diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-04-27 00:36:20 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-04-27 00:36:20 +0000 |
commit | b64f825671861144e1c24f2a5498a95a083021cd (patch) | |
tree | 96633569d2d6416f56fea9037fe35e80b5ebe469 /apps | |
parent | 73d2257d978c7a201d6a914dc141ea1484d9aa6f (diff) |
Add PKCS#12 documentation and new option in x509 to add certificate extensions.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/x509.c | 87 |
1 files changed, 71 insertions, 16 deletions
diff --git a/apps/x509.c b/apps/x509.c index 01fabbb4bf..210a25fb09 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -114,16 +114,18 @@ static char *x509_usage[]={ " -text - print the certificate in text form\n", " -C - print out C code forms\n", " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n", +" -config - configuration file with X509V3 extensions to add\n", NULL }; static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); static EVP_PKEY *load_key(char *file, int format); static X509 *load_cert(char *file, int format); -static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest); +static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest, + LHASH *conf, char *section); static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial, - int create,int days); + int create,int days, LHASH *conf, char *section); static int reqfile=0; int MAIN(int argc, char **argv) @@ -148,6 +150,8 @@ int MAIN(int argc, char **argv) int fingerprint=0; char buf[256]; const EVP_MD *md_alg,*digest=EVP_md5(); + LHASH *extconf = NULL; + char *extsect = NULL, *extfile = NULL; reqfile=0; @@ -209,6 +213,11 @@ int MAIN(int argc, char **argv) goto bad; } } + else if (strcmp(*argv,"-config") == 0) + { + if (--argc < 1) goto bad; + extfile= *(++argv); + } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; @@ -312,6 +321,34 @@ bad: goto end; } + if (extfile) { + long errorline; + X509V3_CTX ctx; + if (!(extconf=CONF_load(NULL,extfile,&errorline))) { + if (errorline <= 0) + BIO_printf(bio_err, + "error loading the config file '%s'\n", + extfile); + else + BIO_printf(bio_err, + "error on line %ld of config file '%s'\n" + ,errorline,extfile); + goto end; + } + if(!(extsect = CONF_get_string(extconf, "default", + "extensions"))) extsect = "default"; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, extconf); + if(!X509V3_EXT_add_conf(extconf, &ctx, extsect, NULL)) { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + extsect); + ERR_print_errors(bio_err); + goto end; + } + } + + if (reqfile) { EVP_PKEY *pkey; @@ -589,7 +626,8 @@ bad: digest=EVP_dss1(); #endif - if (!sign(x,Upkey,days,digest)) goto end; + if (!sign(x,Upkey,days,digest, + extconf, extsect)) goto end; } else if (CA_flag == i) { @@ -605,8 +643,8 @@ bad: #endif if (!x509_certify(ctx,CAfile,digest,x,xca, - CApkey, - CAserial,CA_createserial,days)) + CApkey, CAserial,CA_createserial,days, + extconf, extsect)) goto end; } else if (x509req == i) @@ -680,22 +718,23 @@ bad: ret=0; end: OBJ_cleanup(); - if (out != NULL) BIO_free(out); - if (STDout != NULL) BIO_free(STDout); - if (ctx != NULL) X509_STORE_free(ctx); - if (req != NULL) X509_REQ_free(req); - if (x != NULL) X509_free(x); - if (xca != NULL) X509_free(xca); - if (Upkey != NULL) EVP_PKEY_free(Upkey); - if (CApkey != NULL) EVP_PKEY_free(CApkey); - if (rq != NULL) X509_REQ_free(rq); + CONF_free(extconf); + BIO_free(out); + BIO_free(STDout); + X509_STORE_free(ctx); + X509_REQ_free(req); + X509_free(x); + X509_free(xca); + EVP_PKEY_free(Upkey); + EVP_PKEY_free(CApkey); + X509_REQ_free(rq); X509V3_EXT_cleanup(); EXIT(ret); } static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create, - int days) + int days, LHASH *conf, char *section) { int ret=0; BIO *io=NULL; @@ -828,6 +867,14 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, } EVP_PKEY_free(upkey); + if(conf) { + X509V3_CTX ctx; + X509_set_version(x,2); /* version 3 certificate */ + X509V3_set_ctx(&ctx, xca, x, NULL, NULL, 0); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto end; + } + if (!X509_sign(x,pkey,digest)) goto end; ret=1; end: @@ -1014,7 +1061,8 @@ end: } /* self sign */ -static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest) +static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest, + LHASH *conf, char *section) { EVP_PKEY *pktmp; @@ -1035,6 +1083,13 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest) goto err; if (!X509_set_pubkey(x,pkey)) goto err; + if(conf) { + X509V3_CTX ctx; + X509_set_version(x,2); /* version 3 certificate */ + X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err; + } if (!X509_sign(x,pkey,digest)) goto err; return(1); err: |