projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add support for raw extensions. This means that you can include the DER encoding
[openssl.git] / apps / ca.c
diff --git a/apps/ca.c b/apps/ca.c
index ac56ce7181787f75a06cc7c975fd2b90095d9418..08f4146dcac18509594bb6f453466037533f8137 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -135,7 +135,7 @@ static char *ca_usage[]={
 " -policy arg     - The CA 'policy' to support\n",
 " -keyfile arg    - PEM private key file\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
-" -cert           - The CA certificate\n",
+" -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
 " -out file       - Where to put the output file(s)\n",
 " -outdir dir     - Where to put output certificates\n",
@@ -444,6 +444,7 @@ bad:
                                BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
                                ERR_print_errors(bio_err);
                                */
+                               ERR_clear_error();
                                }
                        else
                                {
@@ -688,10 +689,9 @@ bad:
                        }
 
                extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
-               if(!extensions) {
-
+               if(extensions) {
                        /* Check syntax of file */
-                       if(!X509V3_EXT_add_conf(conf, NULL, extensions, NULL)) {
+                       if(!X509V3_EXT_check_conf(conf, extensions)) {
                                BIO_printf(bio_err,
                                 "Error Loading extension section %s\n",
                                                                 extensions);
@@ -1190,7 +1190,7 @@ err:
        }
 
 static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days,
-       batch,ext_sect,conf,verbose)
+                  batch,ext_sect,lconf,verbose)
 X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
@@ -1203,7 +1203,7 @@ char *startdate;
 int days;
 int batch;
 char *ext_sect;
-LHASH *conf;
+LHASH *lconf;
 int verbose;
        {
        X509_REQ *req=NULL;
@@ -1252,7 +1252,7 @@ int verbose;
                BIO_printf(bio_err,"Signature ok\n");
 
        ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
-               days,batch,verbose,req,ext_sect,conf);
+               days,batch,verbose,req,ext_sect,lconf);
 
 err:
        if (req != NULL) X509_REQ_free(req);
@@ -1261,7 +1261,7 @@ err:
        }
 
 static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,
-       days, batch,ext_sect,conf,verbose)
+                       days,batch,ext_sect,lconf,verbose)
 X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
@@ -1274,7 +1274,7 @@ char *startdate;
 int days;
 int batch;
 char *ext_sect;
-LHASH *conf;
+LHASH *lconf;
 int verbose;
        {
        X509 *req=NULL;
@@ -1326,7 +1326,7 @@ int verbose;
                goto err;
 
        ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
-               batch,verbose,rreq,ext_sect,conf);
+               batch,verbose,rreq,ext_sect,lconf);
 
 err:
        if (rreq != NULL) X509_REQ_free(rreq);
@@ -1336,7 +1336,7 @@ err:
        }
 
 static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
-       batch,verbose,req, ext_sect,conf)
+                  batch,verbose,req,ext_sect,lconf)
 X509 **xret;
 EVP_PKEY *pkey;
 X509 *x509;
@@ -1350,7 +1350,7 @@ int batch;
 int verbose;
 X509_REQ *req;
 char *ext_sect;
-LHASH *conf;
+LHASH *lconf;
        {
        X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
        ASN1_UTCTIME *tm,*tmptm;
@@ -1668,6 +1668,7 @@ again2:
        /* Lets add the extensions, if there are any */
        if (ext_sect)
                {
+               X509V3_CTX ctx;
                if (ci->version == NULL)
                        if ((ci->version=ASN1_INTEGER_new()) == NULL)
                                goto err;
@@ -1680,7 +1681,13 @@ again2:
 
                ci->extensions = NULL;
 
-               if(!X509V3_EXT_add_conf(conf, NULL, ext_sect, ret)) goto err;
+               ctx.subject_cert = ret;
+               ctx.issuer_cert = x509;
+               ctx.subject_req = req;
+               ctx.crl = NULL;
+               ctx.flags = 0;
+
+               if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
 
                }
 
@@ -1804,7 +1811,7 @@ int output_der;
        }
 
 static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,
-       startdate,days,ext_sect,conf,verbose)
+                        startdate,days,ext_sect,lconf,verbose)
 X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
@@ -1816,7 +1823,7 @@ BIGNUM *serial;
 char *startdate;
 int days;
 char *ext_sect;
-LHASH *conf;
+LHASH *lconf;
 int verbose;
        {
        STACK *sk=NULL;
@@ -1962,7 +1969,7 @@ int verbose;
        X509_REQ_set_pubkey(req,pktmp);
        EVP_PKEY_free(pktmp);
        ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
-               days,1,verbose,req,ext_sect,conf);
+                  days,1,verbose,req,ext_sect,lconf);
 err:
        if (req != NULL) X509_REQ_free(req);
        if (parms != NULL) CONF_free(parms);
Unnamed repository; edit this file 'description' to name the repository.