| Index: openssl/apps/x509.c
|
| ===================================================================
|
| --- openssl/apps/x509.c (revision 105093)
|
| +++ openssl/apps/x509.c (working copy)
|
| @@ -99,7 +99,13 @@
|
| " -passin arg - private key password source\n",
|
| " -serial - print serial number value\n",
|
| " -subject_hash - print subject hash value\n",
|
| +#ifndef OPENSSL_NO_MD5
|
| +" -subject_hash_old - print old-style (MD5) subject hash value\n",
|
| +#endif
|
| " -issuer_hash - print issuer hash value\n",
|
| +#ifndef OPENSSL_NO_MD5
|
| +" -issuer_hash_old - print old-style (MD5) issuer hash value\n",
|
| +#endif
|
| " -hash - synonym for -subject_hash\n",
|
| " -subject - print subject DN\n",
|
| " -issuer - print issuer DN\n",
|
| @@ -179,6 +185,9 @@
|
| int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
|
| int next_serial=0;
|
| int subject_hash=0,issuer_hash=0,ocspid=0;
|
| +#ifndef OPENSSL_NO_MD5
|
| + int subject_hash_old=0,issuer_hash_old=0;
|
| +#endif
|
| int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
|
| int ocsp_uri=0;
|
| int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
|
| @@ -190,7 +199,7 @@
|
| X509_REQ *rq=NULL;
|
| int fingerprint=0;
|
| char buf[256];
|
| - const EVP_MD *md_alg,*digest=EVP_sha1();
|
| + const EVP_MD *md_alg,*digest=NULL;
|
| CONF *extconf = NULL;
|
| char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
|
| int need_rand = 0;
|
| @@ -225,7 +234,7 @@
|
|
|
| ctx=X509_STORE_new();
|
| if (ctx == NULL) goto end;
|
| - X509_STORE_set_verify_cb_func(ctx,callb);
|
| + X509_STORE_set_verify_cb(ctx,callb);
|
|
|
| argc--;
|
| argv++;
|
| @@ -397,8 +406,16 @@
|
| else if (strcmp(*argv,"-hash") == 0
|
| || strcmp(*argv,"-subject_hash") == 0)
|
| subject_hash= ++num;
|
| +#ifndef OPENSSL_NO_MD5
|
| + else if (strcmp(*argv,"-subject_hash_old") == 0)
|
| + subject_hash_old= ++num;
|
| +#endif
|
| else if (strcmp(*argv,"-issuer_hash") == 0)
|
| issuer_hash= ++num;
|
| +#ifndef OPENSSL_NO_MD5
|
| + else if (strcmp(*argv,"-issuer_hash_old") == 0)
|
| + issuer_hash_old= ++num;
|
| +#endif
|
| else if (strcmp(*argv,"-subject") == 0)
|
| subject= ++num;
|
| else if (strcmp(*argv,"-issuer") == 0)
|
| @@ -539,7 +556,6 @@
|
| if (reqfile)
|
| {
|
| EVP_PKEY *pkey;
|
| - X509_CINF *ci;
|
| BIO *in;
|
|
|
| if (!sign_flag && !CA_flag)
|
| @@ -607,7 +623,6 @@
|
| print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
|
|
|
| if ((x=X509_new()) == NULL) goto end;
|
| - ci=x->cert_info;
|
|
|
| if (sno == NULL)
|
| {
|
| @@ -626,7 +641,7 @@
|
| if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
|
|
|
| X509_gmtime_adj(X509_get_notBefore(x),0);
|
| - X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
|
| + X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
|
|
|
| pkey = X509_REQ_get_pubkey(req);
|
| X509_set_pubkey(x,pkey);
|
| @@ -738,13 +753,14 @@
|
| else if ((email == i) || (ocsp_uri == i))
|
| {
|
| int j;
|
| - STACK *emlst;
|
| + STACK_OF(OPENSSL_STRING) *emlst;
|
| if (email == i)
|
| emlst = X509_get1_email(x);
|
| else
|
| emlst = X509_get1_ocsp(x);
|
| - for (j = 0; j < sk_num(emlst); j++)
|
| - BIO_printf(STDout, "%s\n", sk_value(emlst, j));
|
| + for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
|
| + BIO_printf(STDout, "%s\n",
|
| + sk_OPENSSL_STRING_value(emlst, j));
|
| X509_email_free(emlst);
|
| }
|
| else if (aliasout == i)
|
| @@ -758,10 +774,22 @@
|
| {
|
| BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
|
| }
|
| +#ifndef OPENSSL_NO_MD5
|
| + else if (subject_hash_old == i)
|
| + {
|
| + BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x));
|
| + }
|
| +#endif
|
| else if (issuer_hash == i)
|
| {
|
| BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
|
| }
|
| +#ifndef OPENSSL_NO_MD5
|
| + else if (issuer_hash_old == i)
|
| + {
|
| + BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x));
|
| + }
|
| +#endif
|
| else if (pprint == i)
|
| {
|
| X509_PURPOSE *ptmp;
|
| @@ -892,14 +920,18 @@
|
| int j;
|
| unsigned int n;
|
| unsigned char md[EVP_MAX_MD_SIZE];
|
| + const EVP_MD *fdig = digest;
|
|
|
| - if (!X509_digest(x,digest,md,&n))
|
| + if (!fdig)
|
| + fdig = EVP_sha1();
|
| +
|
| + if (!X509_digest(x,fdig,md,&n))
|
| {
|
| BIO_printf(bio_err,"out of memory\n");
|
| goto end;
|
| }
|
| BIO_printf(STDout,"%s Fingerprint=",
|
| - OBJ_nid2sn(EVP_MD_type(digest)));
|
| + OBJ_nid2sn(EVP_MD_type(fdig)));
|
| for (j=0; j<(int)n; j++)
|
| {
|
| BIO_printf(STDout,"%02X%c",md[j],
|
| @@ -919,14 +951,6 @@
|
| passin, e, "Private key");
|
| if (Upkey == NULL) goto end;
|
| }
|
| -#ifndef OPENSSL_NO_DSA
|
| - if (Upkey->type == EVP_PKEY_DSA)
|
| - digest=EVP_dss1();
|
| -#endif
|
| -#ifndef OPENSSL_NO_ECDSA
|
| - if (Upkey->type == EVP_PKEY_EC)
|
| - digest=EVP_ecdsa();
|
| -#endif
|
|
|
| assert(need_rand);
|
| if (!sign(x,Upkey,days,clrext,digest,
|
| @@ -943,14 +967,6 @@
|
| "CA Private Key");
|
| if (CApkey == NULL) goto end;
|
| }
|
| -#ifndef OPENSSL_NO_DSA
|
| - if (CApkey->type == EVP_PKEY_DSA)
|
| - digest=EVP_dss1();
|
| -#endif
|
| -#ifndef OPENSSL_NO_ECDSA
|
| - if (CApkey->type == EVP_PKEY_EC)
|
| - digest = EVP_ecdsa();
|
| -#endif
|
|
|
| assert(need_rand);
|
| if (!x509_certify(ctx,CAfile,digest,x,xca,
|
| @@ -971,22 +987,13 @@
|
| else
|
| {
|
| pk=load_key(bio_err,
|
| - keyfile, FORMAT_PEM, 0,
|
| + keyfile, keyformat, 0,
|
| passin, e, "request key");
|
| if (pk == NULL) goto end;
|
| }
|
|
|
| BIO_printf(bio_err,"Generating certificate request\n");
|
|
|
| -#ifndef OPENSSL_NO_DSA
|
| - if (pk->type == EVP_PKEY_DSA)
|
| - digest=EVP_dss1();
|
| -#endif
|
| -#ifndef OPENSSL_NO_ECDSA
|
| - if (pk->type == EVP_PKEY_EC)
|
| - digest=EVP_ecdsa();
|
| -#endif
|
| -
|
| rq=X509_to_X509_REQ(x,pk,digest);
|
| EVP_PKEY_free(pk);
|
| if (rq == NULL)
|
| @@ -1040,16 +1047,15 @@
|
| }
|
| else if (outformat == FORMAT_NETSCAPE)
|
| {
|
| - ASN1_HEADER ah;
|
| - ASN1_OCTET_STRING os;
|
| + NETSCAPE_X509 nx;
|
| + ASN1_OCTET_STRING hdr;
|
|
|
| - os.data=(unsigned char *)NETSCAPE_CERT_HDR;
|
| - os.length=strlen(NETSCAPE_CERT_HDR);
|
| - ah.header= &os;
|
| - ah.data=(char *)x;
|
| - ah.meth=X509_asn1_meth();
|
| + hdr.data=(unsigned char *)NETSCAPE_CERT_HDR;
|
| + hdr.length=strlen(NETSCAPE_CERT_HDR);
|
| + nx.header= &hdr;
|
| + nx.cert=x;
|
|
|
| - i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);
|
| + i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx);
|
| }
|
| else {
|
| BIO_printf(bio_err,"bad output format specified for outfile\n");
|
| @@ -1168,7 +1174,7 @@
|
| goto end;
|
|
|
| /* hardwired expired */
|
| - if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
|
| + if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL)
|
| goto end;
|
|
|
| if (clrext)
|
|
|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/