diff options
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | apps/Makefile.ssl | 6 | ||||
| -rw-r--r-- | apps/nseq.c | 182 | ||||
| -rw-r--r-- | apps/progs.h | 3 |
4 files changed, 194 insertions, 3 deletions
@@ -4,6 +4,9 @@ Changes between 0.9.1c and 0.9.2 + + *) New program nseq to manipulate netscape certificate sequences + [Steve Henson] *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a few typos. @@ -17,6 +20,9 @@ *) Add ASN1 and PEM code to support netscape certificate sequences. [Steve Henson] + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + *) Add several PKIX and private extended key usage OIDs. [Steve Henson] diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 8d47569a81..61ae53254c 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -34,7 +34,7 @@ EXE= $(PROGRAM) E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \ rsa dsa dsaparam \ x509 genrsa gendsa s_server s_client speed \ - s_time version pkcs7 crl2pkcs7 sess_id ciphers + s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq PROGS= $(PROGRAM).c @@ -48,7 +48,7 @@ E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \ rsa.o dsa.o dsaparam.o \ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \ - ciphers.o + ciphers.o nseq.o # pem_mail.o @@ -57,7 +57,7 @@ E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \ rsa.c dsa.c dsaparam.c \ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \ - ciphers.c + ciphers.c nseq.c # pem_mail.c diff --git a/apps/nseq.c b/apps/nseq.c new file mode 100644 index 0000000000..e49811fcd0 --- /dev/null +++ b/apps/nseq.c @@ -0,0 +1,182 @@ +/* nsutil.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "pem.h" +#include "err.h" +#include "apps.h" + +#undef PROG +#define PROG nseq_main + +#ifdef NOPROTO +static int dump_cert_text(BIO *out, X509 *x); +#else +static int dump_cert_text(); +#endif + +int MAIN(argc, argv) +int argc; +char **argv; +{ + char **args, *infile = NULL, *outfile = NULL; + BIO *in = NULL, *out = NULL; + int toseq = 0; + X509 *x509 = NULL; + NETSCAPE_CERT_SEQUENCE *seq = NULL; + int i, ret = 1; + int badarg = 0; + if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + ERR_load_crypto_strings(); + SSLeay_add_all_algorithms(); + args = argv + 1; + while (!badarg && *args && *args[0] == '-') { + if (!strcmp (*args, "-toseq")) toseq = 1; + else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else badarg = 1; + args++; + } + + if (badarg) { + BIO_printf (bio_err, "Netscape certificate sequence utility\n"); + BIO_printf (bio_err, "Usage nseq [options]\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-toseq output NS Sequence file\n"); + EXIT(1); + } + + if (infile) { + if (!(in = BIO_new_file (infile, "r"))) { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + goto end; + } + } else in = BIO_new_fp(stdin, BIO_NOCLOSE); + + if (outfile) { + if (!(out = BIO_new_file (outfile, "w"))) { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + goto end; + } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); + + if (toseq) { + seq = NETSCAPE_CERT_SEQUENCE_new(); + seq->certs = sk_new(NULL); + while((x509 = PEM_read_bio_X509(in, NULL, NULL))) + sk_push(seq->certs, (char *)x509); + + if(!sk_num(seq->certs)) + { + BIO_printf (bio_err, "Error reading certs file %s\n", infile); + ERR_print_errors(bio_err); + goto end; + } + PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq); + ret = 0; + goto end; + } + + if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL))) { + BIO_printf (bio_err, "Error reading sequence file %s\n", infile); + ERR_print_errors(bio_err); + goto end; + } + + for(i = 0; i < sk_num(seq->certs); i++) { + x509 = (X509 *) sk_value(seq->certs, i); + dump_cert_text(out, x509); + PEM_write_bio_X509(out, x509); + } + ret = 0; +end: + BIO_free(in); + BIO_free(out); + NETSCAPE_CERT_SEQUENCE_free(seq); + + EXIT(ret); +} + +static int dump_cert_text(out, x) +BIO *out; +X509 *x; +{ + char buf[256]; + X509_NAME_oneline(X509_get_subject_name(x),buf,256); + BIO_puts(out,"subject="); + BIO_puts(out,buf); + + X509_NAME_oneline(X509_get_issuer_name(x),buf,256); + BIO_puts(out,"\nissuer= "); + BIO_puts(out,buf); + BIO_puts(out,"\n"); + return 0; +} + diff --git a/apps/progs.h b/apps/progs.h index 4f12cba668..b4d9bd01ef 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -24,6 +24,7 @@ extern int pkcs7_main(int argc,char *argv[]); extern int crl2pkcs7_main(int argc,char *argv[]); extern int sess_id_main(int argc,char *argv[]); extern int ciphers_main(int argc,char *argv[]); +extern int nseq_main(int argc,char *argv[]); #else extern int verify_main(); extern int asn1parse_main(); @@ -50,6 +51,7 @@ extern int pkcs7_main(); extern int crl2pkcs7_main(); extern int sess_id_main(); extern int ciphers_main(); +extern int nseq_main(); #endif #ifdef SSLEAY_SRC @@ -112,6 +114,7 @@ FUNCTION functions[] = { #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, #endif + {FUNC_TYPE_GENERAL,"nseq",nseq_main}, {FUNC_TYPE_MD,"md2",dgst_main}, {FUNC_TYPE_MD,"md5",dgst_main}, {FUNC_TYPE_MD,"sha",dgst_main}, |