#define POSTFIX ".srl"
#define DEF_DAYS 30
-#define CERT_HDR "certificate"
-
static char *x509_usage[]={
"usage: x509 args\n",
" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
" -hash - print hash value\n",
" -subject - print subject DN\n",
" -issuer - print issuer DN\n",
+" -email - print email address(es)\n",
" -startdate - notBefore field\n",
" -enddate - notAfter field\n",
" -purpose - print out certificate purposes\n",
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
+" -nameopt arg - various certificate name options\n",
NULL
};
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static EVP_PKEY *load_key(char *file, int format, char *passin);
-static X509 *load_cert(char *file, int format);
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
LHASH *conf, char *section);
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
char *CAkeyfile=NULL,*CAserial=NULL;
char *alias=NULL;
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
- int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
+ int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
int C=0;
int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
+ unsigned long nmflag = 0;
reqfile=0;
alias= *(++argv);
trustout = 1;
}
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!set_name_ex(&nmflag, *(++argv))) goto bad;
+ }
else if (strcmp(*argv,"-setalias") == 0)
{
if (--argc < 1) goto bad;
}
else if (strcmp(*argv,"-C") == 0)
C= ++num;
+ else if (strcmp(*argv,"-email") == 0)
+ email= ++num;
else if (strcmp(*argv,"-serial") == 0)
serial= ++num;
else if (strcmp(*argv,"-modulus") == 0)
}
else
BIO_printf(bio_err,"Signature ok\n");
-
- X509_NAME_oneline(req->req_info->subject,buf,256);
- BIO_printf(bio_err,"subject=%s\n",buf);
+
+ print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
if ((x=X509_new()) == NULL) goto end;
ci=x->cert_info;
EVP_PKEY_free(pkey);
}
else
- x=load_cert(infile,informat);
+ x=load_cert(bio_err,infile,informat);
if (x == NULL) goto end;
if (CA_flag)
{
- xca=load_cert(CAfile,CAformat);
+ xca=load_cert(bio_err,CAfile,CAformat);
if (xca == NULL) goto end;
}
{
if (issuer == i)
{
- X509_NAME_oneline(X509_get_issuer_name(x),
- buf,256);
- BIO_printf(STDout,"issuer= %s\n",buf);
+ print_name(STDout, "issuer= ",
+ X509_get_issuer_name(x), nmflag);
}
else if (subject == i)
{
- X509_NAME_oneline(X509_get_subject_name(x),
- buf,256);
- BIO_printf(STDout,"subject=%s\n",buf);
+ print_name(STDout, "subject= ",
+ X509_get_subject_name(x), nmflag);
}
else if (serial == i)
{
i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
BIO_printf(STDout,"\n");
}
+ else if (email == i)
+ {
+ int j;
+ STACK *emlst;
+ emlst = X509_get1_email(x);
+ for(j = 0; j < sk_num(emlst); j++)
+ BIO_printf(STDout, "%s\n", sk_value(emlst, j));
+ X509_email_free(emlst);
+ }
else if (aliasout == i)
{
unsigned char *alstr;
BIO_printf(STDout,"/* issuer :%s */\n",buf);
z=i2d_X509(x,NULL);
- m=Malloc(z);
+ m=OPENSSL_malloc(z);
d=(unsigned char *)m;
z=i2d_X509_NAME(X509_get_subject_name(x),&d);
if (y%16 != 0) BIO_printf(STDout,"\n");
BIO_printf(STDout,"};\n");
- Free(m);
+ OPENSSL_free(m);
}
else if (text == i)
{
BIO_printf(bio_err,"Getting Private key\n");
if (Upkey == NULL)
{
- Upkey=load_key(keyfile,keyformat, passin);
+ Upkey=load_key(bio_err,
+ keyfile,keyformat, passin);
if (Upkey == NULL) goto end;
}
#ifndef NO_DSA
BIO_printf(bio_err,"Getting CA Private Key\n");
if (CAkeyfile != NULL)
{
- CApkey=load_key(CAkeyfile,CAkeyformat, passin);
+ CApkey=load_key(bio_err,
+ CAkeyfile,CAkeyformat, passin);
if (CApkey == NULL) goto end;
}
#ifndef NO_DSA
}
else
{
- pk=load_key(keyfile,FORMAT_PEM, passin);
+ pk=load_key(bio_err,
+ keyfile,FORMAT_PEM, passin);
if (pk == NULL) goto end;
}
ASN1_HEADER ah;
ASN1_OCTET_STRING os;
- os.data=(unsigned char *)CERT_HDR;
- os.length=strlen(CERT_HDR);
+ os.data=(unsigned char *)NETSCAPE_CERT_HDR;
+ os.length=strlen(NETSCAPE_CERT_HDR);
ah.header= &os;
ah.data=(char *)x;
ah.meth=X509_asn1_meth();
X509_REQ_free(rq);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
- if(passin) Free(passin);
+ if(passin) OPENSSL_free(passin);
EXIT(ret);
}
EVP_PKEY_free(upkey);
X509_STORE_CTX_init(&xsc,ctx,x,NULL);
- buf=Malloc(EVP_PKEY_size(pkey)*2+
+ buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
((serialfile == NULL)
?(strlen(CAfile)+strlen(POSTFIX)+1)
:(strlen(serialfile)))+1);
X509_STORE_CTX_cleanup(&xsc);
if (!ret)
ERR_print_errors(bio_err);
- if (buf != NULL) Free(buf);
+ if (buf != NULL) OPENSSL_free(buf);
if (bs != NULL) ASN1_INTEGER_free(bs);
if (io != NULL) BIO_free(io);
if (serial != NULL) BN_free(serial);
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
{
- char buf[256];
int err;
X509 *err_cert;
else
{
err_cert=X509_STORE_CTX_get_current_cert(ctx);
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
- BIO_printf(bio_err,"%s\n",buf);
+ print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
err,X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(err));
}
}
-static EVP_PKEY *load_key(char *file, int format, char *passin)
- {
- BIO *key=NULL;
- EVP_PKEY *pkey=NULL;
-
- if (file == NULL)
- {
- BIO_printf(bio_err,"no keyfile specified\n");
- goto end;
- }
- key=BIO_new(BIO_s_file());
- if (key == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (BIO_read_filename(key,file) <= 0)
- {
- perror(file);
- goto end;
- }
- if (format == FORMAT_ASN1)
- {
- pkey=d2i_PrivateKey_bio(key, NULL);
- }
- else if (format == FORMAT_PEM)
- {
- pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,passin);
- }
- else
- {
- BIO_printf(bio_err,"bad input format specified for key\n");
- goto end;
- }
-end:
- if (key != NULL) BIO_free(key);
- if (pkey == NULL)
- BIO_printf(bio_err,"unable to load Private Key\n");
- return(pkey);
- }
-
-static X509 *load_cert(char *file, int format)
- {
- ASN1_HEADER *ah=NULL;
- BUF_MEM *buf=NULL;
- X509 *x=NULL;
- BIO *cert;
-
- if ((cert=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (file == NULL)
- BIO_set_fp(cert,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(cert,file) <= 0)
- {
- perror(file);
- goto end;
- }
- }
- if (format == FORMAT_ASN1)
- x=d2i_X509_bio(cert,NULL);
- else if (format == FORMAT_NETSCAPE)
- {
- unsigned char *p,*op;
- int size=0,i;
-
- /* We sort of have to do it this way because it is sort of nice
- * to read the header first and check it, then
- * try to read the certificate */
- buf=BUF_MEM_new();
- for (;;)
- {
- if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
- goto end;
- i=BIO_read(cert,&(buf->data[size]),1024*10);
- size+=i;
- if (i == 0) break;
- if (i < 0)
- {
- perror("reading certificate");
- goto end;
- }
- }
- p=(unsigned char *)buf->data;
- op=p;
-
- /* First load the header */
- if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
- goto end;
- if ((ah->header == NULL) || (ah->header->data == NULL) ||
- (strncmp(CERT_HDR,(char *)ah->header->data,
- ah->header->length) != 0))
- {
- BIO_printf(bio_err,"Error reading header on certificate\n");
- goto end;
- }
- /* header is ok, so now read the object */
- p=op;
- ah->meth=X509_asn1_meth();
- if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
- goto end;
- x=(X509 *)ah->data;
- ah->data=NULL;
- }
- else if (format == FORMAT_PEM)
- x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad input format specified for input cert\n");
- goto end;
- }
-end:
- if (x == NULL)
- {
- BIO_printf(bio_err,"unable to load certificate\n");
- ERR_print_errors(bio_err);
- }
- if (ah != NULL) ASN1_HEADER_free(ah);
- if (cert != NULL) BIO_free(cert);
- if (buf != NULL) BUF_MEM_free(buf);
- return(x);
- }
-
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
LHASH *conf, char *section)
projects / openssl.git / blobdiff