Changes between 0.9.1c and 0.9.2
+ *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+ and add a sample to openssl.cnf so req -x509 now adds appropriate
+ CA extensions.
+ [Steve Henson]
+
*) Continued X509 V3 changes. Add to other makefiles, integrate with the
error code, add initial support to X509_print() and x509 application.
+ [Steve Henson]
*) Takes a deep breath and start addding X509 V3 extension support code. Add
files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh \
- buffer bio stack lhash rand pem err objects \
- evp asn1 x509 x509v3 conf txt_db pkcs7 comp
+ buffer bio stack lhash rand err objects \
+ evp asn1 x509 x509v3 conf pem txt_db pkcs7 comp
# If you change the INSTALLTOP, make sure to also change the values
# in crypto/location.h
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the cert
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
#nsCertExt
#nsDataType
+[ v3_ca]
+
+# Extensions for a typical CA
+
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign
+
+
#include "err.h"
#include "asn1.h"
#include "x509.h"
+#include "x509v3.h"
#include "objects.h"
#include "pem.h"
#define KEYFILE "default_keyfile"
#define DISTINGUISHED_NAME "distinguished_name"
#define ATTRIBUTES "attributes"
+#define V3_EXTENSIONS "x509_extensions"
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+ char *extensions = NULL;
EVP_CIPHER *cipher=NULL;
int modulus=0;
char *p;
}
ERR_load_crypto_strings();
+ X509V3_add_standard_extensions();
#ifndef MONOLITH
/* Lets load up our environment a little */
digest=md_alg;
}
+ extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
if (x509)
{
EVP_PKEY *tmppkey;
+ X509V3_CTX ext_ctx;
if ((x509ss=X509_new()) == NULL) goto end;
- /* don't set the version number, for starters
- * the field is null and second, null is v0
- * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
- */
+ /* Set version to V3 */
+ if(!X509_set_version(x509ss, 2)) goto end;
ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
X509_set_issuer_name(x509ss,
X509_set_pubkey(x509ss,tmppkey);
EVP_PKEY_free(tmppkey);
+ /* Set up V3 context struct */
+
+ ext_ctx.issuer_cert = x509ss;
+ ext_ctx.subject_cert = x509ss;
+ ext_ctx.subject_req = NULL;
+
+ /* Add extensions */
+ if(extensions && !X509V3_EXT_add_conf(req_conf,
+ &ext_ctx, extensions, x509ss)) goto end;
+
if (!(i=X509_sign(x509ss,pkey,digest)))
goto end;
}
{3, "Data Encipherment", "dataEncipherment"},
{4, "Key Agreement", "keyAgreement"},
{5, "Certificate Sign", "keyCertSign"},
-{6, "CRL Sign", "cRLCertSign"},
+{6, "CRL Sign", "cRLSign"},
{7, "Encipher Only", "encipherOnly"},
{8, "Decipher Only", "decipherOnly"},
{-1, NULL, NULL}
projects / openssl.git / commitdiff