OLD | NEW |
1 /* apps/x509.c */ | 1 /* apps/x509.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", | 92 " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", |
93 " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", | 93 " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", |
94 " -keyform arg - private key format - default PEM\n", | 94 " -keyform arg - private key format - default PEM\n", |
95 " -CAform arg - CA format - default PEM\n", | 95 " -CAform arg - CA format - default PEM\n", |
96 " -CAkeyform arg - CA key format - default PEM\n", | 96 " -CAkeyform arg - CA key format - default PEM\n", |
97 " -in arg - input file - default stdin\n", | 97 " -in arg - input file - default stdin\n", |
98 " -out arg - output file - default stdout\n", | 98 " -out arg - output file - default stdout\n", |
99 " -passin arg - private key password source\n", | 99 " -passin arg - private key password source\n", |
100 " -serial - print serial number value\n", | 100 " -serial - print serial number value\n", |
101 " -subject_hash - print subject hash value\n", | 101 " -subject_hash - print subject hash value\n", |
| 102 #ifndef OPENSSL_NO_MD5 |
| 103 " -subject_hash_old - print old-style (MD5) subject hash value\n", |
| 104 #endif |
102 " -issuer_hash - print issuer hash value\n", | 105 " -issuer_hash - print issuer hash value\n", |
| 106 #ifndef OPENSSL_NO_MD5 |
| 107 " -issuer_hash_old - print old-style (MD5) issuer hash value\n", |
| 108 #endif |
103 " -hash - synonym for -subject_hash\n", | 109 " -hash - synonym for -subject_hash\n", |
104 " -subject - print subject DN\n", | 110 " -subject - print subject DN\n", |
105 " -issuer - print issuer DN\n", | 111 " -issuer - print issuer DN\n", |
106 " -email - print email address(es)\n", | 112 " -email - print email address(es)\n", |
107 " -startdate - notBefore field\n", | 113 " -startdate - notBefore field\n", |
108 " -enddate - notAfter field\n", | 114 " -enddate - notAfter field\n", |
109 " -purpose - print out certificate purposes\n", | 115 " -purpose - print out certificate purposes\n", |
110 " -dates - both Before and After dates\n", | 116 " -dates - both Before and After dates\n", |
111 " -modulus - print the RSA key modulus\n", | 117 " -modulus - print the RSA key modulus\n", |
112 " -pubkey - output the public key\n", | 118 " -pubkey - output the public key\n", |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
172 BIO *out=NULL; | 178 BIO *out=NULL; |
173 BIO *STDout=NULL; | 179 BIO *STDout=NULL; |
174 STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; | 180 STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; |
175 int informat,outformat,keyformat,CAformat,CAkeyformat; | 181 int informat,outformat,keyformat,CAformat,CAkeyformat; |
176 char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; | 182 char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; |
177 char *CAkeyfile=NULL,*CAserial=NULL; | 183 char *CAkeyfile=NULL,*CAserial=NULL; |
178 char *alias=NULL; | 184 char *alias=NULL; |
179 int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; | 185 int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; |
180 int next_serial=0; | 186 int next_serial=0; |
181 int subject_hash=0,issuer_hash=0,ocspid=0; | 187 int subject_hash=0,issuer_hash=0,ocspid=0; |
| 188 #ifndef OPENSSL_NO_MD5 |
| 189 int subject_hash_old=0,issuer_hash_old=0; |
| 190 #endif |
182 int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; | 191 int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; |
183 int ocsp_uri=0; | 192 int ocsp_uri=0; |
184 int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; | 193 int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; |
185 int C=0; | 194 int C=0; |
186 int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; | 195 int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; |
187 int pprint = 0; | 196 int pprint = 0; |
188 const char **pp; | 197 const char **pp; |
189 X509_STORE *ctx=NULL; | 198 X509_STORE *ctx=NULL; |
190 X509_REQ *rq=NULL; | 199 X509_REQ *rq=NULL; |
191 int fingerprint=0; | 200 int fingerprint=0; |
192 char buf[256]; | 201 char buf[256]; |
193 » const EVP_MD *md_alg,*digest=EVP_sha1(); | 202 » const EVP_MD *md_alg,*digest=NULL; |
194 CONF *extconf = NULL; | 203 CONF *extconf = NULL; |
195 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL
; | 204 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL
; |
196 int need_rand = 0; | 205 int need_rand = 0; |
197 int checkend=0,checkoffset=0; | 206 int checkend=0,checkoffset=0; |
198 unsigned long nmflag = 0, certflag = 0; | 207 unsigned long nmflag = 0, certflag = 0; |
199 #ifndef OPENSSL_NO_ENGINE | 208 #ifndef OPENSSL_NO_ENGINE |
200 char *engine=NULL; | 209 char *engine=NULL; |
201 #endif | 210 #endif |
202 | 211 |
203 reqfile=0; | 212 reqfile=0; |
(...skipping 14 matching lines...) Expand all Loading... |
218 #endif | 227 #endif |
219 | 228 |
220 informat=FORMAT_PEM; | 229 informat=FORMAT_PEM; |
221 outformat=FORMAT_PEM; | 230 outformat=FORMAT_PEM; |
222 keyformat=FORMAT_PEM; | 231 keyformat=FORMAT_PEM; |
223 CAformat=FORMAT_PEM; | 232 CAformat=FORMAT_PEM; |
224 CAkeyformat=FORMAT_PEM; | 233 CAkeyformat=FORMAT_PEM; |
225 | 234 |
226 ctx=X509_STORE_new(); | 235 ctx=X509_STORE_new(); |
227 if (ctx == NULL) goto end; | 236 if (ctx == NULL) goto end; |
228 » X509_STORE_set_verify_cb_func(ctx,callb); | 237 » X509_STORE_set_verify_cb(ctx,callb); |
229 | 238 |
230 argc--; | 239 argc--; |
231 argv++; | 240 argv++; |
232 num=0; | 241 num=0; |
233 while (argc >= 1) | 242 while (argc >= 1) |
234 { | 243 { |
235 if (strcmp(*argv,"-inform") == 0) | 244 if (strcmp(*argv,"-inform") == 0) |
236 { | 245 { |
237 if (--argc < 1) goto bad; | 246 if (--argc < 1) goto bad; |
238 informat=str2fmt(*(++argv)); | 247 informat=str2fmt(*(++argv)); |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
390 modulus= ++num; | 399 modulus= ++num; |
391 else if (strcmp(*argv,"-pubkey") == 0) | 400 else if (strcmp(*argv,"-pubkey") == 0) |
392 pubkey= ++num; | 401 pubkey= ++num; |
393 else if (strcmp(*argv,"-x509toreq") == 0) | 402 else if (strcmp(*argv,"-x509toreq") == 0) |
394 x509req= ++num; | 403 x509req= ++num; |
395 else if (strcmp(*argv,"-text") == 0) | 404 else if (strcmp(*argv,"-text") == 0) |
396 text= ++num; | 405 text= ++num; |
397 else if (strcmp(*argv,"-hash") == 0 | 406 else if (strcmp(*argv,"-hash") == 0 |
398 || strcmp(*argv,"-subject_hash") == 0) | 407 || strcmp(*argv,"-subject_hash") == 0) |
399 subject_hash= ++num; | 408 subject_hash= ++num; |
| 409 #ifndef OPENSSL_NO_MD5 |
| 410 else if (strcmp(*argv,"-subject_hash_old") == 0) |
| 411 subject_hash_old= ++num; |
| 412 #endif |
400 else if (strcmp(*argv,"-issuer_hash") == 0) | 413 else if (strcmp(*argv,"-issuer_hash") == 0) |
401 issuer_hash= ++num; | 414 issuer_hash= ++num; |
| 415 #ifndef OPENSSL_NO_MD5 |
| 416 else if (strcmp(*argv,"-issuer_hash_old") == 0) |
| 417 issuer_hash_old= ++num; |
| 418 #endif |
402 else if (strcmp(*argv,"-subject") == 0) | 419 else if (strcmp(*argv,"-subject") == 0) |
403 subject= ++num; | 420 subject= ++num; |
404 else if (strcmp(*argv,"-issuer") == 0) | 421 else if (strcmp(*argv,"-issuer") == 0) |
405 issuer= ++num; | 422 issuer= ++num; |
406 else if (strcmp(*argv,"-fingerprint") == 0) | 423 else if (strcmp(*argv,"-fingerprint") == 0) |
407 fingerprint= ++num; | 424 fingerprint= ++num; |
408 else if (strcmp(*argv,"-dates") == 0) | 425 else if (strcmp(*argv,"-dates") == 0) |
409 { | 426 { |
410 startdate= ++num; | 427 startdate= ++num; |
411 enddate= ++num; | 428 enddate= ++num; |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
532 extsect); | 549 extsect); |
533 ERR_print_errors(bio_err); | 550 ERR_print_errors(bio_err); |
534 goto end; | 551 goto end; |
535 } | 552 } |
536 } | 553 } |
537 | 554 |
538 | 555 |
539 if (reqfile) | 556 if (reqfile) |
540 { | 557 { |
541 EVP_PKEY *pkey; | 558 EVP_PKEY *pkey; |
542 X509_CINF *ci; | |
543 BIO *in; | 559 BIO *in; |
544 | 560 |
545 if (!sign_flag && !CA_flag) | 561 if (!sign_flag && !CA_flag) |
546 { | 562 { |
547 BIO_printf(bio_err,"We need a private key to sign with\n
"); | 563 BIO_printf(bio_err,"We need a private key to sign with\n
"); |
548 goto end; | 564 goto end; |
549 } | 565 } |
550 in=BIO_new(BIO_s_file()); | 566 in=BIO_new(BIO_s_file()); |
551 if (in == NULL) | 567 if (in == NULL) |
552 { | 568 { |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
600 { | 616 { |
601 BIO_printf(bio_err,"Signature did not match the certific
ate request\n"); | 617 BIO_printf(bio_err,"Signature did not match the certific
ate request\n"); |
602 goto end; | 618 goto end; |
603 } | 619 } |
604 else | 620 else |
605 BIO_printf(bio_err,"Signature ok\n"); | 621 BIO_printf(bio_err,"Signature ok\n"); |
606 | 622 |
607 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
nmflag); | 623 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
nmflag); |
608 | 624 |
609 if ((x=X509_new()) == NULL) goto end; | 625 if ((x=X509_new()) == NULL) goto end; |
610 ci=x->cert_info; | |
611 | 626 |
612 if (sno == NULL) | 627 if (sno == NULL) |
613 { | 628 { |
614 sno = ASN1_INTEGER_new(); | 629 sno = ASN1_INTEGER_new(); |
615 if (!sno || !rand_serial(NULL, sno)) | 630 if (!sno || !rand_serial(NULL, sno)) |
616 goto end; | 631 goto end; |
617 if (!X509_set_serialNumber(x, sno)) | 632 if (!X509_set_serialNumber(x, sno)) |
618 goto end; | 633 goto end; |
619 ASN1_INTEGER_free(sno); | 634 ASN1_INTEGER_free(sno); |
620 sno = NULL; | 635 sno = NULL; |
621 } | 636 } |
622 else if (!X509_set_serialNumber(x, sno)) | 637 else if (!X509_set_serialNumber(x, sno)) |
623 goto end; | 638 goto end; |
624 | 639 |
625 if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; | 640 if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; |
626 if (!X509_set_subject_name(x,req->req_info->subject)) goto end; | 641 if (!X509_set_subject_name(x,req->req_info->subject)) goto end; |
627 | 642 |
628 X509_gmtime_adj(X509_get_notBefore(x),0); | 643 X509_gmtime_adj(X509_get_notBefore(x),0); |
629 » X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); | 644 » X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL); |
630 | 645 |
631 pkey = X509_REQ_get_pubkey(req); | 646 pkey = X509_REQ_get_pubkey(req); |
632 X509_set_pubkey(x,pkey); | 647 X509_set_pubkey(x,pkey); |
633 EVP_PKEY_free(pkey); | 648 EVP_PKEY_free(pkey); |
634 } | 649 } |
635 else | 650 else |
636 x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); | 651 x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); |
637 | 652 |
638 if (x == NULL) goto end; | 653 if (x == NULL) goto end; |
639 if (CA_flag) | 654 if (CA_flag) |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
731 if (!ser) | 746 if (!ser) |
732 goto end; | 747 goto end; |
733 BN_free(bnser); | 748 BN_free(bnser); |
734 i2a_ASN1_INTEGER(out, ser); | 749 i2a_ASN1_INTEGER(out, ser); |
735 ASN1_INTEGER_free(ser); | 750 ASN1_INTEGER_free(ser); |
736 BIO_puts(out, "\n"); | 751 BIO_puts(out, "\n"); |
737 } | 752 } |
738 else if ((email == i) || (ocsp_uri == i)) | 753 else if ((email == i) || (ocsp_uri == i)) |
739 { | 754 { |
740 int j; | 755 int j; |
741 » » » » STACK *emlst; | 756 » » » » STACK_OF(OPENSSL_STRING) *emlst; |
742 if (email == i) | 757 if (email == i) |
743 emlst = X509_get1_email(x); | 758 emlst = X509_get1_email(x); |
744 else | 759 else |
745 emlst = X509_get1_ocsp(x); | 760 emlst = X509_get1_ocsp(x); |
746 » » » » for (j = 0; j < sk_num(emlst); j++) | 761 » » » » for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j+
+) |
747 » » » » » BIO_printf(STDout, "%s\n", sk_value(emls
t, j)); | 762 » » » » » BIO_printf(STDout, "%s\n", |
| 763 » » » » » » sk_OPENSSL_STRING_value(emlst
, j)); |
748 X509_email_free(emlst); | 764 X509_email_free(emlst); |
749 } | 765 } |
750 else if (aliasout == i) | 766 else if (aliasout == i) |
751 { | 767 { |
752 unsigned char *alstr; | 768 unsigned char *alstr; |
753 alstr = X509_alias_get0(x, NULL); | 769 alstr = X509_alias_get0(x, NULL); |
754 if (alstr) BIO_printf(STDout,"%s\n", alstr); | 770 if (alstr) BIO_printf(STDout,"%s\n", alstr); |
755 else BIO_puts(STDout,"<No Alias>\n"); | 771 else BIO_puts(STDout,"<No Alias>\n"); |
756 } | 772 } |
757 else if (subject_hash == i) | 773 else if (subject_hash == i) |
758 { | 774 { |
759 BIO_printf(STDout,"%08lx\n",X509_subject_name_ha
sh(x)); | 775 BIO_printf(STDout,"%08lx\n",X509_subject_name_ha
sh(x)); |
760 } | 776 } |
| 777 #ifndef OPENSSL_NO_MD5 |
| 778 else if (subject_hash_old == i) |
| 779 { |
| 780 BIO_printf(STDout,"%08lx\n",X509_subject_name_ha
sh_old(x)); |
| 781 } |
| 782 #endif |
761 else if (issuer_hash == i) | 783 else if (issuer_hash == i) |
762 { | 784 { |
763 BIO_printf(STDout,"%08lx\n",X509_issuer_name_has
h(x)); | 785 BIO_printf(STDout,"%08lx\n",X509_issuer_name_has
h(x)); |
764 } | 786 } |
| 787 #ifndef OPENSSL_NO_MD5 |
| 788 else if (issuer_hash_old == i) |
| 789 { |
| 790 BIO_printf(STDout,"%08lx\n",X509_issuer_name_has
h_old(x)); |
| 791 } |
| 792 #endif |
765 else if (pprint == i) | 793 else if (pprint == i) |
766 { | 794 { |
767 X509_PURPOSE *ptmp; | 795 X509_PURPOSE *ptmp; |
768 int j; | 796 int j; |
769 BIO_printf(STDout, "Certificate purposes:\n"); | 797 BIO_printf(STDout, "Certificate purposes:\n"); |
770 for (j = 0; j < X509_PURPOSE_get_count(); j++) | 798 for (j = 0; j < X509_PURPOSE_get_count(); j++) |
771 { | 799 { |
772 ptmp = X509_PURPOSE_get0(j); | 800 ptmp = X509_PURPOSE_get0(j); |
773 purpose_print(STDout, x, ptmp); | 801 purpose_print(STDout, x, ptmp); |
774 } | 802 } |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
885 { | 913 { |
886 BIO_puts(STDout,"notAfter="); | 914 BIO_puts(STDout,"notAfter="); |
887 ASN1_TIME_print(STDout,X509_get_notAfter(x)); | 915 ASN1_TIME_print(STDout,X509_get_notAfter(x)); |
888 BIO_puts(STDout,"\n"); | 916 BIO_puts(STDout,"\n"); |
889 } | 917 } |
890 else if (fingerprint == i) | 918 else if (fingerprint == i) |
891 { | 919 { |
892 int j; | 920 int j; |
893 unsigned int n; | 921 unsigned int n; |
894 unsigned char md[EVP_MAX_MD_SIZE]; | 922 unsigned char md[EVP_MAX_MD_SIZE]; |
| 923 const EVP_MD *fdig = digest; |
895 | 924 |
896 » » » » if (!X509_digest(x,digest,md,&n)) | 925 » » » » if (!fdig) |
| 926 » » » » » fdig = EVP_sha1(); |
| 927 |
| 928 » » » » if (!X509_digest(x,fdig,md,&n)) |
897 { | 929 { |
898 BIO_printf(bio_err,"out of memory\n"); | 930 BIO_printf(bio_err,"out of memory\n"); |
899 goto end; | 931 goto end; |
900 } | 932 } |
901 BIO_printf(STDout,"%s Fingerprint=", | 933 BIO_printf(STDout,"%s Fingerprint=", |
902 » » » » » » OBJ_nid2sn(EVP_MD_type(digest)))
; | 934 » » » » » » OBJ_nid2sn(EVP_MD_type(fdig))); |
903 for (j=0; j<(int)n; j++) | 935 for (j=0; j<(int)n; j++) |
904 { | 936 { |
905 BIO_printf(STDout,"%02X%c",md[j], | 937 BIO_printf(STDout,"%02X%c",md[j], |
906 (j+1 == (int)n) | 938 (j+1 == (int)n) |
907 ?'\n':':'); | 939 ?'\n':':'); |
908 } | 940 } |
909 } | 941 } |
910 | 942 |
911 /* should be in the library */ | 943 /* should be in the library */ |
912 else if ((sign_flag == i) && (x509req == 0)) | 944 else if ((sign_flag == i) && (x509req == 0)) |
913 { | 945 { |
914 BIO_printf(bio_err,"Getting Private key\n"); | 946 BIO_printf(bio_err,"Getting Private key\n"); |
915 if (Upkey == NULL) | 947 if (Upkey == NULL) |
916 { | 948 { |
917 Upkey=load_key(bio_err, | 949 Upkey=load_key(bio_err, |
918 keyfile, keyformat, 0, | 950 keyfile, keyformat, 0, |
919 passin, e, "Private key"); | 951 passin, e, "Private key"); |
920 if (Upkey == NULL) goto end; | 952 if (Upkey == NULL) goto end; |
921 } | 953 } |
922 #ifndef OPENSSL_NO_DSA | |
923 if (Upkey->type == EVP_PKEY_DSA) | |
924 digest=EVP_dss1(); | |
925 #endif | |
926 #ifndef OPENSSL_NO_ECDSA | |
927 if (Upkey->type == EVP_PKEY_EC) | |
928 digest=EVP_ecdsa(); | |
929 #endif | |
930 | 954 |
931 assert(need_rand); | 955 assert(need_rand); |
932 if (!sign(x,Upkey,days,clrext,digest, | 956 if (!sign(x,Upkey,days,clrext,digest, |
933 extconf, extsect)) goto end; | 957 extconf, extsect)) goto end; |
934 } | 958 } |
935 else if (CA_flag == i) | 959 else if (CA_flag == i) |
936 { | 960 { |
937 BIO_printf(bio_err,"Getting CA Private Key\n"); | 961 BIO_printf(bio_err,"Getting CA Private Key\n"); |
938 if (CAkeyfile != NULL) | 962 if (CAkeyfile != NULL) |
939 { | 963 { |
940 CApkey=load_key(bio_err, | 964 CApkey=load_key(bio_err, |
941 CAkeyfile, CAkeyformat, | 965 CAkeyfile, CAkeyformat, |
942 0, passin, e, | 966 0, passin, e, |
943 "CA Private Key"); | 967 "CA Private Key"); |
944 if (CApkey == NULL) goto end; | 968 if (CApkey == NULL) goto end; |
945 } | 969 } |
946 #ifndef OPENSSL_NO_DSA | |
947 if (CApkey->type == EVP_PKEY_DSA) | |
948 digest=EVP_dss1(); | |
949 #endif | |
950 #ifndef OPENSSL_NO_ECDSA | |
951 if (CApkey->type == EVP_PKEY_EC) | |
952 digest = EVP_ecdsa(); | |
953 #endif | |
954 | 970 |
955 assert(need_rand); | 971 assert(need_rand); |
956 if (!x509_certify(ctx,CAfile,digest,x,xca, | 972 if (!x509_certify(ctx,CAfile,digest,x,xca, |
957 CApkey, CAserial,CA_createserial,days, c
lrext, | 973 CApkey, CAserial,CA_createserial,days, c
lrext, |
958 extconf, extsect, sno)) | 974 extconf, extsect, sno)) |
959 goto end; | 975 goto end; |
960 } | 976 } |
961 else if (x509req == i) | 977 else if (x509req == i) |
962 { | 978 { |
963 EVP_PKEY *pk; | 979 EVP_PKEY *pk; |
964 | 980 |
965 BIO_printf(bio_err,"Getting request Private Key\
n"); | 981 BIO_printf(bio_err,"Getting request Private Key\
n"); |
966 if (keyfile == NULL) | 982 if (keyfile == NULL) |
967 { | 983 { |
968 BIO_printf(bio_err,"no request key file
specified\n"); | 984 BIO_printf(bio_err,"no request key file
specified\n"); |
969 goto end; | 985 goto end; |
970 } | 986 } |
971 else | 987 else |
972 { | 988 { |
973 pk=load_key(bio_err, | 989 pk=load_key(bio_err, |
974 » » » » » » keyfile, FORMAT_PEM, 0, | 990 » » » » » » keyfile, keyformat, 0, |
975 passin, e, "request key"); | 991 passin, e, "request key"); |
976 if (pk == NULL) goto end; | 992 if (pk == NULL) goto end; |
977 } | 993 } |
978 | 994 |
979 BIO_printf(bio_err,"Generating certificate reque
st\n"); | 995 BIO_printf(bio_err,"Generating certificate reque
st\n"); |
980 | 996 |
981 #ifndef OPENSSL_NO_DSA | |
982 if (pk->type == EVP_PKEY_DSA) | |
983 digest=EVP_dss1(); | |
984 #endif | |
985 #ifndef OPENSSL_NO_ECDSA | |
986 if (pk->type == EVP_PKEY_EC) | |
987 digest=EVP_ecdsa(); | |
988 #endif | |
989 | |
990 rq=X509_to_X509_REQ(x,pk,digest); | 997 rq=X509_to_X509_REQ(x,pk,digest); |
991 EVP_PKEY_free(pk); | 998 EVP_PKEY_free(pk); |
992 if (rq == NULL) | 999 if (rq == NULL) |
993 { | 1000 { |
994 ERR_print_errors(bio_err); | 1001 ERR_print_errors(bio_err); |
995 goto end; | 1002 goto end; |
996 } | 1003 } |
997 if (!noout) | 1004 if (!noout) |
998 { | 1005 { |
999 X509_REQ_print(out,rq); | 1006 X509_REQ_print(out,rq); |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1033 | 1040 |
1034 if (outformat == FORMAT_ASN1) | 1041 if (outformat == FORMAT_ASN1) |
1035 i=i2d_X509_bio(out,x); | 1042 i=i2d_X509_bio(out,x); |
1036 else if (outformat == FORMAT_PEM) | 1043 else if (outformat == FORMAT_PEM) |
1037 { | 1044 { |
1038 if (trustout) i=PEM_write_bio_X509_AUX(out,x); | 1045 if (trustout) i=PEM_write_bio_X509_AUX(out,x); |
1039 else i=PEM_write_bio_X509(out,x); | 1046 else i=PEM_write_bio_X509(out,x); |
1040 } | 1047 } |
1041 else if (outformat == FORMAT_NETSCAPE) | 1048 else if (outformat == FORMAT_NETSCAPE) |
1042 { | 1049 { |
1043 » » ASN1_HEADER ah; | 1050 » » NETSCAPE_X509 nx; |
1044 » » ASN1_OCTET_STRING os; | 1051 » » ASN1_OCTET_STRING hdr; |
1045 | 1052 |
1046 » » os.data=(unsigned char *)NETSCAPE_CERT_HDR; | 1053 » » hdr.data=(unsigned char *)NETSCAPE_CERT_HDR; |
1047 » » os.length=strlen(NETSCAPE_CERT_HDR); | 1054 » » hdr.length=strlen(NETSCAPE_CERT_HDR); |
1048 » » ah.header= &os; | 1055 » » nx.header= &hdr; |
1049 » » ah.data=(char *)x; | 1056 » » nx.cert=x; |
1050 » » ah.meth=X509_asn1_meth(); | |
1051 | 1057 |
1052 » » i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah); | 1058 » » i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx); |
1053 } | 1059 } |
1054 else { | 1060 else { |
1055 BIO_printf(bio_err,"bad output format specified for outfile\n"); | 1061 BIO_printf(bio_err,"bad output format specified for outfile\n"); |
1056 goto end; | 1062 goto end; |
1057 } | 1063 } |
1058 if (!i) | 1064 if (!i) |
1059 { | 1065 { |
1060 BIO_printf(bio_err,"unable to write certificate\n"); | 1066 BIO_printf(bio_err,"unable to write certificate\n"); |
1061 ERR_print_errors(bio_err); | 1067 ERR_print_errors(bio_err); |
1062 goto end; | 1068 goto end; |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1161 goto end; | 1167 goto end; |
1162 } | 1168 } |
1163 | 1169 |
1164 if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end; | 1170 if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end; |
1165 if (!X509_set_serialNumber(x,bs)) goto end; | 1171 if (!X509_set_serialNumber(x,bs)) goto end; |
1166 | 1172 |
1167 if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL) | 1173 if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL) |
1168 goto end; | 1174 goto end; |
1169 | 1175 |
1170 /* hardwired expired */ | 1176 /* hardwired expired */ |
1171 » if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL) | 1177 » if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL) |
1172 goto end; | 1178 goto end; |
1173 | 1179 |
1174 if (clrext) | 1180 if (clrext) |
1175 { | 1181 { |
1176 while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); | 1182 while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); |
1177 } | 1183 } |
1178 | 1184 |
1179 if (conf) | 1185 if (conf) |
1180 { | 1186 { |
1181 X509V3_CTX ctx2; | 1187 X509V3_CTX ctx2; |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1277 for (i = 0; i < 2; i++) | 1283 for (i = 0; i < 2; i++) |
1278 { | 1284 { |
1279 idret = X509_check_purpose(cert, id, i); | 1285 idret = X509_check_purpose(cert, id, i); |
1280 BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); | 1286 BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); |
1281 if (idret == 1) BIO_printf(bio, "Yes\n"); | 1287 if (idret == 1) BIO_printf(bio, "Yes\n"); |
1282 else if (idret == 0) BIO_printf(bio, "No\n"); | 1288 else if (idret == 0) BIO_printf(bio, "No\n"); |
1283 else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret); | 1289 else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret); |
1284 } | 1290 } |
1285 return 1; | 1291 return 1; |
1286 } | 1292 } |
OLD | NEW |