Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) Fix for bug in DirectoryString mask setting. Add support for
- X509_NAME_print_ex() in 'req' and initial X509_print_ex() function
- to allow certificate printing to more controllable.
+ X509_NAME_print_ex() in 'req' and X509_print_ex() function
+ to allow certificate printing to more controllable, additional
+ 'certopt' option to 'x509' to allow new printing options to be
+ set.
[Steve Henson]
*) Clean old EAY MD5 hack from e_os.h.
# include "bss_file.c"
#endif
+typedef struct {
+ char *name;
+ unsigned long flag;
+ unsigned long mask;
+} NAME_EX_TBL;
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+
int app_init(long mesgwin);
#ifdef undef /* never finished - probably never will be :-) */
int args_from_file(char *file, int *argc, char **argv[])
return(othercerts);
}
-typedef struct {
- char *name;
- unsigned long flag;
- unsigned long mask;
-} NAME_EX_TBL;
+
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT 0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+ static const NAME_EX_TBL cert_tbl[] = {
+ { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
+ { "no_header", X509_FLAG_NO_HEADER, 0},
+ { "no_version", X509_FLAG_NO_VERSION, 0},
+ { "no_serial", X509_FLAG_NO_SERIAL, 0},
+ { "no_signame", X509_FLAG_NO_SIGNAME, 0},
+ { "no_validity", X509_FLAG_NO_VALIDITY, 0},
+ { "no_subject", X509_FLAG_NO_SUBJECT, 0},
+ { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+ { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+ { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+ { "no_aux", X509_FLAG_NO_AUX, 0},
+ { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { NULL, 0, 0}
+ };
+ return set_table_opts(flags, arg, cert_tbl);
+}
int set_name_ex(unsigned long *flags, const char *arg)
{
- char c;
- const NAME_EX_TBL *ptbl, ex_tbl[] = {
+ static const NAME_EX_TBL ex_tbl[] = {
{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
{ NULL, 0, 0}
};
+ return set_table_opts(flags, arg, ex_tbl);
+}
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+ char c;
+ const NAME_EX_TBL *ptbl;
c = arg[0];
if(c == '-') {
arg++;
} else c = 1;
- for(ptbl = ex_tbl; ptbl->name; ptbl++) {
+ for(ptbl = in_tbl; ptbl->name; ptbl++) {
if(!strcmp(arg, ptbl->name)) {
*flags &= ~ptbl->mask;
if(c) *flags |= ptbl->flag;
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
#endif
+int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, LHASH *conf);
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
+" -certopt arg - various certificate text options\n",
NULL
};
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
- unsigned long nmflag = 0;
+ unsigned long nmflag = 0, certflag = 0;
reqfile=0;
alias= *(++argv);
trustout = 1;
}
+ else if (strcmp(*argv,"-certopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_cert_ex(&certflag, *(++argv))) goto bad;
+ }
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
}
else if (text == i)
{
- X509_print(out,x);
+ X509_print_ex(out,x,nmflag, certflag);
}
else if (startdate == i)
{
long l;
int ret=0,i,j,n;
char *m=NULL,*s, mlch = ' ';
+ int nmindent = 0;
X509_CINF *ci;
ASN1_INTEGER *bs;
EVP_PKEY *pkey=NULL;
X509_EXTENSION *ex;
ASN1_STRING *str=NULL;
- if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE)
+ if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mlch = '\n';
+ nmindent = 16;
+ }
+
+ if(nmflags == X509_FLAG_COMPAT)
+ nmindent = 16;
ci=x->cert_info;
if(!(cflag & X509_FLAG_NO_HEADER))
if(!(cflag & X509_FLAG_NO_ISSUER))
{
if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err;
- if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),16, nmflags)) goto err;
+ if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags)) goto err;
}
if(!(cflag & X509_FLAG_NO_VALIDITY))
{
if(!(cflag & X509_FLAG_NO_SUBJECT))
{
if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
- if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
+ if (!X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags)) goto err;
}
if(!(cflag & X509_FLAG_NO_PUBKEY))
{
j=X509_EXTENSION_get_critical(ex);
if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
goto err;
- if(!X509V3_EXT_print(bp, ex, 0, 16))
+ if(!X509V3_EXT_print(bp, ex, cflag, 16))
{
BIO_printf(bp, "%16s", "");
M_ASN1_OCTET_STRING_print(bp,ex->value);
/* Extension printing routines */
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
+
/* Print out a name+value stack */
void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
/* Main routine: print out a general extension */
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
{
char *ext_str = NULL, *value = NULL;
unsigned char *p;
X509V3_EXT_METHOD *method;
STACK_OF(CONF_VALUE) *nval = NULL;
int ok = 1;
- if(!(method = X509V3_EXT_get(ext))) return 0;
+ if(!(method = X509V3_EXT_get(ext)))
+ return unknown_ext_print(out, ext, flag, indent, 0);
p = ext->value->data;
- if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
+ if(!(ext_str = method->d2i(NULL, &p, ext->value->length)))
+ return unknown_ext_print(out, ext, flag, indent, 1);
if(method->i2s) {
if(!(value = method->i2s(method, ext_str))) {
ok = 0;
return ok;
}
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
+{
+ switch(flag & X509V3_EXT_UNKNOWN_MASK) {
+
+ case X509V3_EXT_DEFAULT:
+ return 0;
+
+ case X509V3_EXT_ERROR_UNKNOWN:
+ if(supported)
+ BIO_printf(out, "%*s<Parse Error>", indent, "");
+ else
+ BIO_printf(out, "%*s<Not Supported>", indent, "");
+ return 1;
+
+ case X509V3_EXT_PARSE_UNKNOWN:
+ return ASN1_parse_dump(out,
+ ext->value->data, ext->value->length, indent, -1);
+ case X509V3_EXT_DUMP_UNKNOWN:
+ return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
+
+ default:
+ return 1;
+ }
+}
+
+
#ifndef NO_FP_API
int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
{
#define X509_PURPOSE_MIN 1
#define X509_PURPOSE_MAX 7
+/* Flags for X509V3_EXT_print() */
+
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT 0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+
DECLARE_STACK_OF(X509_PURPOSE)
void ERR_load_X509V3_strings(void);
void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
int X509_check_purpose(X509 *x, int id, int ca);
projects / openssl.git / commitdiff