version 1.19, 2021/03/24 12:09:16 |
version 1.20, 2021/03/26 13:46:25 |
|
|
*/ |
*/ |
|
|
#include <assert.h> |
#include <assert.h> |
|
#include <limits.h> |
#include <stdio.h> |
#include <stdio.h> |
#include <stdlib.h> |
#include <stdlib.h> |
#include <limits.h> |
|
#include <string.h> |
#include <string.h> |
|
|
#include "apps.h" |
#include "apps.h" |
|
|
#include <openssl/asn1.h> |
#include <openssl/asn1.h> |
#include <openssl/bio.h> |
#include <openssl/bio.h> |
#include <openssl/bn.h> |
#include <openssl/bn.h> |
|
#include <openssl/dsa.h> |
#include <openssl/err.h> |
#include <openssl/err.h> |
#include <openssl/evp.h> |
#include <openssl/evp.h> |
#include <openssl/objects.h> |
#include <openssl/objects.h> |
#include <openssl/pem.h> |
#include <openssl/pem.h> |
|
#include <openssl/rsa.h> |
#include <openssl/x509.h> |
#include <openssl/x509.h> |
#include <openssl/x509v3.h> |
#include <openssl/x509v3.h> |
|
|
#include <openssl/dsa.h> |
|
|
|
#include <openssl/rsa.h> |
|
|
|
#define POSTFIX ".srl" |
#define POSTFIX ".srl" |
#define DEF_DAYS 30 |
#define DEF_DAYS 30 |
|
|
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) && (x509_config.CAformat == FORMAT_PEM)) { |
if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) && |
|
(x509_config.CAformat == FORMAT_PEM)) { |
x509_config.CAkeyfile = x509_config.CAfile; |
x509_config.CAkeyfile = x509_config.CAfile; |
} else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) { |
} else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
goto end; |
goto end; |
} |
} |
if (!x509_config.extsect) { |
if (!x509_config.extsect) { |
x509_config.extsect = NCONF_get_string(extconf, "default", |
x509_config.extsect = NCONF_get_string(extconf, |
"extensions"); |
"default", "extensions"); |
if (!x509_config.extsect) { |
if (!x509_config.extsect) { |
ERR_clear_error(); |
ERR_clear_error(); |
x509_config.extsect = "default"; |
x509_config.extsect = "default"; |
|
|
} |
} |
X509V3_set_ctx_test(&ctx2); |
X509V3_set_ctx_test(&ctx2); |
X509V3_set_nconf(&ctx2, extconf); |
X509V3_set_nconf(&ctx2, extconf); |
if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect, NULL)) { |
if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect, |
|
NULL)) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Error Loading extension section %s\n", |
"Error Loading extension section %s\n", |
x509_config.extsect); |
x509_config.extsect); |
|
|
BIO *in; |
BIO *in; |
|
|
if (!x509_config.sign_flag && !x509_config.CA_flag) { |
if (!x509_config.sign_flag && !x509_config.CA_flag) { |
BIO_printf(bio_err, "We need a private key to sign with\n"); |
BIO_printf(bio_err, |
|
"We need a private key to sign with\n"); |
goto end; |
goto end; |
} |
} |
in = BIO_new(BIO_s_file()); |
in = BIO_new(BIO_s_file()); |
|
|
(req->req_info->pubkey == NULL) || |
(req->req_info->pubkey == NULL) || |
(req->req_info->pubkey->public_key == NULL) || |
(req->req_info->pubkey->public_key == NULL) || |
(req->req_info->pubkey->public_key->data == NULL)) { |
(req->req_info->pubkey->public_key->data == NULL)) { |
BIO_printf(bio_err, "The certificate request appears to corrupted\n"); |
BIO_printf(bio_err, |
BIO_printf(bio_err, "It does not contain a public key\n"); |
"The certificate request appears to corrupted\n"); |
|
BIO_printf(bio_err, |
|
"It does not contain a public key\n"); |
goto end; |
goto end; |
} |
} |
if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { |
if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { |
|
|
goto end; |
goto end; |
} |
} |
if (i == 0) { |
if (i == 0) { |
BIO_printf(bio_err, "Signature did not match the certificate request\n"); |
BIO_printf(bio_err, |
|
"Signature did not match the certificate request\n"); |
goto end; |
goto end; |
} else |
} else |
BIO_printf(bio_err, "Signature ok\n"); |
BIO_printf(bio_err, "Signature ok\n"); |
|
|
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), x509_config.nmflag); |
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), |
|
x509_config.nmflag); |
|
|
if ((x = X509_new()) == NULL) |
if ((x = X509_new()) == NULL) |
goto end; |
goto end; |
|
|
if (x509_config.sno == NULL) { |
if (x509_config.sno == NULL) { |
x509_config.sno = ASN1_INTEGER_new(); |
x509_config.sno = ASN1_INTEGER_new(); |
if (!x509_config.sno || !rand_serial(NULL, x509_config.sno)) |
if (!x509_config.sno || |
|
!rand_serial(NULL, x509_config.sno)) |
goto end; |
goto end; |
if (!X509_set_serialNumber(x, x509_config.sno)) |
if (!X509_set_serialNumber(x, x509_config.sno)) |
goto end; |
goto end; |
|
|
goto end; |
goto end; |
|
|
X509_gmtime_adj(X509_get_notBefore(x), 0); |
X509_gmtime_adj(X509_get_notBefore(x), 0); |
X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0, NULL); |
X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0, |
|
NULL); |
|
|
pkey = X509_REQ_get_pubkey(req); |
pkey = X509_REQ_get_pubkey(req); |
X509_set_pubkey(x, pkey); |
X509_set_pubkey(x, pkey); |
EVP_PKEY_free(pkey); |
EVP_PKEY_free(pkey); |
} else |
} else |
x = load_cert(bio_err, x509_config.infile, x509_config.informat, NULL, "Certificate"); |
x = load_cert(bio_err, x509_config.infile, x509_config.informat, |
|
NULL, "Certificate"); |
|
|
if (x == NULL) |
if (x == NULL) |
goto end; |
goto end; |
if (x509_config.CA_flag) { |
if (x509_config.CA_flag) { |
xca = load_cert(bio_err, x509_config.CAfile, x509_config.CAformat, NULL, "CA Certificate"); |
xca = load_cert(bio_err, x509_config.CAfile, |
|
x509_config.CAformat, NULL, "CA Certificate"); |
if (xca == NULL) |
if (xca == NULL) |
goto end; |
goto end; |
} |
} |
if (!x509_config.noout || x509_config.text || x509_config.next_serial) { |
if (!x509_config.noout || x509_config.text || x509_config.next_serial) { |
OBJ_create("2.99999.3", |
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); |
"SET.ex3", "SET x509v3 extension 3"); |
|
|
|
out = BIO_new(BIO_s_file()); |
out = BIO_new(BIO_s_file()); |
if (out == NULL) { |
if (out == NULL) { |
|
|
|
|
if (x509_config.trust) { |
if (x509_config.trust) { |
for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { |
for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { |
x509_config.objtmp = sk_ASN1_OBJECT_value(x509_config.trust, i); |
x509_config.objtmp = sk_ASN1_OBJECT_value( |
|
x509_config.trust, i); |
X509_add1_trust_object(x, x509_config.objtmp); |
X509_add1_trust_object(x, x509_config.objtmp); |
} |
} |
} |
} |
if (x509_config.reject) { |
if (x509_config.reject) { |
for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { |
for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { |
x509_config.objtmp = sk_ASN1_OBJECT_value(x509_config.reject, i); |
x509_config.objtmp = sk_ASN1_OBJECT_value( |
|
x509_config.reject, i); |
X509_add1_reject_object(x, x509_config.objtmp); |
X509_add1_reject_object(x, x509_config.objtmp); |
} |
} |
} |
} |
|
|
for (i = 1; i <= x509_config.num; i++) { |
for (i = 1; i <= x509_config.num; i++) { |
if (x509_config.issuer == i) { |
if (x509_config.issuer == i) { |
print_name(STDout, "issuer= ", |
print_name(STDout, "issuer= ", |
X509_get_issuer_name(x), x509_config.nmflag); |
X509_get_issuer_name(x), |
|
x509_config.nmflag); |
} else if (x509_config.subject == i) { |
} else if (x509_config.subject == i) { |
print_name(STDout, "subject= ", |
print_name(STDout, "subject= ", |
X509_get_subject_name(x), x509_config.nmflag); |
X509_get_subject_name(x), |
|
x509_config.nmflag); |
} else if (x509_config.serial == i) { |
} else if (x509_config.serial == i) { |
BIO_printf(STDout, "serial="); |
BIO_printf(STDout, "serial="); |
i2a_ASN1_INTEGER(STDout, |
i2a_ASN1_INTEGER(STDout, |
|
|
i2a_ASN1_INTEGER(out, ser); |
i2a_ASN1_INTEGER(out, ser); |
ASN1_INTEGER_free(ser); |
ASN1_INTEGER_free(ser); |
BIO_puts(out, "\n"); |
BIO_puts(out, "\n"); |
} else if ((x509_config.email == i) || (x509_config.ocsp_uri == i)) { |
} else if ((x509_config.email == i) || |
|
(x509_config.ocsp_uri == i)) { |
int j; |
int j; |
STACK_OF(OPENSSL_STRING) *emlst; |
STACK_OF(OPENSSL_STRING) *emlst; |
if (x509_config.email == i) |
if (x509_config.email == i) |
|
|
else |
else |
BIO_puts(STDout, "<No Alias>\n"); |
BIO_puts(STDout, "<No Alias>\n"); |
} else if (x509_config.subject_hash == i) { |
} else if (x509_config.subject_hash == i) { |
BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x)); |
BIO_printf(STDout, "%08lx\n", |
|
X509_subject_name_hash(x)); |
} |
} |
#ifndef OPENSSL_NO_MD5 |
#ifndef OPENSSL_NO_MD5 |
else if (x509_config.subject_hash_old == i) { |
else if (x509_config.subject_hash_old == i) { |
BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x)); |
BIO_printf(STDout, "%08lx\n", |
|
X509_subject_name_hash_old(x)); |
} |
} |
#endif |
#endif |
else if (x509_config.issuer_hash == i) { |
else if (x509_config.issuer_hash == i) { |
BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x)); |
BIO_printf(STDout, "%08lx\n", |
|
X509_issuer_name_hash(x)); |
} |
} |
#ifndef OPENSSL_NO_MD5 |
#ifndef OPENSSL_NO_MD5 |
else if (x509_config.issuer_hash_old == i) { |
else if (x509_config.issuer_hash_old == i) { |
BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x)); |
BIO_printf(STDout, "%08lx\n", |
|
X509_issuer_name_hash_old(x)); |
} |
} |
#endif |
#endif |
else if (x509_config.pprint == i) { |
else if (x509_config.pprint == i) { |
|
|
|
|
pkey = X509_get_pubkey(x); |
pkey = X509_get_pubkey(x); |
if (pkey == NULL) { |
if (pkey == NULL) { |
BIO_printf(bio_err, "Modulus=unavailable\n"); |
BIO_printf(bio_err, |
|
"Modulus=unavailable\n"); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
BIO_printf(STDout, "Modulus="); |
BIO_printf(STDout, "Modulus="); |
if (pkey->type == EVP_PKEY_RSA) |
if (pkey->type == EVP_PKEY_RSA) |
BN_print(STDout, pkey->pkey.rsa->n); |
BN_print(STDout, pkey->pkey.rsa->n); |
|
else if (pkey->type == EVP_PKEY_DSA) |
|
BN_print(STDout, |
|
pkey->pkey.dsa->pub_key); |
else |
else |
if (pkey->type == EVP_PKEY_DSA) |
BIO_printf(STDout, |
BN_print(STDout, pkey->pkey.dsa->pub_key); |
"Wrong Algorithm type"); |
else |
|
BIO_printf(STDout, "Wrong Algorithm type"); |
|
BIO_printf(STDout, "\n"); |
BIO_printf(STDout, "\n"); |
EVP_PKEY_free(pkey); |
EVP_PKEY_free(pkey); |
} else if (x509_config.pubkey == i) { |
} else if (x509_config.pubkey == i) { |
|
|
|
|
pkey = X509_get_pubkey(x); |
pkey = X509_get_pubkey(x); |
if (pkey == NULL) { |
if (pkey == NULL) { |
BIO_printf(bio_err, "Error getting public key\n"); |
BIO_printf(bio_err, |
|
"Error getting public key\n"); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
|
|
X509_NAME_oneline(X509_get_subject_name(x), |
X509_NAME_oneline(X509_get_subject_name(x), |
buf, sizeof buf); |
buf, sizeof buf); |
BIO_printf(STDout, "/* subject:%s */\n", buf); |
BIO_printf(STDout, "/* subject:%s */\n", buf); |
m = X509_NAME_oneline( |
m = X509_NAME_oneline(X509_get_issuer_name(x), |
X509_get_issuer_name(x), buf, |
buf, sizeof buf); |
sizeof buf); |
|
BIO_printf(STDout, "/* issuer :%s */\n", buf); |
BIO_printf(STDout, "/* issuer :%s */\n", buf); |
|
|
z = i2d_X509(x, NULL); |
z = i2d_X509(x, NULL); |
|
|
|
|
d = (unsigned char *) m; |
d = (unsigned char *) m; |
z = i2d_X509_NAME(X509_get_subject_name(x), &d); |
z = i2d_X509_NAME(X509_get_subject_name(x), &d); |
BIO_printf(STDout, "unsigned char XXX_subject_name[%d]={\n", z); |
BIO_printf(STDout, |
|
"unsigned char XXX_subject_name[%d]={\n", z); |
d = (unsigned char *) m; |
d = (unsigned char *) m; |
for (y = 0; y < z; y++) { |
for (y = 0; y < z; y++) { |
BIO_printf(STDout, "0x%02X,", d[y]); |
BIO_printf(STDout, "0x%02X,", d[y]); |
|
|
BIO_printf(STDout, "};\n"); |
BIO_printf(STDout, "};\n"); |
|
|
z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d); |
z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d); |
BIO_printf(STDout, "unsigned char XXX_public_key[%d]={\n", z); |
BIO_printf(STDout, |
|
"unsigned char XXX_public_key[%d]={\n", z); |
d = (unsigned char *) m; |
d = (unsigned char *) m; |
for (y = 0; y < z; y++) { |
for (y = 0; y < z; y++) { |
BIO_printf(STDout, "0x%02X,", d[y]); |
BIO_printf(STDout, "0x%02X,", d[y]); |
|
|
BIO_printf(STDout, "};\n"); |
BIO_printf(STDout, "};\n"); |
|
|
z = i2d_X509(x, &d); |
z = i2d_X509(x, &d); |
BIO_printf(STDout, "unsigned char XXX_certificate[%d]={\n", z); |
BIO_printf(STDout, |
|
"unsigned char XXX_certificate[%d]={\n", z); |
d = (unsigned char *) m; |
d = (unsigned char *) m; |
for (y = 0; y < z; y++) { |
for (y = 0; y < z; y++) { |
BIO_printf(STDout, "0x%02X,", d[y]); |
BIO_printf(STDout, "0x%02X,", d[y]); |
|
|
|
|
free(m); |
free(m); |
} else if (x509_config.text == i) { |
} else if (x509_config.text == i) { |
X509_print_ex(STDout, x, x509_config.nmflag, x509_config.certflag); |
X509_print_ex(STDout, x, x509_config.nmflag, |
|
x509_config.certflag); |
} else if (x509_config.startdate == i) { |
} else if (x509_config.startdate == i) { |
ASN1_TIME *nB = X509_get_notBefore(x); |
ASN1_TIME *nB = X509_get_notBefore(x); |
BIO_puts(STDout, "notBefore="); |
BIO_puts(STDout, "notBefore="); |
if (ASN1_time_parse(nB->data, nB->length, NULL, 0) == -1) |
if (ASN1_time_parse(nB->data, nB->length, NULL, |
BIO_puts(STDout, "INVALID RFC5280 TIME"); |
0) == -1) |
|
BIO_puts(STDout, |
|
"INVALID RFC5280 TIME"); |
else |
else |
ASN1_TIME_print(STDout, nB); |
ASN1_TIME_print(STDout, nB); |
BIO_puts(STDout, "\n"); |
BIO_puts(STDout, "\n"); |
} else if (x509_config.enddate == i) { |
} else if (x509_config.enddate == i) { |
ASN1_TIME *nA = X509_get_notAfter(x); |
ASN1_TIME *nA = X509_get_notAfter(x); |
BIO_puts(STDout, "notAfter="); |
BIO_puts(STDout, "notAfter="); |
if (ASN1_time_parse(nA->data, nA->length, NULL, 0) == -1) |
if (ASN1_time_parse(nA->data, nA->length, NULL, |
BIO_puts(STDout, "INVALID RFC5280 TIME"); |
0) == -1) |
|
BIO_puts(STDout, |
|
"INVALID RFC5280 TIME"); |
else |
else |
ASN1_TIME_print(STDout, nA); |
ASN1_TIME_print(STDout, nA); |
BIO_puts(STDout, "\n"); |
BIO_puts(STDout, "\n"); |
|
|
BIO_printf(STDout, "%02X%c", md[j], |
BIO_printf(STDout, "%02X%c", md[j], |
(j + 1 == (int)n) ? '\n' : ':'); |
(j + 1 == (int)n) ? '\n' : ':'); |
} |
} |
} |
|
/* should be in the library */ |
/* should be in the library */ |
else if ((x509_config.sign_flag == i) && (x509_config.x509req == 0)) { |
} else if ((x509_config.sign_flag == i) && |
|
(x509_config.x509req == 0)) { |
BIO_printf(bio_err, "Getting Private key\n"); |
BIO_printf(bio_err, "Getting Private key\n"); |
if (Upkey == NULL) { |
if (Upkey == NULL) { |
Upkey = load_key(bio_err, |
Upkey = load_key(bio_err, |
x509_config.keyfile, x509_config.keyformat, 0, |
x509_config.keyfile, |
passin, "Private key"); |
x509_config.keyformat, 0, passin, |
|
"Private key"); |
if (Upkey == NULL) |
if (Upkey == NULL) |
goto end; |
goto end; |
} |
} |
if (!sign(x, Upkey, x509_config.days, x509_config.clrext, x509_config.digest, |
if (!sign(x, Upkey, x509_config.days, |
|
x509_config.clrext, x509_config.digest, |
extconf, x509_config.extsect)) |
extconf, x509_config.extsect)) |
goto end; |
goto end; |
} else if (x509_config.CA_flag == i) { |
} else if (x509_config.CA_flag == i) { |
BIO_printf(bio_err, "Getting CA Private Key\n"); |
BIO_printf(bio_err, "Getting CA Private Key\n"); |
if (x509_config.CAkeyfile != NULL) { |
if (x509_config.CAkeyfile != NULL) { |
CApkey = load_key(bio_err, |
CApkey = load_key(bio_err, |
x509_config.CAkeyfile, x509_config.CAkeyformat, |
x509_config.CAkeyfile, |
0, passin, "CA Private Key"); |
x509_config.CAkeyformat, 0, passin, |
|
"CA Private Key"); |
if (CApkey == NULL) |
if (CApkey == NULL) |
goto end; |
goto end; |
} |
} |
if (!x509_certify(ctx, x509_config.CAfile, x509_config.digest, x, xca, |
if (!x509_certify(ctx, x509_config.CAfile, |
CApkey, x509_config.sigopts, |
x509_config.digest, x, xca, CApkey, |
x509_config.CAserial, x509_config.CA_createserial, x509_config.days, x509_config.clrext, |
x509_config.sigopts, x509_config.CAserial, |
extconf, x509_config.extsect, x509_config.sno)) |
x509_config.CA_createserial, |
|
x509_config.days, x509_config.clrext, |
|
extconf, x509_config.extsect, |
|
x509_config.sno)) |
goto end; |
goto end; |
} else if (x509_config.x509req == i) { |
} else if (x509_config.x509req == i) { |
EVP_PKEY *pk; |
EVP_PKEY *pk; |
|
|
BIO_printf(bio_err, "Getting request Private Key\n"); |
BIO_printf(bio_err, |
|
"Getting request Private Key\n"); |
if (x509_config.keyfile == NULL) { |
if (x509_config.keyfile == NULL) { |
BIO_printf(bio_err, "no request key file specified\n"); |
BIO_printf(bio_err, |
|
"no request key file specified\n"); |
goto end; |
goto end; |
} else { |
} else { |
pk = load_key(bio_err, |
pk = load_key(bio_err, |
x509_config.keyfile, x509_config.keyformat, 0, |
x509_config.keyfile, |
passin, "request key"); |
x509_config.keyformat, 0, passin, |
|
"request key"); |
if (pk == NULL) |
if (pk == NULL) |
goto end; |
goto end; |
} |
} |
|
|
BIO_printf(bio_err, "Generating certificate request\n"); |
BIO_printf(bio_err, |
|
"Generating certificate request\n"); |
|
|
rq = X509_to_X509_REQ(x, pk, x509_config.digest); |
rq = X509_to_X509_REQ(x, pk, x509_config.digest); |
EVP_PKEY_free(pk); |
EVP_PKEY_free(pk); |
|
|
|
|
i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx); |
i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx); |
} else { |
} else { |
BIO_printf(bio_err, "bad output format specified for outfile\n"); |
BIO_printf(bio_err, |
|
"bad output format specified for outfile\n"); |
goto end; |
goto end; |
} |
} |
if (!i) { |
if (!i) { |
|
|
goto end; |
goto end; |
|
|
if (!X509_check_private_key(xca, pkey)) { |
if (!X509_check_private_key(xca, pkey)) { |
BIO_printf(bio_err, "CA certificate and CA private key do not match\n"); |
BIO_printf(bio_err, |
|
"CA certificate and CA private key do not match\n"); |
goto end; |
goto end; |
} |
} |
if (!X509_set_issuer_name(x, X509_get_subject_name(xca))) |
if (!X509_set_issuer_name(x, X509_get_subject_name(xca))) |
|
|
* DEPTH_ZERO_SELF_.... |
* DEPTH_ZERO_SELF_.... |
*/ |
*/ |
if (ok) { |
if (ok) { |
BIO_printf(bio_err, "error with certificate to be certified - should be self signed\n"); |
BIO_printf(bio_err, |
|
"error with certificate to be certified - should be self signed\n"); |
return 0; |
return 0; |
} else { |
} else { |
err_cert = X509_STORE_CTX_get_current_cert(ctx); |
err_cert = X509_STORE_CTX_get_current_cert(ctx); |
print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0); |
print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0); |
BIO_printf(bio_err, "error with certificate - error %d at depth %d\n%s\n", |
BIO_printf(bio_err, |
|
"error with certificate - error %d at depth %d\n%s\n", |
err, X509_STORE_CTX_get_error_depth(ctx), |
err, X509_STORE_CTX_get_error_depth(ctx), |
X509_verify_cert_error_string(err)); |
X509_verify_cert_error_string(err)); |
return 1; |
return 1; |
|
|
} |
} |
if (!X509_sign(x, pkey, digest)) |
if (!X509_sign(x, pkey, digest)) |
goto err; |
goto err; |
|
|
return 1; |
return 1; |
|
|
err: |
err: |