Modify apps to use NCONF code instead of old CONF code.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 28 Jun 2001 11:41:50 +0000 (11:41 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 28 Jun 2001 11:41:50 +0000 (11:41 +0000)
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...

12 files changed:
CHANGES
apps/apps.c
apps/apps.h
apps/ca.c
apps/openssl.c
apps/req.c
apps/spkac.c
apps/x509.c
crypto/conf/conf.h
crypto/conf/conf_lib.c
crypto/x509v3/v3_conf.c
crypto/x509v3/x509v3.h

diff --git a/CHANGES b/CHANGES
index 74189b3..76d123a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
   *) Handle special case when X509_NAME is empty in X509 printing routines.
      [Steve Henson]
 
index d3b6ca8..2d2fb38 100644 (file)
@@ -591,18 +591,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
        return BUF_strdup(tpass);
 }
 
-int add_oid_section(BIO *err, LHASH *conf)
+int add_oid_section(BIO *err, CONF *conf)
 {      
        char *p;
        STACK_OF(CONF_VALUE) *sktmp;
        CONF_VALUE *cnf;
        int i;
-       if(!(p=CONF_get_string(conf,NULL,"oid_section")))
+       if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
                {
                ERR_clear_error();
                return 1;
                }
-       if(!(sktmp = CONF_get_section(conf, p))) {
+       if(!(sktmp = NCONF_get_section(conf, p))) {
                BIO_printf(err, "problem loading oid section %s\n", p);
                return 0;
        }
index 34935bd..ae2f7f0 100644 (file)
@@ -101,7 +101,7 @@ extern BIO *bio_err;
 #else
 
 #define MAIN(a,v)      PROG(a,v)
-extern LHASH *config;
+extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
 
@@ -175,7 +175,7 @@ int set_name_ex(unsigned long *flags, const char *arg);
 int set_ext_copy(int *copy_type, const char *arg);
 int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, LHASH *conf);
+int add_oid_section(BIO *err, CONF *conf);
 X509 *load_cert(BIO *err, const char *file, int format,
        const char *pass, ENGINE *e, const char *cert_descrip);
 EVP_PKEY *load_key(BIO *err, const char *file, int format,
index e663318..e0a9ef9 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -213,28 +213,28 @@ static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
                   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
                   BIGNUM *serial, char *subj, char *startdate,char *enddate,
-                  int days, int batch, char *ext_sect, LHASH *conf,int verbose,
+                  long days, int batch, char *ext_sect, CONF *conf,int verbose,
                   unsigned long certopt, unsigned long nameopt, int default_op,
                   int ext_copy);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
                        const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
                        TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,
-                       char *enddate, int days, int batch, char *ext_sect,
-                       LHASH *conf,int verbose, unsigned long certopt,
+                       char *enddate, long days, int batch, char *ext_sect,
+                       CONF *conf,int verbose, unsigned long certopt,
                        unsigned long nameopt, int default_op, int ext_copy,
                        ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
                         const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
                         TXT_DB *db, BIGNUM *serial,char *subj, char *startdate,
-                        char *enddate, int days, char *ext_sect,LHASH *conf,
+                        char *enddate, long days, char *ext_sect,CONF *conf,
                         int verbose, unsigned long certopt, unsigned long nameopt,
                         int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
-       char *startdate, char *enddate, int days, int batch, int verbose,
-       X509_REQ *req, char *ext_sect, LHASH *conf,
+       char *startdate, char *enddate, long days, int batch, int verbose,
+       X509_REQ *req, char *ext_sect, CONF *conf,
        unsigned long certopt, unsigned long nameopt, int default_op,
        int ext_copy);
 static X509_NAME *do_subject(char *subject);
@@ -245,8 +245,8 @@ static int check_time_format(char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, char *str);
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static LHASH *conf=NULL;
-static LHASH *extconf=NULL;
+static CONF *conf=NULL;
+static CONF *extconf=NULL;
 static char *section=NULL;
 
 static int preserve=0;
@@ -300,7 +300,7 @@ int MAIN(int argc, char **argv)
        BIGNUM *serial=NULL;
        char *startdate=NULL;
        char *enddate=NULL;
-       int days=0;
+       long days=0;
        int batch=0;
        int notext=0;
        unsigned long nameopt = 0, certopt = 0;
@@ -571,7 +571,8 @@ bad:
                }
 
        BIO_printf(bio_err,"Using configuration from %s\n",configfile);
-       if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+       conf = NCONF_new(NULL);
+       if (NCONF_load(conf,configfile,&errorline) <= 0)
                {
                if (errorline <= 0)
                        BIO_printf(bio_err,"error loading the config file '%s'\n",
@@ -585,7 +586,7 @@ bad:
        /* Lets get the config section we are using */
        if (section == NULL)
                {
-               section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+               section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
                if (section == NULL)
                        {
                        lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
@@ -595,7 +596,7 @@ bad:
 
        if (conf != NULL)
                {
-               p=CONF_get_string(conf,NULL,"oid_file");
+               p=NCONF_get_string(conf,NULL,"oid_file");
                if (p == NULL)
                        ERR_clear_error();
                if (p != NULL)
@@ -624,7 +625,7 @@ bad:
                        }
                }
 
-       randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+       randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
        if (randfile == NULL)
                ERR_clear_error();
        app_RAND_load_file(randfile, bio_err, 0);
@@ -643,7 +644,7 @@ bad:
        /* report status of cert with serial number given on command line */
        if (ser_status)
        {
-               if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+               if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
                        {
                        lookup_fail(section,ENV_DATABASE);
                        goto err;
@@ -676,7 +677,7 @@ bad:
        /*****************************************************************/
        /* we definitely need a public key, so let's get it */
 
-       if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+       if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
                section,ENV_PRIVATE_KEY)) == NULL))
                {
                lookup_fail(section,ENV_PRIVATE_KEY);
@@ -698,7 +699,7 @@ bad:
 
        /*****************************************************************/
        /* we need a certificate */
-       if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+       if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
                section,ENV_CERTIFICATE)) == NULL))
                {
                lookup_fail(section,ENV_CERTIFICATE);
@@ -715,18 +716,18 @@ bad:
                goto err;
                }
 
-       f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+       f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
        if (f == NULL)
                ERR_clear_error();
        if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
                preserve=1;
-       f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+       f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
        if (f == NULL)
                ERR_clear_error();
        if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
                msie_hack=1;
 
-       f=CONF_get_string(conf,section,ENV_NAMEOPT);
+       f=NCONF_get_string(conf,section,ENV_NAMEOPT);
 
        if (f)
                {
@@ -740,7 +741,7 @@ bad:
        else
                ERR_clear_error();
 
-       f=CONF_get_string(conf,section,ENV_CERTOPT);
+       f=NCONF_get_string(conf,section,ENV_CERTOPT);
 
        if (f)
                {
@@ -754,7 +755,7 @@ bad:
        else
                ERR_clear_error();
 
-       f=CONF_get_string(conf,section,ENV_EXTCOPY);
+       f=NCONF_get_string(conf,section,ENV_EXTCOPY);
 
        if (f)
                {
@@ -773,7 +774,7 @@ bad:
                {
                struct stat sb;
 
-               if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+               if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
                        == NULL)
                        {
                        BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
@@ -816,7 +817,7 @@ bad:
 
        /*****************************************************************/
        /* we need to load the database file */
-       if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+       if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
                {
                lookup_fail(section,ENV_DATABASE);
                goto err;
@@ -995,7 +996,8 @@ bad:
        /* Read extentions config file                                   */
        if (extfile)
                {
-               if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+               extconf = NCONF_new(NULL);
+               if (NCONF_load(extconf,extfile,&errorline) <= 0)
                        {
                        if (errorline <= 0)
                                BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
@@ -1011,7 +1013,7 @@ bad:
                        BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
 
                /* We can have sections in the ext file */
-               if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions")))
+               if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
                        extensions = "default";
                }
 
@@ -1040,7 +1042,7 @@ bad:
 
        if (req)
                {
-               if ((md == NULL) && ((md=CONF_get_string(conf,
+               if ((md == NULL) && ((md=NCONF_get_string(conf,
                        section,ENV_DEFAULT_MD)) == NULL))
                        {
                        lookup_fail(section,ENV_DEFAULT_MD);
@@ -1054,7 +1056,7 @@ bad:
                if (verbose)
                        BIO_printf(bio_err,"message digest is %s\n",
                                OBJ_nid2ln(dgst->type));
-               if ((policy == NULL) && ((policy=CONF_get_string(conf,
+               if ((policy == NULL) && ((policy=NCONF_get_string(conf,
                        section,ENV_POLICY)) == NULL))
                        {
                        lookup_fail(section,ENV_POLICY);
@@ -1063,7 +1065,7 @@ bad:
                if (verbose)
                        BIO_printf(bio_err,"policy is %s\n",policy);
 
-               if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+               if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
                        == NULL)
                        {
                        lookup_fail(section,ENV_SERIAL);
@@ -1076,7 +1078,7 @@ bad:
                         * in the main configuration file */
                        if (!extensions)
                                {
-                               extensions=CONF_get_string(conf,section,
+                               extensions=NCONF_get_string(conf,section,
                                                                ENV_EXTENSIONS);
                                if (!extensions)
                                        ERR_clear_error();
@@ -1086,8 +1088,8 @@ bad:
                                /* Check syntax of file */
                                X509V3_CTX ctx;
                                X509V3_set_ctx_test(&ctx);
-                               X509V3_set_conf_lhash(&ctx, conf);
-                               if (!X509V3_EXT_add_conf(conf, &ctx, extensions,
+                               X509V3_set_nconf(&ctx, conf);
+                               if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
                                                                NULL))
                                        {
                                        BIO_printf(bio_err,
@@ -1101,7 +1103,7 @@ bad:
 
                if (startdate == NULL)
                        {
-                       startdate=CONF_get_string(conf,section,
+                       startdate=NCONF_get_string(conf,section,
                                ENV_DEFAULT_STARTDATE);
                        if (startdate == NULL)
                                ERR_clear_error();
@@ -1115,7 +1117,7 @@ bad:
 
                if (enddate == NULL)
                        {
-                       enddate=CONF_get_string(conf,section,
+                       enddate=NCONF_get_string(conf,section,
                                ENV_DEFAULT_ENDDATE);
                        if (enddate == NULL)
                                ERR_clear_error();
@@ -1128,8 +1130,8 @@ bad:
 
                if (days == 0)
                        {
-                       days=(int)CONF_get_number(conf,section,
-                               ENV_DEFAULT_DAYS);
+                       if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
+                               days = 0;
                        }
                if (!enddate && (days == 0))
                        {
@@ -1149,7 +1151,7 @@ bad:
                        OPENSSL_free(f);
                        }
 
-               if ((attribs=CONF_get_section(conf,policy)) == NULL)
+               if ((attribs=NCONF_get_section(conf,policy)) == NULL)
                        {
                        BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
                        goto err;
@@ -1404,7 +1406,7 @@ bad:
                int crl_v2 = 0;
                if (!crl_ext)
                        {
-                       crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+                       crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
                        if (!crl_ext)
                                ERR_clear_error();
                        }
@@ -1413,8 +1415,8 @@ bad:
                        /* Check syntax of file */
                        X509V3_CTX ctx;
                        X509V3_set_ctx_test(&ctx);
-                       X509V3_set_conf_lhash(&ctx, conf);
-                       if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
+                       X509V3_set_nconf(&ctx, conf);
+                       if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
                                {
                                BIO_printf(bio_err,
                                 "Error Loading CRL extension section %s\n",
@@ -1426,10 +1428,12 @@ bad:
 
                if (!crldays && !crlhours)
                        {
-                       crldays=CONF_get_number(conf,section,
-                               ENV_DEFAULT_CRL_DAYS);
-                       crlhours=CONF_get_number(conf,section,
-                               ENV_DEFAULT_CRL_HOURS);
+                       if (!NCONF_get_number(conf,section,
+                               ENV_DEFAULT_CRL_DAYS, &crldays))
+                               crldays = 0;
+                       if (!NCONF_get_number(conf,section,
+                               ENV_DEFAULT_CRL_HOURS, &crlhours))
+                               crlhours = 0;
                        }
                if ((crldays == 0) && (crlhours == 0))
                        {
@@ -1505,9 +1509,9 @@ bad:
                        if (ci->version == NULL)
                                if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
                        X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
-                       X509V3_set_conf_lhash(&crlctx, conf);
+                       X509V3_set_nconf(&crlctx, conf);
 
-                       if (!X509V3_EXT_CRL_add_conf(conf, &crlctx,
+                       if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
                                crl_ext, crl)) goto err;
                        }
                if (crl_ext || crl_v2)
@@ -1593,7 +1597,7 @@ err:
        EVP_PKEY_free(pkey);
        X509_free(x509);
        X509_CRL_free(crl);
-       CONF_free(conf);
+       NCONF_free(conf);
        OBJ_cleanup();
        apps_shutdown();
        EXIT(ret);
@@ -1704,8 +1708,8 @@ err:
 
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
             const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-            BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
-            int batch, char *ext_sect, LHASH *lconf, int verbose,
+            BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+            int batch, char *ext_sect, CONF *lconf, int verbose,
             unsigned long certopt, unsigned long nameopt, int default_op,
             int ext_copy)
        {
@@ -1766,8 +1770,8 @@ err:
 
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
             const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-            BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
-            int batch, char *ext_sect, LHASH *lconf, int verbose,
+            BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+            int batch, char *ext_sect, CONF *lconf, int verbose,
             unsigned long certopt, unsigned long nameopt, int default_op,
             int ext_copy, ENGINE *e)
        {
@@ -1820,8 +1824,8 @@ err:
 
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
             STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
-            char *startdate, char *enddate, int days, int batch, int verbose,
-            X509_REQ *req, char *ext_sect, LHASH *lconf,
+            char *startdate, char *enddate, long days, int batch, int verbose,
+            X509_REQ *req, char *ext_sect, CONF *lconf,
             unsigned long certopt, unsigned long nameopt, int default_op,
             int ext_copy)
        {
@@ -2143,13 +2147,13 @@ again2:
                                BIO_printf(bio_err, "Extra configuration file found\n");
  
                        /* Use the extconf configuration db LHASH */
-                       X509V3_set_conf_lhash(&ctx, extconf);
+                       X509V3_set_nconf(&ctx, extconf);
  
                        /* Test the structure (needed?) */
                        /* X509V3_set_ctx_test(&ctx); */
 
                        /* Adds exts contained in the configuration file */
-                       if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret))
+                       if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
                                {
                                BIO_printf(bio_err,
                                    "ERROR: adding extensions in section %s\n",
@@ -2163,9 +2167,9 @@ again2:
                else if (ext_sect)
                        {
                        /* We found extensions to be set from config file */
-                       X509V3_set_conf_lhash(&ctx, lconf);
+                       X509V3_set_nconf(&ctx, lconf);
 
-                       if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret))
+                       if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
                                {
                                BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
                                ERR_print_errors(bio_err);
@@ -2318,8 +2322,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
             const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-            BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
-            char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt,
+            BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+            char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
             unsigned long nameopt, int default_op, int ext_copy)
        {
        STACK_OF(CONF_VALUE) *sk=NULL;
index 22bd52f..f8d4ac6 100644 (file)
@@ -138,7 +138,7 @@ static unsigned long MS_CALLBACK hash(const void *a_void);
 static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-LHASH *config=NULL;
+CONF *config=NULL;
 char *default_config_file=NULL;
 
 /* Make sure there is only one when MONOLITH is defined */
@@ -269,8 +269,9 @@ int main(int Argc, char *Argv[])
 
        default_config_file=p;
 
-       config=CONF_load(config,p,&errline);
-       if (config == NULL) ERR_clear_error();
+       config=NCONF_new(NULL);
+       i=NCONF_load(config,p,&errline);
+       if (i == 0) ERR_clear_error();
 
        prog=prog_init();
 
@@ -339,7 +340,7 @@ int main(int Argc, char *Argv[])
 end:
        if (config != NULL)
                {
-               CONF_free(config);
+               NCONF_free(config);
                config=NULL;
                }
        if (prog != NULL) lh_free(prog);
index 9269aa8..f534e3a 100644 (file)
@@ -119,20 +119,20 @@ static int prompt_info(X509_REQ *req,
 static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
                                STACK_OF(CONF_VALUE) *attr, int attribs);
 static int add_attribute_object(X509_REQ *req, char *text,
-                               char *def, char *value, int nid, int min,
-                               int max);
+                               char *def, char *value, int nid, int n_min,
+                               int n_max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-       int nid,int min,int max);
+       int nid,int n_min,int n_max);
 #ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
-static int req_check_len(int len,int min,int max);
+static int req_check_len(int len,int n_min,int n_max);
 static int check_end(char *str, char *end);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
-static LHASH *config=NULL;
+static CONF *config=NULL;
 #endif
-static LHASH *req_conf=NULL;
+static CONF *req_conf=NULL;
 static int batch=0;
 
 #define TYPE_RSA       1
@@ -152,7 +152,8 @@ int MAIN(int argc, char **argv)
        X509 *x509ss=NULL;
        X509_REQ *req=NULL;
        EVP_PKEY *pkey=NULL;
-       int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
+       int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+       long newkey = -1;
        BIO *in=NULL,*out=NULL;
        int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
        int nodes=0,kludge=0,newhdr=0,subject=0;
@@ -457,7 +458,8 @@ bad:
                p=config_name;
                }
        default_config_file=p;
-       config=CONF_load(config,p,NULL);
+       config=NCONF_new(NULL);
+       i=NCONF_load(config, p);
 #endif
 
        if (template != NULL)
@@ -465,8 +467,9 @@ bad:
                long errline;
 
                BIO_printf(bio_err,"Using configuration from %s\n",template);
-               req_conf=CONF_load(NULL,template,&errline);
-               if (req_conf == NULL)
+               req_conf=NCONF_new(NULL);
+               i=NCONF_load(req_conf,template,&errline);
+               if (i == 0)
                        {
                        BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
                        goto end;
@@ -477,7 +480,7 @@ bad:
                req_conf=config;
                BIO_printf(bio_err,"Using configuration from %s\n",
                        default_config_file);
-               if (req_conf == NULL)
+               if (i == 0)
                        {
                        BIO_printf(bio_err,"Unable to load config info\n");
                        }
@@ -485,7 +488,7 @@ bad:
 
        if (req_conf != NULL)
                {
-               p=CONF_get_string(req_conf,NULL,"oid_file");
+               p=NCONF_get_string(req_conf,NULL,"oid_file");
                if (p == NULL)
                        ERR_clear_error();
                if (p != NULL)
@@ -511,7 +514,7 @@ bad:
 
        if (md_alg == NULL)
                {
-               p=CONF_get_string(req_conf,SECTION,"default_md");
+               p=NCONF_get_string(req_conf,SECTION,"default_md");
                if (p == NULL)
                        ERR_clear_error();
                if (p != NULL)
@@ -523,7 +526,7 @@ bad:
 
        if (!extensions)
                {
-               extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+               extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
                if (!extensions)
                        ERR_clear_error();
                }
@@ -531,8 +534,8 @@ bad:
                /* Check syntax of file */
                X509V3_CTX ctx;
                X509V3_set_ctx_test(&ctx);
-               X509V3_set_conf_lhash(&ctx, req_conf);
-               if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
+               X509V3_set_nconf(&ctx, req_conf);
+               if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
                        BIO_printf(bio_err,
                         "Error Loading extension section %s\n", extensions);
                        goto end;
@@ -541,19 +544,19 @@ bad:
 
        if(!passin)
                {
-               passin = CONF_get_string(req_conf, SECTION, "input_password");
+               passin = NCONF_get_string(req_conf, SECTION, "input_password");
                if (!passin)
                        ERR_clear_error();
                }
        
        if(!passout)
                {
-               passout = CONF_get_string(req_conf, SECTION, "output_password");
+               passout = NCONF_get_string(req_conf, SECTION, "output_password");
                if (!passout)
                        ERR_clear_error();
                }
 
-       p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+       p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
        if (!p)
                ERR_clear_error();
 
@@ -564,7 +567,7 @@ bad:
 
        if(!req_exts)
                {
-               req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+               req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
                if (!req_exts)
                        ERR_clear_error();
                }
@@ -572,8 +575,8 @@ bad:
                /* Check syntax of file */
                X509V3_CTX ctx;
                X509V3_set_ctx_test(&ctx);
-               X509V3_set_conf_lhash(&ctx, req_conf);
-               if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
+               X509V3_set_nconf(&ctx, req_conf);
+               if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
                        BIO_printf(bio_err,
                         "Error Loading request extension section %s\n",
                                                                req_exts);
@@ -600,7 +603,7 @@ bad:
                        }
                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
                        {
-                       char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+                       char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
                        if (randfile == NULL)
                                ERR_clear_error();
                        app_RAND_load_file(randfile, bio_err, 0);
@@ -609,7 +612,7 @@ bad:
 
        if (newreq && (pkey == NULL))
                {
-               char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+               char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
                if (randfile == NULL)
                        ERR_clear_error();
                app_RAND_load_file(randfile, bio_err, 0);
@@ -618,8 +621,7 @@ bad:
        
                if (newkey <= 0)
                        {
-                       newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
-                       if (newkey <= 0)
+                       if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
                                newkey=DEFAULT_KEY_LENGTH;
                        }
 
@@ -659,7 +661,7 @@ bad:
 
                if (keyout == NULL)
                        {
-                       keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
+                       keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
                        if (keyout == NULL)
                                ERR_clear_error();
                        }
@@ -685,11 +687,11 @@ bad:
                                }
                        }
 
-               p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+               p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
                if (p == NULL)
                        {
                        ERR_clear_error();
-                       p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+                       p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
                        if (p == NULL)
                                ERR_clear_error();
                        }
@@ -806,10 +808,10 @@ loop:
                        /* Set up V3 context struct */
 
                        X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
-                       X509V3_set_conf_lhash(&ext_ctx, req_conf);
+                       X509V3_set_nconf(&ext_ctx, req_conf);
 
                        /* Add extensions */
-                       if(extensions && !X509V3_EXT_add_conf(req_conf, 
+                       if(extensions && !X509V3_EXT_add_nconf(req_conf, 
                                        &ext_ctx, extensions, x509ss))
                                {
                                BIO_printf(bio_err,
@@ -828,10 +830,10 @@ loop:
                        /* Set up V3 context struct */
 
                        X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
-                       X509V3_set_conf_lhash(&ext_ctx, req_conf);
+                       X509V3_set_nconf(&ext_ctx, req_conf);
 
                        /* Add extensions */
-                       if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, 
+                       if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 
                                        &ext_ctx, req_exts, req))
                                {
                                BIO_printf(bio_err,
@@ -1009,7 +1011,7 @@ end:
                {
                ERR_print_errors(bio_err);
                }
-       if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
+       if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
        BIO_free(in);
        BIO_free_all(out);
        EVP_PKEY_free(pkey);
@@ -1033,26 +1035,26 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
        STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
        char *tmp, *dn_sect,*attr_sect;
 
-       tmp=CONF_get_string(req_conf,SECTION,PROMPT);
+       tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
        if (tmp == NULL)
                ERR_clear_error();
        if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
 
-       dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+       dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
        if (dn_sect == NULL)
                {
                BIO_printf(bio_err,"unable to find '%s' in config\n",
                        DISTINGUISHED_NAME);
                goto err;
                }
-       dn_sk=CONF_get_section(req_conf,dn_sect);
+       dn_sk=NCONF_get_section(req_conf,dn_sect);
        if (dn_sk == NULL)
                {
                BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
                goto err;
                }
 
-       attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+       attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
        if (attr_sect == NULL)
                {
                ERR_clear_error();              
@@ -1060,7 +1062,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
                }
        else
                {
-               attr_sk=CONF_get_section(req_conf,attr_sect);
+               attr_sk=NCONF_get_section(req_conf,attr_sect);
                if (attr_sk == NULL)
                        {
                        BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
@@ -1159,7 +1161,8 @@ static int prompt_info(X509_REQ *req,
        int i;
        char *p,*q;
        char buf[100];
-       int nid,min,max;
+       int nid;
+       long n_min,n_max;
        char *type,*def,*value;
        CONF_VALUE *v;
        X509_NAME *subj;
@@ -1204,27 +1207,29 @@ start:          for (;;)
                        /* If OBJ not recognised ignore it */
                        if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
                        sprintf(buf,"%s_default",v->name);
-                       if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+                       if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
                                {
                                ERR_clear_error();
                                def="";
                                }
                                
                        sprintf(buf,"%s_value",v->name);
-                       if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+                       if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
                                {
                                ERR_clear_error();
                                value=NULL;
                                }
 
                        sprintf(buf,"%s_min",v->name);
-                       min=(int)CONF_get_number(req_conf,dn_sect,buf);
+                       if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+                               n_min = -1;
 
                        sprintf(buf,"%s_max",v->name);
-                       max=(int)CONF_get_number(req_conf,dn_sect,buf);
+                       if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+                               n_max = -1;
 
                        if (!add_DN_object(subj,v->value,def,value,nid,
-                               min,max))
+                               n_min,n_max))
                                return 0;
                        }
                if (X509_NAME_entry_count(subj) == 0)
@@ -1255,7 +1260,7 @@ start2:                   for (;;)
                                        goto start2;
 
                                sprintf(buf,"%s_default",type);
-                               if ((def=CONF_get_string(req_conf,attr_sect,buf))
+                               if ((def=NCONF_get_string(req_conf,attr_sect,buf))
                                        == NULL)
                                        {
                                        ERR_clear_error();
@@ -1264,7 +1269,7 @@ start2:                   for (;;)
                                
                                
                                sprintf(buf,"%s_value",type);
-                               if ((value=CONF_get_string(req_conf,attr_sect,buf))
+                               if ((value=NCONF_get_string(req_conf,attr_sect,buf))
                                        == NULL)
                                        {
                                        ERR_clear_error();
@@ -1272,13 +1277,15 @@ start2:                 for (;;)
                                        }
 
                                sprintf(buf,"%s_min",type);
-                               min=(int)CONF_get_number(req_conf,attr_sect,buf);
+                               if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+                                       n_min = -1;
 
                                sprintf(buf,"%s_max",type);
-                               max=(int)CONF_get_number(req_conf,attr_sect,buf);
+                               if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+                                       n_max = -1;
 
                                if (!add_attribute_object(req,
-                                       v->value,def,value,nid,min,max))
+                                       v->value,def,value,nid,n_min,n_max))
                                        return 0;
                                }
                        }
@@ -1346,7 +1353,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 
 
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-            int nid, int min, int max)
+            int nid, int n_min, int n_max)
        {
        int i,ret=0;
        MS_STATIC char buf[1024];
@@ -1393,7 +1400,7 @@ start:
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, i);
 #endif
-       if(!req_check_len(i, min, max)) goto start;
+       if(!req_check_len(i, n_min, n_max)) goto start;
        if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
                                (unsigned char *) buf, -1,-1,0)) goto err;
        ret=1;
@@ -1402,8 +1409,8 @@ err:
        }
 
 static int add_attribute_object(X509_REQ *req, char *text,
-                               char *def, char *value, int nid, int min,
-                               int max)
+                               char *def, char *value, int nid, int n_min,
+                               int n_max)
        {
        int i;
        static char buf[1024];
@@ -1451,7 +1458,7 @@ start:
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, i);
 #endif
-       if(!req_check_len(i, min, max)) goto start;
+       if(!req_check_len(i, n_min, n_max)) goto start;
 
        if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
                                        (unsigned char *)buf, -1)) {
@@ -1482,16 +1489,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
        }
 #endif
 
-static int req_check_len(int len, int min, int max)
+static int req_check_len(int len, int n_min, int n_max)
        {
-       if (len < min)
+       if ((n_min > 0) && (len < n_min))
                {
-               BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
+               BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
                return(0);
                }
-       if ((max != 0) && (len > max))
+       if ((n_max >= 0) && (len > n_max))
                {
-               BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",max);
+               BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",n_max);
                return(0);
                }
        return(1);
index 918efc0..d43dc9f 100644 (file)
@@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
        char *passargin = NULL, *passin = NULL;
        char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
        char *challenge = NULL, *keyfile = NULL;
-       LHASH *conf = NULL;
+       CONF *conf = NULL;
        NETSCAPE_SPKI *spki = NULL;
        EVP_PKEY *pkey = NULL;
        char *engine=NULL;
@@ -228,15 +228,16 @@ bad:
                goto end;
        }
 
-       conf = CONF_load_bio(NULL, in, NULL);
+       conf = NCONF_new(NULL);
+       i = NCONF_load_bio(conf, in, NULL);
 
-       if(!conf) {
+       if(!i) {
                BIO_printf(bio_err, "Error parsing config file\n");
                ERR_print_errors(bio_err);
                goto end;
        }
 
-       spkstr = CONF_get_string(conf, spksect, spkac);
+       spkstr = NCONF_get_string(conf, spksect, spkac);
                
        if(!spkstr) {
                BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
@@ -285,7 +286,7 @@ bad:
        ret = 0;
 
 end:
-       CONF_free(conf);
+       NCONF_free(conf);
        NETSCAPE_SPKI_free(spki);
        BIO_free(in);
        BIO_free_all(out);
index 8a392d8..f18aaf5 100644 (file)
@@ -139,10 +139,10 @@ NULL
 
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
 static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
-                                               LHASH *conf, char *section);
+                                               CONF *conf, char *section);
 static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
                         X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
-                        int create,int days, int clrext, LHASH *conf, char *section,
+                        int create,int days, int clrext, CONF *conf, char *section,
                                                ASN1_INTEGER *sno);
 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
 static int reqfile=0;
@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
        int fingerprint=0;
        char buf[256];
        const EVP_MD *md_alg,*digest=EVP_md5();
-       LHASH *extconf = NULL;
+       CONF *extconf = NULL;
        char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
        int need_rand = 0;
        int checkend=0,checkoffset=0;
@@ -479,7 +479,8 @@ bad:
                {
                long errorline;
                X509V3_CTX ctx2;
-               if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+               extconf = NCONF_new(NULL);
+               if (!NCONF_load(extconf, extfile,&errorline))
                        {
                        if (errorline <= 0)
                                BIO_printf(bio_err,
@@ -493,7 +494,7 @@ bad:
                        }
                if (!extsect)
                        {
-                       extsect = CONF_get_string(extconf, "default", "extensions");
+                       extsect = NCONF_get_string(extconf, "default", "extensions");
                        if (!extsect)
                                {
                                ERR_clear_error();
@@ -501,8 +502,8 @@ bad:
                                }
                        }
                X509V3_set_ctx_test(&ctx2);
-               X509V3_set_conf_lhash(&ctx2, extconf);
-               if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
+               X509V3_set_nconf(&ctx2, extconf);
+               if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
                        {
                        BIO_printf(bio_err,
                                "Error Loading extension section %s\n",
@@ -995,7 +996,7 @@ end:
        if (need_rand)
                app_RAND_write_file(NULL, bio_err);
        OBJ_cleanup();
-       CONF_free(extconf);
+       NCONF_free(extconf);
        BIO_free_all(out);
        BIO_free_all(STDout);
        X509_STORE_free(ctx);
@@ -1116,7 +1117,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 
 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
             X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
-            int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno)
+            int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
        {
        int ret=0;
        ASN1_INTEGER *bs=NULL;
@@ -1166,8 +1167,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
                X509V3_CTX ctx2;
                X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
-                X509V3_set_conf_lhash(&ctx2, conf);
-                if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+                X509V3_set_nconf(&ctx2, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
                }
 
        if (!X509_sign(x,pkey,digest)) goto end;
@@ -1213,7 +1214,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 
 /* self sign */
 static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 
-                                               LHASH *conf, char *section)
+                                               CONF *conf, char *section)
        {
 
        EVP_PKEY *pktmp;
@@ -1243,8 +1244,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
                X509V3_CTX ctx;
                X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
-                X509V3_set_conf_lhash(&ctx, conf);
-                if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+                X509V3_set_nconf(&ctx, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
                }
        if (!X509_sign(x,pkey,digest)) goto err;
        return 1;
index 724378d..9a38134 100644 (file)
@@ -98,6 +98,7 @@ struct conf_method_st
        };
 
 int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf,LHASH *hash);
 LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
 #ifndef OPENSSL_NO_FP_API
 LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
@@ -145,7 +146,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
         and should therefore be avoided */
 long NCONF_get_number(CONF *conf,char *group,char *name);
 #else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r);
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
 #endif
 
 
index 8e4d673..4f0c1c6 100644 (file)
@@ -67,6 +67,17 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
 
 static CONF_METHOD *default_CONF_method=NULL;
 
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH *hash)
+       {
+       if (default_CONF_method == NULL)
+               default_CONF_method = NCONF_default();
+
+       default_CONF_method->init(conf);
+       conf->data = hash;
+       }
+
 /* The following section contains the "CONF classic" functions,
    rewritten in terms of the new CONF interface. */
 
@@ -118,11 +129,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
        CONF ctmp;
        int ret;
 
-       if (default_CONF_method == NULL)
-               default_CONF_method = NCONF_default();
+       CONF_set_nconf(&ctmp, conf);
 
-       default_CONF_method->init(&ctmp);
-       ctmp.data = conf;
        ret = NCONF_load_bio(&ctmp, bp, eline);
        if (ret)
                return ctmp.data;
@@ -138,12 +146,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
        else
                {
                CONF ctmp;
-
-               if (default_CONF_method == NULL)
-                       default_CONF_method = NCONF_default();
-
-               default_CONF_method->init(&ctmp);
-               ctmp.data = conf;
+               CONF_set_nconf(&ctmp, conf);
                return NCONF_get_section(&ctmp, section);
                }
        }
@@ -157,12 +160,7 @@ char *CONF_get_string(LHASH *conf,char *group,char *name)
        else
                {
                CONF ctmp;
-
-               if (default_CONF_method == NULL)
-                       default_CONF_method = NCONF_default();
-
-               default_CONF_method->init(&ctmp);
-               ctmp.data = conf;
+               CONF_set_nconf(&ctmp, conf);
                return NCONF_get_string(&ctmp, group, name);
                }
        }
@@ -179,12 +177,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
        else
                {
                CONF ctmp;
-
-               if (default_CONF_method == NULL)
-                       default_CONF_method = NCONF_default();
-
-               default_CONF_method->init(&ctmp);
-               ctmp.data = conf;
+               CONF_set_nconf(&ctmp, conf);
                status = NCONF_get_number_e(&ctmp, group, name, &result);
                }
 
@@ -199,12 +192,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
 void CONF_free(LHASH *conf)
        {
        CONF ctmp;
-
-       if (default_CONF_method == NULL)
-               default_CONF_method = NCONF_default();
-
-       default_CONF_method->init(&ctmp);
-       ctmp.data = conf;
+       CONF_set_nconf(&ctmp, conf);
        NCONF_free_data(&ctmp);
        }
 
@@ -227,12 +215,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out)
 int CONF_dump_bio(LHASH *conf, BIO *out)
        {
        CONF ctmp;
-
-       if (default_CONF_method == NULL)
-               default_CONF_method = NCONF_default();
-
-       default_CONF_method->init(&ctmp);
-       ctmp.data = conf;
+       CONF_set_nconf(&ctmp, conf);
        return NCONF_dump_bio(&ctmp, out);
        }
 
@@ -362,7 +345,7 @@ int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result)
        if (str == NULL)
                return 0;
 
-       for (;conf->meth->is_number(conf, *str);)
+       for (*result = 0;conf->meth->is_number(conf, *str);)
                {
                *result = (*result)*10 + conf->meth->to_int(conf, *str);
                str++;
index 07f4d3f..1a3448e 100644 (file)
 
 static int v3_check_critical(char **value);
 static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
                                                 int crit, void *ext_struc);
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
             char *value)
-{
+       {
        int crit;
        int ext_type;
        X509_EXTENSION *ret;
        crit = v3_check_critical(&value);
-       if((ext_type = v3_check_generic(&value))) 
+       if ((ext_type = v3_check_generic(&value))) 
                return v3_generic_extension(name, value, crit, ext_type);
-       ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
-       if(!ret) {
+       ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+       if (!ret)
+               {
                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
                ERR_add_error_data(4,"name=", name, ", value=", value);
-       }
+               }
        return ret;
-}
+       }
 
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
             char *value)
-{
+       {
        int crit;
        int ext_type;
        crit = v3_check_critical(&value);
-       if((ext_type = v3_check_generic(&value))) 
+       if ((ext_type = v3_check_generic(&value))) 
                return v3_generic_extension(OBJ_nid2sn(ext_nid),
                                                         value, crit, ext_type);
-       return do_ext_conf(conf, ctx, ext_nid, crit, value);
-}
+       return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+       }
 
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *value:  Value    */
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
             int crit, char *value)
-{
+       {
        X509V3_EXT_METHOD *method;
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
        void *ext_struc;
-       if(ext_nid == NID_undef) {
+       if (ext_nid == NID_undef)
+               {
                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
                return NULL;
-       }
-       if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+               }
+       if (!(method = X509V3_EXT_get_nid(ext_nid)))
+               {
                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
                return NULL;
-       }
+               }
        /* Now get internal extension representation based on type */
-       if(method->v2i) {
-               if(*value == '@') nval = CONF_get_section(conf, value + 1);
+       if (method->v2i)
+               {
+               if(*value == '@') nval = NCONF_get_section(conf, value + 1);
                else nval = X509V3_parse_list(value);
-               if(!nval) {
+               if(!nval)
+                       {
                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
                        ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
                        return NULL;
-               }
+                       }
                ext_struc = method->v2i(method, ctx, nval);
                if(*value != '@') sk_CONF_VALUE_pop_free(nval,
                                                         X509V3_conf_free);
                if(!ext_struc) return NULL;
-       } else if(method->s2i) {
+               }
+       else if(method->s2i)
+               {
                if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
-       } else if(method->r2i) {
-               if(!ctx->db) {
+               }
+       else if(method->r2i)
+               {
+               if(!ctx->db)
+                       {
                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
                        return NULL;
-               }
+                       }
                if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
-       } else {
+               }
+       else
+               {
                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
                ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
                return NULL;
-       }
+               }
 
        ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
        if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
        else method->ext_free(ext_struc);
        return ext;
 
-}
+       }
 
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
                                                 int crit, void *ext_struc)
-{
+       {
        unsigned char *ext_der;
        int ext_len;
        ASN1_OCTET_STRING *ext_oct;
        X509_EXTENSION *ext;
        /* Convert internal representation to DER */
-       if(method->it) {
+       if (method->it)
+               {
                ext_der = NULL;
                ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
-               if(ext_len < 0) goto merr;
-       } else {
+               if (ext_len < 0) goto merr;
+               }
+        else
+               {
                unsigned char *p;
                ext_len = method->i2d(ext_struc, NULL);
                if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
                p = ext_der;
                method->i2d(ext_struc, &p);
-       }
-       if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
+               }
+       if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
        ext_oct->data = ext_der;
        ext_oct->length = ext_len;
 
        ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
-       if(!ext) goto merr;
+       if (!ext) goto merr;
        M_ASN1_OCTET_STRING_free(ext_oct);
 
        return ext;
@@ -192,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
        X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
        return NULL;
 
-}
+       }
 
 /* Given an internal structure, nid and critical flag create an extension */
 
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
-{
+       {
        X509V3_EXT_METHOD *method;
-       if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+       if (!(method = X509V3_EXT_get_nid(ext_nid))) {
                X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
                return NULL;
        }
@@ -210,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
 static int v3_check_critical(char **value)
 {
        char *p = *value;
-       if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+       if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
        p+=9;
        while(isspace((unsigned char)*p)) p++;
        *value = p;
@@ -221,9 +236,9 @@ static int v3_check_critical(char **value)
 static int v3_check_generic(char **value)
 {
        char *p = *value;
-       if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
+       if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
        p+=4;
-       while(isspace((unsigned char)*p)) p++;
+       while (isspace((unsigned char)*p)) p++;
        *value = p;
        return 1;
 }
@@ -231,148 +246,202 @@ static int v3_check_generic(char **value)
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
             int crit, int type)
-{
-unsigned char *ext_der=NULL;
-long ext_len;
-ASN1_OBJECT *obj=NULL;
-ASN1_OCTET_STRING *oct=NULL;
-X509_EXTENSION *extension=NULL;
-if(!(obj = OBJ_txt2obj(ext, 0))) {
-       X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
-       ERR_add_error_data(2, "name=", ext);
-       goto err;
-}
+       {
+       unsigned char *ext_der=NULL;
+       long ext_len;
+       ASN1_OBJECT *obj=NULL;
+       ASN1_OCTET_STRING *oct=NULL;
+       X509_EXTENSION *extension=NULL;
+       if (!(obj = OBJ_txt2obj(ext, 0)))
+               {
+               X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+               ERR_add_error_data(2, "name=", ext);
+               goto err;
+               }
 
-if(!(ext_der = string_to_hex(value, &ext_len))) {
-       X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
-       ERR_add_error_data(2, "value=", value);
-       goto err;
-}
+       if (!(ext_der = string_to_hex(value, &ext_len)))
+               {
+               X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+               ERR_add_error_data(2, "value=", value);
+               goto err;
+               }
 
-if(!(oct = M_ASN1_OCTET_STRING_new())) {
-       X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
-       goto err;
-}
+       if (!(oct = M_ASN1_OCTET_STRING_new()))
+               {
+               X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
 
-oct->data = ext_der;
-oct->length = ext_len;
-ext_der = NULL;
+       oct->data = ext_der;
+       oct->length = ext_len;
+       ext_der = NULL;
 
-extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+       extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
 
-err:
-ASN1_OBJECT_free(obj);
-M_ASN1_OCTET_STRING_free(oct);
-if(ext_der) OPENSSL_free(ext_der);
-return extension;
-}
+       err:
+       ASN1_OBJECT_free(obj);
+       M_ASN1_OCTET_STRING_free(oct);
+       if(ext_der) OPENSSL_free(ext_der);
+       return extension;
+
+       }
 
 
 /* This is the main function: add a bunch of extensions based on a config file
- * section
+ * section to an extension STACK.
  */
 
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-            X509 *cert)
-{
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+            STACK_OF(X509_EXTENSION) **sk)
+       {
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
        CONF_VALUE *val;        
        int i;
-       if(!(nval = CONF_get_section(conf, section))) return 0;
-       for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+       if (!(nval = NCONF_get_section(conf, section))) return 0;
+       for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
+               {
                val = sk_CONF_VALUE_value(nval, i);
-               if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+               if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
                                                                return 0;
-               if(cert) X509_add_ext(cert, ext, -1);
+               if (sk) X509v3_add_ext(sk, ext, -1);
                X509_EXTENSION_free(ext);
-       }
+               }
        return 1;
-}
+       }
+
+/* Convenience functions to add extensions to a certificate, CRL and request */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+            X509 *cert)
+       {
+       STACK_OF(X509_EXTENSION) **sk = NULL;
+       if (cert)
+               sk = &cert->cert_info->extensions;
+       return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+       }
 
 /* Same as above but for a CRL */
 
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
             X509_CRL *crl)
-{
-       X509_EXTENSION *ext;
-       STACK_OF(CONF_VALUE) *nval;
-       CONF_VALUE *val;        
-       int i;
-       if(!(nval = CONF_get_section(conf, section))) return 0;
-       for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-               val = sk_CONF_VALUE_value(nval, i);
-               if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
-                                                               return 0;
-               if(crl) X509_CRL_add_ext(crl, ext, -1);
-               X509_EXTENSION_free(ext);
+       {
+       STACK_OF(X509_EXTENSION) **sk = NULL;
+       if (crl)
+               sk = &crl->crl->extensions;
+       return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
        }
-       return 1;
-}
 
 /* Add extensions to certificate request */
 
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
             X509_REQ *req)
-{
-       X509_EXTENSION *ext;
-       STACK_OF(X509_EXTENSION) *extlist = NULL;
-       STACK_OF(CONF_VALUE) *nval;
-       CONF_VALUE *val;        
+       {
+       STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
        int i;
-       if(!(nval = CONF_get_section(conf, section))) return 0;
-       for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-               val = sk_CONF_VALUE_value(nval, i);
-               if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
-                                                               return 0;
-               if(!extlist) extlist = sk_X509_EXTENSION_new_null();
-               sk_X509_EXTENSION_push(extlist, ext);
-       }
-       if(req) i = X509_REQ_add_extensions(req, extlist);
-       else i = 1;
+       if (req)
+               sk = &extlist;
+       i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+       if (!i || !sk)
+               return i;
+       i = X509_REQ_add_extensions(req, extlist);
        sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
        return i;
-}
+       }
 
 /* Config database functions */
 
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-{
-       if(ctx->db_meth->get_string)
+       {
+       if (ctx->db_meth->get_string)
                        return ctx->db_meth->get_string(ctx->db, name, section);
        return NULL;
-}
+       }
 
 STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
-{
-       if(ctx->db_meth->get_section)
+       {
+       if (ctx->db_meth->get_section)
                        return ctx->db_meth->get_section(ctx->db, section);
        return NULL;
-}
+       }
 
 void X509V3_string_free(X509V3_CTX *ctx, char *str)
-{
-       if(!str) return;
-       if(ctx->db_meth->free_string)
+       {
+       if (!str) return;
+       if (ctx->db_meth->free_string)
                        ctx->db_meth->free_string(ctx->db, str);
-}
+       }
 
 void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
-{
-       if(!section) return;
-       if(ctx->db_meth->free_section)
+       {
+       if (!section) return;
+       if (ctx->db_meth->free_section)
                        ctx->db_meth->free_section(ctx->db, section);
-}
+       }
+
+static char *nconf_get_string(void *db, char *section, char *value)
+       {
+       return NCONF_get_string(db, section, value);
+       }
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+       {
+       return NCONF_get_section(db, section);
+       }
+
+static X509V3_CONF_METHOD nconf_method = {
+nconf_get_string,
+nconf_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+       {
+       ctx->db_meth = &nconf_method;
+       ctx->db = conf;
+       }
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+            X509_CRL *crl, int flags)
+       {
+       ctx->issuer_cert = issuer;
+       ctx->subject_cert = subj;
+       ctx->crl = crl;
+       ctx->subject_req = req;
+       ctx->flags = flags;
+       }
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+            char *value)
+       {
+       CONF ctmp;
+       CONF_set_nconf(&ctmp, conf);
+       return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+       }
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+            char *value)
+       {
+       CONF ctmp;
+       CONF_set_nconf(&ctmp, conf);
+       return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+       }
 
 static char *conf_lhash_get_string(void *db, char *section, char *value)
-{
+       {
        return CONF_get_string(db, section, value);
-}
+       }
 
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-{
+       {
        return CONF_get_section(db, section);
-}
+       }
 
 static X509V3_CONF_METHOD conf_lhash_method = {
 conf_lhash_get_string,
@@ -382,17 +451,35 @@ NULL
 };
 
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
-{
+       {
        ctx->db_meth = &conf_lhash_method;
        ctx->db = lhash;
-}
+       }
 
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
-            X509_CRL *crl, int flags)
-{
-       ctx->issuer_cert = issuer;
-       ctx->subject_cert = subj;
-       ctx->crl = crl;
-       ctx->subject_req = req;
-       ctx->flags = flags;
-}
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+            X509 *cert)
+       {
+       CONF ctmp;
+       CONF_set_nconf(&ctmp, conf);
+       return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+       }
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+            X509_CRL *crl)
+       {
+       CONF ctmp;
+       CONF_set_nconf(&ctmp, conf);
+       return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+       }
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+            X509_REQ *req)
+       {
+       CONF ctmp;
+       CONF_set_nconf(&ctmp, conf);
+       return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+       }
index 65ef776..8dfa73c 100644 (file)
@@ -459,15 +459,25 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
 #ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
 void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
 int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
                                                STACK_OF(CONF_VALUE) **extlist);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
 #endif