# else
# include <unixlib.h>
# endif
-# else
+# elif !defined(OPENSSL_SYS_VXWORKS)
# include <sys/file.h>
# endif
#endif
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
-static X509_NAME *do_subject(char *subject, int email_dn);
+static X509_NAME *do_subject(char *subject);
static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
static int get_certificate_status(const char *ser_status, TXT_DB *db);
static int do_updatedb(TXT_DB *db);
#else
strncpy(buf[0],X509_get_default_cert_area(),
sizeof(buf[0])-2-sizeof(CONFIG_FILE));
+ buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0';
strcat(buf[0],"/");
#endif
strcat(buf[0],CONFIG_FILE);
goto err;
}
+ if (!load_config(bio_err, conf))
+ goto err;
+
/* Lets get the config section we are using */
if (section == NULL)
{
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
strncpy(buf[0],serialfile,BSIZE-4);
+ buf[0][BSIZE-4]='\0';
#ifdef OPENSSL_SYS_VMS
strcat(buf[0],"-new");
if (!save_serial(buf[0],serial)) goto err;
strncpy(buf[1],dbfile,BSIZE-4);
+ buf[1][BSIZE-4]='\0';
#ifdef OPENSSL_SYS_VMS
strcat(buf[1],"-new");
p=(char *)x->cert_info->serialNumber->data;
strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+ buf[2][BSIZE-(j*2)-6]='\0';
#ifndef OPENSSL_SYS_VMS
strcat(buf[2],"/");
{
/* Rename the database and the serial file */
strncpy(buf[2],serialfile,BSIZE-4);
+ buf[2][BSIZE-4]='\0';
#ifdef OPENSSL_SYS_VMS
strcat(buf[2],"-old");
}
strncpy(buf[2],dbfile,BSIZE-4);
+ buf[2][BSIZE-4]='\0';
#ifdef OPENSSL_SYS_VMS
strcat(buf[2],"-old");
if (pkey->type == EVP_PKEY_DSA)
dgst=EVP_dss1();
else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_ECDSA)
+ dgst=EVP_ecdsa();
+ else
#endif
dgst=EVP_md5();
}
X509_free(revcert);
strncpy(buf[0],dbfile,BSIZE-4);
+ buf[0][BSIZE-4]='\0';
#ifndef OPENSSL_SYS_VMS
strcat(buf[0],".new");
#else
j=TXT_DB_write(out,db);
if (j <= 0) goto err;
strncpy(buf[1],dbfile,BSIZE-4);
+ buf[1][BSIZE-4]='\0';
#ifndef OPENSSL_SYS_VMS
strcat(buf[1],".old");
#else
strcat(buf[1],"-old");
#endif
+ BIO_free(in);
+ in = NULL;
+ BIO_free(out);
+ out = NULL;
if (rename(dbfile,buf[1]) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
if (subj)
{
- X509_NAME *n = do_subject(subj, email_dn);
+ X509_NAME *n = do_subject(subj);
if (!n)
{
BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
goto err;
}
- j=ASN1_PRINTABLE_type(str->data,str->length);
- if ( ((j == V_ASN1_T61STRING) &&
- (str->type != V_ASN1_T61STRING)) ||
- ((j == V_ASN1_IA5STRING) &&
- (str->type == V_ASN1_PRINTABLESTRING)))
+ if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
{
- BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
- goto err;
+ j=ASN1_PRINTABLE_type(str->data,str->length);
+ if ( ((j == V_ASN1_T61STRING) &&
+ (str->type != V_ASN1_T61STRING)) ||
+ ((j == V_ASN1_IA5STRING) &&
+ (str->type == V_ASN1_PRINTABLESTRING)))
+ {
+ BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+ goto err;
+ }
}
if (default_op)
/* Build the correct Subject if no e-mail is wanted in the subject */
/* and add it later on because of the method extensions are added (altName) */
- if (!email_dn)
+ if (email_dn)
+ dn_subject = subject;
+ else
{
- if ((dn_subject=X509_NAME_new()) == NULL)
+ X509_NAME_ENTRY *tmpne;
+ /* Its best to dup the subject DN and then delete any email
+ * addresses because this retains its structure.
+ */
+ if (!(dn_subject = X509_NAME_dup(subject)))
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
-
- for (i=0; i<X509_NAME_entry_count(subject); i++)
+ while((i = X509_NAME_get_index_by_NID(dn_subject,
+ NID_pkcs9_emailAddress, -1)) >= 0)
{
- ne= X509_NAME_get_entry(subject,i);
- obj=X509_NAME_ENTRY_get_object(ne);
- nid=OBJ_obj2nid(obj);
-
- str=X509_NAME_ENTRY_get_data(ne);
-
- if (nid == NID_pkcs9_emailAddress) continue;
-
- if (!X509_NAME_add_entry(dn_subject,ne, -1, 0))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
+ tmpne = X509_NAME_get_entry(dn_subject, i);
+ X509_NAME_delete_entry(dn_subject, i);
+ X509_NAME_ENTRY_free(tmpne);
}
}
EVP_PKEY_copy_parameters(pktmp,pkey);
EVP_PKEY_free(pktmp);
#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_ECDSA)
+ dgst = EVP_ecdsa();
+ pktmp = X509_get_pubkey(ret);
+ if (EVP_PKEY_missing_parameters(pktmp) &&
+ !EVP_PKEY_missing_parameters(pkey))
+ EVP_PKEY_copy_parameters(pktmp, pkey);
+ EVP_PKEY_free(pktmp);
+#endif
+
if (!X509_sign(ret,pkey,dgst))
goto err;
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
+ if ((dn_subject != NULL) && !email_dn)
+ X509_NAME_free(dn_subject);
if (tmptm != NULL)
ASN1_UTCTIME_free(tmptm);
if (ok <= 0)
return ret;
}
-static X509_NAME *do_subject(char *subject, int email_dn)
+static X509_NAME *do_subject(char *subject)
{
X509_NAME *n = NULL;
continue;
}
- if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
- continue;
-
if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_value, -1,-1,0))
{
X509_NAME_free(n);