#include <openssl/ts.h>
/* Macro definitions for the configuration file. */
-
#define BASE_SECTION "tsa"
#define ENV_DEFAULT_TSA "default_tsa"
#define ENV_SERIAL "serial"
#define ENV_SIGNER_CERT "signer_cert"
#define ENV_CERTS "certs"
#define ENV_SIGNER_KEY "signer_key"
+#define ENV_SIGNER_DIGEST "signer_digest"
#define ENV_DEFAULT_POLICY "default_policy"
#define ENV_OTHER_POLICIES "other_policies"
#define ENV_DIGESTS "digests"
ENGINE *e = NULL;
int ret = 0;
- /* Leave the default if builtin specified. */
if (strcmp(name, "builtin") == 0)
return 1;
if ((e = ENGINE_by_id(name)) == NULL)
goto err;
-
- /* Enable the use of the NCipher HSM for forked children. */
if (strcmp(name, "chil") == 0)
ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
- /* All the operations are going to be carried out by the engine. */
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
goto err;
ret = 1;
+
err:
if (!ret) {
TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE);
return ret;
}
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+ const char *md, TS_RESP_CTX *ctx)
+{
+ int ret = 0;
+ const EVP_MD *sign_md = NULL;
+ if (md == NULL)
+ md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST);
+ if (md == NULL) {
+ ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST);
+ goto err;
+ }
+ sign_md = EVP_get_digestbyname(md);
+ if (sign_md == NULL) {
+ ts_CONF_invalid(section, ENV_SIGNER_DIGEST);
+ goto err;
+ }
+ if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md))
+ goto err;
+
+ ret = 1;
+ err:
+ return ret;
+}
+
int TS_CONF_set_def_policy(CONF *conf, const char *section,
const char *policy, TS_RESP_CTX *ctx)
{
static int ts_CONF_add_flag(CONF *conf, const char *section,
const char *field, int flag, TS_RESP_CTX *ctx)
{
- /* Default is false. */
const char *value = NCONF_get_string(conf, section, field);
+
if (value) {
if (strcmp(value, ENV_VALUE_YES) == 0)
TS_RESP_CTX_add_flags(ctx, flag);