version 1.43, 2021/08/30 12:25:54 |
version 1.44, 2021/09/02 11:07:56 |
|
|
if (subject == NULL) |
if (subject == NULL) |
goto err; |
goto err; |
} |
} |
if (verbose) |
|
BIO_printf(bio_err, |
|
"The subject name appears to be ok, checking data base for clashes\n"); |
|
|
|
/* Build the correct Subject if no email is wanted in the subject */ |
|
/* |
|
* and add it later on because of the method extensions are added |
|
* (altName) |
|
*/ |
|
|
|
if (email_dn) |
|
dn_subject = subject; |
|
else { |
|
X509_NAME_ENTRY *tmpne; |
|
/* |
|
* Its best to dup the subject DN and then delete any email |
|
* addresses because this retains its structure. |
|
*/ |
|
if ((dn_subject = X509_NAME_dup(subject)) == NULL) { |
|
BIO_printf(bio_err, "Memory allocation failure\n"); |
|
goto err; |
|
} |
|
while ((i = X509_NAME_get_index_by_NID(dn_subject, |
|
NID_pkcs9_emailAddress, -1)) >= 0) { |
|
tmpne = X509_NAME_get_entry(dn_subject, i); |
|
if (tmpne == NULL) |
|
goto err; |
|
if (X509_NAME_delete_entry(dn_subject, i) == NULL) { |
|
X509_NAME_ENTRY_free(tmpne); |
|
goto err; |
|
} |
|
X509_NAME_ENTRY_free(tmpne); |
|
} |
|
} |
|
|
|
if (BN_is_zero(serial)) |
|
row[DB_serial] = strdup("00"); |
|
else |
|
row[DB_serial] = BN_bn2hex(serial); |
|
if (row[DB_serial] == NULL) { |
|
BIO_printf(bio_err, "Memory allocation failure\n"); |
|
goto err; |
|
} |
|
if (db->attributes.unique_subject) { |
|
OPENSSL_STRING *crow = row; |
|
|
|
rrow = TXT_DB_get_by_index(db->db, DB_name, crow); |
|
if (rrow != NULL) { |
|
BIO_printf(bio_err, |
|
"ERROR:There is already a certificate for %s\n", |
|
row[DB_name]); |
|
} |
|
} |
|
if (rrow == NULL) { |
|
rrow = TXT_DB_get_by_index(db->db, DB_serial, row); |
|
if (rrow != NULL) { |
|
BIO_printf(bio_err, |
|
"ERROR:Serial number %s has already been issued,\n", |
|
row[DB_serial]); |
|
BIO_printf(bio_err, |
|
" check the database/serial_file for corruption\n"); |
|
} |
|
} |
|
if (rrow != NULL) { |
|
BIO_printf(bio_err, |
|
"The matching entry has the following details\n"); |
|
if (rrow[DB_type][0] == 'E') |
|
p = "Expired"; |
|
else if (rrow[DB_type][0] == 'R') |
|
p = "Revoked"; |
|
else if (rrow[DB_type][0] == 'V') |
|
p = "Valid"; |
|
else |
|
p = "\ninvalid type, Data base error\n"; |
|
BIO_printf(bio_err, "Type :%s\n", p); |
|
if (rrow[DB_type][0] == 'R') { |
|
p = rrow[DB_exp_date]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "Was revoked on:%s\n", p); |
|
} |
|
p = rrow[DB_exp_date]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "Expires on :%s\n", p); |
|
p = rrow[DB_serial]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "Serial Number :%s\n", p); |
|
p = rrow[DB_file]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "File name :%s\n", p); |
|
p = rrow[DB_name]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "Subject Name :%s\n", p); |
|
ok = -1; /* This is now a 'bad' error. */ |
|
goto err; |
|
} |
|
/* We are now totally happy, lets make and sign the certificate */ |
/* We are now totally happy, lets make and sign the certificate */ |
if (verbose) |
if (verbose) |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto err; |
goto err; |
} |
} |
/* Set the right value for the noemailDN option */ |
|
if (email_dn == 0) { |
if (verbose) |
|
BIO_printf(bio_err, |
|
"The subject name appears to be ok, checking data base for clashes\n"); |
|
|
|
/* Build the correct Subject if no email is wanted in the subject */ |
|
if (!email_dn) { |
|
X509_NAME_ENTRY *tmpne; |
|
/* |
|
* Its best to dup the subject DN and then delete any email |
|
* addresses because this retains its structure. |
|
*/ |
|
if ((dn_subject = X509_NAME_dup(subject)) == NULL) { |
|
BIO_printf(bio_err, "Memory allocation failure\n"); |
|
goto err; |
|
} |
|
while ((i = X509_NAME_get_index_by_NID(dn_subject, |
|
NID_pkcs9_emailAddress, -1)) >= 0) { |
|
tmpne = X509_NAME_get_entry(dn_subject, i); |
|
if (tmpne == NULL) |
|
goto err; |
|
if (X509_NAME_delete_entry(dn_subject, i) == NULL) { |
|
X509_NAME_ENTRY_free(tmpne); |
|
goto err; |
|
} |
|
X509_NAME_ENTRY_free(tmpne); |
|
} |
|
|
if (!X509_set_subject_name(ret, dn_subject)) |
if (!X509_set_subject_name(ret, dn_subject)) |
goto err; |
goto err; |
|
|
|
X509_NAME_free(dn_subject); |
|
dn_subject = NULL; |
} |
} |
|
|
|
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); |
|
if (row[DB_name] == NULL) { |
|
BIO_printf(bio_err, "Memory allocation failure\n"); |
|
goto err; |
|
} |
|
|
|
if (BN_is_zero(serial)) |
|
row[DB_serial] = strdup("00"); |
|
else |
|
row[DB_serial] = BN_bn2hex(serial); |
|
if (row[DB_serial] == NULL) { |
|
BIO_printf(bio_err, "Memory allocation failure\n"); |
|
goto err; |
|
} |
|
if (db->attributes.unique_subject) { |
|
OPENSSL_STRING *crow = row; |
|
|
|
rrow = TXT_DB_get_by_index(db->db, DB_name, crow); |
|
if (rrow != NULL) { |
|
BIO_printf(bio_err, |
|
"ERROR:There is already a certificate for %s\n", |
|
row[DB_name]); |
|
} |
|
} |
|
if (rrow == NULL) { |
|
rrow = TXT_DB_get_by_index(db->db, DB_serial, row); |
|
if (rrow != NULL) { |
|
BIO_printf(bio_err, |
|
"ERROR:Serial number %s has already been issued,\n", |
|
row[DB_serial]); |
|
BIO_printf(bio_err, |
|
" check the database/serial_file for corruption\n"); |
|
} |
|
} |
|
if (rrow != NULL) { |
|
BIO_printf(bio_err, |
|
"The matching entry has the following details\n"); |
|
if (rrow[DB_type][0] == 'E') |
|
p = "Expired"; |
|
else if (rrow[DB_type][0] == 'R') |
|
p = "Revoked"; |
|
else if (rrow[DB_type][0] == 'V') |
|
p = "Valid"; |
|
else |
|
p = "\ninvalid type, Data base error\n"; |
|
BIO_printf(bio_err, "Type :%s\n", p); |
|
if (rrow[DB_type][0] == 'R') { |
|
p = rrow[DB_exp_date]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "Was revoked on:%s\n", p); |
|
} |
|
p = rrow[DB_exp_date]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "Expires on :%s\n", p); |
|
p = rrow[DB_serial]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "Serial Number :%s\n", p); |
|
p = rrow[DB_file]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "File name :%s\n", p); |
|
p = rrow[DB_name]; |
|
if (p == NULL) |
|
p = "undef"; |
|
BIO_printf(bio_err, "Subject Name :%s\n", p); |
|
ok = -1; /* This is now a 'bad' error. */ |
|
goto err; |
|
} |
|
|
if (!default_op) { |
if (!default_op) { |
BIO_printf(bio_err, "Certificate Details:\n"); |
BIO_printf(bio_err, "Certificate Details:\n"); |
/* |
/* |
|
|
|
|
/* row[DB_serial] done already */ |
/* row[DB_serial] done already */ |
row[DB_file] = malloc(8); |
row[DB_file] = malloc(8); |
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); |
|
|
|
if ((row[DB_type] == NULL) || (row[DB_file] == NULL) || |
if ((row[DB_type] == NULL) || (row[DB_file] == NULL) || |
(row[DB_name] == NULL)) { |
(row[DB_name] == NULL)) { |
|
|
|
|
X509_NAME_free(CAname); |
X509_NAME_free(CAname); |
X509_NAME_free(subject); |
X509_NAME_free(subject); |
if (!email_dn) |
X509_NAME_free(dn_subject); |
X509_NAME_free(dn_subject); |
|
ASN1_UTCTIME_free(tmptm); |
ASN1_UTCTIME_free(tmptm); |
X509_free(ret); |
X509_free(ret); |
|
|