Change the EVP_somecipher() and EVP_somedigest()
[openssl.git] / apps / req.c
index cc524de..f422d3e 100644 (file)
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 #include <openssl/conf.h>
 #include <openssl/err.h>
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define SECTION                "req"
 
 #define BITS           "default_bits"
 #define KEYFILE                "default_keyfile"
+#define PROMPT         "prompt"
 #define DISTINGUISHED_NAME     "distinguished_name"
 #define ATTRIBUTES     "attributes"
 #define V3_EXTENSIONS  "x509_extensions"
 #define REQ_EXTENSIONS "req_extensions"
+#define STRING_MASK    "string_mask"
 
 #define DEFAULT_KEY_LENGTH     512
 #define MIN_KEY_LENGTH         384
@@ -90,7 +92,7 @@
 #undef PROG
 #define PROG   req_main
 
-/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg - input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg     - input file - default stdin
  * -out arg    - output file - default stdout
  * -nodes      - no des encryption
  * -config file        - Load configuration file.
  * -key file   - make a request using key in file (or use it for verification).
- * -keyform    - key file format.
+ * -keyform arg        - key file format.
+ * -rand file(s) - load the file(s) into the PRNG.
  * -newkey     - make a key and a request.
  * -modulus    - print RSA modulus.
  * -x509       - output a self signed X509 structure instead.
  *               require.  This format is wrong
  */
 
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
-static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs);
+static int build_subject(X509_REQ *req, char *subj);
+static int prompt_info(X509_REQ *req,
+               STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+               STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
+                               STACK_OF(CONF_VALUE) *attr, int attribs);
+static int add_attribute_object(X509_REQ *req, char *text,
                                char *def, char *value, int nid, int min,
                                int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
        int nid,int min,int max);
+#ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p,int n,void *arg);
-static int req_fix_data(int nid,int *type,int len,int min,int max);
+#endif
+static int req_check_len(int len,int min,int max);
 static int check_end(char *str, char *end);
-static int add_oid_section(LHASH *conf);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 static LHASH *config=NULL;
 #endif
 static LHASH *req_conf=NULL;
+static int batch=0;
 
 #define TYPE_RSA       1
 #define TYPE_DSA       2
 #define TYPE_DH                3
 
+int MAIN(int, char **);
+
 int MAIN(int argc, char **argv)
        {
-#ifndef NO_DSA
+       ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
        DSA *dsa_params=NULL;
 #endif
+       unsigned long nmflag = 0;
        int ex=1,x509=0,days=30;
        X509 *x509ss=NULL;
        X509_REQ *req=NULL;
        EVP_PKEY *pkey=NULL;
-       int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
+       int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
        BIO *in=NULL,*out=NULL;
        int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-       int nodes=0,kludge=0;
+       int nodes=0,kludge=0,newhdr=0,subject=0;
        char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+       char *engine=NULL;
        char *extensions = NULL;
        char *req_exts = NULL;
-       EVP_CIPHER *cipher=NULL;
+       const EVP_CIPHER *cipher=NULL;
+       ASN1_INTEGER *serial = NULL;
        int modulus=0;
+       char *inrand=NULL;
+       char *passargin = NULL, *passargout = NULL;
+       char *passin = NULL, *passout = NULL;
        char *p;
+       char *subj = NULL;
        const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
        MS_STATIC char config_name[256];
 #endif
 
-#ifndef NO_DES
+       req_conf = NULL;
+#ifndef OPENSSL_NO_DES
        cipher=EVP_des_ede3_cbc();
 #endif
        apps_startup();
@@ -181,6 +203,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outformat=str2fmt(*(++argv));
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-key") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -188,7 +215,6 @@ int MAIN(int argc, char **argv)
                        }
                else if (strcmp(*argv,"-new") == 0)
                        {
-                       pkey_type=TYPE_RSA;
                        newreq=1;
                        }
                else if (strcmp(*argv,"-config") == 0)
@@ -216,6 +242,21 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        keyout= *(++argv);
                        }
+               else if (strcmp(*argv,"-passin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passargin= *(++argv);
+                       }
+               else if (strcmp(*argv,"-passout") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passargout= *(++argv);
+                       }
+               else if (strcmp(*argv,"-rand") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       inrand= *(++argv);
+                       }
                else if (strcmp(*argv,"-newkey") == 0)
                        {
                        int is_numeric;
@@ -231,7 +272,7 @@ int MAIN(int argc, char **argv)
                                newkey= atoi(p);
                                }
                        else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                                if (strncmp("dsa:",p,4) == 0)
                                {
                                X509 *xtmp=NULL;
@@ -271,7 +312,7 @@ int MAIN(int argc, char **argv)
                                }
                        else 
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
                                if (strncmp("dh:",p,4) == 0)
                                {
                                pkey_type=TYPE_DH;
@@ -283,6 +324,10 @@ int MAIN(int argc, char **argv)
 
                        newreq=1;
                        }
+               else if (strcmp(*argv,"-batch") == 0)
+                       batch=1;
+               else if (strcmp(*argv,"-newhdr") == 0)
+                       newhdr=1;
                else if (strcmp(*argv,"-modulus") == 0)
                        modulus=1;
                else if (strcmp(*argv,"-verify") == 0)
@@ -291,6 +336,15 @@ int MAIN(int argc, char **argv)
                        nodes=1;
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
+               else if (strcmp(*argv,"-verbose") == 0)
+                       verbose=1;
+               else if (strcmp(*argv,"-nameopt") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+                       }
+               else if (strcmp(*argv,"-subject") == 0)
+                       subject=1;
                else if (strcmp(*argv,"-text") == 0)
                        text=1;
                else if (strcmp(*argv,"-x509") == 0)
@@ -299,12 +353,23 @@ int MAIN(int argc, char **argv)
                        kludge=1;
                else if (strcmp(*argv,"-no-asn1-kludge") == 0)
                        kludge=0;
+               else if (strcmp(*argv,"-subj") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       subj= *(++argv);
+                       }
                else if (strcmp(*argv,"-days") == 0)
                        {
                        if (--argc < 1) goto bad;
                        days= atoi(*(++argv));
                        if (days == 0) days=30;
                        }
+               else if (strcmp(*argv,"-set_serial") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       serial = s2i_ASN1_INTEGER(NULL, *(++argv));
+                       if (!serial) goto bad;
+                       }
                else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
                        {
                        /* ok */
@@ -335,8 +400,8 @@ int MAIN(int argc, char **argv)
 bad:
                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
                BIO_printf(bio_err,"where options  are\n");
-               BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
-               BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+               BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
+               BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
                BIO_printf(bio_err," -in arg        input file\n");
                BIO_printf(bio_err," -out arg       output file\n");
                BIO_printf(bio_err," -text          text form of request\n");
@@ -344,29 +409,40 @@ bad:
                BIO_printf(bio_err," -verify        verify signature on REQ\n");
                BIO_printf(bio_err," -modulus       RSA modulus\n");
                BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-               BIO_printf(bio_err," -key file  use the private key contained in file\n");
+               BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
+               BIO_printf(bio_err," -subject       output the request's subject\n");
+               BIO_printf(bio_err," -passin        private key password source\n");
+               BIO_printf(bio_err," -key file      use the private key contained in file\n");
                BIO_printf(bio_err," -keyform arg   key file format\n");
                BIO_printf(bio_err," -keyout arg    file to send the key to\n");
+               BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+               BIO_printf(bio_err,"                load the file (or the files in the directory) into\n");
+               BIO_printf(bio_err,"                the random number generator\n");
                BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
                BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-
                BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
                BIO_printf(bio_err," -config file   request template file.\n");
+               BIO_printf(bio_err," -subj arg      set or modify request subject\n");
                BIO_printf(bio_err," -new           new request.\n");
+               BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
                BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
-               BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
+               BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");
+               BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");
+               BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");
                BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
                BIO_printf(bio_err,"                have been reported as requiring\n");
-               BIO_printf(bio_err,"                [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
                BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
                BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
                goto end;
                }
 
        ERR_load_crypto_strings();
-       X509V3_add_standard_extensions();
+       if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+               BIO_printf(bio_err, "Error getting passwords\n");
+               goto end;
+       }
 
-#ifndef MONOLITH
+#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
        /* Lets load up our environment a little */
        p=getenv("OPENSSL_CONF");
        if (p == NULL)
@@ -374,13 +450,13 @@ bad:
        if (p == NULL)
                {
                strcpy(config_name,X509_get_default_cert_area());
-#ifndef VMS
+#ifndef OPENSSL_SYS_VMS
                strcat(config_name,"/");
 #endif
                strcat(config_name,OPENSSL_CONF);
                p=config_name;
                }
-        default_config_file=p;
+       default_config_file=p;
        config=CONF_load(config,p,NULL);
 #endif
 
@@ -410,6 +486,8 @@ bad:
        if (req_conf != NULL)
                {
                p=CONF_get_string(req_conf,NULL,"oid_file");
+               if (p == NULL)
+                       ERR_clear_error();
                if (p != NULL)
                        {
                        BIO *oid_bio;
@@ -429,18 +507,27 @@ bad:
                                }
                        }
                }
-               if(!add_oid_section(req_conf)) goto end;
+       if(!add_oid_section(bio_err, req_conf)) goto end;
 
-       if ((md_alg == NULL) &&
-               ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
+       if (md_alg == NULL)
                {
-               if ((md_alg=EVP_get_digestbyname(p)) != NULL)
-                       digest=md_alg;
+               p=CONF_get_string(req_conf,SECTION,"default_md");
+               if (p == NULL)
+                       ERR_clear_error();
+               if (p != NULL)
+                       {
+                       if ((md_alg=EVP_get_digestbyname(p)) != NULL)
+                               digest=md_alg;
+                       }
                }
 
-       if(!extensions)
+       if (!extensions)
+               {
                extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
-       if(extensions) {
+               if (!extensions)
+                       ERR_clear_error();
+               }
+       if (extensions) {
                /* Check syntax of file */
                X509V3_CTX ctx;
                X509V3_set_ctx_test(&ctx);
@@ -452,8 +539,35 @@ bad:
                }
        }
 
+       if(!passin)
+               {
+               passin = CONF_get_string(req_conf, SECTION, "input_password");
+               if (!passin)
+                       ERR_clear_error();
+               }
+       
+       if(!passout)
+               {
+               passout = CONF_get_string(req_conf, SECTION, "output_password");
+               if (!passout)
+                       ERR_clear_error();
+               }
+
+       p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+       if (!p)
+               ERR_clear_error();
+
+       if(p && !ASN1_STRING_set_default_mask_asc(p)) {
+               BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
+               goto end;
+       }
+
        if(!req_exts)
+               {
                req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+               if (!req_exts)
+                       ERR_clear_error();
+               }
        if(req_exts) {
                /* Check syntax of file */
                X509V3_CTX ctx;
@@ -472,23 +586,55 @@ bad:
        if ((in == NULL) || (out == NULL))
                goto end;
 
-       if (keyfile != NULL)
+       if (engine != NULL)
                {
-               if (BIO_read_filename(in,keyfile) <= 0)
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
                        {
-                       perror(keyfile);
+                       BIO_printf(bio_err,"can't use that engine\n");
                        goto end;
                        }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
 
-/*             if (keyform == FORMAT_ASN1)
-                       rsa=d2i_RSAPrivateKey_bio(in,NULL);
-               else */
-               if (keyform == FORMAT_PEM)
-                       pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
+       if (keyfile != NULL)
+               {
+               if (keyform == FORMAT_ENGINE)
+                       {
+                       if (!e)
+                               {
+                               BIO_printf(bio_err,"no engine specified\n");
+                               goto end;
+                               }
+                       pkey = ENGINE_load_private_key(e, keyfile, NULL);
+                       }
                else
                        {
-                       BIO_printf(bio_err,"bad input format specified for X509 request\n");
-                       goto end;
+                       if (BIO_read_filename(in,keyfile) <= 0)
+                               {
+                               perror(keyfile);
+                               goto end;
+                               }
+
+                       if (keyform == FORMAT_ASN1)
+                               pkey=d2i_PrivateKey_bio(in,NULL);
+                       else if (keyform == FORMAT_PEM)
+                               {
+                               pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
+                                       passin);
+                               }
+                       else
+                               {
+                               BIO_printf(bio_err,"bad input format specified for X509 request\n");
+                               goto end;
+                               }
                        }
 
                if (pkey == NULL)
@@ -496,29 +642,24 @@ bad:
                        BIO_printf(bio_err,"unable to load Private key\n");
                        goto end;
                        }
+               if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+                       {
+                       char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+                       if (randfile == NULL)
+                               ERR_clear_error();
+                       app_RAND_load_file(randfile, bio_err, 0);
+                       }
                }
 
        if (newreq && (pkey == NULL))
                {
-               char *randfile;
-               char buffer[200];
-
-               if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL)
-                       randfile=RAND_file_name(buffer,200);
-#ifdef WINDOWS
-               BIO_printf(bio_err,"Loading 'screen' into random state -");
-               BIO_flush(bio_err);
-               RAND_screen();
-               BIO_printf(bio_err," done\n");
-#endif
-               if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L))
-                       {
-                       BIO_printf(bio_err,"unable to load 'random state'\n");
-                       BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n");
-                       BIO_printf(bio_err,"with much random data.\n");
-                       BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n");
-                       BIO_printf(bio_err,"'random' data can be kept in.\n");
-                       }
+               char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+               if (randfile == NULL)
+                       ERR_clear_error();
+               app_RAND_load_file(randfile, bio_err, 0);
+               if (inrand)
+                       app_RAND_load_files(inrand);
+       
                if (newkey <= 0)
                        {
                        newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
@@ -537,7 +678,7 @@ bad:
 
                if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                if (pkey_type == TYPE_RSA)
                        {
                        if (!EVP_PKEY_assign_RSA(pkey,
@@ -547,7 +688,7 @@ bad:
                        }
                else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                        if (pkey_type == TYPE_DSA)
                        {
                        if (!DSA_generate_key(dsa_params)) goto end;
@@ -556,18 +697,27 @@ bad:
                        }
 #endif
 
-               if ((randfile == NULL) || (RAND_write_file(randfile) == 0))
-                       BIO_printf(bio_err,"unable to write 'random state'\n");
+               app_RAND_write_file(randfile, bio_err);
 
                if (pkey == NULL) goto end;
 
                if (keyout == NULL)
+                       {
                        keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
-
+                       if (keyout == NULL)
+                               ERR_clear_error();
+                       }
+               
                if (keyout == NULL)
                        {
                        BIO_printf(bio_err,"writing new private key to stdout\n");
                        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+                       {
+                       BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                       out = BIO_push(tmpbio, out);
+                       }
+#endif
                        }
                else
                        {
@@ -581,7 +731,12 @@ bad:
 
                p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
                if (p == NULL)
+                       {
+                       ERR_clear_error();
                        p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+                       if (p == NULL)
+                               ERR_clear_error();
+                       }
                if ((p != NULL) && (strcmp(p,"no") == 0))
                        cipher=NULL;
                if (nodes) cipher=NULL;
@@ -589,7 +744,7 @@ bad:
                i=0;
 loop:
                if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
-                       NULL,0,NULL,NULL))
+                       NULL,0,NULL,passout))
                        {
                        if ((ERR_GET_REASON(ERR_peek_error()) ==
                                PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
@@ -638,16 +793,15 @@ loop:
 
        if (newreq || x509)
                {
-#ifndef NO_DSA
-               if (pkey->type == EVP_PKEY_DSA)
-                       digest=EVP_dss1();
-#endif
-
                if (pkey == NULL)
                        {
                        BIO_printf(bio_err,"you need to specify a private key\n");
                        goto end;
                        }
+#ifndef OPENSSL_NO_DSA
+               if (pkey->type == EVP_PKEY_DSA)
+                       digest=EVP_dss1();
+#endif
                if (req == NULL)
                        {
                        req=X509_REQ_new();
@@ -656,9 +810,13 @@ loop:
                                goto end;
                                }
 
-                       i=make_REQ(req,pkey,!x509);
-                       if (kludge >= 0)
-                               req->req_info->req_kludge=kludge;
+                       i=make_REQ(req,pkey,subj,!x509);
+                       subj=NULL; /* done processing '-subj' option */
+                       if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
+                               {
+                               sk_X509_ATTRIBUTE_free(req->req_info->attributes);
+                               req->req_info->attributes = NULL;
+                               }
                        if (!i)
                                {
                                BIO_printf(bio_err,"problems making Certificate Request\n");
@@ -673,7 +831,10 @@ loop:
 
                        /* Set version to V3 */
                        if(!X509_set_version(x509ss, 2)) goto end;
-                       ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
+                       if (serial)
+                               X509_set_serialNumber(x509ss, serial);
+                       else
+                               ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
 
                        X509_set_issuer_name(x509ss,
                                X509_REQ_get_subject_name(req));
@@ -694,13 +855,13 @@ loop:
                        /* Add extensions */
                        if(extensions && !X509V3_EXT_add_conf(req_conf, 
                                        &ext_ctx, extensions, x509ss))
-                           {
-                           BIO_printf(bio_err,
-                                      "Error Loading extension section %s\n",
-                                      extensions);
-                           goto end;
-                           }
-
+                               {
+                               BIO_printf(bio_err,
+                                       "Error Loading extension section %s\n",
+                                       extensions);
+                               goto end;
+                               }
+                       
                        if (!(i=X509_sign(x509ss,pkey,digest)))
                                goto end;
                        }
@@ -716,17 +877,46 @@ loop:
                        /* Add extensions */
                        if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, 
                                        &ext_ctx, req_exts, req))
-                           {
-                           BIO_printf(bio_err,
-                                      "Error Loading extension section %s\n",
-                                      req_exts);
-                           goto end;
-                           }
+                               {
+                               BIO_printf(bio_err,
+                                       "Error Loading extension section %s\n",
+                                       req_exts);
+                               goto end;
+                               }
                        if (!(i=X509_REQ_sign(req,pkey,digest)))
                                goto end;
                        }
                }
 
+       if (subj && x509)
+               {
+               BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+               goto end;
+               }
+
+       if (subj && !x509)
+               {
+               if (verbose)
+                       {
+                       BIO_printf(bio_err, "Modifying Request's Subject\n");
+                       print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
+                       }
+
+               if (build_subject(req, subj) == 0)
+                       {
+                       BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+                       ex=1;
+                       goto end;
+                       }
+
+               req->req_info->enc.modified = 1;
+
+               if (verbose)
+                       {
+                       print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
+                       }
+               }
+
        if (verify && !x509)
                {
                int tmp=0;
@@ -756,14 +946,22 @@ loop:
                        BIO_printf(bio_err,"verify OK\n");
                }
 
-       if (noout && !text && !modulus)
+       if (noout && !text && !modulus && !subject)
                {
                ex=0;
                goto end;
                }
 
        if (outfile == NULL)
+               {
                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+               {
+               BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+               out = BIO_push(tmpbio, out);
+               }
+#endif
+               }
        else
                {
                if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
@@ -785,6 +983,14 @@ loop:
                        X509_REQ_print(out,req);
                }
 
+       if(subject) 
+               {
+               if(x509)
+                       print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
+               else
+                       print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
+               }
+
        if (modulus)
                {
                EVP_PKEY *pubkey;
@@ -799,7 +1005,7 @@ loop:
                        goto end; 
                        }
                fprintf(stdout,"Modulus=");
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                if (pubkey->type == EVP_PKEY_RSA)
                        BN_print(out,pubkey->pkey.rsa->n);
                else
@@ -812,9 +1018,10 @@ loop:
                {
                if      (outformat == FORMAT_ASN1)
                        i=i2d_X509_REQ_bio(out,req);
-               else if (outformat == FORMAT_PEM)
-                       i=PEM_write_bio_X509_REQ(out,req);
-               else    {
+               else if (outformat == FORMAT_PEM) {
+                       if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
+                       else i=PEM_write_bio_X509_REQ(out,req);
+               } else {
                        BIO_printf(bio_err,"bad output format specified for outfile\n");
                        goto end;
                        }
@@ -848,78 +1055,180 @@ end:
                }
        if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
        BIO_free(in);
-       BIO_free(out);
+       BIO_free_all(out);
        EVP_PKEY_free(pkey);
        X509_REQ_free(req);
        X509_free(x509ss);
-       X509V3_EXT_cleanup();
+       ASN1_INTEGER_free(serial);
+       if(passargin && passin) OPENSSL_free(passin);
+       if(passargout && passout) OPENSSL_free(passout);
        OBJ_cleanup();
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
        if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
        EXIT(ex);
        }
 
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
        {
        int ret=0,i;
-       char *p,*q;
-       X509_REQ_INFO *ri;
-       char buf[100];
-       int nid,min,max;
-       char *type,*def,*tmp,*value,*tmp_attr;
-       STACK_OF(CONF_VALUE) *sk, *attr=NULL;
-       CONF_VALUE *v;
-       
-       tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+       char no_prompt = 0;
+       STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+       char *tmp, *dn_sect,*attr_sect;
+
+       tmp=CONF_get_string(req_conf,SECTION,PROMPT);
        if (tmp == NULL)
+               ERR_clear_error();
+       if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
+
+       dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+       if (dn_sect == NULL)
                {
                BIO_printf(bio_err,"unable to find '%s' in config\n",
                        DISTINGUISHED_NAME);
                goto err;
                }
-       sk=CONF_get_section(req_conf,tmp);
-       if (sk == NULL)
+       dn_sk=CONF_get_section(req_conf,dn_sect);
+       if (dn_sk == NULL)
                {
-               BIO_printf(bio_err,"unable to get '%s' section\n",tmp);
+               BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
                goto err;
                }
 
-       tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
-       if (tmp_attr == NULL)
-               attr=NULL;
+       attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+       if (attr_sect == NULL)
+               {
+               ERR_clear_error();              
+               attr_sk=NULL;
+               }
        else
                {
-               attr=CONF_get_section(req_conf,tmp_attr);
-               if (attr == NULL)
+               attr_sk=CONF_get_section(req_conf,attr_sect);
+               if (attr_sk == NULL)
                        {
-                       BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr);
+                       BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
                        goto err;
                        }
                }
 
-       ri=req->req_info;
+       /* setup version number */
+       if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
 
-       BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
-       BIO_printf(bio_err,"into your certificate request.\n");
-       BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
-       BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
-       BIO_printf(bio_err,"For some fields there will be a default value,\n");
-       BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
-       BIO_printf(bio_err,"-----\n");
+       if (no_prompt) 
+               i = auto_info(req, dn_sk, attr_sk, attribs);
+       else 
+               {
+               if (subj)
+                       i = build_subject(req, subj);
+               else
+                       i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+               }
+       if(!i) goto err;
 
-       /* setup version number */
-       if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
+       X509_REQ_set_pubkey(req,pkey);
+
+       ret=1;
+err:
+       return(ret);
+       }
+
+static int build_subject(X509_REQ *req, char *subject)
+       {
+       X509_NAME *n = NULL;
 
-       if (sk_CONF_VALUE_num(sk))
+       int i, nid, ne_num=0;
+
+       char *ne_name = NULL;
+       char *ne_value = NULL;
+
+       char *tmp = NULL;
+       char *p[2];
+
+       char *str_list[256];
+       
+       p[0] = ",/";
+        p[1] = "=";
+
+       n = X509_NAME_new();
+
+       tmp = strtok(subject, p[0]);
+       while((tmp != NULL) && (ne_num < (sizeof str_list/sizeof *str_list)))
+               {
+               char *token = tmp;
+
+               while (token[0] == ' ')
+                       token++;
+               str_list[ne_num] = token;
+
+               tmp = strtok(NULL, p[0]);
+               ne_num++;
+               }
+
+       for(i = 0; i < ne_num; i++)
+               {
+               ne_name  = strtok(str_list[i], p[1]);
+               ne_value = strtok(NULL, p[1]);
+
+               if ((nid=OBJ_txt2nid(ne_name)) == NID_undef)
+                       {
+                       BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_name);
+                       continue;
+                       }
+
+               if (ne_value == NULL)
+                       {
+                       BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_name);
+                       continue;
+                       }
+
+               if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_value, -1,-1,0))
+                       {
+                       X509_NAME_free(n);
+                       return 0;
+                       }
+               }
+
+       if (!X509_REQ_set_subject_name(req, n))
+               return 0;
+       X509_NAME_free(n);
+       return 1;
+}
+
+
+static int prompt_info(X509_REQ *req,
+               STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+               STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs)
+       {
+       int i;
+       char *p,*q;
+       char buf[100];
+       int nid,min,max;
+       char *type,*def,*value;
+       CONF_VALUE *v;
+       X509_NAME *subj;
+       subj = X509_REQ_get_subject_name(req);
+
+       if(!batch)
+               {
+               BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+               BIO_printf(bio_err,"into your certificate request.\n");
+               BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+               BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+               BIO_printf(bio_err,"For some fields there will be a default value,\n");
+               BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+               BIO_printf(bio_err,"-----\n");
+               }
+
+
+       if (sk_CONF_VALUE_num(dn_sk))
                {
                i= -1;
 start:         for (;;)
                        {
                        i++;
-                       if (sk_CONF_VALUE_num(sk) <= i) break;
+                       if (sk_CONF_VALUE_num(dn_sk) <= i) break;
 
-                       v=sk_CONF_VALUE_value(sk,i);
+                       v=sk_CONF_VALUE_value(dn_sk,i);
                        p=q=NULL;
                        type=v->name;
                        if(!check_end(type,"_min") || !check_end(type,"_max") ||
@@ -938,32 +1247,38 @@ start:           for (;;)
                        /* If OBJ not recognised ignore it */
                        if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
                        sprintf(buf,"%s_default",v->name);
-                       if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
+                       if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+                               {
+                               ERR_clear_error();
                                def="";
+                               }
                                
                        sprintf(buf,"%s_value",v->name);
-                       if ((value=CONF_get_string(req_conf,tmp,buf)) == NULL)
+                       if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+                               {
+                               ERR_clear_error();
                                value=NULL;
+                               }
 
                        sprintf(buf,"%s_min",v->name);
-                       min=(int)CONF_get_number(req_conf,tmp,buf);
+                       min=(int)CONF_get_number(req_conf,dn_sect,buf);
 
                        sprintf(buf,"%s_max",v->name);
-                       max=(int)CONF_get_number(req_conf,tmp,buf);
+                       max=(int)CONF_get_number(req_conf,dn_sect,buf);
 
-                       if (!add_DN_object(ri->subject,v->value,def,value,nid,
+                       if (!add_DN_object(subj,v->value,def,value,nid,
                                min,max))
-                               goto err;
+                               return 0;
                        }
-               if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0)
+               if (X509_NAME_entry_count(subj) == 0)
                        {
                        BIO_printf(bio_err,"error, no objects specified in config file\n");
-                       goto err;
+                       return 0;
                        }
 
                if (attribs)
                        {
-                       if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0))
+                       if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
                                {
                                BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
                                BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -973,60 +1288,115 @@ start:          for (;;)
 start2:                        for (;;)
                                {
                                i++;
-                               if ((attr == NULL) ||
-                                           (sk_CONF_VALUE_num(attr) <= i))
+                               if ((attr_sk == NULL) ||
+                                           (sk_CONF_VALUE_num(attr_sk) <= i))
                                        break;
 
-                               v=sk_CONF_VALUE_value(attr,i);
+                               v=sk_CONF_VALUE_value(attr_sk,i);
                                type=v->name;
                                if ((nid=OBJ_txt2nid(type)) == NID_undef)
                                        goto start2;
 
                                sprintf(buf,"%s_default",type);
-                               if ((def=CONF_get_string(req_conf,tmp_attr,buf))
+                               if ((def=CONF_get_string(req_conf,attr_sect,buf))
                                        == NULL)
+                                       {
+                                       ERR_clear_error();
                                        def="";
+                                       }
+                               
                                
                                sprintf(buf,"%s_value",type);
-                               if ((value=CONF_get_string(req_conf,tmp_attr,buf))
+                               if ((value=CONF_get_string(req_conf,attr_sect,buf))
                                        == NULL)
+                                       {
+                                       ERR_clear_error();
                                        value=NULL;
+                                       }
 
                                sprintf(buf,"%s_min",type);
-                               min=(int)CONF_get_number(req_conf,tmp_attr,buf);
+                               min=(int)CONF_get_number(req_conf,attr_sect,buf);
 
                                sprintf(buf,"%s_max",type);
-                               max=(int)CONF_get_number(req_conf,tmp_attr,buf);
+                               max=(int)CONF_get_number(req_conf,attr_sect,buf);
 
-                               if (!add_attribute_object(ri->attributes,
+                               if (!add_attribute_object(req,
                                        v->value,def,value,nid,min,max))
-                                       goto err;
+                                       return 0;
                                }
                        }
                }
        else
                {
                BIO_printf(bio_err,"No template, please set one up.\n");
-               goto err;
+               return 0;
                }
 
-       X509_REQ_set_pubkey(req,pkey);
+       return 1;
 
-       ret=1;
-err:
-       return(ret);
        }
 
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+                       STACK_OF(CONF_VALUE) *attr_sk, int attribs)
+       {
+       int i;
+       char *p,*q;
+       char *type;
+       CONF_VALUE *v;
+       X509_NAME *subj;
+
+       subj = X509_REQ_get_subject_name(req);
+
+       for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
+               {
+               v=sk_CONF_VALUE_value(dn_sk,i);
+               p=q=NULL;
+               type=v->name;
+               /* Skip past any leading X. X: X, etc to allow for
+                * multiple instances 
+                */
+               for(p = v->name; *p ; p++) 
+#ifndef CHARSET_EBCDIC
+                       if ((*p == ':') || (*p == ',') || (*p == '.')) {
+#else
+                       if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
+#endif
+                               p++;
+                               if(*p) type = p;
+                               break;
+                       }
+               if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC,
+                               (unsigned char *) v->value,-1,-1,0)) return 0;
+
+               }
+
+               if (!X509_NAME_entry_count(subj))
+                       {
+                       BIO_printf(bio_err,"error, no objects specified in config file\n");
+                       return 0;
+                       }
+               if (attribs)
+                       {
+                       for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
+                               {
+                               v=sk_CONF_VALUE_value(attr_sk,i);
+                               if(!X509_REQ_add1_attr_by_txt(req, v->name, MBSTRING_ASC,
+                                       (unsigned char *)v->value, -1)) return 0;
+                               }
+                       }
+       return 1;
+       }
+
+
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
             int nid, int min, int max)
        {
-       int i,j,ret=0;
-       X509_NAME_ENTRY *ne=NULL;
+       int i,ret=0;
        MS_STATIC char buf[1024];
-
-       BIO_printf(bio_err,"%s [%s]:",text,def);
+start:
+       if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
        (void)BIO_flush(bio_err);
-       if (value != NULL)
+       if(value != NULL)
                {
                strcpy(buf,value);
                strcat(buf,"\n");
@@ -1035,7 +1405,15 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
        else
                {
                buf[0]='\0';
-               fgets(buf,1024,stdin);
+               if (!batch)
+                       {
+                       fgets(buf,1024,stdin);
+                       }
+               else
+                       {
+                       buf[0] = '\n';
+                       buf[1] = '\0';
+                       }
                }
 
        if (buf[0] == '\0') return(0);
@@ -1055,37 +1433,26 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
                return(0);
                }
        buf[--i]='\0';
-
-       j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-       if (req_fix_data(nid,&j,i,min,max) == 0)
-               goto err;
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, i);
 #endif
-       if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf,
-               strlen(buf)))
-               == NULL) goto err;
-       if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
-               goto err;
-
+       if(!req_check_len(i, min, max)) goto start;
+       if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
+                               (unsigned char *) buf, -1,-1,0)) goto err;
        ret=1;
 err:
-       if (ne != NULL) X509_NAME_ENTRY_free(ne);
        return(ret);
        }
 
-static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+static int add_attribute_object(X509_REQ *req, char *text,
                                char *def, char *value, int nid, int min,
                                int max)
        {
-       int i,z;
-       X509_ATTRIBUTE *xa=NULL;
+       int i;
        static char buf[1024];
-       ASN1_BIT_STRING *bs=NULL;
-       ASN1_TYPE *at=NULL;
 
 start:
-       BIO_printf(bio_err,"%s [%s]:",text,def);
+       if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
        (void)BIO_flush(bio_err);
        if (value != NULL)
                {
@@ -1096,7 +1463,15 @@ start:
        else
                {
                buf[0]='\0';
-               fgets(buf,1024,stdin);
+               if (!batch)
+                       {
+                       fgets(buf,1024,stdin);
+                       }
+               else
+                       {
+                       buf[0] = '\n';
+                       buf[1] = '\0';
+                       }
                }
 
        if (buf[0] == '\0') return(0);
@@ -1116,50 +1491,24 @@ start:
                return(0);
                }
        buf[--i]='\0';
+#ifdef CHARSET_EBCDIC
+       ebcdic2ascii(buf, buf, i);
+#endif
+       if(!req_check_len(i, min, max)) goto start;
 
-       /* add object plus value */
-       if ((xa=X509_ATTRIBUTE_new()) == NULL)
-               goto err;
-       if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL)
+       if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
+                                       (unsigned char *)buf, -1)) {
+               BIO_printf(bio_err, "Error adding attribute\n");
+               ERR_print_errors(bio_err);
                goto err;
-       xa->set=1;
-
-       if (xa->object != NULL) ASN1_OBJECT_free(xa->object);
-       xa->object=OBJ_nid2obj(nid);
-
-       if ((bs=ASN1_BIT_STRING_new()) == NULL) goto err;
-
-       bs->type=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-
-       z=req_fix_data(nid,&bs->type,i,min,max);
-       if (z == 0)
-               {
-               if (value == NULL)
-                       goto start;
-               else    goto err;
-               }
-
-       if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1))
-               { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
-
-       if ((at=ASN1_TYPE_new()) == NULL)
-               { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
-
-       ASN1_TYPE_set(at,bs->type,(char *)bs);
-       sk_ASN1_TYPE_push(xa->value.set,at);
-       bs=NULL;
-       at=NULL;
-       /* only one item per attribute */
+       }
 
-       if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err;
        return(1);
 err:
-       if (xa != NULL) X509_ATTRIBUTE_free(xa);
-       if (at != NULL) ASN1_TYPE_free(at);
-       if (bs != NULL) ASN1_BIT_STRING_free(bs);
        return(0);
        }
 
+#ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p, int n, void *arg)
        {
        char c='*';
@@ -1174,26 +1523,10 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
        p=n;
 #endif
        }
+#endif
 
-static int req_fix_data(int nid, int *type, int len, int min, int max)
+static int req_check_len(int len, int min, int max)
        {
-       if (nid == NID_pkcs9_emailAddress)
-               *type=V_ASN1_IA5STRING;
-       if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
-               *type=V_ASN1_T61STRING;
-       if ((nid == NID_pkcs9_challengePassword) &&
-               (*type == V_ASN1_IA5STRING))
-               *type=V_ASN1_T61STRING;
-
-       if ((nid == NID_pkcs9_unstructuredName) &&
-               (*type == V_ASN1_T61STRING))
-               {
-               BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
-               return(0);
-               }
-       if (nid == NID_pkcs9_unstructuredName)
-               *type=V_ASN1_IA5STRING;
-
        if (len < min)
                {
                BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
@@ -1218,25 +1551,3 @@ static int check_end(char *str, char *end)
        tmp = str + slen - elen;
        return strcmp(tmp, end);
 }
-
-static int add_oid_section(LHASH *conf)
-{      
-       char *p;
-       STACK_OF(CONF_VALUE) *sktmp;
-       CONF_VALUE *cnf;
-       int i;
-       if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
-       if(!(sktmp = CONF_get_section(conf, p))) {
-               BIO_printf(bio_err, "problem loading oid section %s\n", p);
-               return 0;
-       }
-       for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-               cnf = sk_CONF_VALUE_value(sktmp, i);
-               if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
-                       BIO_printf(bio_err, "problem creating object %s=%s\n",
-                                                        cnf->name, cnf->value);
-                       return 0;
-               }
-       }
-       return 1;
-}