Update docs, change 'ca' to use the new callback parameter. Now moved key_callback
into app.c because some other utilities will use it soon.
OpenSSL STATUS Last modified at
OpenSSL STATUS Last modified at
- ______________ $Date: 1999/10/30 19:09:01 $
+ ______________ $Date: 1999/11/11 13:58:22 $
Private key, certificate and CRL API and implementation.
Checking and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
Private key, certificate and CRL API and implementation.
Checking and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
+ Documentation for the openssl utility.
o Mark is currently working on:
Folding in any changes that are in the C2Net code base that were
o Mark is currently working on:
Folding in any changes that are in the C2Net code base that were
- o Arne Ansper: d2i_ASN1_bytes bug
o salzr@certco.com (Rich Salz): Bug in X509_name_print
<29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
o salzr@certco.com (Rich Salz): Bug in X509_name_print
<29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
- o NO_FP_API ("Andrija Antonijevic" <TheAntony@bigfoot.com>)
o $(PERL) in */Makefile.ssl
o "Sign the certificate?" - "n" creates empty certificate file
o $(PERL) in */Makefile.ssl
o "Sign the certificate?" - "n" creates empty certificate file
+
+int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key)
+ {
+ int i;
+
+ if (key == NULL) return(0);
+ i=strlen(key);
+ i=(i > len)?len:i;
+ memcpy(buf,key,i);
+ return(i);
+ }
int str2fmt(char *s);
void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
int str2fmt(char *s);
void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
+int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
static int add_oid_section(LHASH *conf);
static void lookup_fail(char *name,char *tag);
static int add_oid_section(LHASH *conf);
static void lookup_fail(char *name,char *tag);
-static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
static unsigned long index_serial_hash(char **a);
static int index_serial_cmp(char **a, char **b);
static unsigned long index_name_hash(char **a);
static unsigned long index_serial_hash(char **a);
static int index_serial_cmp(char **a, char **b);
static unsigned long index_name_hash(char **a);
static int do_revoke(X509 *x509, TXT_DB *db);
static int check_time_format(char *str);
static LHASH *conf=NULL;
static int do_revoke(X509 *x509, TXT_DB *db);
static int check_time_format(char *str);
static LHASH *conf=NULL;
static char *section=NULL;
static int preserve=0;
static char *section=NULL;
static int preserve=0;
int MAIN(int argc, char **argv)
{
int MAIN(int argc, char **argv)
{
int total=0;
int total_done=0;
int badops=0;
int total=0;
int total_done=0;
int badops=0;
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
else
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
else
{
- pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL);
+ pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key);
memset(key,0,strlen(key));
}
if (pkey == NULL)
memset(key,0,strlen(key));
}
if (pkey == NULL)
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
-static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u)
- {
- int i;
-
- if (key == NULL) return(0);
- i=strlen(key);
- i=(i > len)?len:i;
- memcpy(buf,key,i);
- return(i);
- }
-
static unsigned long index_serial_hash(char **a)
{
char *n;
static unsigned long index_serial_hash(char **a)
{
char *n;
LHASH *CONF_load(LHASH *h, const char *file, long *line)
{
LHASH *ltmp;
LHASH *CONF_load(LHASH *h, const char *file, long *line)
{
LHASH *ltmp;
-#ifdef VMS
- in=fopen(file,"r");
-#else
- in=fopen(file,"rb");
-#endif
+ in=BIO_new_file(file, "rb");
- SYSerr(SYS_F_FOPEN,get_last_sys_error());
- ERR_set_error_data(BUF_strdup(file),
- ERR_TXT_MALLOCED|ERR_TXT_STRING);
CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
return NULL;
}
CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
return NULL;
}
- ltmp = CONF_load_fp(h, in, line);
- fclose(in);
+ ltmp = CONF_load_bio(h, in, line);
+ BIO_free(in);
LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
{
BIO *btmp;
LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
{
BIO *btmp;
BIO_free(btmp);
return ltmp;
}
BIO_free(btmp);
return ltmp;
}
LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
{
LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
{
DECLARE_STACK_OF(CONF_VALUE)
LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
DECLARE_STACK_OF(CONF_VALUE)
LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
char *CONF_get_string(LHASH *conf,char *group,char *name);
LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
char *CONF_get_string(LHASH *conf,char *group,char *name);
int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cb, void *u)
{
int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cb, void *u)
{
BIO_free(bp);
return ret;
}
BIO_free(bp);
return ret;
}
-this is a legacy option for compatability with very old versions of
+this is a legacy option to make B<ca> work with very old versions of
the IE certificate enrollment control "certenr3". It used UniversalStrings
for almost everything. Since the old control has various security bugs
its use is strongly discouraged. The newer control "Xenroll" does not
the IE certificate enrollment control "certenr3". It used UniversalStrings
for almost everything. Since the old control has various security bugs
its use is strongly discouraged. The newer control "Xenroll" does not
-this option is also for compatability with the older IE enrollment
-control. It only accepts certificates if their DNs match the
-order of the request. This is not needed for Xenroll.
+Normally the DN order of a certificate is the same as the order of the
+fields in the relevant policy section. When this option is set the order
+is the same as the request. This is largely for compatability with the
+older IE enrollment control which would only accept certificates if their
+DNs match the order of the request. This is not needed for Xenroll.
projects / openssl.git / commitdiff