OLD | NEW |
1 /* apps/ca.c */ | 1 /* apps/ca.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 | 58 |
59 /* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */ | 59 /* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */ |
60 | 60 |
61 #include <stdio.h> | 61 #include <stdio.h> |
62 #include <stdlib.h> | 62 #include <stdlib.h> |
63 #include <string.h> | 63 #include <string.h> |
64 #include <ctype.h> | 64 #include <ctype.h> |
65 #include <sys/types.h> | 65 #include <sys/types.h> |
66 #include <sys/stat.h> | |
67 #include <openssl/conf.h> | 66 #include <openssl/conf.h> |
68 #include <openssl/bio.h> | 67 #include <openssl/bio.h> |
69 #include <openssl/err.h> | 68 #include <openssl/err.h> |
70 #include <openssl/bn.h> | 69 #include <openssl/bn.h> |
71 #include <openssl/txt_db.h> | 70 #include <openssl/txt_db.h> |
72 #include <openssl/evp.h> | 71 #include <openssl/evp.h> |
73 #include <openssl/x509.h> | 72 #include <openssl/x509.h> |
74 #include <openssl/x509v3.h> | 73 #include <openssl/x509v3.h> |
75 #include <openssl/objects.h> | 74 #include <openssl/objects.h> |
76 #include <openssl/ocsp.h> | 75 #include <openssl/ocsp.h> |
77 #include <openssl/pem.h> | 76 #include <openssl/pem.h> |
78 | 77 |
79 #ifndef W_OK | 78 #ifndef W_OK |
80 # ifdef OPENSSL_SYS_VMS | 79 # ifdef OPENSSL_SYS_VMS |
81 # if defined(__DECC) | 80 # if defined(__DECC) |
82 # include <unistd.h> | 81 # include <unistd.h> |
83 # else | 82 # else |
84 # include <unixlib.h> | 83 # include <unixlib.h> |
85 # endif | 84 # endif |
86 # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defin
ed(OPENSSL_SYS_NETWARE) && !defined(__TANDEM) | 85 # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defin
ed(OPENSSL_SYS_NETWARE) |
87 # include <sys/file.h> | 86 # include <sys/file.h> |
88 # endif | 87 # endif |
89 #endif | 88 #endif |
90 | 89 |
91 #include "apps.h" | 90 #include "apps.h" |
92 | 91 |
93 #ifndef W_OK | 92 #ifndef W_OK |
94 # define F_OK 0 | 93 # define F_OK 0 |
95 # define X_OK 1 | 94 # define X_OK 1 |
96 # define W_OK 2 | 95 # define W_OK 2 |
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
251 int badops=0; | 250 int badops=0; |
252 int ret=1; | 251 int ret=1; |
253 int email_dn=1; | 252 int email_dn=1; |
254 int req=0; | 253 int req=0; |
255 int verbose=0; | 254 int verbose=0; |
256 int gencrl=0; | 255 int gencrl=0; |
257 int dorevoke=0; | 256 int dorevoke=0; |
258 int doupdatedb=0; | 257 int doupdatedb=0; |
259 long crldays=0; | 258 long crldays=0; |
260 long crlhours=0; | 259 long crlhours=0; |
| 260 long crlsec=0; |
261 long errorline= -1; | 261 long errorline= -1; |
262 char *configfile=NULL; | 262 char *configfile=NULL; |
263 char *md=NULL; | 263 char *md=NULL; |
264 char *policy=NULL; | 264 char *policy=NULL; |
265 char *keyfile=NULL; | 265 char *keyfile=NULL; |
266 char *certfile=NULL; | 266 char *certfile=NULL; |
267 int keyform=FORMAT_PEM; | 267 int keyform=FORMAT_PEM; |
268 char *infile=NULL; | 268 char *infile=NULL; |
269 char *spkac_file=NULL; | 269 char *spkac_file=NULL; |
270 char *ss_cert_file=NULL; | 270 char *ss_cert_file=NULL; |
(...skipping 27 matching lines...) Expand all Loading... |
298 X509 *x509=NULL, *x509p = NULL; | 298 X509 *x509=NULL, *x509p = NULL; |
299 X509 *x=NULL; | 299 X509 *x=NULL; |
300 BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; | 300 BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; |
301 char *dbfile=NULL; | 301 char *dbfile=NULL; |
302 CA_DB *db=NULL; | 302 CA_DB *db=NULL; |
303 X509_CRL *crl=NULL; | 303 X509_CRL *crl=NULL; |
304 X509_REVOKED *r=NULL; | 304 X509_REVOKED *r=NULL; |
305 ASN1_TIME *tmptm; | 305 ASN1_TIME *tmptm; |
306 ASN1_INTEGER *tmpser; | 306 ASN1_INTEGER *tmpser; |
307 char *f; | 307 char *f; |
308 » const char *p, **pp; | 308 » const char *p; |
| 309 » char * const *pp; |
309 int i,j; | 310 int i,j; |
310 const EVP_MD *dgst=NULL; | 311 const EVP_MD *dgst=NULL; |
311 STACK_OF(CONF_VALUE) *attribs=NULL; | 312 STACK_OF(CONF_VALUE) *attribs=NULL; |
312 STACK_OF(X509) *cert_sk=NULL; | 313 STACK_OF(X509) *cert_sk=NULL; |
313 #undef BSIZE | 314 #undef BSIZE |
314 #define BSIZE 256 | 315 #define BSIZE 256 |
315 MS_STATIC char buf[3][BSIZE]; | 316 MS_STATIC char buf[3][BSIZE]; |
316 char *randfile=NULL; | 317 char *randfile=NULL; |
317 #ifndef OPENSSL_NO_ENGINE | 318 #ifndef OPENSSL_NO_ENGINE |
318 char *engine = NULL; | 319 char *engine = NULL; |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
449 else if (strcmp(*argv,"-crldays") == 0) | 450 else if (strcmp(*argv,"-crldays") == 0) |
450 { | 451 { |
451 if (--argc < 1) goto bad; | 452 if (--argc < 1) goto bad; |
452 crldays= atol(*(++argv)); | 453 crldays= atol(*(++argv)); |
453 } | 454 } |
454 else if (strcmp(*argv,"-crlhours") == 0) | 455 else if (strcmp(*argv,"-crlhours") == 0) |
455 { | 456 { |
456 if (--argc < 1) goto bad; | 457 if (--argc < 1) goto bad; |
457 crlhours= atol(*(++argv)); | 458 crlhours= atol(*(++argv)); |
458 } | 459 } |
| 460 else if (strcmp(*argv,"-crlsec") == 0) |
| 461 { |
| 462 if (--argc < 1) goto bad; |
| 463 crlsec = atol(*(++argv)); |
| 464 } |
459 else if (strcmp(*argv,"-infiles") == 0) | 465 else if (strcmp(*argv,"-infiles") == 0) |
460 { | 466 { |
461 argc--; | 467 argc--; |
462 argv++; | 468 argv++; |
463 req=1; | 469 req=1; |
464 break; | 470 break; |
465 } | 471 } |
466 else if (strcmp(*argv, "-ss_cert") == 0) | 472 else if (strcmp(*argv, "-ss_cert") == 0) |
467 { | 473 { |
468 if (--argc < 1) goto bad; | 474 if (--argc < 1) goto bad; |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
542 BIO_printf(bio_err,"unknown option %s\n",*argv); | 548 BIO_printf(bio_err,"unknown option %s\n",*argv); |
543 badops=1; | 549 badops=1; |
544 break; | 550 break; |
545 } | 551 } |
546 argc--; | 552 argc--; |
547 argv++; | 553 argv++; |
548 } | 554 } |
549 | 555 |
550 if (badops) | 556 if (badops) |
551 { | 557 { |
552 » » for (pp=ca_usage; (*pp != NULL); pp++) | 558 » » const char **pp2; |
553 » » » BIO_printf(bio_err,"%s",*pp); | 559 |
| 560 » » for (pp2=ca_usage; (*pp2 != NULL); pp2++) |
| 561 » » » BIO_printf(bio_err,"%s",*pp2); |
554 goto err; | 562 goto err; |
555 } | 563 } |
556 | 564 |
557 ERR_load_crypto_strings(); | 565 ERR_load_crypto_strings(); |
558 | 566 |
559 /*****************************************************************/ | 567 /*****************************************************************/ |
560 tofree=NULL; | 568 tofree=NULL; |
561 if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); | 569 if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); |
562 if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); | 570 if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); |
563 if (configfile == NULL) | 571 if (configfile == NULL) |
(...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
818 goto err; | 826 goto err; |
819 } | 827 } |
820 } | 828 } |
821 else | 829 else |
822 ERR_clear_error(); | 830 ERR_clear_error(); |
823 | 831 |
824 /*****************************************************************/ | 832 /*****************************************************************/ |
825 /* lookup where to write new certificates */ | 833 /* lookup where to write new certificates */ |
826 if ((outdir == NULL) && (req)) | 834 if ((outdir == NULL) && (req)) |
827 { | 835 { |
828 struct stat sb; | |
829 | 836 |
830 if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) | 837 if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) |
831 == NULL) | 838 == NULL) |
832 { | 839 { |
833 BIO_printf(bio_err,"there needs to be defined a director
y for new certificate to be placed in\n"); | 840 BIO_printf(bio_err,"there needs to be defined a director
y for new certificate to be placed in\n"); |
834 goto err; | 841 goto err; |
835 } | 842 } |
836 #ifndef OPENSSL_SYS_VMS | 843 #ifndef OPENSSL_SYS_VMS |
837 /* outdir is a directory spec, but access() for VMS demands a | 844 /* outdir is a directory spec, but access() for VMS demands a |
838 filename. In any case, stat(), below, will catch the problem | 845 filename. In any case, stat(), below, will catch the problem |
839 if outdir is not a directory spec, and the fopen() or open() | 846 if outdir is not a directory spec, and the fopen() or open() |
840 will catch an error if there is no write access. | 847 will catch an error if there is no write access. |
841 | 848 |
842 Presumably, this problem could also be solved by using the DEC | 849 Presumably, this problem could also be solved by using the DEC |
843 C routines to convert the directory syntax to Unixly, and give | 850 C routines to convert the directory syntax to Unixly, and give |
844 that to access(). However, time's too short to do that just | 851 that to access(). However, time's too short to do that just |
845 now. | 852 now. |
846 */ | 853 */ |
| 854 #ifndef _WIN32 |
847 if (access(outdir,R_OK|W_OK|X_OK) != 0) | 855 if (access(outdir,R_OK|W_OK|X_OK) != 0) |
| 856 #else |
| 857 if (_access(outdir,R_OK|W_OK|X_OK) != 0) |
| 858 #endif |
848 { | 859 { |
849 BIO_printf(bio_err,"I am unable to access the %s directo
ry\n",outdir); | 860 BIO_printf(bio_err,"I am unable to access the %s directo
ry\n",outdir); |
850 perror(outdir); | 861 perror(outdir); |
851 goto err; | 862 goto err; |
852 } | 863 } |
853 | 864 |
854 » » if (stat(outdir,&sb) != 0) | 865 » » if (app_isdir(outdir)<=0) |
855 » » » { | |
856 » » » BIO_printf(bio_err,"unable to stat(%s)\n",outdir); | |
857 » » » perror(outdir); | |
858 » » » goto err; | |
859 » » » } | |
860 #ifdef S_ISDIR | |
861 » » if (!S_ISDIR(sb.st_mode)) | |
862 { | 866 { |
863 BIO_printf(bio_err,"%s need to be a directory\n",outdir)
; | 867 BIO_printf(bio_err,"%s need to be a directory\n",outdir)
; |
864 perror(outdir); | 868 perror(outdir); |
865 goto err; | 869 goto err; |
866 } | 870 } |
867 #endif | 871 #endif |
868 #endif | |
869 } | 872 } |
870 | 873 |
871 /*****************************************************************/ | 874 /*****************************************************************/ |
872 /* we need to load the database file */ | 875 /* we need to load the database file */ |
873 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) | 876 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) |
874 { | 877 { |
875 lookup_fail(section,ENV_DATABASE); | 878 lookup_fail(section,ENV_DATABASE); |
876 goto err; | 879 goto err; |
877 } | 880 } |
878 db = load_index(dbfile, &db_attr); | 881 db = load_index(dbfile, &db_attr); |
879 if (db == NULL) goto err; | 882 if (db == NULL) goto err; |
880 | 883 |
881 /* Lets check some fields */ | 884 /* Lets check some fields */ |
882 » for (i=0; i<sk_num(db->db->data); i++) | 885 » for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) |
883 { | 886 { |
884 » » pp=(const char **)sk_value(db->db->data,i); | 887 » » pp=sk_OPENSSL_PSTRING_value(db->db->data,i); |
885 if ((pp[DB_type][0] != DB_TYPE_REV) && | 888 if ((pp[DB_type][0] != DB_TYPE_REV) && |
886 (pp[DB_rev_date][0] != '\0')) | 889 (pp[DB_rev_date][0] != '\0')) |
887 { | 890 { |
888 BIO_printf(bio_err,"entry %d: not revoked yet, but has a
revocation date\n",i+1); | 891 BIO_printf(bio_err,"entry %d: not revoked yet, but has a
revocation date\n",i+1); |
889 goto err; | 892 goto err; |
890 } | 893 } |
891 if ((pp[DB_type][0] == DB_TYPE_REV) && | 894 if ((pp[DB_type][0] == DB_TYPE_REV) && |
892 !make_revoked(NULL, pp[DB_rev_date])) | 895 !make_revoked(NULL, pp[DB_rev_date])) |
893 { | 896 { |
894 BIO_printf(bio_err," in entry %d\n", i+1); | 897 BIO_printf(bio_err," in entry %d\n", i+1); |
895 goto err; | 898 goto err; |
896 } | 899 } |
897 » » if (!check_time_format(pp[DB_exp_date])) | 900 » » if (!check_time_format((char *)pp[DB_exp_date])) |
898 { | 901 { |
899 BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1
); | 902 BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1
); |
900 goto err; | 903 goto err; |
901 } | 904 } |
902 p=pp[DB_serial]; | 905 p=pp[DB_serial]; |
903 j=strlen(p); | 906 j=strlen(p); |
904 if (*p == '-') | 907 if (*p == '-') |
905 { | 908 { |
906 p++; | 909 p++; |
907 j--; | 910 j--; |
(...skipping 19 matching lines...) Expand all Loading... |
927 { | 930 { |
928 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail *
/ | 931 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail *
/ |
929 #ifdef OPENSSL_SYS_VMS | 932 #ifdef OPENSSL_SYS_VMS |
930 { | 933 { |
931 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | 934 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
932 out = BIO_push(tmpbio, out); | 935 out = BIO_push(tmpbio, out); |
933 } | 936 } |
934 #endif | 937 #endif |
935 TXT_DB_write(out,db->db); | 938 TXT_DB_write(out,db->db); |
936 BIO_printf(bio_err,"%d entries loaded from the database\n", | 939 BIO_printf(bio_err,"%d entries loaded from the database\n", |
937 » » » db->db->data->num); | 940 » » » sk_OPENSSL_PSTRING_num(db->db->data)); |
938 BIO_printf(bio_err,"generating index\n"); | 941 BIO_printf(bio_err,"generating index\n"); |
939 } | 942 } |
940 | 943 |
941 if (!index_index(db)) goto err; | 944 if (!index_index(db)) goto err; |
942 | 945 |
943 /*****************************************************************/ | 946 /*****************************************************************/ |
944 /* Update the db file for expired certificates */ | 947 /* Update the db file for expired certificates */ |
945 if (doupdatedb) | 948 if (doupdatedb) |
946 { | 949 { |
947 if (verbose) | 950 if (verbose) |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1018 } | 1021 } |
1019 } | 1022 } |
1020 | 1023 |
1021 if ((md == NULL) && ((md=NCONF_get_string(conf, | 1024 if ((md == NULL) && ((md=NCONF_get_string(conf, |
1022 section,ENV_DEFAULT_MD)) == NULL)) | 1025 section,ENV_DEFAULT_MD)) == NULL)) |
1023 { | 1026 { |
1024 lookup_fail(section,ENV_DEFAULT_MD); | 1027 lookup_fail(section,ENV_DEFAULT_MD); |
1025 goto err; | 1028 goto err; |
1026 } | 1029 } |
1027 | 1030 |
| 1031 if (!strcmp(md, "default")) |
| 1032 { |
| 1033 int def_nid; |
| 1034 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) |
| 1035 { |
| 1036 BIO_puts(bio_err,"no default digest\n"); |
| 1037 goto err; |
| 1038 } |
| 1039 md = (char *)OBJ_nid2sn(def_nid); |
| 1040 } |
| 1041 |
1028 if ((dgst=EVP_get_digestbyname(md)) == NULL) | 1042 if ((dgst=EVP_get_digestbyname(md)) == NULL) |
1029 { | 1043 { |
1030 BIO_printf(bio_err,"%s is an unsupported message digest type\n",
md); | 1044 BIO_printf(bio_err,"%s is an unsupported message digest type\n",
md); |
1031 goto err; | 1045 goto err; |
1032 } | 1046 } |
1033 | 1047 |
1034 if (req) | 1048 if (req) |
1035 { | 1049 { |
1036 if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, | 1050 if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, |
1037 section,ENV_DEFAULT_EMAIL_DN)) != NULL )) | 1051 section,ENV_DEFAULT_EMAIL_DN)) != NULL )) |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1087 } | 1101 } |
1088 } | 1102 } |
1089 | 1103 |
1090 if (startdate == NULL) | 1104 if (startdate == NULL) |
1091 { | 1105 { |
1092 startdate=NCONF_get_string(conf,section, | 1106 startdate=NCONF_get_string(conf,section, |
1093 ENV_DEFAULT_STARTDATE); | 1107 ENV_DEFAULT_STARTDATE); |
1094 if (startdate == NULL) | 1108 if (startdate == NULL) |
1095 ERR_clear_error(); | 1109 ERR_clear_error(); |
1096 } | 1110 } |
1097 » » if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) | 1111 » » if (startdate && !ASN1_TIME_set_string(NULL, startdate)) |
1098 { | 1112 { |
1099 » » » BIO_printf(bio_err,"start date is invalid, it should be
YYMMDDHHMMSSZ\n"); | 1113 » » » BIO_printf(bio_err,"start date is invalid, it should be
YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); |
1100 goto err; | 1114 goto err; |
1101 } | 1115 } |
1102 if (startdate == NULL) startdate="today"; | 1116 if (startdate == NULL) startdate="today"; |
1103 | 1117 |
1104 if (enddate == NULL) | 1118 if (enddate == NULL) |
1105 { | 1119 { |
1106 enddate=NCONF_get_string(conf,section, | 1120 enddate=NCONF_get_string(conf,section, |
1107 ENV_DEFAULT_ENDDATE); | 1121 ENV_DEFAULT_ENDDATE); |
1108 if (enddate == NULL) | 1122 if (enddate == NULL) |
1109 ERR_clear_error(); | 1123 ERR_clear_error(); |
1110 } | 1124 } |
1111 » » if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) | 1125 » » if (enddate && !ASN1_TIME_set_string(NULL, enddate)) |
1112 { | 1126 { |
1113 » » » BIO_printf(bio_err,"end date is invalid, it should be YY
MMDDHHMMSSZ\n"); | 1127 » » » BIO_printf(bio_err,"end date is invalid, it should be YY
MMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); |
1114 goto err; | 1128 goto err; |
1115 } | 1129 } |
1116 | 1130 |
1117 if (days == 0) | 1131 if (days == 0) |
1118 { | 1132 { |
1119 if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &da
ys)) | 1133 if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &da
ys)) |
1120 days = 0; | 1134 days = 0; |
1121 } | 1135 } |
1122 if (!enddate && (days == 0)) | 1136 if (!enddate && (days == 0)) |
1123 { | 1137 { |
(...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1363 } | 1377 } |
1364 | 1378 |
1365 if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) | 1379 if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) |
1366 != NULL) | 1380 != NULL) |
1367 if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NUL
L) | 1381 if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NUL
L) |
1368 { | 1382 { |
1369 BIO_printf(bio_err,"error while loading CRL numb
er\n"); | 1383 BIO_printf(bio_err,"error while loading CRL numb
er\n"); |
1370 goto err; | 1384 goto err; |
1371 } | 1385 } |
1372 | 1386 |
1373 » » if (!crldays && !crlhours) | 1387 » » if (!crldays && !crlhours && !crlsec) |
1374 { | 1388 { |
1375 if (!NCONF_get_number(conf,section, | 1389 if (!NCONF_get_number(conf,section, |
1376 ENV_DEFAULT_CRL_DAYS, &crldays)) | 1390 ENV_DEFAULT_CRL_DAYS, &crldays)) |
1377 crldays = 0; | 1391 crldays = 0; |
1378 if (!NCONF_get_number(conf,section, | 1392 if (!NCONF_get_number(conf,section, |
1379 ENV_DEFAULT_CRL_HOURS, &crlhours)) | 1393 ENV_DEFAULT_CRL_HOURS, &crlhours)) |
1380 crlhours = 0; | 1394 crlhours = 0; |
1381 } | 1395 } |
1382 » » if ((crldays == 0) && (crlhours == 0)) | 1396 » » if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) |
1383 { | 1397 { |
1384 BIO_printf(bio_err,"cannot lookup how long until the nex
t CRL is issued\n"); | 1398 BIO_printf(bio_err,"cannot lookup how long until the nex
t CRL is issued\n"); |
1385 goto err; | 1399 goto err; |
1386 } | 1400 } |
1387 | 1401 |
1388 if (verbose) BIO_printf(bio_err,"making CRL\n"); | 1402 if (verbose) BIO_printf(bio_err,"making CRL\n"); |
1389 if ((crl=X509_CRL_new()) == NULL) goto err; | 1403 if ((crl=X509_CRL_new()) == NULL) goto err; |
1390 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
goto err; | 1404 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
goto err; |
1391 | 1405 |
1392 tmptm = ASN1_TIME_new(); | 1406 tmptm = ASN1_TIME_new(); |
1393 if (!tmptm) goto err; | 1407 if (!tmptm) goto err; |
1394 X509_gmtime_adj(tmptm,0); | 1408 X509_gmtime_adj(tmptm,0); |
1395 X509_CRL_set_lastUpdate(crl, tmptm); | 1409 X509_CRL_set_lastUpdate(crl, tmptm); |
1396 » » X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60); | 1410 » » if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, |
| 1411 » » » NULL)) |
| 1412 » » » { |
| 1413 » » » BIO_puts(bio_err, "error setting CRL nextUpdate\n"); |
| 1414 » » » goto err; |
| 1415 » » » } |
1397 X509_CRL_set_nextUpdate(crl, tmptm); | 1416 X509_CRL_set_nextUpdate(crl, tmptm); |
1398 | 1417 |
1399 ASN1_TIME_free(tmptm); | 1418 ASN1_TIME_free(tmptm); |
1400 | 1419 |
1401 » » for (i=0; i<sk_num(db->db->data); i++) | 1420 » » for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) |
1402 { | 1421 { |
1403 » » » pp=(const char **)sk_value(db->db->data,i); | 1422 » » » pp=sk_OPENSSL_PSTRING_value(db->db->data,i); |
1404 if (pp[DB_type][0] == DB_TYPE_REV) | 1423 if (pp[DB_type][0] == DB_TYPE_REV) |
1405 { | 1424 { |
1406 if ((r=X509_REVOKED_new()) == NULL) goto err; | 1425 if ((r=X509_REVOKED_new()) == NULL) goto err; |
1407 j = make_revoked(r, pp[DB_rev_date]); | 1426 j = make_revoked(r, pp[DB_rev_date]); |
1408 if (!j) goto err; | 1427 if (!j) goto err; |
1409 if (j == 2) crl_v2 = 1; | 1428 if (j == 2) crl_v2 = 1; |
1410 if (!BN_hex2bn(&serial, pp[DB_serial])) | 1429 if (!BN_hex2bn(&serial, pp[DB_serial])) |
1411 goto err; | 1430 goto err; |
1412 tmpser = BN_to_ASN1_INTEGER(serial, NULL); | 1431 tmpser = BN_to_ASN1_INTEGER(serial, NULL); |
1413 BN_free(serial); | 1432 BN_free(serial); |
1414 serial = NULL; | 1433 serial = NULL; |
1415 if (!tmpser) | 1434 if (!tmpser) |
1416 goto err; | 1435 goto err; |
1417 X509_REVOKED_set_serialNumber(r, tmpser); | 1436 X509_REVOKED_set_serialNumber(r, tmpser); |
1418 ASN1_INTEGER_free(tmpser); | 1437 ASN1_INTEGER_free(tmpser); |
1419 X509_CRL_add0_revoked(crl,r); | 1438 X509_CRL_add0_revoked(crl,r); |
1420 } | 1439 } |
1421 } | 1440 } |
1422 | 1441 |
1423 /* sort the data so it will be written in serial | 1442 /* sort the data so it will be written in serial |
1424 * number order */ | 1443 * number order */ |
1425 X509_CRL_sort(crl); | 1444 X509_CRL_sort(crl); |
1426 | 1445 |
1427 /* we now have a CRL */ | 1446 /* we now have a CRL */ |
1428 if (verbose) BIO_printf(bio_err,"signing CRL\n"); | 1447 if (verbose) BIO_printf(bio_err,"signing CRL\n"); |
1429 #ifndef OPENSSL_NO_DSA | |
1430 if (pkey->type == EVP_PKEY_DSA) | |
1431 dgst=EVP_dss1(); | |
1432 else | |
1433 #endif | |
1434 #ifndef OPENSSL_NO_ECDSA | |
1435 if (pkey->type == EVP_PKEY_EC) | |
1436 dgst=EVP_ecdsa(); | |
1437 #endif | |
1438 | 1448 |
1439 /* Add any extensions asked for */ | 1449 /* Add any extensions asked for */ |
1440 | 1450 |
1441 if (crl_ext || crlnumberfile != NULL) | 1451 if (crl_ext || crlnumberfile != NULL) |
1442 { | 1452 { |
1443 X509V3_CTX crlctx; | 1453 X509V3_CTX crlctx; |
1444 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); | 1454 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); |
1445 X509V3_set_nconf(&crlctx, conf); | 1455 X509V3_set_nconf(&crlctx, conf); |
1446 | 1456 |
1447 if (crl_ext) | 1457 if (crl_ext) |
(...skipping 12 matching lines...) Expand all Loading... |
1460 if (crl_ext || crl_v2) | 1470 if (crl_ext || crl_v2) |
1461 { | 1471 { |
1462 if (!X509_CRL_set_version(crl, 1)) | 1472 if (!X509_CRL_set_version(crl, 1)) |
1463 goto err; /* version 2 CRL */ | 1473 goto err; /* version 2 CRL */ |
1464 } | 1474 } |
1465 | 1475 |
1466 | 1476 |
1467 if (crlnumberfile != NULL) /* we have a CRL number that nee
d updating */ | 1477 if (crlnumberfile != NULL) /* we have a CRL number that nee
d updating */ |
1468 if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) go
to err; | 1478 if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) go
to err; |
1469 | 1479 |
| 1480 if (crlnumber) |
| 1481 { |
| 1482 BN_free(crlnumber); |
| 1483 crlnumber = NULL; |
| 1484 } |
| 1485 |
1470 if (!X509_CRL_sign(crl,pkey,dgst)) goto err; | 1486 if (!X509_CRL_sign(crl,pkey,dgst)) goto err; |
1471 | 1487 |
1472 PEM_write_bio_X509_CRL(Sout,crl); | 1488 PEM_write_bio_X509_CRL(Sout,crl); |
1473 | 1489 |
1474 if (crlnumberfile != NULL) /* Rename the crlnumber file */ | 1490 if (crlnumberfile != NULL) /* Rename the crlnumber file */ |
1475 if (!rotate_serial(crlnumberfile,"new","old")) goto err; | 1491 if (!rotate_serial(crlnumberfile,"new","old")) goto err; |
1476 | 1492 |
1477 } | 1493 } |
1478 /*****************************************************************/ | 1494 /*****************************************************************/ |
1479 if (dorevoke) | 1495 if (dorevoke) |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1512 BIO_free_all(in); | 1528 BIO_free_all(in); |
1513 | 1529 |
1514 if (cert_sk) | 1530 if (cert_sk) |
1515 sk_X509_pop_free(cert_sk,X509_free); | 1531 sk_X509_pop_free(cert_sk,X509_free); |
1516 | 1532 |
1517 if (ret) ERR_print_errors(bio_err); | 1533 if (ret) ERR_print_errors(bio_err); |
1518 app_RAND_write_file(randfile, bio_err); | 1534 app_RAND_write_file(randfile, bio_err); |
1519 if (free_key && key) | 1535 if (free_key && key) |
1520 OPENSSL_free(key); | 1536 OPENSSL_free(key); |
1521 BN_free(serial); | 1537 BN_free(serial); |
| 1538 BN_free(crlnumber); |
1522 free_index(db); | 1539 free_index(db); |
1523 EVP_PKEY_free(pkey); | 1540 EVP_PKEY_free(pkey); |
1524 if (x509) X509_free(x509); | 1541 if (x509) X509_free(x509); |
1525 X509_CRL_free(crl); | 1542 X509_CRL_free(crl); |
1526 NCONF_free(conf); | 1543 NCONF_free(conf); |
1527 NCONF_free(extconf); | 1544 NCONF_free(extconf); |
1528 OBJ_cleanup(); | 1545 OBJ_cleanup(); |
1529 apps_shutdown(); | 1546 apps_shutdown(); |
1530 OPENSSL_EXIT(ret); | 1547 OPENSSL_EXIT(ret); |
1531 } | 1548 } |
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1670 ASN1_STRING *str,*str2; | 1687 ASN1_STRING *str,*str2; |
1671 ASN1_OBJECT *obj; | 1688 ASN1_OBJECT *obj; |
1672 X509 *ret=NULL; | 1689 X509 *ret=NULL; |
1673 X509_CINF *ci; | 1690 X509_CINF *ci; |
1674 X509_NAME_ENTRY *ne; | 1691 X509_NAME_ENTRY *ne; |
1675 X509_NAME_ENTRY *tne,*push; | 1692 X509_NAME_ENTRY *tne,*push; |
1676 EVP_PKEY *pktmp; | 1693 EVP_PKEY *pktmp; |
1677 int ok= -1,i,j,last,nid; | 1694 int ok= -1,i,j,last,nid; |
1678 const char *p; | 1695 const char *p; |
1679 CONF_VALUE *cv; | 1696 CONF_VALUE *cv; |
1680 » char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; | 1697 » OPENSSL_STRING row[DB_NUMBER]; |
| 1698 » OPENSSL_STRING *irow=NULL; |
| 1699 » OPENSSL_STRING *rrow=NULL; |
1681 char buf[25]; | 1700 char buf[25]; |
1682 | 1701 |
1683 tmptm=ASN1_UTCTIME_new(); | 1702 tmptm=ASN1_UTCTIME_new(); |
1684 if (tmptm == NULL) | 1703 if (tmptm == NULL) |
1685 { | 1704 { |
1686 BIO_printf(bio_err,"malloc error\n"); | 1705 BIO_printf(bio_err,"malloc error\n"); |
1687 return(0); | 1706 return(0); |
1688 } | 1707 } |
1689 | 1708 |
1690 for (i=0; i<DB_NUMBER; i++) | 1709 for (i=0; i<DB_NUMBER; i++) |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1912 else | 1931 else |
1913 row[DB_serial]=BN_bn2hex(serial); | 1932 row[DB_serial]=BN_bn2hex(serial); |
1914 if (row[DB_serial] == NULL) | 1933 if (row[DB_serial] == NULL) |
1915 { | 1934 { |
1916 BIO_printf(bio_err,"Memory allocation failure\n"); | 1935 BIO_printf(bio_err,"Memory allocation failure\n"); |
1917 goto err; | 1936 goto err; |
1918 } | 1937 } |
1919 | 1938 |
1920 if (db->attributes.unique_subject) | 1939 if (db->attributes.unique_subject) |
1921 { | 1940 { |
1922 » » rrow=TXT_DB_get_by_index(db->db,DB_name,row); | 1941 » » OPENSSL_STRING *crow=row; |
| 1942 |
| 1943 » » rrow=TXT_DB_get_by_index(db->db,DB_name,crow); |
1923 if (rrow != NULL) | 1944 if (rrow != NULL) |
1924 { | 1945 { |
1925 BIO_printf(bio_err, | 1946 BIO_printf(bio_err, |
1926 "ERROR:There is already a certificate for %s\n", | 1947 "ERROR:There is already a certificate for %s\n", |
1927 row[DB_name]); | 1948 row[DB_name]); |
1928 } | 1949 } |
1929 } | 1950 } |
1930 if (rrow == NULL) | 1951 if (rrow == NULL) |
1931 { | 1952 { |
1932 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); | 1953 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1988 goto err; | 2009 goto err; |
1989 } | 2010 } |
1990 else | 2011 else |
1991 { | 2012 { |
1992 if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) | 2013 if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) |
1993 goto err; | 2014 goto err; |
1994 } | 2015 } |
1995 | 2016 |
1996 if (strcmp(startdate,"today") == 0) | 2017 if (strcmp(startdate,"today") == 0) |
1997 X509_gmtime_adj(X509_get_notBefore(ret),0); | 2018 X509_gmtime_adj(X509_get_notBefore(ret),0); |
1998 » else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); | 2019 » else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate); |
1999 | 2020 |
2000 if (enddate == NULL) | 2021 if (enddate == NULL) |
2001 » » X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days); | 2022 » » X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL); |
2002 » else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); | 2023 » else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate); |
2003 | 2024 |
2004 if (!X509_set_subject_name(ret,subject)) goto err; | 2025 if (!X509_set_subject_name(ret,subject)) goto err; |
2005 | 2026 |
2006 pktmp=X509_REQ_get_pubkey(req); | 2027 pktmp=X509_REQ_get_pubkey(req); |
2007 i = X509_set_pubkey(ret,pktmp); | 2028 i = X509_set_pubkey(ret,pktmp); |
2008 EVP_PKEY_free(pktmp); | 2029 EVP_PKEY_free(pktmp); |
2009 if (!i) goto err; | 2030 if (!i) goto err; |
2010 | 2031 |
2011 /* Lets add the extensions, if there are any */ | 2032 /* Lets add the extensions, if there are any */ |
2012 if (ext_sect) | 2033 if (ext_sect) |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2112 goto err; | 2133 goto err; |
2113 } | 2134 } |
2114 if (!((buf[0] == 'y') || (buf[0] == 'Y'))) | 2135 if (!((buf[0] == 'y') || (buf[0] == 'Y'))) |
2115 { | 2136 { |
2116 BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"
); | 2137 BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"
); |
2117 ok=0; | 2138 ok=0; |
2118 goto err; | 2139 goto err; |
2119 } | 2140 } |
2120 } | 2141 } |
2121 | 2142 |
2122 | |
2123 #ifndef OPENSSL_NO_DSA | |
2124 if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1(); | |
2125 pktmp=X509_get_pubkey(ret); | 2143 pktmp=X509_get_pubkey(ret); |
2126 if (EVP_PKEY_missing_parameters(pktmp) && | 2144 if (EVP_PKEY_missing_parameters(pktmp) && |
2127 !EVP_PKEY_missing_parameters(pkey)) | 2145 !EVP_PKEY_missing_parameters(pkey)) |
2128 EVP_PKEY_copy_parameters(pktmp,pkey); | 2146 EVP_PKEY_copy_parameters(pktmp,pkey); |
2129 EVP_PKEY_free(pktmp); | 2147 EVP_PKEY_free(pktmp); |
2130 #endif | |
2131 #ifndef OPENSSL_NO_ECDSA | |
2132 if (pkey->type == EVP_PKEY_EC) | |
2133 dgst = EVP_ecdsa(); | |
2134 pktmp = X509_get_pubkey(ret); | |
2135 if (EVP_PKEY_missing_parameters(pktmp) && | |
2136 !EVP_PKEY_missing_parameters(pkey)) | |
2137 EVP_PKEY_copy_parameters(pktmp, pkey); | |
2138 EVP_PKEY_free(pktmp); | |
2139 #endif | |
2140 | |
2141 | 2148 |
2142 if (!X509_sign(ret,pkey,dgst)) | 2149 if (!X509_sign(ret,pkey,dgst)) |
2143 goto err; | 2150 goto err; |
2144 | 2151 |
2145 /* We now just add it to the database */ | 2152 /* We now just add it to the database */ |
2146 row[DB_type]=(char *)OPENSSL_malloc(2); | 2153 row[DB_type]=(char *)OPENSSL_malloc(2); |
2147 | 2154 |
2148 tm=X509_get_notAfter(ret); | 2155 tm=X509_get_notAfter(ret); |
2149 row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); | 2156 row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); |
2150 memcpy(row[DB_exp_date],tm->data,tm->length); | 2157 memcpy(row[DB_exp_date],tm->data,tm->length); |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2232 PEM_write_bio_X509(bp,x); | 2239 PEM_write_bio_X509(bp,x); |
2233 } | 2240 } |
2234 | 2241 |
2235 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | 2242 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
2236 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, | 2243 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, |
2237 BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int
email_dn, char *startdate, char *enddate, | 2244 BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int
email_dn, char *startdate, char *enddate, |
2238 long days, char *ext_sect, CONF *lconf, int verbose, unsigned long
certopt, | 2245 long days, char *ext_sect, CONF *lconf, int verbose, unsigned long
certopt, |
2239 unsigned long nameopt, int default_op, int ext_copy) | 2246 unsigned long nameopt, int default_op, int ext_copy) |
2240 { | 2247 { |
2241 STACK_OF(CONF_VALUE) *sk=NULL; | 2248 STACK_OF(CONF_VALUE) *sk=NULL; |
2242 » LHASH *parms=NULL; | 2249 » LHASH_OF(CONF_VALUE) *parms=NULL; |
2243 X509_REQ *req=NULL; | 2250 X509_REQ *req=NULL; |
2244 CONF_VALUE *cv=NULL; | 2251 CONF_VALUE *cv=NULL; |
2245 NETSCAPE_SPKI *spki = NULL; | 2252 NETSCAPE_SPKI *spki = NULL; |
2246 X509_REQ_INFO *ri; | 2253 X509_REQ_INFO *ri; |
2247 char *type,*buf; | 2254 char *type,*buf; |
2248 EVP_PKEY *pktmp=NULL; | 2255 EVP_PKEY *pktmp=NULL; |
2249 X509_NAME *n=NULL; | 2256 X509_NAME *n=NULL; |
2250 X509_NAME_ENTRY *ne=NULL; | 2257 X509_NAME_ENTRY *ne=NULL; |
2251 int ok= -1,i,j; | 2258 int ok= -1,i,j; |
2252 long errline; | 2259 long errline; |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2366 if (req != NULL) X509_REQ_free(req); | 2373 if (req != NULL) X509_REQ_free(req); |
2367 if (parms != NULL) CONF_free(parms); | 2374 if (parms != NULL) CONF_free(parms); |
2368 if (spki != NULL) NETSCAPE_SPKI_free(spki); | 2375 if (spki != NULL) NETSCAPE_SPKI_free(spki); |
2369 if (ne != NULL) X509_NAME_ENTRY_free(ne); | 2376 if (ne != NULL) X509_NAME_ENTRY_free(ne); |
2370 | 2377 |
2371 return(ok); | 2378 return(ok); |
2372 } | 2379 } |
2373 | 2380 |
2374 static int check_time_format(const char *str) | 2381 static int check_time_format(const char *str) |
2375 { | 2382 { |
2376 » ASN1_TIME tm; | 2383 » return ASN1_TIME_set_string(NULL, str); |
2377 | |
2378 » tm.data=(unsigned char *)str; | |
2379 » tm.length=strlen(str); | |
2380 » tm.type=V_ASN1_UTCTIME; | |
2381 » if (ASN1_TIME_check(&tm)) | |
2382 » » return 1; | |
2383 » tm.type=V_ASN1_GENERALIZEDTIME; | |
2384 » return ASN1_TIME_check(&tm); | |
2385 } | 2384 } |
2386 | 2385 |
2387 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) | 2386 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) |
2388 { | 2387 { |
2389 ASN1_UTCTIME *tm=NULL; | 2388 ASN1_UTCTIME *tm=NULL; |
2390 char *row[DB_NUMBER],**rrow,**irow; | 2389 char *row[DB_NUMBER],**rrow,**irow; |
2391 char *rev_str = NULL; | 2390 char *rev_str = NULL; |
2392 BIGNUM *bn = NULL; | 2391 BIGNUM *bn = NULL; |
2393 int ok=-1,i; | 2392 int ok=-1,i; |
2394 | 2393 |
2395 for (i=0; i<DB_NUMBER; i++) | 2394 for (i=0; i<DB_NUMBER; i++) |
2396 row[i]=NULL; | 2395 row[i]=NULL; |
2397 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); | 2396 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); |
2398 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); | 2397 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); |
| 2398 if (!bn) |
| 2399 goto err; |
2399 if (BN_is_zero(bn)) | 2400 if (BN_is_zero(bn)) |
2400 row[DB_serial]=BUF_strdup("00"); | 2401 row[DB_serial]=BUF_strdup("00"); |
2401 else | 2402 else |
2402 row[DB_serial]=BN_bn2hex(bn); | 2403 row[DB_serial]=BN_bn2hex(bn); |
2403 BN_free(bn); | 2404 BN_free(bn); |
2404 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) | 2405 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) |
2405 { | 2406 { |
2406 BIO_printf(bio_err,"Memory allocation failure\n"); | 2407 BIO_printf(bio_err,"Memory allocation failure\n"); |
2407 goto err; | 2408 goto err; |
2408 } | 2409 } |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2458 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->e
rror); | 2459 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->e
rror); |
2459 goto err; | 2460 goto err; |
2460 } | 2461 } |
2461 | 2462 |
2462 /* Revoke Certificate */ | 2463 /* Revoke Certificate */ |
2463 ok = do_revoke(x509,db, type, value); | 2464 ok = do_revoke(x509,db, type, value); |
2464 | 2465 |
2465 goto err; | 2466 goto err; |
2466 | 2467 |
2467 } | 2468 } |
2468 » else if (index_name_cmp((const char **)row,(const char **)rrow)) | 2469 » else if (index_name_cmp_noconst(row, rrow)) |
2469 { | 2470 { |
2470 BIO_printf(bio_err,"ERROR:name does not match %s\n", | 2471 BIO_printf(bio_err,"ERROR:name does not match %s\n", |
2471 row[DB_name]); | 2472 row[DB_name]); |
2472 goto err; | 2473 goto err; |
2473 } | 2474 } |
2474 else if (rrow[DB_type][0]=='R') | 2475 else if (rrow[DB_type][0]=='R') |
2475 { | 2476 { |
2476 BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", | 2477 BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", |
2477 row[DB_serial]); | 2478 row[DB_serial]); |
2478 goto err; | 2479 goto err; |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2607 } | 2608 } |
2608 | 2609 |
2609 memcpy(a_tm_s, a_tm->data, a_tm->length); | 2610 memcpy(a_tm_s, a_tm->data, a_tm->length); |
2610 a_tm_s[a_tm->length] = '\0'; | 2611 a_tm_s[a_tm->length] = '\0'; |
2611 | 2612 |
2612 if (strncmp(a_tm_s, "49", 2) <= 0) | 2613 if (strncmp(a_tm_s, "49", 2) <= 0) |
2613 a_y2k = 1; | 2614 a_y2k = 1; |
2614 else | 2615 else |
2615 a_y2k = 0; | 2616 a_y2k = 0; |
2616 | 2617 |
2617 » for (i = 0; i < sk_num(db->db->data); i++) | 2618 » for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) |
2618 { | 2619 { |
2619 » » rrow = (char **) sk_value(db->db->data, i); | 2620 » » rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); |
2620 | 2621 |
2621 if (rrow[DB_type][0] == 'V') | 2622 if (rrow[DB_type][0] == 'V') |
2622 { | 2623 { |
2623 /* ignore entries that are not valid */ | 2624 /* ignore entries that are not valid */ |
2624 if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) | 2625 if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) |
2625 db_y2k = 1; | 2626 db_y2k = 1; |
2626 else | 2627 else |
2627 db_y2k = 0; | 2628 db_y2k = 0; |
2628 | 2629 |
2629 if (db_y2k == a_y2k) | 2630 if (db_y2k == a_y2k) |
(...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2856 else if (str->type == V_ASN1_IA5STRING) | 2857 else if (str->type == V_ASN1_IA5STRING) |
2857 BIO_printf(bp,"IA5STRING:'"); | 2858 BIO_printf(bp,"IA5STRING:'"); |
2858 else if (str->type == V_ASN1_UNIVERSALSTRING) | 2859 else if (str->type == V_ASN1_UNIVERSALSTRING) |
2859 BIO_printf(bp,"UNIVERSALSTRING:'"); | 2860 BIO_printf(bp,"UNIVERSALSTRING:'"); |
2860 else | 2861 else |
2861 BIO_printf(bp,"ASN.1 %2d:'",str->type); | 2862 BIO_printf(bp,"ASN.1 %2d:'",str->type); |
2862 | 2863 |
2863 p=(char *)str->data; | 2864 p=(char *)str->data; |
2864 for (j=str->length; j>0; j--) | 2865 for (j=str->length; j>0; j--) |
2865 { | 2866 { |
2866 #ifdef CHARSET_EBCDIC | |
2867 if ((*p >= 0x20) && (*p <= 0x7e)) | |
2868 BIO_printf(bp,"%c",os_toebcdic[*p]); | |
2869 #else | |
2870 if ((*p >= ' ') && (*p <= '~')) | 2867 if ((*p >= ' ') && (*p <= '~')) |
2871 BIO_printf(bp,"%c",*p); | 2868 BIO_printf(bp,"%c",*p); |
2872 #endif | |
2873 else if (*p & 0x80) | 2869 else if (*p & 0x80) |
2874 BIO_printf(bp,"\\0x%02X",*p); | 2870 BIO_printf(bp,"\\0x%02X",*p); |
2875 else if ((unsigned char)*p == 0xf7) | 2871 else if ((unsigned char)*p == 0xf7) |
2876 BIO_printf(bp,"^?"); | 2872 BIO_printf(bp,"^?"); |
2877 #ifdef CHARSET_EBCDIC | |
2878 else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]); | |
2879 #else | |
2880 else BIO_printf(bp,"^%c",*p+'@'); | 2873 else BIO_printf(bp,"^%c",*p+'@'); |
2881 #endif | |
2882 p++; | 2874 p++; |
2883 } | 2875 } |
2884 BIO_printf(bp,"'\n"); | 2876 BIO_printf(bp,"'\n"); |
2885 return 1; | 2877 return 1; |
2886 } | 2878 } |
2887 | 2879 |
2888 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
ENERALIZEDTIME **pinvtm, const char *str) | 2880 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
ENERALIZEDTIME **pinvtm, const char *str) |
2889 { | 2881 { |
2890 char *tmp = NULL; | 2882 char *tmp = NULL; |
2891 char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; | 2883 char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2984 ret = 1; | 2976 ret = 1; |
2985 | 2977 |
2986 err: | 2978 err: |
2987 | 2979 |
2988 if (tmp) OPENSSL_free(tmp); | 2980 if (tmp) OPENSSL_free(tmp); |
2989 if (!phold) ASN1_OBJECT_free(hold); | 2981 if (!phold) ASN1_OBJECT_free(hold); |
2990 if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time); | 2982 if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time); |
2991 | 2983 |
2992 return ret; | 2984 return ret; |
2993 } | 2985 } |
OLD | NEW |