" -CAkeyform arg - CA key format - default PEM\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
+" -passin arg - private key password\n",
+" -envpassin arg - read private key password from encvironment variable \"arg\"\n",
" -serial - print serial number value\n",
" -hash - print hash value\n",
" -subject - print subject DN\n",
" -purpose - print out certificate purposes\n",
" -dates - both Before and After dates\n",
" -modulus - print the RSA key modulus\n",
+" -pubkey - output the public key\n",
" -fingerprint - print the certificate fingerprint\n",
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
" -trustout - output a \"trusted\" certificate\n",
" -clrtrust - clear all trusted purposes\n",
-" -clrnotrust - clear all untrusted purposes\n",
-" -addtrust arg - mark certificate as trusted for a given purpose\n",
-" -addnotrust arg - mark certificate as not trusted for a given purpose\n",
+" -clrreject - clear all rejected purposes\n",
+" -addtrust arg - trust certificate for a given purpose\n",
+" -addreject arg - reject certificate for a given purpose\n",
" -setalias arg - set certificate alias\n",
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
" -signkey arg - self sign cert with arg\n",
" -CAserial - serial file\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
-" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
+" -md2/-md5/-sha1/-mdc2 - digest to use\n",
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
NULL
};
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static EVP_PKEY *load_key(char *file, int format);
+static EVP_PKEY *load_key(char *file, int format, char *passin);
static X509 *load_cert(char *file, int format);
static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest,
LHASH *conf, char *section);
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
int create,int days, LHASH *conf, char *section);
-static int efunc(X509_PURPOSE *pt, void *arg);
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int reqfile=0;
-typedef struct {
-BIO *bio;
-X509 *cert;
-} X509_PPRINT;
-
int MAIN(int argc, char **argv)
{
int ret=1;
X509_REQ *req=NULL;
X509 *x=NULL,*xca=NULL;
+ ASN1_OBJECT *objtmp;
EVP_PKEY *Upkey=NULL,*CApkey=NULL;
int i,num,badops=0;
BIO *out=NULL;
BIO *STDout=NULL;
- STACK *trust = NULL, *notrust = NULL;
+ STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
int informat,outformat,keyformat,CAformat,CAkeyformat;
char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
char *CAkeyfile=NULL,*CAserial=NULL;
- char *alias=NULL, *trstr=NULL;
+ char *alias=NULL;
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
- int trustout=0,clrtrust=0,clrnotrust=0,aliasout=0;
+ int trustout=0,clrtrust=0,clrreject=0,aliasout=0;
int C=0;
- int x509req=0,days=DEF_DAYS,modulus=0;
+ int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
int pprint = 0;
char **pp;
X509_STORE *ctx=NULL;
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
LHASH *extconf = NULL;
- char *extsect = NULL, *extfile = NULL;
+ char *extsect = NULL, *extfile = NULL, *passin = NULL;
int need_rand = 0;
reqfile=0;
goto bad;
}
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passin= *(++argv);
+ }
+ else if (strcmp(*argv,"-envpassin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!(passin= getenv(*(++argv))))
+ {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badops = 1;
+ }
+ }
else if (strcmp(*argv,"-extfile") == 0)
{
if (--argc < 1) goto bad;
if (--argc < 1) goto bad;
CAfile= *(++argv);
CA_flag= ++num;
+ need_rand = 1;
}
else if (strcmp(*argv,"-CAkey") == 0)
{
else if (strcmp(*argv,"-addtrust") == 0)
{
if (--argc < 1) goto bad;
- trstr= *(++argv);
- if(!X509_trust_set_bit_asc(NULL, trstr, 0)) {
+ if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
BIO_printf(bio_err,
- "Unknown trust value %s\n", trstr);
+ "Invalid trust object value %s\n", *argv);
goto bad;
}
- if(!trust) trust = sk_new_null();
- sk_push(trust, trstr);
+ if(!trust) trust = sk_ASN1_OBJECT_new_null();
+ sk_ASN1_OBJECT_push(trust, objtmp);
trustout = 1;
}
- else if (strcmp(*argv,"-addnotrust") == 0)
+ else if (strcmp(*argv,"-addreject") == 0)
{
if (--argc < 1) goto bad;
- trstr= *(++argv);
- if(!X509_notrust_set_bit_asc(NULL, trstr, 0)) {
+ if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
BIO_printf(bio_err,
- "Unknown trust value %s\n", trstr);
+ "Invalid reject object value %s\n", *argv);
goto bad;
}
- if(!notrust) notrust = sk_new_null();
- sk_push(notrust, trstr);
+ if(!reject) reject = sk_ASN1_OBJECT_new_null();
+ sk_ASN1_OBJECT_push(reject, objtmp);
trustout = 1;
}
else if (strcmp(*argv,"-setalias") == 0)
serial= ++num;
else if (strcmp(*argv,"-modulus") == 0)
modulus= ++num;
+ else if (strcmp(*argv,"-pubkey") == 0)
+ pubkey= ++num;
else if (strcmp(*argv,"-x509toreq") == 0)
x509req= ++num;
else if (strcmp(*argv,"-text") == 0)
trustout= 1;
else if (strcmp(*argv,"-clrtrust") == 0)
clrtrust= ++num;
- else if (strcmp(*argv,"-clrnotrust") == 0)
- clrnotrust= ++num;
+ else if (strcmp(*argv,"-clrreject") == 0)
+ clrreject= ++num;
else if (strcmp(*argv,"-alias") == 0)
aliasout= ++num;
else if (strcmp(*argv,"-CAcreateserial") == 0)
CA_createserial= ++num;
- else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
digest=md_alg;
app_RAND_load_file(NULL, bio_err, 0);
ERR_load_crypto_strings();
- X509V3_add_standard_extensions();
- X509_PURPOSE_add_standard();
if (!X509_STORE_set_default_paths(ctx))
{
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
-#if 0
- X509_PUBKEY_free(ci->key);
- ci->key=req->req_info->pubkey;
- req->req_info->pubkey=NULL;
-#else
pkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x,pkey);
EVP_PKEY_free(pkey);
-#endif
}
else
x=load_cert(infile,informat);
}
}
- if(alias) X509_alias_set(x, (unsigned char *)alias, -1);
+ if(alias) X509_alias_rset(x, (unsigned char *)alias, -1);
- if(clrtrust) X509_trust_set_bit(x, -1, 0);
- if(clrnotrust) X509_notrust_set_bit(x, -1, 0);
+ if(clrtrust) X509_trust_clear(x);
+ if(clrreject) X509_reject_clear(x);
if(trust) {
- for(i = 0; i < sk_num(trust); i++) {
- trstr = sk_value(trust, i);
- X509_trust_set_bit_asc(x, trstr, 1);
+ for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+ objtmp = sk_ASN1_OBJECT_value(trust, i);
+ X509_radd_trust_object(x, objtmp);
}
- sk_free(trust);
}
- if(notrust) {
- for(i = 0; i < sk_num(notrust); i++) {
- trstr = sk_value(notrust, i);
- X509_notrust_set_bit_asc(x, trstr, 1);
+ if(reject) {
+ for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+ objtmp = sk_ASN1_OBJECT_value(reject, i);
+ X509_radd_reject_object(x, objtmp);
}
- sk_free(notrust);
}
if (num)
else if (aliasout == i)
{
unsigned char *alstr;
- alstr = X509_alias_get(x, NULL);
+ alstr = X509_alias_iget(x, NULL);
if(alstr) BIO_printf(STDout,"%s\n", alstr);
else BIO_puts(STDout,"<No Alias>\n");
}
}
else if (pprint == i)
{
- X509_PPRINT ptmp;
- ptmp.bio = STDout;
- ptmp.cert = x;
+ X509_PURPOSE *ptmp;
+ int j;
BIO_printf(STDout, "Certificate purposes:\n");
- X509_PURPOSE_enum(efunc, &ptmp);
+ for(j = 0; j < X509_PURPOSE_get_count(); j++)
+ {
+ ptmp = X509_PURPOSE_iget(j);
+ purpose_print(STDout, x, ptmp);
+ }
}
else
if (modulus == i)
BIO_printf(STDout,"\n");
EVP_PKEY_free(pkey);
}
+ else
+ if (pubkey == i)
+ {
+ EVP_PKEY *pkey;
+
+ pkey=X509_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"Error getting public key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_PUBKEY(STDout, pkey);
+ EVP_PKEY_free(pkey);
+ }
else
if (C == i)
{
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
- if (!X509_digest(x,EVP_md5(),md,&n))
+ if (!X509_digest(x,digest,md,&n))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
}
- BIO_printf(STDout,"MD5 Fingerprint=");
+ BIO_printf(STDout,"%s Fingerprint=",
+ OBJ_nid2sn(EVP_MD_type(digest)));
for (j=0; j<(int)n; j++)
{
BIO_printf(STDout,"%02X%c",md[j],
BIO_printf(bio_err,"Getting Private key\n");
if (Upkey == NULL)
{
- Upkey=load_key(keyfile,keyformat);
+ Upkey=load_key(keyfile,keyformat, passin);
if (Upkey == NULL) goto end;
}
#ifndef NO_DSA
BIO_printf(bio_err,"Getting CA Private Key\n");
if (CAkeyfile != NULL)
{
- CApkey=load_key(CAkeyfile,CAkeyformat);
+ CApkey=load_key(CAkeyfile,CAkeyformat, passin);
if (CApkey == NULL) goto end;
}
#ifndef NO_DSA
}
else
{
- pk=load_key(keyfile,FORMAT_PEM);
+ pk=load_key(keyfile,FORMAT_PEM, passin);
if (pk == NULL) goto end;
}
BIO_printf(bio_err,"Generating certificate request\n");
- rq=X509_to_X509_REQ(x,pk,EVP_md5());
+ if (pk->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+
+ rq=X509_to_X509_REQ(x,pk,digest);
EVP_PKEY_free(pk);
if (rq == NULL)
{
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
X509_REQ_free(rq);
- X509V3_EXT_cleanup();
- X509_PURPOSE_cleanup();
+ sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+ sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
EXIT(ret);
}
}
}
-static EVP_PKEY *load_key(char *file, int format)
+static EVP_PKEY *load_key(char *file, int format, char *passin)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
#endif
if (format == FORMAT_PEM)
{
- pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,NULL);
+ pkey=PEM_read_bio_PrivateKey(key,NULL,PEM_cb,passin);
}
else
{
return(0);
}
-static int efunc(X509_PURPOSE *pt, void *arg)
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
{
- X509_PPRINT *ptmp;
int id, i, idret;
char *pname;
- ptmp = arg;
id = X509_PURPOSE_get_id(pt);
- pname = X509_PURPOSE_get_name(pt);
+ pname = X509_PURPOSE_iget_name(pt);
for(i = 0; i < 2; i++) {
- idret = X509_check_purpose(ptmp->cert, id, i);
- BIO_printf(ptmp->bio, "%s%s : ", pname, i ? " CA" : "");
- if(idret == 1) BIO_printf(ptmp->bio, "Yes\n");
- else if (idret == 0) BIO_printf(ptmp->bio, "No\n");
- else BIO_printf(ptmp->bio, "Yes (WARNING code=%d)\n", idret);
+ idret = X509_check_purpose(cert, id, i);
+ BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+ if(idret == 1) BIO_printf(bio, "Yes\n");
+ else if (idret == 0) BIO_printf(bio, "No\n");
+ else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
}
return 1;
}
projects / openssl.git / blobdiff