Allow the extension section specified in config files to be overridden
authorDr. Stephen Henson <steve@openssl.org>
Fri, 27 Aug 1999 00:08:17 +0000 (00:08 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 27 Aug 1999 00:08:17 +0000 (00:08 +0000)
on the command line for various utilities.

CHANGES
apps/ca.c
apps/req.c
apps/x509.c

diff --git a/CHANGES b/CHANGES
index 32a4676..24f977d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Allow the config file extension section to be overwritten on the
+     command line. Based on an original idea from Massimiliano Pala
+     <madwolf@comune.modena.it>. The new option is called -extensions
+     and can be applied to ca, req and x509. Also -reqexts to override
+     the request extensions in req and -crlexts to override the crl extensions
+     in ca.
+     [Steve Henson]
+
   *) Add new feature to the SPKAC handling in ca.  Now you can include
      the same field multiple times by preceding it by "XXXX." for example:
      1.OU="Unit name 1"
index fa355ab..e1eb275 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -163,6 +163,8 @@ static char *ca_usage[]={
 " -batch          - Don't ask questions\n",
 " -msie_hack      - msie modifications to handle all those universal strings\n",
 " -revoke file    - Revoke a certificate (given in file)\n",
+" -extensions ..  - Extension section (override value in config file)\n",
+" -crlexts ..     - CRL extension section (override value in config file)\n",
 NULL
 };
 
@@ -393,6 +395,16 @@ EF_ALIGNMENT=0;
                        infile= *(++argv);
                        dorevoke=1;
                        }
+               else if (strcmp(*argv,"-extensions") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       extensions= *(++argv);
+                       }
+               else if (strcmp(*argv,"-crlexts") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       crl_ext= *(++argv);
+                       }
                else
                        {
 bad:
@@ -720,8 +732,8 @@ bad:
                        lookup_fail(section,ENV_SERIAL);
                        goto err;
                        }
-
-               extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
+               if(!extensions)
+                       extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
                if(extensions) {
                        /* Check syntax of file */
                        X509V3_CTX ctx;
@@ -1031,7 +1043,7 @@ bad:
        /*****************************************************************/
        if (gencrl)
                {
-               crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+               if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
                if(crl_ext) {
                        /* Check syntax of file */
                        X509V3_CTX ctx;
index fa8f733..cc524de 100644 (file)
@@ -310,8 +310,17 @@ int MAIN(int argc, char **argv)
                        /* ok */
                        digest=md_alg;
                        }
+               else if (strcmp(*argv,"-extensions") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       extensions = *(++argv);
+                       }
+               else if (strcmp(*argv,"-reqexts") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       req_exts = *(++argv);
+                       }
                else
-
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
                        badops=1;
@@ -349,6 +358,8 @@ bad:
                BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
                BIO_printf(bio_err,"                have been reported as requiring\n");
                BIO_printf(bio_err,"                [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
+               BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+               BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
                goto end;
                }
 
@@ -427,7 +438,8 @@ bad:
                        digest=md_alg;
                }
 
-       extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+       if(!extensions)
+               extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
        if(extensions) {
                /* Check syntax of file */
                X509V3_CTX ctx;
@@ -440,7 +452,8 @@ bad:
                }
        }
 
-       req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+       if(!req_exts)
+               req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
        if(req_exts) {
                /* Check syntax of file */
                X509V3_CTX ctx;
index 2e2d18b..aa6e057 100644 (file)
@@ -115,6 +115,7 @@ static char *x509_usage[]={
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
 " -extfile        - configuration file with X509V3 extensions to add\n",
+" -extensions     - section from config file with X509V3 extensions to add\n",
 NULL
 };
 
@@ -218,6 +219,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        extfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-extensions") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       extsect= *(++argv);
+                       }
                else if (strcmp(*argv,"-in") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -335,7 +341,7 @@ bad:
                                                        ,errorline,extfile);
                        goto end;
                }
-               if(!(extsect = CONF_get_string(extconf, "default",
+               if(!extsect && !(extsect = CONF_get_string(extconf, "default",
                                         "extensions"))) extsect = "default";
                X509V3_set_ctx_test(&ctx2);
                X509V3_set_conf_lhash(&ctx2, extconf);