static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate,char *enddate,
- int days, int batch, char *ext_sect, LHASH *conf,int verbose,
+ long days, int batch, char *ext_sect, CONF *conf,int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,
- char *enddate, int days, int batch, char *ext_sect,
- LHASH *conf,int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy);
+ char *enddate, long days, int batch, char *ext_sect,
+ CONF *conf,int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy,
+ ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial,char *subj, char *startdate,
- char *enddate, int days, char *ext_sect,LHASH *conf,
+ char *enddate, long days, char *ext_sect,CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
- char *startdate, char *enddate, int days, int batch, int verbose,
- X509_REQ *req, char *ext_sect, LHASH *conf,
+ char *startdate, char *enddate, long days, int batch, int verbose,
+ X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static X509_NAME *do_subject(char *subject);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static LHASH *conf=NULL;
-static LHASH *extconf=NULL;
+static CONF *conf=NULL;
+static CONF *extconf=NULL;
static char *section=NULL;
static int preserve=0;
BIGNUM *serial=NULL;
char *startdate=NULL;
char *enddate=NULL;
- int days=0;
+ long days=0;
int batch=0;
int notext=0;
unsigned long nameopt = 0, certopt = 0;
ERR_load_crypto_strings();
- if (engine != NULL)
- {
- if ((e = ENGINE_by_id(engine)) == NULL)
- {
- BIO_printf(bio_err,"invalid engine \"%s\"\n",
- engine);
- goto err;
- }
- if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
- {
- BIO_printf(bio_err,"can't use that engine\n");
- goto err;
- }
- BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
- /* Free our "structural" reference. */
- ENGINE_free(e);
- }
+ e = setup_engine(bio_err, engine, 0);
/*****************************************************************/
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
- if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+ conf = NCONF_new(NULL);
+ if (NCONF_load(conf,configfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err,"error loading the config file '%s'\n",
/* Lets get the config section we are using */
if (section == NULL)
{
- section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+ section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
if (section == NULL)
{
lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
if (conf != NULL)
{
- p=CONF_get_string(conf,NULL,"oid_file");
+ p=NCONF_get_string(conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
}
}
- randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
/* report status of cert with serial number given on command line */
if (ser_status)
{
- if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
/*****************************************************************/
/* we definitely need a public key, so let's get it */
- if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
{
lookup_fail(section,ENV_PRIVATE_KEY);
BIO_printf(bio_err,"Error getting password\n");
goto err;
}
- if (keyform == FORMAT_ENGINE)
- {
- if (!e)
- {
- BIO_printf(bio_err,"no engine specified\n");
- goto err;
- }
- pkey = ENGINE_load_private_key(e, keyfile, key);
- }
- else if (keyform == FORMAT_PEM)
- {
- if (BIO_read_filename(in,keyfile) <= 0)
- {
- perror(keyfile);
- BIO_printf(bio_err,"trying to load CA private key\n");
- goto err;
- }
- pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
- }
- else
- {
- BIO_printf(bio_err,"bad input format specified for key file\n");
- goto err;
- }
+ pkey = load_key(bio_err, keyfile, keyform, key, e,
+ "CA private key");
if (key) memset(key,0,strlen(key));
if (pkey == NULL)
{
- BIO_printf(bio_err,"unable to load CA private key\n");
+ /* load_key() has already printed an appropriate message */
goto err;
}
/*****************************************************************/
/* we need a certificate */
- if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+ if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
section,ENV_CERTIFICATE)) == NULL))
{
lookup_fail(section,ENV_CERTIFICATE);
goto err;
}
- if (BIO_read_filename(in,certfile) <= 0)
- {
- perror(certfile);
- BIO_printf(bio_err,"trying to load CA certificate\n");
- goto err;
- }
- x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
+ x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
+ "CA certificate");
if (x509 == NULL)
- {
- BIO_printf(bio_err,"unable to load CA certificate\n");
goto err;
- }
if (!X509_check_private_key(x509,pkey))
{
goto err;
}
- f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
preserve=1;
- f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
msie_hack=1;
- f=CONF_get_string(conf,section,ENV_NAMEOPT);
+ f=NCONF_get_string(conf,section,ENV_NAMEOPT);
if (f)
{
else
ERR_clear_error();
- f=CONF_get_string(conf,section,ENV_CERTOPT);
+ f=NCONF_get_string(conf,section,ENV_CERTOPT);
if (f)
{
else
ERR_clear_error();
- f=CONF_get_string(conf,section,ENV_EXTCOPY);
+ f=NCONF_get_string(conf,section,ENV_EXTCOPY);
if (f)
{
{
struct stat sb;
- if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+ if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
== NULL)
{
BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
/*****************************************************************/
/* we need to load the database file */
- if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
goto err;
}
+#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
+#endif
if (j < 0 || j >= sizeof buf[0])
{
BIO_printf(bio_err, "file name too long\n");
BIO_free(out);
out = NULL;
+#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
+#endif
if (j < 0 || j >= sizeof buf[1])
{
BIO_printf(bio_err, "file name too long\n");
/* Read extentions config file */
if (extfile)
{
- if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+ extconf = NCONF_new(NULL);
+ if (NCONF_load(extconf,extfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
/* We can have sections in the ext file */
- if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions")))
+ if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
extensions = "default";
}
if (req)
{
- if ((md == NULL) && ((md=CONF_get_string(conf,
+ if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
if (verbose)
BIO_printf(bio_err,"message digest is %s\n",
OBJ_nid2ln(dgst->type));
- if ((policy == NULL) && ((policy=CONF_get_string(conf,
+ if ((policy == NULL) && ((policy=NCONF_get_string(conf,
section,ENV_POLICY)) == NULL))
{
lookup_fail(section,ENV_POLICY);
if (verbose)
BIO_printf(bio_err,"policy is %s\n",policy);
- if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+ if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
== NULL)
{
lookup_fail(section,ENV_SERIAL);
* in the main configuration file */
if (!extensions)
{
- extensions=CONF_get_string(conf,section,
+ extensions=NCONF_get_string(conf,section,
ENV_EXTENSIONS);
if (!extensions)
ERR_clear_error();
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx, extensions,
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
NULL))
{
BIO_printf(bio_err,
if (startdate == NULL)
{
- startdate=CONF_get_string(conf,section,
+ startdate=NCONF_get_string(conf,section,
ENV_DEFAULT_STARTDATE);
if (startdate == NULL)
ERR_clear_error();
if (enddate == NULL)
{
- enddate=CONF_get_string(conf,section,
+ enddate=NCONF_get_string(conf,section,
ENV_DEFAULT_ENDDATE);
if (enddate == NULL)
ERR_clear_error();
if (days == 0)
{
- days=(int)CONF_get_number(conf,section,
- ENV_DEFAULT_DAYS);
+ if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
+ days = 0;
}
if (!enddate && (days == 0))
{
OPENSSL_free(f);
}
- if ((attribs=CONF_get_section(conf,policy)) == NULL)
+ if ((attribs=NCONF_get_section(conf,policy)) == NULL)
{
BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
goto err;
j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
db,serial,subj,startdate,enddate,days,batch,
extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy);
+ default_op, ext_copy, e);
if (j < 0) goto err;
if (j > 0)
{
int crl_v2 = 0;
if (!crl_ext)
{
- crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+ crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
if (!crl_ext)
ERR_clear_error();
}
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
{
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
if (!crldays && !crlhours)
{
- crldays=CONF_get_number(conf,section,
- ENV_DEFAULT_CRL_DAYS);
- crlhours=CONF_get_number(conf,section,
- ENV_DEFAULT_CRL_HOURS);
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_DAYS, &crldays))
+ crldays = 0;
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_HOURS, &crlhours))
+ crlhours = 0;
}
if ((crldays == 0) && (crlhours == 0))
{
if (ci->version == NULL)
if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
- X509V3_set_conf_lhash(&crlctx, conf);
+ X509V3_set_nconf(&crlctx, conf);
- if (!X509V3_EXT_CRL_add_conf(conf, &crlctx,
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
crl_ext, crl)) goto err;
}
if (crl_ext || crl_v2)
else
{
X509 *revcert;
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
- goto err;
- }
- revcert=PEM_read_bio_X509(in,NULL,NULL,NULL);
+ revcert=load_cert(bio_err, infile, FORMAT_PEM,
+ NULL, e, infile);
if (revcert == NULL)
- {
- BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
goto err;
- }
j=do_revoke(revcert,db, rev_type, rev_arg);
if (j <= 0) goto err;
X509_free(revcert);
strncpy(buf[0],dbfile,BSIZE-4);
+#ifndef OPENSSL_SYS_VMS
strcat(buf[0],".new");
+#else
+ strcat(buf[0],"-new");
+#endif
if (BIO_write_filename(out,buf[0]) <= 0)
{
perror(dbfile);
j=TXT_DB_write(out,db);
if (j <= 0) goto err;
strncpy(buf[1],dbfile,BSIZE-4);
+#ifndef OPENSSL_SYS_VMS
strcat(buf[1],".old");
+#else
+ strcat(buf[1],"-old");
+#endif
if (rename(dbfile,buf[1]) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);
- BIO_free(in);
+ BIO_free_all(in);
sk_X509_pop_free(cert_sk,X509_free);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
- CONF_free(conf);
+ NCONF_free(conf);
OBJ_cleanup();
+ apps_shutdown();
EXIT(ret);
}
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- int batch, char *ext_sect, LHASH *lconf, int verbose,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- int batch, char *ext_sect, LHASH *lconf, int verbose,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy)
+ int ext_copy, ENGINE *e)
{
X509 *req=NULL;
X509_REQ *rreq=NULL;
- BIO *in=NULL;
EVP_PKEY *pktmp=NULL;
int ok= -1,i;
- in=BIO_new(BIO_s_file());
-
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
+ if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
goto err;
- }
- if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
- goto err;
- }
if (verbose)
X509_print(bio_err,req);
err:
if (rreq != NULL) X509_REQ_free(rreq);
if (req != NULL) X509_free(req);
- if (in != NULL) BIO_free(in);
return(ok);
}
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
- char *startdate, char *enddate, int days, int batch, int verbose,
- X509_REQ *req, char *ext_sect, LHASH *lconf,
+ char *startdate, char *enddate, long days, int batch, int verbose,
+ X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
BIO_printf(bio_err, "Extra configuration file found\n");
/* Use the extconf configuration db LHASH */
- X509V3_set_conf_lhash(&ctx, extconf);
+ X509V3_set_nconf(&ctx, extconf);
/* Test the structure (needed?) */
/* X509V3_set_ctx_test(&ctx); */
/* Adds exts contained in the configuration file */
- if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret))
+ if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
{
BIO_printf(bio_err,
"ERROR: adding extensions in section %s\n",
else if (ext_sect)
{
/* We found extensions to be set from config file */
- X509V3_set_conf_lhash(&ctx, lconf);
+ X509V3_set_nconf(&ctx, lconf);
- if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret))
+ if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
{
BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
ERR_print_errors(bio_err);
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
STACK_OF(CONF_VALUE) *sk=NULL;
projects / openssl.git / blobdiff