| version 1.43, 2021/08/30 12:25:54 |
version 1.44, 2021/09/02 11:07:56 |
|
|
| if (subject == NULL) |
if (subject == NULL) |
| goto err; |
goto err; |
| } |
} |
| if (verbose) |
|
| BIO_printf(bio_err, |
|
| "The subject name appears to be ok, checking data base for clashes\n"); |
|
| |
|
| /* Build the correct Subject if no email is wanted in the subject */ |
|
| /* |
|
| * and add it later on because of the method extensions are added |
|
| * (altName) |
|
| */ |
|
| |
|
| if (email_dn) |
|
| dn_subject = subject; |
|
| else { |
|
| X509_NAME_ENTRY *tmpne; |
|
| /* |
|
| * Its best to dup the subject DN and then delete any email |
|
| * addresses because this retains its structure. |
|
| */ |
|
| if ((dn_subject = X509_NAME_dup(subject)) == NULL) { |
|
| BIO_printf(bio_err, "Memory allocation failure\n"); |
|
| goto err; |
|
| } |
|
| while ((i = X509_NAME_get_index_by_NID(dn_subject, |
|
| NID_pkcs9_emailAddress, -1)) >= 0) { |
|
| tmpne = X509_NAME_get_entry(dn_subject, i); |
|
| if (tmpne == NULL) |
|
| goto err; |
|
| if (X509_NAME_delete_entry(dn_subject, i) == NULL) { |
|
| X509_NAME_ENTRY_free(tmpne); |
|
| goto err; |
|
| } |
|
| X509_NAME_ENTRY_free(tmpne); |
|
| } |
|
| } |
|
| |
|
| if (BN_is_zero(serial)) |
|
| row[DB_serial] = strdup("00"); |
|
| else |
|
| row[DB_serial] = BN_bn2hex(serial); |
|
| if (row[DB_serial] == NULL) { |
|
| BIO_printf(bio_err, "Memory allocation failure\n"); |
|
| goto err; |
|
| } |
|
| if (db->attributes.unique_subject) { |
|
| OPENSSL_STRING *crow = row; |
|
| |
|
| rrow = TXT_DB_get_by_index(db->db, DB_name, crow); |
|
| if (rrow != NULL) { |
|
| BIO_printf(bio_err, |
|
| "ERROR:There is already a certificate for %s\n", |
|
| row[DB_name]); |
|
| } |
|
| } |
|
| if (rrow == NULL) { |
|
| rrow = TXT_DB_get_by_index(db->db, DB_serial, row); |
|
| if (rrow != NULL) { |
|
| BIO_printf(bio_err, |
|
| "ERROR:Serial number %s has already been issued,\n", |
|
| row[DB_serial]); |
|
| BIO_printf(bio_err, |
|
| " check the database/serial_file for corruption\n"); |
|
| } |
|
| } |
|
| if (rrow != NULL) { |
|
| BIO_printf(bio_err, |
|
| "The matching entry has the following details\n"); |
|
| if (rrow[DB_type][0] == 'E') |
|
| p = "Expired"; |
|
| else if (rrow[DB_type][0] == 'R') |
|
| p = "Revoked"; |
|
| else if (rrow[DB_type][0] == 'V') |
|
| p = "Valid"; |
|
| else |
|
| p = "\ninvalid type, Data base error\n"; |
|
| BIO_printf(bio_err, "Type :%s\n", p); |
|
| if (rrow[DB_type][0] == 'R') { |
|
| p = rrow[DB_exp_date]; |
|
| if (p == NULL) |
|
| p = "undef"; |
|
| BIO_printf(bio_err, "Was revoked on:%s\n", p); |
|
| } |
|
| p = rrow[DB_exp_date]; |
|
| if (p == NULL) |
|
| p = "undef"; |
|
| BIO_printf(bio_err, "Expires on :%s\n", p); |
|
| p = rrow[DB_serial]; |
|
| if (p == NULL) |
|
| p = "undef"; |
|
| BIO_printf(bio_err, "Serial Number :%s\n", p); |
|
| p = rrow[DB_file]; |
|
| if (p == NULL) |
|
| p = "undef"; |
|
| BIO_printf(bio_err, "File name :%s\n", p); |
|
| p = rrow[DB_name]; |
|
| if (p == NULL) |
|
| p = "undef"; |
|
| BIO_printf(bio_err, "Subject Name :%s\n", p); |
|
| ok = -1; /* This is now a 'bad' error. */ |
|
| goto err; |
|
| } |
|
| /* We are now totally happy, lets make and sign the certificate */ |
/* We are now totally happy, lets make and sign the certificate */ |
| if (verbose) |
if (verbose) |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto err; |
goto err; |
| } |
} |
| /* Set the right value for the noemailDN option */ |
|
| if (email_dn == 0) { |
if (verbose) |
| |
BIO_printf(bio_err, |
| |
"The subject name appears to be ok, checking data base for clashes\n"); |
| |
|
| |
/* Build the correct Subject if no email is wanted in the subject */ |
| |
if (!email_dn) { |
| |
X509_NAME_ENTRY *tmpne; |
| |
/* |
| |
* Its best to dup the subject DN and then delete any email |
| |
* addresses because this retains its structure. |
| |
*/ |
| |
if ((dn_subject = X509_NAME_dup(subject)) == NULL) { |
| |
BIO_printf(bio_err, "Memory allocation failure\n"); |
| |
goto err; |
| |
} |
| |
while ((i = X509_NAME_get_index_by_NID(dn_subject, |
| |
NID_pkcs9_emailAddress, -1)) >= 0) { |
| |
tmpne = X509_NAME_get_entry(dn_subject, i); |
| |
if (tmpne == NULL) |
| |
goto err; |
| |
if (X509_NAME_delete_entry(dn_subject, i) == NULL) { |
| |
X509_NAME_ENTRY_free(tmpne); |
| |
goto err; |
| |
} |
| |
X509_NAME_ENTRY_free(tmpne); |
| |
} |
| |
|
| if (!X509_set_subject_name(ret, dn_subject)) |
if (!X509_set_subject_name(ret, dn_subject)) |
| goto err; |
goto err; |
| |
|
| |
X509_NAME_free(dn_subject); |
| |
dn_subject = NULL; |
| } |
} |
| |
|
| |
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); |
| |
if (row[DB_name] == NULL) { |
| |
BIO_printf(bio_err, "Memory allocation failure\n"); |
| |
goto err; |
| |
} |
| |
|
| |
if (BN_is_zero(serial)) |
| |
row[DB_serial] = strdup("00"); |
| |
else |
| |
row[DB_serial] = BN_bn2hex(serial); |
| |
if (row[DB_serial] == NULL) { |
| |
BIO_printf(bio_err, "Memory allocation failure\n"); |
| |
goto err; |
| |
} |
| |
if (db->attributes.unique_subject) { |
| |
OPENSSL_STRING *crow = row; |
| |
|
| |
rrow = TXT_DB_get_by_index(db->db, DB_name, crow); |
| |
if (rrow != NULL) { |
| |
BIO_printf(bio_err, |
| |
"ERROR:There is already a certificate for %s\n", |
| |
row[DB_name]); |
| |
} |
| |
} |
| |
if (rrow == NULL) { |
| |
rrow = TXT_DB_get_by_index(db->db, DB_serial, row); |
| |
if (rrow != NULL) { |
| |
BIO_printf(bio_err, |
| |
"ERROR:Serial number %s has already been issued,\n", |
| |
row[DB_serial]); |
| |
BIO_printf(bio_err, |
| |
" check the database/serial_file for corruption\n"); |
| |
} |
| |
} |
| |
if (rrow != NULL) { |
| |
BIO_printf(bio_err, |
| |
"The matching entry has the following details\n"); |
| |
if (rrow[DB_type][0] == 'E') |
| |
p = "Expired"; |
| |
else if (rrow[DB_type][0] == 'R') |
| |
p = "Revoked"; |
| |
else if (rrow[DB_type][0] == 'V') |
| |
p = "Valid"; |
| |
else |
| |
p = "\ninvalid type, Data base error\n"; |
| |
BIO_printf(bio_err, "Type :%s\n", p); |
| |
if (rrow[DB_type][0] == 'R') { |
| |
p = rrow[DB_exp_date]; |
| |
if (p == NULL) |
| |
p = "undef"; |
| |
BIO_printf(bio_err, "Was revoked on:%s\n", p); |
| |
} |
| |
p = rrow[DB_exp_date]; |
| |
if (p == NULL) |
| |
p = "undef"; |
| |
BIO_printf(bio_err, "Expires on :%s\n", p); |
| |
p = rrow[DB_serial]; |
| |
if (p == NULL) |
| |
p = "undef"; |
| |
BIO_printf(bio_err, "Serial Number :%s\n", p); |
| |
p = rrow[DB_file]; |
| |
if (p == NULL) |
| |
p = "undef"; |
| |
BIO_printf(bio_err, "File name :%s\n", p); |
| |
p = rrow[DB_name]; |
| |
if (p == NULL) |
| |
p = "undef"; |
| |
BIO_printf(bio_err, "Subject Name :%s\n", p); |
| |
ok = -1; /* This is now a 'bad' error. */ |
| |
goto err; |
| |
} |
| |
|
| if (!default_op) { |
if (!default_op) { |
| BIO_printf(bio_err, "Certificate Details:\n"); |
BIO_printf(bio_err, "Certificate Details:\n"); |
| /* |
/* |
|
|
| |
|
| /* row[DB_serial] done already */ |
/* row[DB_serial] done already */ |
| row[DB_file] = malloc(8); |
row[DB_file] = malloc(8); |
| row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); |
|
| |
|
| if ((row[DB_type] == NULL) || (row[DB_file] == NULL) || |
if ((row[DB_type] == NULL) || (row[DB_file] == NULL) || |
| (row[DB_name] == NULL)) { |
(row[DB_name] == NULL)) { |
|
|
| |
|
| X509_NAME_free(CAname); |
X509_NAME_free(CAname); |
| X509_NAME_free(subject); |
X509_NAME_free(subject); |
| if (!email_dn) |
X509_NAME_free(dn_subject); |
| X509_NAME_free(dn_subject); |
|
| ASN1_UTCTIME_free(tmptm); |
ASN1_UTCTIME_free(tmptm); |
| X509_free(ret); |
X509_free(ret); |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ca.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl