#include "err.h"
#include "asn1.h"
#include "x509.h"
+#include "x509v3.h"
#include "objects.h"
#include "pem.h"
#define KEYFILE "default_keyfile"
#define DISTINGUISHED_NAME "distinguished_name"
#define ATTRIBUTES "attributes"
+#define V3_EXTENSIONS "x509_extensions"
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+ char *extensions = NULL;
EVP_CIPHER *cipher=NULL;
int modulus=0;
char *p;
}
else if (strcmp(*argv,"-newkey") == 0)
{
+ int is_numeric;
+
if (--argc < 1) goto bad;
p= *(++argv);
- if ((strncmp("rsa:",p,4) == 0) ||
- ((p[0] >= '0') && (p[0] <= '9')))
+ is_numeric = p[0] >= '0' && p[0] <= '9';
+ if (strncmp("rsa:",p,4) == 0 || is_numeric)
{
pkey_type=TYPE_RSA;
- p+=4;
+ if(!is_numeric)
+ p+=4;
newkey= atoi(p);
}
else
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
- BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text text form of request\n");
BIO_printf(bio_err," -noout do not output REQ\n");
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n");
- BIO_printf(bio_err," -config file request templace file.\n");
+ BIO_printf(bio_err," -config file request template file.\n");
BIO_printf(bio_err," -new new request.\n");
BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n");
}
ERR_load_crypto_strings();
+ X509V3_add_standard_extensions();
#ifndef MONOLITH
/* Lets load up our environment a little */
- p=getenv("SSLEAY_CONF");
+ p=getenv("OPENSSL_CONF");
+ if (p == NULL)
+ p=getenv("SSLEAY_CONF");
if (p == NULL)
{
strcpy(config_name,X509_get_default_cert_area());
strcat(config_name,"/lib/");
- strcat(config_name,SSLEAY_CONF);
+ strcat(config_name,OPENSSL_CONF);
p=config_name;
}
default_config_file=p;
digest=md_alg;
}
+ extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
}
if (x509)
{
+ EVP_PKEY *tmppkey;
+ X509V3_CTX ext_ctx;
if ((x509ss=X509_new()) == NULL) goto end;
- /* don't set the version number, for starters
- * the field is null and second, null is v0
- * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
- */
+ /* Set version to V3 */
+ if(!X509_set_version(x509ss, 2)) goto end;
ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
X509_set_issuer_name(x509ss,
(long)60*60*24*days);
X509_set_subject_name(x509ss,
X509_REQ_get_subject_name(req));
- X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req));
+ tmppkey = X509_REQ_get_pubkey(req);
+ X509_set_pubkey(x509ss,tmppkey);
+ EVP_PKEY_free(tmppkey);
+
+ /* Set up V3 context struct */
+
+ ext_ctx.issuer_cert = x509ss;
+ ext_ctx.subject_cert = x509ss;
+ ext_ctx.subject_req = NULL;
+ ext_ctx.crl = NULL;
+ ext_ctx.flags = 0;
+
+ /* Add extensions */
+ if(extensions && !X509V3_EXT_add_conf(req_conf,
+ &ext_ctx, extensions, x509ss))
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ extensions);
+ goto end;
+ }
if (!(i=X509_sign(x509ss,pkey,digest)))
goto end;
}
i=X509_REQ_verify(req,pkey);
- if (tmp) pkey=NULL;
+ if (tmp) {
+ EVP_PKEY_free(pkey);
+ pkey=NULL;
+ }
if (i < 0)
{
goto end;
}
fprintf(stdout,"Modulus=");
+#ifndef NO_RSA
if (pubkey->type == EVP_PKEY_RSA)
BN_print(out,pubkey->pkey.rsa->n);
else
+#endif
fprintf(stdout,"Wrong Algorithm type");
fprintf(stdout,"\n");
}
projects / openssl.git / blobdiff