#undef BSIZE
#define BSIZE 256
-#define BASE_SECTION "ca"
+#define BASE_SECTION "ca"
#define ENV_DEFAULT_CA "default_ca"
-#define STRING_MASK "string_mask"
+#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
-#define ENV_DIR "dir"
-#define ENV_CERTS "certs"
-#define ENV_CRL_DIR "crl_dir"
-#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
-#define ENV_CERTIFICATE "certificate"
+#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
-#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
-#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
ret = 0;
goto end;
case OPT_IN:
+ req = 1;
infile = opt_arg();
break;
case OPT_OUT:
argv = opt_rest();
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
- if ((conf = app_load_config(configfile)) == NULL)
- goto end;
+ /* We already loaded the default config file */
+ if (configfile != default_config_file) {
+ if ((conf = app_load_config(configfile)) == NULL)
+ goto end;
+ if (!app_load_modules(conf))
+ goto end;
+ }
/* Lets get the config section we are using */
if (section == NULL) {
goto end;
}
default_op = 0;
- } else
+ } else {
+ nameopt = XN_FLAG_ONELINE;
ERR_clear_error();
+ }
f = NCONF_get_string(conf, section, ENV_CERTOPT);
extensions = "default";
}
- /*****************************************************************/
+ /*****************************************************************/
if (req || gencrl) {
- Sout = bio_open_default(outfile, "w");
+ /* FIXME: Is it really always text? */
+ Sout = bio_open_default(outfile, 'w', FORMAT_TEXT);
if (Sout == NULL)
goto end;
}
}
if (verbose)
BIO_printf(bio_err, "message digest is %s\n",
- OBJ_nid2ln(dgst->type));
+ OBJ_nid2ln(EVP_MD_type(dgst)));
if ((policy == NULL) && ((policy = NCONF_get_string(conf,
section,
ENV_POLICY)) ==
if (verbose)
BIO_printf(bio_err, "writing new certificates\n");
for (i = 0; i < sk_X509_num(cert_sk); i++) {
+ ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
int k;
char *n;
x = sk_X509_value(cert_sk, i);
- j = x->cert_info->serialNumber->length;
- p = (const char *)x->cert_info->serialNumber->data;
+ j = ASN1_STRING_length(serialNumber);
+ p = (const char *)ASN1_STRING_data(serialNumber);
if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
BIO_printf(bio_err, "certificate file name too long\n");
goto end;
tmptm = ASN1_TIME_new();
- if (!tmptm)
+ if (tmptm == NULL)
goto end;
X509_gmtime_adj(tmptm, 0);
X509_CRL_set_lastUpdate(crl, tmptm);
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
X509 *ret = NULL;
- X509_CINF *ci;
X509_NAME_ENTRY *ne;
X509_NAME_ENTRY *tne, *push;
EVP_PKEY *pktmp;
goto end;
}
X509_REQ_set_subject_name(req, n);
- req->req_info->enc.modified = 1;
X509_NAME_free(n);
}
if (selfsign)
CAname = X509_NAME_dup(name);
else
- CAname = X509_NAME_dup(x509->cert_info->subject);
+ CAname = X509_NAME_dup(X509_get_subject_name(x509));
if (CAname == NULL)
goto end;
str = str2 = NULL;
if ((ret = X509_new()) == NULL)
goto end;
- ci = ret->cert_info;
#ifdef X509_V3
/* Make it an X509 v3 certificate. */
goto end;
#endif
- if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL)
+ if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL)
goto end;
if (selfsign) {
if (!X509_set_issuer_name(ret, subject))
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
- if (ci->version == NULL)
- if ((ci->version = ASN1_INTEGER_new()) == NULL)
- goto end;
- ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
-
- /*
- * Free the current entries if any, there should not be any I believe
- */
- sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
-
- ci->extensions = NULL;
+ X509_set_version(ret, 2);
/* Initialize the context structure */
if (selfsign)
X509_REQ *req = NULL;
CONF_VALUE *cv = NULL;
NETSCAPE_SPKI *spki = NULL;
- X509_REQ_INFO *ri;
char *type, *buf;
EVP_PKEY *pktmp = NULL;
X509_NAME *n = NULL;
/*
* Build up the subject name set.
*/
- ri = req->req_info;
- n = ri->subject;
+ n = X509_REQ_get_subject_name(req);
for (i = 0;; i++) {
if (sk_CONF_VALUE_num(sk) <= i)
char **rrow, *a_tm_s;
a_tm = ASN1_UTCTIME_new();
+ if (a_tm == NULL)
+ return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
- a_tm_s = (char *)OPENSSL_malloc(a_tm->length + 1);
+ a_tm_s = (char *)app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length);
a_tm_s[a_tm->length] = '\0';
if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
rtmp = ASN1_ENUMERATED_new();
- if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
+ if (rtmp == NULL || !ASN1_ENUMERATED_set(rtmp, reason_code))
goto end;
if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
goto end;
if (prevtm) {
*prevtm = ASN1_UTCTIME_new();
- if (!*prevtm) {
+ if (*prevtm == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
goto end;
}
goto end;
}
comp_time = ASN1_GENERALIZEDTIME_new();
- if (!comp_time) {
+ if (comp_time == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
goto end;
}