| OLD | NEW |
|---|
| 1 /* apps/x509.c */ | 1 /* apps/x509.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 92 " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", | 92 " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", |
| 93 " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", | 93 " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", |
| 94 " -keyform arg - private key format - default PEM\n", | 94 " -keyform arg - private key format - default PEM\n", |
| 95 " -CAform arg - CA format - default PEM\n", | 95 " -CAform arg - CA format - default PEM\n", |
| 96 " -CAkeyform arg - CA key format - default PEM\n", | 96 " -CAkeyform arg - CA key format - default PEM\n", |
| 97 " -in arg - input file - default stdin\n", | 97 " -in arg - input file - default stdin\n", |
| 98 " -out arg - output file - default stdout\n", | 98 " -out arg - output file - default stdout\n", |
| 99 " -passin arg - private key password source\n", | 99 " -passin arg - private key password source\n", |
| 100 " -serial - print serial number value\n", | 100 " -serial - print serial number value\n", |
| 101 " -subject_hash - print subject hash value\n", | 101 " -subject_hash - print subject hash value\n", |
| 102 #ifndef OPENSSL_NO_MD5 |
| 103 " -subject_hash_old - print old-style (MD5) subject hash value\n", |
| 104 #endif |
| 102 " -issuer_hash - print issuer hash value\n", | 105 " -issuer_hash - print issuer hash value\n", |
| 106 #ifndef OPENSSL_NO_MD5 |
| 107 " -issuer_hash_old - print old-style (MD5) issuer hash value\n", |
| 108 #endif |
| 103 " -hash - synonym for -subject_hash\n", | 109 " -hash - synonym for -subject_hash\n", |
| 104 " -subject - print subject DN\n", | 110 " -subject - print subject DN\n", |
| 105 " -issuer - print issuer DN\n", | 111 " -issuer - print issuer DN\n", |
| 106 " -email - print email address(es)\n", | 112 " -email - print email address(es)\n", |
| 107 " -startdate - notBefore field\n", | 113 " -startdate - notBefore field\n", |
| 108 " -enddate - notAfter field\n", | 114 " -enddate - notAfter field\n", |
| 109 " -purpose - print out certificate purposes\n", | 115 " -purpose - print out certificate purposes\n", |
| 110 " -dates - both Before and After dates\n", | 116 " -dates - both Before and After dates\n", |
| 111 " -modulus - print the RSA key modulus\n", | 117 " -modulus - print the RSA key modulus\n", |
| 112 " -pubkey - output the public key\n", | 118 " -pubkey - output the public key\n", |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 172 BIO *out=NULL; | 178 BIO *out=NULL; |
| 173 BIO *STDout=NULL; | 179 BIO *STDout=NULL; |
| 174 STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; | 180 STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; |
| 175 int informat,outformat,keyformat,CAformat,CAkeyformat; | 181 int informat,outformat,keyformat,CAformat,CAkeyformat; |
| 176 char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; | 182 char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; |
| 177 char *CAkeyfile=NULL,*CAserial=NULL; | 183 char *CAkeyfile=NULL,*CAserial=NULL; |
| 178 char *alias=NULL; | 184 char *alias=NULL; |
| 179 int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; | 185 int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; |
| 180 int next_serial=0; | 186 int next_serial=0; |
| 181 int subject_hash=0,issuer_hash=0,ocspid=0; | 187 int subject_hash=0,issuer_hash=0,ocspid=0; |
| 188 #ifndef OPENSSL_NO_MD5 |
| 189 int subject_hash_old=0,issuer_hash_old=0; |
| 190 #endif |
| 182 int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; | 191 int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; |
| 183 int ocsp_uri=0; | 192 int ocsp_uri=0; |
| 184 int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; | 193 int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; |
| 185 int C=0; | 194 int C=0; |
| 186 int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; | 195 int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; |
| 187 int pprint = 0; | 196 int pprint = 0; |
| 188 const char **pp; | 197 const char **pp; |
| 189 X509_STORE *ctx=NULL; | 198 X509_STORE *ctx=NULL; |
| 190 X509_REQ *rq=NULL; | 199 X509_REQ *rq=NULL; |
| 191 int fingerprint=0; | 200 int fingerprint=0; |
| 192 char buf[256]; | 201 char buf[256]; |
| 193 » const EVP_MD *md_alg,*digest=EVP_sha1(); | 202 » const EVP_MD *md_alg,*digest=NULL; |
| 194 CONF *extconf = NULL; | 203 CONF *extconf = NULL; |
| 195 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL
; | 204 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL
; |
| 196 int need_rand = 0; | 205 int need_rand = 0; |
| 197 int checkend=0,checkoffset=0; | 206 int checkend=0,checkoffset=0; |
| 198 unsigned long nmflag = 0, certflag = 0; | 207 unsigned long nmflag = 0, certflag = 0; |
| 199 #ifndef OPENSSL_NO_ENGINE | 208 #ifndef OPENSSL_NO_ENGINE |
| 200 char *engine=NULL; | 209 char *engine=NULL; |
| 201 #endif | 210 #endif |
| 202 | 211 |
| 203 reqfile=0; | 212 reqfile=0; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 218 #endif | 227 #endif |
| 219 | 228 |
| 220 informat=FORMAT_PEM; | 229 informat=FORMAT_PEM; |
| 221 outformat=FORMAT_PEM; | 230 outformat=FORMAT_PEM; |
| 222 keyformat=FORMAT_PEM; | 231 keyformat=FORMAT_PEM; |
| 223 CAformat=FORMAT_PEM; | 232 CAformat=FORMAT_PEM; |
| 224 CAkeyformat=FORMAT_PEM; | 233 CAkeyformat=FORMAT_PEM; |
| 225 | 234 |
| 226 ctx=X509_STORE_new(); | 235 ctx=X509_STORE_new(); |
| 227 if (ctx == NULL) goto end; | 236 if (ctx == NULL) goto end; |
| 228 » X509_STORE_set_verify_cb_func(ctx,callb); | 237 » X509_STORE_set_verify_cb(ctx,callb); |
| 229 | 238 |
| 230 argc--; | 239 argc--; |
| 231 argv++; | 240 argv++; |
| 232 num=0; | 241 num=0; |
| 233 while (argc >= 1) | 242 while (argc >= 1) |
| 234 { | 243 { |
| 235 if (strcmp(*argv,"-inform") == 0) | 244 if (strcmp(*argv,"-inform") == 0) |
| 236 { | 245 { |
| 237 if (--argc < 1) goto bad; | 246 if (--argc < 1) goto bad; |
| 238 informat=str2fmt(*(++argv)); | 247 informat=str2fmt(*(++argv)); |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 390 modulus= ++num; | 399 modulus= ++num; |
| 391 else if (strcmp(*argv,"-pubkey") == 0) | 400 else if (strcmp(*argv,"-pubkey") == 0) |
| 392 pubkey= ++num; | 401 pubkey= ++num; |
| 393 else if (strcmp(*argv,"-x509toreq") == 0) | 402 else if (strcmp(*argv,"-x509toreq") == 0) |
| 394 x509req= ++num; | 403 x509req= ++num; |
| 395 else if (strcmp(*argv,"-text") == 0) | 404 else if (strcmp(*argv,"-text") == 0) |
| 396 text= ++num; | 405 text= ++num; |
| 397 else if (strcmp(*argv,"-hash") == 0 | 406 else if (strcmp(*argv,"-hash") == 0 |
| 398 || strcmp(*argv,"-subject_hash") == 0) | 407 || strcmp(*argv,"-subject_hash") == 0) |
| 399 subject_hash= ++num; | 408 subject_hash= ++num; |
| 409 #ifndef OPENSSL_NO_MD5 |
| 410 else if (strcmp(*argv,"-subject_hash_old") == 0) |
| 411 subject_hash_old= ++num; |
| 412 #endif |
| 400 else if (strcmp(*argv,"-issuer_hash") == 0) | 413 else if (strcmp(*argv,"-issuer_hash") == 0) |
| 401 issuer_hash= ++num; | 414 issuer_hash= ++num; |
| 415 #ifndef OPENSSL_NO_MD5 |
| 416 else if (strcmp(*argv,"-issuer_hash_old") == 0) |
| 417 issuer_hash_old= ++num; |
| 418 #endif |
| 402 else if (strcmp(*argv,"-subject") == 0) | 419 else if (strcmp(*argv,"-subject") == 0) |
| 403 subject= ++num; | 420 subject= ++num; |
| 404 else if (strcmp(*argv,"-issuer") == 0) | 421 else if (strcmp(*argv,"-issuer") == 0) |
| 405 issuer= ++num; | 422 issuer= ++num; |
| 406 else if (strcmp(*argv,"-fingerprint") == 0) | 423 else if (strcmp(*argv,"-fingerprint") == 0) |
| 407 fingerprint= ++num; | 424 fingerprint= ++num; |
| 408 else if (strcmp(*argv,"-dates") == 0) | 425 else if (strcmp(*argv,"-dates") == 0) |
| 409 { | 426 { |
| 410 startdate= ++num; | 427 startdate= ++num; |
| 411 enddate= ++num; | 428 enddate= ++num; |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 532 extsect); | 549 extsect); |
| 533 ERR_print_errors(bio_err); | 550 ERR_print_errors(bio_err); |
| 534 goto end; | 551 goto end; |
| 535 } | 552 } |
| 536 } | 553 } |
| 537 | 554 |
| 538 | 555 |
| 539 if (reqfile) | 556 if (reqfile) |
| 540 { | 557 { |
| 541 EVP_PKEY *pkey; | 558 EVP_PKEY *pkey; |
| 542 X509_CINF *ci; | |
| 543 BIO *in; | 559 BIO *in; |
| 544 | 560 |
| 545 if (!sign_flag && !CA_flag) | 561 if (!sign_flag && !CA_flag) |
| 546 { | 562 { |
| 547 BIO_printf(bio_err,"We need a private key to sign with\n
"); | 563 BIO_printf(bio_err,"We need a private key to sign with\n
"); |
| 548 goto end; | 564 goto end; |
| 549 } | 565 } |
| 550 in=BIO_new(BIO_s_file()); | 566 in=BIO_new(BIO_s_file()); |
| 551 if (in == NULL) | 567 if (in == NULL) |
| 552 { | 568 { |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 600 { | 616 { |
| 601 BIO_printf(bio_err,"Signature did not match the certific
ate request\n"); | 617 BIO_printf(bio_err,"Signature did not match the certific
ate request\n"); |
| 602 goto end; | 618 goto end; |
| 603 } | 619 } |
| 604 else | 620 else |
| 605 BIO_printf(bio_err,"Signature ok\n"); | 621 BIO_printf(bio_err,"Signature ok\n"); |
| 606 | 622 |
| 607 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
nmflag); | 623 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
nmflag); |
| 608 | 624 |
| 609 if ((x=X509_new()) == NULL) goto end; | 625 if ((x=X509_new()) == NULL) goto end; |
| 610 ci=x->cert_info; | |
| 611 | 626 |
| 612 if (sno == NULL) | 627 if (sno == NULL) |
| 613 { | 628 { |
| 614 sno = ASN1_INTEGER_new(); | 629 sno = ASN1_INTEGER_new(); |
| 615 if (!sno || !rand_serial(NULL, sno)) | 630 if (!sno || !rand_serial(NULL, sno)) |
| 616 goto end; | 631 goto end; |
| 617 if (!X509_set_serialNumber(x, sno)) | 632 if (!X509_set_serialNumber(x, sno)) |
| 618 goto end; | 633 goto end; |
| 619 ASN1_INTEGER_free(sno); | 634 ASN1_INTEGER_free(sno); |
| 620 sno = NULL; | 635 sno = NULL; |
| 621 } | 636 } |
| 622 else if (!X509_set_serialNumber(x, sno)) | 637 else if (!X509_set_serialNumber(x, sno)) |
| 623 goto end; | 638 goto end; |
| 624 | 639 |
| 625 if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; | 640 if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; |
| 626 if (!X509_set_subject_name(x,req->req_info->subject)) goto end; | 641 if (!X509_set_subject_name(x,req->req_info->subject)) goto end; |
| 627 | 642 |
| 628 X509_gmtime_adj(X509_get_notBefore(x),0); | 643 X509_gmtime_adj(X509_get_notBefore(x),0); |
| 629 » X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); | 644 » X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL); |
| 630 | 645 |
| 631 pkey = X509_REQ_get_pubkey(req); | 646 pkey = X509_REQ_get_pubkey(req); |
| 632 X509_set_pubkey(x,pkey); | 647 X509_set_pubkey(x,pkey); |
| 633 EVP_PKEY_free(pkey); | 648 EVP_PKEY_free(pkey); |
| 634 } | 649 } |
| 635 else | 650 else |
| 636 x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); | 651 x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); |
| 637 | 652 |
| 638 if (x == NULL) goto end; | 653 if (x == NULL) goto end; |
| 639 if (CA_flag) | 654 if (CA_flag) |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 731 if (!ser) | 746 if (!ser) |
| 732 goto end; | 747 goto end; |
| 733 BN_free(bnser); | 748 BN_free(bnser); |
| 734 i2a_ASN1_INTEGER(out, ser); | 749 i2a_ASN1_INTEGER(out, ser); |
| 735 ASN1_INTEGER_free(ser); | 750 ASN1_INTEGER_free(ser); |
| 736 BIO_puts(out, "\n"); | 751 BIO_puts(out, "\n"); |
| 737 } | 752 } |
| 738 else if ((email == i) || (ocsp_uri == i)) | 753 else if ((email == i) || (ocsp_uri == i)) |
| 739 { | 754 { |
| 740 int j; | 755 int j; |
| 741 » » » » STACK *emlst; | 756 » » » » STACK_OF(OPENSSL_STRING) *emlst; |
| 742 if (email == i) | 757 if (email == i) |
| 743 emlst = X509_get1_email(x); | 758 emlst = X509_get1_email(x); |
| 744 else | 759 else |
| 745 emlst = X509_get1_ocsp(x); | 760 emlst = X509_get1_ocsp(x); |
| 746 » » » » for (j = 0; j < sk_num(emlst); j++) | 761 » » » » for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j+
+) |
| 747 » » » » » BIO_printf(STDout, "%s\n", sk_value(emls
t, j)); | 762 » » » » » BIO_printf(STDout, "%s\n", |
| 763 » » » » » » sk_OPENSSL_STRING_value(emlst
, j)); |
| 748 X509_email_free(emlst); | 764 X509_email_free(emlst); |
| 749 } | 765 } |
| 750 else if (aliasout == i) | 766 else if (aliasout == i) |
| 751 { | 767 { |
| 752 unsigned char *alstr; | 768 unsigned char *alstr; |
| 753 alstr = X509_alias_get0(x, NULL); | 769 alstr = X509_alias_get0(x, NULL); |
| 754 if (alstr) BIO_printf(STDout,"%s\n", alstr); | 770 if (alstr) BIO_printf(STDout,"%s\n", alstr); |
| 755 else BIO_puts(STDout,"<No Alias>\n"); | 771 else BIO_puts(STDout,"<No Alias>\n"); |
| 756 } | 772 } |
| 757 else if (subject_hash == i) | 773 else if (subject_hash == i) |
| 758 { | 774 { |
| 759 BIO_printf(STDout,"%08lx\n",X509_subject_name_ha
sh(x)); | 775 BIO_printf(STDout,"%08lx\n",X509_subject_name_ha
sh(x)); |
| 760 } | 776 } |
| 777 #ifndef OPENSSL_NO_MD5 |
| 778 else if (subject_hash_old == i) |
| 779 { |
| 780 BIO_printf(STDout,"%08lx\n",X509_subject_name_ha
sh_old(x)); |
| 781 } |
| 782 #endif |
| 761 else if (issuer_hash == i) | 783 else if (issuer_hash == i) |
| 762 { | 784 { |
| 763 BIO_printf(STDout,"%08lx\n",X509_issuer_name_has
h(x)); | 785 BIO_printf(STDout,"%08lx\n",X509_issuer_name_has
h(x)); |
| 764 } | 786 } |
| 787 #ifndef OPENSSL_NO_MD5 |
| 788 else if (issuer_hash_old == i) |
| 789 { |
| 790 BIO_printf(STDout,"%08lx\n",X509_issuer_name_has
h_old(x)); |
| 791 } |
| 792 #endif |
| 765 else if (pprint == i) | 793 else if (pprint == i) |
| 766 { | 794 { |
| 767 X509_PURPOSE *ptmp; | 795 X509_PURPOSE *ptmp; |
| 768 int j; | 796 int j; |
| 769 BIO_printf(STDout, "Certificate purposes:\n"); | 797 BIO_printf(STDout, "Certificate purposes:\n"); |
| 770 for (j = 0; j < X509_PURPOSE_get_count(); j++) | 798 for (j = 0; j < X509_PURPOSE_get_count(); j++) |
| 771 { | 799 { |
| 772 ptmp = X509_PURPOSE_get0(j); | 800 ptmp = X509_PURPOSE_get0(j); |
| 773 purpose_print(STDout, x, ptmp); | 801 purpose_print(STDout, x, ptmp); |
| 774 } | 802 } |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 885 { | 913 { |
| 886 BIO_puts(STDout,"notAfter="); | 914 BIO_puts(STDout,"notAfter="); |
| 887 ASN1_TIME_print(STDout,X509_get_notAfter(x)); | 915 ASN1_TIME_print(STDout,X509_get_notAfter(x)); |
| 888 BIO_puts(STDout,"\n"); | 916 BIO_puts(STDout,"\n"); |
| 889 } | 917 } |
| 890 else if (fingerprint == i) | 918 else if (fingerprint == i) |
| 891 { | 919 { |
| 892 int j; | 920 int j; |
| 893 unsigned int n; | 921 unsigned int n; |
| 894 unsigned char md[EVP_MAX_MD_SIZE]; | 922 unsigned char md[EVP_MAX_MD_SIZE]; |
| 923 const EVP_MD *fdig = digest; |
| 895 | 924 |
| 896 » » » » if (!X509_digest(x,digest,md,&n)) | 925 » » » » if (!fdig) |
| 926 » » » » » fdig = EVP_sha1(); |
| 927 |
| 928 » » » » if (!X509_digest(x,fdig,md,&n)) |
| 897 { | 929 { |
| 898 BIO_printf(bio_err,"out of memory\n"); | 930 BIO_printf(bio_err,"out of memory\n"); |
| 899 goto end; | 931 goto end; |
| 900 } | 932 } |
| 901 BIO_printf(STDout,"%s Fingerprint=", | 933 BIO_printf(STDout,"%s Fingerprint=", |
| 902 » » » » » » OBJ_nid2sn(EVP_MD_type(digest)))
; | 934 » » » » » » OBJ_nid2sn(EVP_MD_type(fdig))); |
| 903 for (j=0; j<(int)n; j++) | 935 for (j=0; j<(int)n; j++) |
| 904 { | 936 { |
| 905 BIO_printf(STDout,"%02X%c",md[j], | 937 BIO_printf(STDout,"%02X%c",md[j], |
| 906 (j+1 == (int)n) | 938 (j+1 == (int)n) |
| 907 ?'\n':':'); | 939 ?'\n':':'); |
| 908 } | 940 } |
| 909 } | 941 } |
| 910 | 942 |
| 911 /* should be in the library */ | 943 /* should be in the library */ |
| 912 else if ((sign_flag == i) && (x509req == 0)) | 944 else if ((sign_flag == i) && (x509req == 0)) |
| 913 { | 945 { |
| 914 BIO_printf(bio_err,"Getting Private key\n"); | 946 BIO_printf(bio_err,"Getting Private key\n"); |
| 915 if (Upkey == NULL) | 947 if (Upkey == NULL) |
| 916 { | 948 { |
| 917 Upkey=load_key(bio_err, | 949 Upkey=load_key(bio_err, |
| 918 keyfile, keyformat, 0, | 950 keyfile, keyformat, 0, |
| 919 passin, e, "Private key"); | 951 passin, e, "Private key"); |
| 920 if (Upkey == NULL) goto end; | 952 if (Upkey == NULL) goto end; |
| 921 } | 953 } |
| 922 #ifndef OPENSSL_NO_DSA | |
| 923 if (Upkey->type == EVP_PKEY_DSA) | |
| 924 digest=EVP_dss1(); | |
| 925 #endif | |
| 926 #ifndef OPENSSL_NO_ECDSA | |
| 927 if (Upkey->type == EVP_PKEY_EC) | |
| 928 digest=EVP_ecdsa(); | |
| 929 #endif | |
| 930 | 954 |
| 931 assert(need_rand); | 955 assert(need_rand); |
| 932 if (!sign(x,Upkey,days,clrext,digest, | 956 if (!sign(x,Upkey,days,clrext,digest, |
| 933 extconf, extsect)) goto end; | 957 extconf, extsect)) goto end; |
| 934 } | 958 } |
| 935 else if (CA_flag == i) | 959 else if (CA_flag == i) |
| 936 { | 960 { |
| 937 BIO_printf(bio_err,"Getting CA Private Key\n"); | 961 BIO_printf(bio_err,"Getting CA Private Key\n"); |
| 938 if (CAkeyfile != NULL) | 962 if (CAkeyfile != NULL) |
| 939 { | 963 { |
| 940 CApkey=load_key(bio_err, | 964 CApkey=load_key(bio_err, |
| 941 CAkeyfile, CAkeyformat, | 965 CAkeyfile, CAkeyformat, |
| 942 0, passin, e, | 966 0, passin, e, |
| 943 "CA Private Key"); | 967 "CA Private Key"); |
| 944 if (CApkey == NULL) goto end; | 968 if (CApkey == NULL) goto end; |
| 945 } | 969 } |
| 946 #ifndef OPENSSL_NO_DSA | |
| 947 if (CApkey->type == EVP_PKEY_DSA) | |
| 948 digest=EVP_dss1(); | |
| 949 #endif | |
| 950 #ifndef OPENSSL_NO_ECDSA | |
| 951 if (CApkey->type == EVP_PKEY_EC) | |
| 952 digest = EVP_ecdsa(); | |
| 953 #endif | |
| 954 | 970 |
| 955 assert(need_rand); | 971 assert(need_rand); |
| 956 if (!x509_certify(ctx,CAfile,digest,x,xca, | 972 if (!x509_certify(ctx,CAfile,digest,x,xca, |
| 957 CApkey, CAserial,CA_createserial,days, c
lrext, | 973 CApkey, CAserial,CA_createserial,days, c
lrext, |
| 958 extconf, extsect, sno)) | 974 extconf, extsect, sno)) |
| 959 goto end; | 975 goto end; |
| 960 } | 976 } |
| 961 else if (x509req == i) | 977 else if (x509req == i) |
| 962 { | 978 { |
| 963 EVP_PKEY *pk; | 979 EVP_PKEY *pk; |
| 964 | 980 |
| 965 BIO_printf(bio_err,"Getting request Private Key\
n"); | 981 BIO_printf(bio_err,"Getting request Private Key\
n"); |
| 966 if (keyfile == NULL) | 982 if (keyfile == NULL) |
| 967 { | 983 { |
| 968 BIO_printf(bio_err,"no request key file
specified\n"); | 984 BIO_printf(bio_err,"no request key file
specified\n"); |
| 969 goto end; | 985 goto end; |
| 970 } | 986 } |
| 971 else | 987 else |
| 972 { | 988 { |
| 973 pk=load_key(bio_err, | 989 pk=load_key(bio_err, |
| 974 » » » » » » keyfile, FORMAT_PEM, 0, | 990 » » » » » » keyfile, keyformat, 0, |
| 975 passin, e, "request key"); | 991 passin, e, "request key"); |
| 976 if (pk == NULL) goto end; | 992 if (pk == NULL) goto end; |
| 977 } | 993 } |
| 978 | 994 |
| 979 BIO_printf(bio_err,"Generating certificate reque
st\n"); | 995 BIO_printf(bio_err,"Generating certificate reque
st\n"); |
| 980 | 996 |
| 981 #ifndef OPENSSL_NO_DSA | |
| 982 if (pk->type == EVP_PKEY_DSA) | |
| 983 digest=EVP_dss1(); | |
| 984 #endif | |
| 985 #ifndef OPENSSL_NO_ECDSA | |
| 986 if (pk->type == EVP_PKEY_EC) | |
| 987 digest=EVP_ecdsa(); | |
| 988 #endif | |
| 989 | |
| 990 rq=X509_to_X509_REQ(x,pk,digest); | 997 rq=X509_to_X509_REQ(x,pk,digest); |
| 991 EVP_PKEY_free(pk); | 998 EVP_PKEY_free(pk); |
| 992 if (rq == NULL) | 999 if (rq == NULL) |
| 993 { | 1000 { |
| 994 ERR_print_errors(bio_err); | 1001 ERR_print_errors(bio_err); |
| 995 goto end; | 1002 goto end; |
| 996 } | 1003 } |
| 997 if (!noout) | 1004 if (!noout) |
| 998 { | 1005 { |
| 999 X509_REQ_print(out,rq); | 1006 X509_REQ_print(out,rq); |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1033 | 1040 |
| 1034 if (outformat == FORMAT_ASN1) | 1041 if (outformat == FORMAT_ASN1) |
| 1035 i=i2d_X509_bio(out,x); | 1042 i=i2d_X509_bio(out,x); |
| 1036 else if (outformat == FORMAT_PEM) | 1043 else if (outformat == FORMAT_PEM) |
| 1037 { | 1044 { |
| 1038 if (trustout) i=PEM_write_bio_X509_AUX(out,x); | 1045 if (trustout) i=PEM_write_bio_X509_AUX(out,x); |
| 1039 else i=PEM_write_bio_X509(out,x); | 1046 else i=PEM_write_bio_X509(out,x); |
| 1040 } | 1047 } |
| 1041 else if (outformat == FORMAT_NETSCAPE) | 1048 else if (outformat == FORMAT_NETSCAPE) |
| 1042 { | 1049 { |
| 1043 » » ASN1_HEADER ah; | 1050 » » NETSCAPE_X509 nx; |
| 1044 » » ASN1_OCTET_STRING os; | 1051 » » ASN1_OCTET_STRING hdr; |
| 1045 | 1052 |
| 1046 » » os.data=(unsigned char *)NETSCAPE_CERT_HDR; | 1053 » » hdr.data=(unsigned char *)NETSCAPE_CERT_HDR; |
| 1047 » » os.length=strlen(NETSCAPE_CERT_HDR); | 1054 » » hdr.length=strlen(NETSCAPE_CERT_HDR); |
| 1048 » » ah.header= &os; | 1055 » » nx.header= &hdr; |
| 1049 » » ah.data=(char *)x; | 1056 » » nx.cert=x; |
| 1050 » » ah.meth=X509_asn1_meth(); | |
| 1051 | 1057 |
| 1052 » » i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah); | 1058 » » i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx); |
| 1053 } | 1059 } |
| 1054 else { | 1060 else { |
| 1055 BIO_printf(bio_err,"bad output format specified for outfile\n"); | 1061 BIO_printf(bio_err,"bad output format specified for outfile\n"); |
| 1056 goto end; | 1062 goto end; |
| 1057 } | 1063 } |
| 1058 if (!i) | 1064 if (!i) |
| 1059 { | 1065 { |
| 1060 BIO_printf(bio_err,"unable to write certificate\n"); | 1066 BIO_printf(bio_err,"unable to write certificate\n"); |
| 1061 ERR_print_errors(bio_err); | 1067 ERR_print_errors(bio_err); |
| 1062 goto end; | 1068 goto end; |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1161 goto end; | 1167 goto end; |
| 1162 } | 1168 } |
| 1163 | 1169 |
| 1164 if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end; | 1170 if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end; |
| 1165 if (!X509_set_serialNumber(x,bs)) goto end; | 1171 if (!X509_set_serialNumber(x,bs)) goto end; |
| 1166 | 1172 |
| 1167 if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL) | 1173 if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL) |
| 1168 goto end; | 1174 goto end; |
| 1169 | 1175 |
| 1170 /* hardwired expired */ | 1176 /* hardwired expired */ |
| 1171 » if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL) | 1177 » if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL) |
| 1172 goto end; | 1178 goto end; |
| 1173 | 1179 |
| 1174 if (clrext) | 1180 if (clrext) |
| 1175 { | 1181 { |
| 1176 while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); | 1182 while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); |
| 1177 } | 1183 } |
| 1178 | 1184 |
| 1179 if (conf) | 1185 if (conf) |
| 1180 { | 1186 { |
| 1181 X509V3_CTX ctx2; | 1187 X509V3_CTX ctx2; |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1277 for (i = 0; i < 2; i++) | 1283 for (i = 0; i < 2; i++) |
| 1278 { | 1284 { |
| 1279 idret = X509_check_purpose(cert, id, i); | 1285 idret = X509_check_purpose(cert, id, i); |
| 1280 BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); | 1286 BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); |
| 1281 if (idret == 1) BIO_printf(bio, "Yes\n"); | 1287 if (idret == 1) BIO_printf(bio, "Yes\n"); |
| 1282 else if (idret == 0) BIO_printf(bio, "No\n"); | 1288 else if (idret == 0) BIO_printf(bio, "No\n"); |
| 1283 else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret); | 1289 else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret); |
| 1284 } | 1290 } |
| 1285 return 1; | 1291 return 1; |
| 1286 } | 1292 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/