From 74400f7348c589bf9e7cd17f657c05b25f8758b1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 27 Oct 1999 00:15:11 +0000 Subject: Continued multibyte character support. Add a bunch of functions to simplify the creation of X509_NAME structures. Change the X509_NAME_entry_add stuff in req/ca so it no longer uses X509_NAME_entry_count(): passing -1 has the same effect. --- apps/ca.c | 6 ++---- apps/openssl.cnf | 11 +++++++++++ apps/req.c | 28 ++++++++++++++-------------- 3 files changed, 27 insertions(+), 18 deletions(-) (limited to 'apps') diff --git a/apps/ca.c b/apps/ca.c index 9cafe400e6..36c314e1c1 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1691,8 +1691,7 @@ again2: if (push != NULL) { - if (!X509_NAME_add_entry(subject,push, - X509_NAME_entry_count(subject),0)) + if (!X509_NAME_add_entry(subject,push, -1, 0)) { if (push != NULL) X509_NAME_ENTRY_free(push); @@ -2053,8 +2052,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, strlen(buf))) == NULL) goto err; - if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0)) - goto err; + if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err; } if (spki == NULL) { diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 8d044fb6b2..33b0866f43 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -86,6 +86,17 @@ distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert +# This sets the permitted types in a DirectoryString. There are several +# options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nobmp : PrintableString, T61String (no BMPStrings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +dirstring_type = nobmp + # req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] diff --git a/apps/req.c b/apps/req.c index a945610f92..a395c39f4b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -82,6 +82,7 @@ #define ATTRIBUTES "attributes" #define V3_EXTENSIONS "x509_extensions" #define REQ_EXTENSIONS "req_extensions" +#define DIRSTRING_TYPE "dirstring_type" #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -452,6 +453,13 @@ bad: } } + p = CONF_get_string(req_conf, SECTION, DIRSTRING_TYPE); + + if(p && !ASN1_STRING_set_default_mask_asc(p)) { + BIO_printf(bio_err, "Invalid DiretoryString setting %s", p); + goto end; + } + if(!req_exts) req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); if(req_exts) { @@ -883,6 +891,9 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) ri=req->req_info; + /* setup version number */ + if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */ + BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); BIO_printf(bio_err,"into your certificate request.\n"); BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); @@ -891,8 +902,6 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); BIO_printf(bio_err,"-----\n"); - /* setup version number */ - if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */ if (sk_CONF_VALUE_num(sk)) { @@ -1003,8 +1012,7 @@ err: static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, int nid, int min, int max) { - int i,j,ret=0; - X509_NAME_ENTRY *ne=NULL; + int i,ret=0; MS_STATIC char buf[1024]; BIO_printf(bio_err,"%s [%s]:",text,def); @@ -1039,21 +1047,13 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, } buf[--i]='\0'; - j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); - if (req_fix_data(nid,&j,i,min,max) == 0) - goto err; #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf, - strlen(buf))) - == NULL) goto err; - if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0)) - goto err; - + if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC, + (unsigned char *) buf, -1,-1,0)) goto err; ret=1; err: - if (ne != NULL) X509_NAME_ENTRY_free(ne); return(ret); } -- cgit v1.2.3