#undef BSIZE
#define BSIZE 256
-#define BASE_SECTION "ca"
+#define BASE_SECTION "ca"
#define ENV_DEFAULT_CA "default_ca"
-#define STRING_MASK "string_mask"
+#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
-#define ENV_DIR "dir"
-#define ENV_CERTS "certs"
-#define ENV_CRL_DIR "crl_dir"
-#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
-#define ENV_CERTIFICATE "certificate"
+#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
-#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
-#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
argv = opt_rest();
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
- if ((conf = app_load_config(configfile)) == NULL)
- goto end;
- if (!app_load_modules(conf))
- goto end;
+ /* We already loaded the default config file */
+ if (configfile != default_config_file) {
+ if ((conf = app_load_config(configfile)) == NULL)
+ goto end;
+ if (!app_load_modules(conf))
+ goto end;
+ }
/* Lets get the config section we are using */
if (section == NULL) {
extensions = "default";
}
- /*****************************************************************/
+ /*****************************************************************/
if (req || gencrl) {
- Sout = bio_open_default(outfile, "w");
+ /* FIXME: Is it really always text? */
+ Sout = bio_open_default(outfile, 'w', FORMAT_TEXT);
if (Sout == NULL)
goto end;
}
}
if (verbose)
BIO_printf(bio_err, "message digest is %s\n",
- OBJ_nid2ln(dgst->type));
+ OBJ_nid2ln(EVP_MD_type(dgst)));
if ((policy == NULL) && ((policy = NCONF_get_string(conf,
section,
ENV_POLICY)) ==
if (verbose)
BIO_printf(bio_err, "writing new certificates\n");
for (i = 0; i < sk_X509_num(cert_sk); i++) {
+ ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
int k;
char *n;
x = sk_X509_value(cert_sk, i);
- j = x->cert_info->serialNumber->length;
- p = (const char *)x->cert_info->serialNumber->data;
+ j = ASN1_STRING_length(serialNumber);
+ p = (const char *)ASN1_STRING_data(serialNumber);
if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
BIO_printf(bio_err, "certificate file name too long\n");
strcpy(buf[2], outdir);
#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(buf[2], "/", sizeof(buf[2]));
+ OPENSSL_strlcat(buf[2], "/", sizeof(buf[2]));
#endif
n = (char *)&(buf[2][strlen(buf[2])]);
goto end;
tmptm = ASN1_TIME_new();
- if (!tmptm)
+ if (tmptm == NULL)
goto end;
X509_gmtime_adj(tmptm, 0);
X509_CRL_set_lastUpdate(crl, tmptm);
BIO_printf(bio_err, "Check that the request matches the signature\n");
- if ((pktmp = X509_get_pubkey(req)) == NULL) {
+ if ((pktmp = X509_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
goto end;
}
i = X509_verify(req, pktmp);
- EVP_PKEY_free(pktmp);
if (i < 0) {
ok = 0;
BIO_printf(bio_err, "Signature verification problems....\n");
} else
BIO_printf(bio_err, "Signature ok\n");
- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
+ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
goto end;
ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
X509 *ret = NULL;
- X509_CINF *ci;
X509_NAME_ENTRY *ne;
X509_NAME_ENTRY *tne, *push;
EVP_PKEY *pktmp;
goto end;
}
X509_REQ_set_subject_name(req, n);
- req->req_info->enc.modified = 1;
X509_NAME_free(n);
}
if (selfsign)
CAname = X509_NAME_dup(name);
else
- CAname = X509_NAME_dup(x509->cert_info->subject);
+ CAname = X509_NAME_dup(X509_get_subject_name(x509));
if (CAname == NULL)
goto end;
str = str2 = NULL;
}
if (BN_is_zero(serial))
- row[DB_serial] = BUF_strdup("00");
+ row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
if ((ret = X509_new()) == NULL)
goto end;
- ci = ret->cert_info;
#ifdef X509_V3
/* Make it an X509 v3 certificate. */
goto end;
#endif
- if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL)
+ if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL)
goto end;
if (selfsign) {
if (!X509_set_issuer_name(ret, subject))
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
- if (ci->version == NULL)
- if ((ci->version = ASN1_INTEGER_new()) == NULL)
- goto end;
- ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
-
- /*
- * Free the current entries if any, there should not be any I believe
- */
- sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
-
- ci->extensions = NULL;
+ X509_set_version(ret, 2);
/* Initialize the context structure */
if (selfsign)
}
}
- pktmp = X509_get_pubkey(ret);
+ pktmp = X509_get0_pubkey(ret);
if (EVP_PKEY_missing_parameters(pktmp) &&
!EVP_PKEY_missing_parameters(pkey))
EVP_PKEY_copy_parameters(pktmp, pkey);
- EVP_PKEY_free(pktmp);
if (!do_X509_sign(ret, pkey, dgst, sigopts))
goto end;
/* We now just add it to the database */
- row[DB_type] = app_malloc(2, "row db type");
-
+ row[DB_type] = OPENSSL_strdup("V");
tm = X509_get_notAfter(ret);
row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
-
row[DB_rev_date] = NULL;
-
- /* row[DB_serial] done already */
- row[DB_file] = app_malloc(8, "row file");
+ row[DB_file] = OPENSSL_strdup("unknown");
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
- BUF_strlcpy(row[DB_file], "unknown", 8);
- row[DB_type][0] = 'V';
- row[DB_type][1] = '\0';
irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space");
for (i = 0; i < DB_NUMBER; i++) {
X509_REQ *req = NULL;
CONF_VALUE *cv = NULL;
NETSCAPE_SPKI *spki = NULL;
- X509_REQ_INFO *ri;
char *type, *buf;
EVP_PKEY *pktmp = NULL;
X509_NAME *n = NULL;
/*
* Build up the subject name set.
*/
- ri = req->req_info;
- n = ri->subject;
+ n = X509_REQ_get_subject_name(req);
for (i = 0;; i++) {
if (sk_CONF_VALUE_num(sk) <= i)
if (!bn)
goto end;
if (BN_is_zero(bn))
- row[DB_serial] = BUF_strdup("00");
+ row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
row[DB_serial], row[DB_name]);
/* We now just add it to the database */
- row[DB_type] = app_malloc(2, "row type");
-
+ row[DB_type] = OPENSSL_strdup("V");
tm = X509_get_notAfter(x509);
row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
-
row[DB_rev_date] = NULL;
-
- /* row[DB_serial] done already */
- row[DB_file] = app_malloc(8, "row filename");
-
- /* row[DB_name] done already */
-
- BUF_strlcpy(row[DB_file], "unknown", 8);
- row[DB_type][0] = 'V';
- row[DB_type][1] = '\0';
+ row[DB_file] = OPENSSL_strdup("unknown");
irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row ptr");
for (i = 0; i < DB_NUMBER; i++) {
char **rrow, *a_tm_s;
a_tm = ASN1_UTCTIME_new();
+ if (a_tm == NULL)
+ return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
- a_tm_s = (char *)OPENSSL_malloc(a_tm->length + 1);
+ a_tm_s = (char *)app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length);
a_tm_s[a_tm->length] = '\0';
i += strlen(other) + 1;
str = app_malloc(i, "revocation reason");
- BUF_strlcpy(str, (char *)revtm->data, i);
+ OPENSSL_strlcpy(str, (char *)revtm->data, i);
if (reason) {
- BUF_strlcat(str, ",", i);
- BUF_strlcat(str, reason, i);
+ OPENSSL_strlcat(str, ",", i);
+ OPENSSL_strlcat(str, reason, i);
}
if (other) {
- BUF_strlcat(str, ",", i);
- BUF_strlcat(str, other, i);
+ OPENSSL_strlcat(str, ",", i);
+ OPENSSL_strlcat(str, other, i);
}
ASN1_UTCTIME_free(revtm);
return str;
if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
rtmp = ASN1_ENUMERATED_new();
- if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
+ if (rtmp == NULL || !ASN1_ENUMERATED_set(rtmp, reason_code))
goto end;
if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
goto end;
ASN1_OBJECT *hold = NULL;
ASN1_GENERALIZEDTIME *comp_time = NULL;
- tmp = BUF_strdup(str);
+ tmp = OPENSSL_strdup(str);
if (!tmp) {
BIO_printf(bio_err, "memory allocation failure\n");
goto end;
if (prevtm) {
*prevtm = ASN1_UTCTIME_new();
- if (!*prevtm) {
+ if (*prevtm == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
goto end;
}
goto end;
}
comp_time = ASN1_GENERALIZEDTIME_new();
- if (!comp_time) {
+ if (comp_time == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
goto end;
}