#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
-#include <openssl/engine.h>
#define PROG pkcs12_main
ENGINE *e = NULL;
char *infile=NULL, *outfile=NULL, *keyname = NULL;
char *certfile=NULL;
- BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
+ BIO *in=NULL, *out = NULL;
char **args;
char *name = NULL;
char *csp_name = NULL;
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
#endif
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*argv,"-aes128")) enc=EVP_aes_128_cbc();
+ else if (!strcmp(*argv,"-aes192")) enc=EVP_aes_192_cbc();
+ else if (!strcmp(*argv,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER;
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
goto end;
}
+#if 0
if (certfile) {
if(!(certsin = BIO_new_file(certfile, "r"))) {
BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
goto end;
}
}
+#endif
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("process -export_cert");
CRYPTO_push_info("reading private key");
#endif
- key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
- if (!inkey) (void) BIO_reset(in);
- else BIO_free(inkey);
+ key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM,
+ passin, e, "private key");
if (!key) {
- BIO_printf (bio_err, "Error loading private key\n");
- ERR_print_errors(bio_err);
goto export_end;
}
CRYPTO_push_info("reading certs from input");
#endif
- certs = sk_X509_new_null();
-
/* Load in all certs in input file */
- if(!cert_load(in, certs)) {
- BIO_printf(bio_err, "Error loading certificates from input\n");
- ERR_print_errors(bio_err);
+ if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+ "certificates"))) {
goto export_end;
}
bags = sk_PKCS12_SAFEBAG_new_null ();
/* Add any more certificates asked for */
- if (certsin) {
- if(!cert_load(certsin, certs)) {
- BIO_printf(bio_err, "Error loading certificates from certfile\n");
- ERR_print_errors(bio_err);
+ if (certfile) {
+ STACK_OF(X509) *morecerts=NULL;
+ if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+ NULL, e,
+ "certificates from certfile"))) {
goto export_end;
}
- BIO_free(certsin);
+ while(sk_X509_num(morecerts) > 0) {
+ sk_X509_push(certs, sk_X509_shift(morecerts));
+ }
+ sk_X509_free(morecerts);
}
#ifdef CRYPTO_MDEBUG
if (canames) sk_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
+ apps_shutdown();
EXIT(ret);
}
STACK_OF(X509) *chn;
int i;
+ /* FIXME: Should really check the return status of X509_STORE_CTX_init
+ * for an error, but how that fits into the return value of this
+ * function is less obvious. */
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
projects / openssl.git / blobdiff