diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-08-25 16:59:26 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-08-25 16:59:26 +0000 |
commit | c79b16e11d70488f4de0e766d78f6a5ce77d99af (patch) | |
tree | fad4e8d20108152d2d0a12229e4d92ad560a0c17 /apps | |
parent | 43ca6c02dc702b8fff20205ec62ec03eed77eb1b (diff) |
Allow extensions to be added to certificate requests, update the sample
config file (change RAW to DER).
Diffstat (limited to 'apps')
-rw-r--r-- | apps/openssl.cnf | 17 | ||||
-rw-r--r-- | apps/req.c | 32 |
2 files changed, 46 insertions, 3 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf index d70dd25622..8d044fb6b2 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -86,6 +86,8 @@ distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert +# req_extensions = v3_req # The extensions to add to a certificate request + [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU @@ -170,8 +172,16 @@ authorityKeyIdentifier=keyid,issuer:always #nsCaPolicyUrl #nsSslServerName +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + [ v3_ca ] + # Extensions for a typical CA @@ -200,10 +210,11 @@ basicConstraints = CA:true # Copy issuer details # issuerAltName=issuer:copy -# RAW DER hex encoding of an extension: beware experts only! -# 1.2.3.5=RAW:02:03 +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object # You can even override a supported extension: -# basicConstraints= critical, RAW:30:03:01:01:FF +# basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] diff --git a/apps/req.c b/apps/req.c index 463ac156ea..fa8f7339f3 100644 --- a/apps/req.c +++ b/apps/req.c @@ -82,6 +82,7 @@ #define DISTINGUISHED_NAME "distinguished_name" #define ATTRIBUTES "attributes" #define V3_EXTENSIONS "x509_extensions" +#define REQ_EXTENSIONS "req_extensions" #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -142,6 +143,7 @@ int MAIN(int argc, char **argv) int nodes=0,kludge=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; char *extensions = NULL; + char *req_exts = NULL; EVP_CIPHER *cipher=NULL; int modulus=0; char *p; @@ -438,6 +440,20 @@ bad: } } + req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); + if(req_exts) { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, req_conf); + if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) { + BIO_printf(bio_err, + "Error Loading request extension section %s\n", + req_exts); + goto end; + } + } + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) @@ -677,6 +693,22 @@ loop: } else { + X509V3_CTX ext_ctx; + + /* Set up V3 context struct */ + + X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); + X509V3_set_conf_lhash(&ext_ctx, req_conf); + + /* Add extensions */ + if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, + &ext_ctx, req_exts, req)) + { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + req_exts); + goto end; + } if (!(i=X509_REQ_sign(req,pkey,digest))) goto end; } |