Allow the 1.OU="my OU" syntax in 'ca' for SPKACs.

diff --git a/CHANGES b/CHANGES
index 348252ec11218910517e919fa7034c38f61bc30d..32a46769fc9586067a53abf32f26b64453c4fdfc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Add new feature to the SPKAC handling in ca.  Now you can include
+     the same field multiple times by preceding it by "XXXX." for example:
+     1.OU="Unit name 1"
+     2.OU="Unit name 2"
+     this is the same syntax as used in the req config file.
+     [Steve Henson]
+
   *) Allow certificate extensions to be added to certificate requests. These
      are specified in a 'req_extensions' option of the req section of the
      config file. They can be printed out with the -text option to req but

diff --git a/apps/ca.c b/apps/ca.c
index 9ed100dd3c1ce68caceae6f84a3af7e795690ff4..fa355ab0c9646d862b9e6a00ce29fe3d18cc50a6 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1986,8 +1986,17 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 
                cv=sk_CONF_VALUE_value(sk,i);
                type=cv->name;
-               buf=cv->value;
+               /* Skip past any leading X. X: X, etc to allow for
+                * multiple instances
+                */
+               for(buf = cv->name; *buf ; buf++)
+                       if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
+                                       buf++;
+                                       if(*buf) type = buf;
+                                       break;
+               }
 
+               buf=cv->value;
                if ((nid=OBJ_txt2nid(type)) == NID_undef)
                        {
                        if (strcmp(type, "SPKAC") == 0)