout = NULL, *Cout = NULL;
+ BIO *in = NULL, *out = NULL, *Sout = NULL;
ASN1_INTEGER *tmpser;
ASN1_TIME *tmptm;
CA_DB *db = NULL;
const EVP_MD *dgst = NULL;
char *configfile = default_config_file, *section = NULL;
char *md = NULL, *policy = NULL, *keyfile = NULL;
- char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
- char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
- char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL;
+ char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL, *key = NULL;
+ const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
+ const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
- char *serialfile = NULL, *startdate = NULL, *subj = NULL;
- char *prog, *enddate = NULL;
+ const char *serialfile = NULL, *subj = NULL;
+ char *prog, *startdate = NULL, *enddate = NULL;
char *dbfile = NULL, *f, *randfile = NULL;
char buf[3][BSIZE];
char *const *pp;
int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0;
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
- int i, j, rev_type = REV_NONE, selfsign = 0;
+ int i, j, selfsign = 0;
long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0;
X509 *x509 = NULL, *x509p = NULL, *x = NULL;
+ REVINFO_TYPE rev_type = REV_NONE;
X509_REVOKED *r = NULL;
OPTION_CHOICE o;
case OPT_CRLEXTS:
crl_ext = opt_arg();
break;
- case OPT_CRL_REASON:
- rev_arg = opt_arg();
- rev_type = REV_CRL_REASON;
- break;
+ case OPT_CRL_REASON: /* := REV_CRL_REASON */
case OPT_CRL_HOLD:
- rev_arg = opt_arg();
- rev_type = REV_HOLD;
- break;
case OPT_CRL_COMPROMISE:
- rev_arg = opt_arg();
- rev_type = REV_KEY_COMPROMISE;
- break;
case OPT_CRL_CA_COMPROMISE:
rev_arg = opt_arg();
- rev_type = REV_CA_COMPROMISE;
+ rev_type = (o - OPT_CRL_REASON) + REV_CRL_REASON;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
/* report status of cert with serial number given on command line */
if (ser_status) {
dbfile = lookup_conf(conf, section, ENV_DATABASE);
- if (dbfile == NULL)
+ if (dbfile == NULL)
goto end;
db = load_index(dbfile, &db_attr);
if (verbose)
BIO_printf(bio_err, "writing new certificates\n");
for (i = 0; i < sk_X509_num(cert_sk); i++) {
+ BIO *Cout = NULL;
ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
int k;
char *n;
x = sk_X509_value(cert_sk, i);
j = ASN1_STRING_length(serialNumber);
- p = (const char *)ASN1_STRING_data(serialNumber);
+ p = (const char *)ASN1_STRING_get0_data(serialNumber);
if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
BIO_printf(bio_err, "certificate file name too long\n");
}
write_new_certificate(Cout, x, 0, notext);
write_new_certificate(Sout, x, output_der, notext);
+ BIO_free_all(Cout);
}
if (sk_X509_num(cert_sk)) {
if (tmptm == NULL)
goto end;
X509_gmtime_adj(tmptm, 0);
- X509_CRL_set_lastUpdate(crl, tmptm);
+ X509_CRL_set1_lastUpdate(crl, tmptm);
if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
NULL)) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
goto end;
}
- X509_CRL_set_nextUpdate(crl, tmptm);
+ X509_CRL_set1_nextUpdate(crl, tmptm);
ASN1_TIME_free(tmptm);
if (revcert == NULL)
goto end;
if (dorevoke == 2)
- rev_type = -1;
+ rev_type = REV_VALID;
j = do_revoke(revcert, db, rev_type, rev_arg);
if (j <= 0)
goto end;
/*****************************************************************/
ret = 0;
end:
- BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free_all(in);
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
+ release_engine(e);
return (ret);
}
return entry;
}
-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *lconf,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate,
+ long days, int batch, const char *ext_sect, CONF *lconf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
return (ok);
}
-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, int batch, const char *ext_sect,
CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
- char *subj, unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days,
- int batch, int verbose, X509_REQ *req, char *ext_sect,
+ const char *subj, unsigned long chtype, int multirdn,
+ int email_dn, const char *startdate, const char *enddate, long days,
+ int batch, int verbose, X509_REQ *req, const char *ext_sect,
CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
NULL;
- ASN1_UTCTIME *tm;
+ const ASN1_TIME *tm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
X509 *ret = NULL;
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
- if (rrow[DB_type][0] == 'E')
+ if (rrow[DB_type][0] == DB_TYPE_EXP)
p = "Expired";
- else if (rrow[DB_type][0] == 'R')
+ else if (rrow[DB_type][0] == DB_TYPE_REV)
p = "Revoked";
- else if (rrow[DB_type][0] == 'V')
+ else if (rrow[DB_type][0] == DB_TYPE_VAL)
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
- if (rrow[DB_type][0] == 'R') {
+ if (rrow[DB_type][0] == DB_TYPE_REV) {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
goto end;
}
- if (strcmp(startdate, "today") == 0)
- X509_gmtime_adj(X509_get_notBefore(ret), 0);
- else
- ASN1_TIME_set_string(X509_get_notBefore(ret), startdate);
+ if (!set_cert_times(ret, startdate, enddate, days))
+ goto end;
- if (enddate == NULL)
- X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);
- else {
+ if (enddate != NULL) {
int tdays;
- ASN1_TIME_set_string(X509_get_notAfter(ret), enddate);
- ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
+ ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
days = tdays;
}
}
BIO_printf(bio_err, "Certificate is to be certified until ");
- ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
+ ASN1_TIME_print(bio_err, X509_get0_notAfter(ret));
if (days)
BIO_printf(bio_err, " (%ld days)", days);
BIO_printf(bio_err, "\n");
if (!do_X509_sign(ret, pkey, dgst, sigopts))
goto end;
- /* We now just add it to the database */
+ /* We now just add it to the database as DB_TYPE_VAL('V') */
row[DB_type] = OPENSSL_strdup("V");
- tm = X509_get_notAfter(ret);
+ tm = X509_get0_notAfter(ret);
row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
PEM_write_bio_X509(bp, x);
}
-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate,
- char *enddate, long days, char *ext_sect,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, const char *ext_sect,
CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
return ASN1_TIME_set_string(NULL, str);
}
-static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
+static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
+ const char *value)
{
- ASN1_UTCTIME *tm = NULL;
+ const ASN1_TIME *tm = NULL;
char *row[DB_NUMBER], **rrow, **irow;
char *rev_str = NULL;
BIGNUM *bn = NULL;
"Adding Entry with serial number %s to DB for %s\n",
row[DB_serial], row[DB_name]);
- /* We now just add it to the database */
+ /* We now just add it to the database as DB_TYPE_REV('V') */
row[DB_type] = OPENSSL_strdup("V");
- tm = X509_get_notAfter(x509);
+ tm = X509_get0_notAfter(x509);
row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
}
/* Revoke Certificate */
- if (type == -1)
+ if (rev_type == REV_VALID)
ok = 1;
else
- ok = do_revoke(x509, db, type, value);
+ /* Retry revocation after DB insertion */
+ ok = do_revoke(x509, db, rev_type, value);
goto end;
} else if (index_name_cmp_noconst(row, rrow)) {
BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]);
goto end;
- } else if (type == -1) {
+ } else if (rev_type == REV_VALID) {
BIO_printf(bio_err, "ERROR:Already present, serial number %s\n",
row[DB_serial]);
goto end;
- } else if (rrow[DB_type][0] == 'R') {
+ } else if (rrow[DB_type][0] == DB_TYPE_REV) {
BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
row[DB_serial]);
goto end;
} else {
BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]);
- rev_str = make_revocation_str(type, value);
+ rev_str = make_revocation_str(rev_type, value);
if (!rev_str) {
BIO_printf(bio_err, "Error in revocation arguments\n");
goto end;
}
- rrow[DB_type][0] = 'R';
+ rrow[DB_type][0] = DB_TYPE_REV;
rrow[DB_type][1] = '\0';
rrow[DB_rev_date] = rev_str;
}
BIO_printf(bio_err, "Serial %s not present in db.\n", row[DB_serial]);
ok = -1;
goto end;
- } else if (rrow[DB_type][0] == 'V') {
+ } else if (rrow[DB_type][0] == DB_TYPE_VAL) {
BIO_printf(bio_err, "%s=Valid (%c)\n",
row[DB_serial], rrow[DB_type][0]);
goto end;
- } else if (rrow[DB_type][0] == 'R') {
+ } else if (rrow[DB_type][0] == DB_TYPE_REV) {
BIO_printf(bio_err, "%s=Revoked (%c)\n",
row[DB_serial], rrow[DB_type][0]);
goto end;
- } else if (rrow[DB_type][0] == 'E') {
+ } else if (rrow[DB_type][0] == DB_TYPE_EXP) {
BIO_printf(bio_err, "%s=Expired (%c)\n",
row[DB_serial], rrow[DB_type][0]);
goto end;
- } else if (rrow[DB_type][0] == 'S') {
+ } else if (rrow[DB_type][0] == DB_TYPE_SUSP) {
BIO_printf(bio_err, "%s=Suspended (%c)\n",
row[DB_serial], rrow[DB_type][0]);
goto end;
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
- if (rrow[DB_type][0] == 'V') {
+ if (rrow[DB_type][0] == DB_TYPE_VAL) {
/* ignore entries that are not valid */
if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
db_y2k = 1;
if (db_y2k == a_y2k) {
/* all on the same y2k side */
if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
- rrow[DB_type][0] = 'E';
+ rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
} else if (db_y2k < a_y2k) {
- rrow[DB_type][0] = 'E';
+ rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
* additional argument
*/
-char *make_revocation_str(int rev_type, char *rev_arg)
+static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg)
{
- char *other = NULL, *str;
- const char *reason = NULL;
+ char *str;
+ const char *reason = NULL, *other = NULL;
ASN1_OBJECT *otmp;
ASN1_UTCTIME *revtm = NULL;
int i;
+
switch (rev_type) {
case REV_NONE:
+ case REV_VALID:
break;
case REV_CRL_REASON:
case REV_HOLD:
/* Argument is an OID */
-
otmp = OBJ_txt2obj(rev_arg, 0);
ASN1_OBJECT_free(otmp);
case REV_KEY_COMPROMISE:
case REV_CA_COMPROMISE:
-
/* Argument is the key compromise time */
if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
BIO_printf(bio_err,
reason = "CAkeyTime";
break;
-
}
revtm = X509_gmtime_adj(NULL, 0);
* 2 OK and some extensions added (i.e. V2 CRL)
*/
-int make_revoked(X509_REVOKED *rev, const char *str)
+static int make_revoked(X509_REVOKED *rev, const char *str)
{
char *tmp = NULL;
int reason_code = -1;
static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str)
{
- char buf[25], *pbuf, *p;
+ char buf[25], *pbuf;
+ const char *p;
int j;
+
j = i2a_ASN1_OBJECT(bio_err, obj);
pbuf = buf;
for (j = 22 - j; j > 0; j--)
else
BIO_printf(bio_err, "ASN.1 %2d:'", str->type);
- p = (char *)str->data;
+ p = (const char *)str->data;
for (j = str->length; j > 0; j--) {
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bio_err, "%c", *p);