version 1.20, 2021/03/26 13:46:25 |
version 1.21, 2021/04/01 10:47:38 |
|
|
"need to specify a CAkey if using the CA command\n"); |
"need to specify a CAkey if using the CA command\n"); |
goto end; |
goto end; |
} |
} |
if (x509_config.extfile) { |
if (x509_config.extfile != NULL) { |
long errorline = -1; |
long errorline = -1; |
X509V3_CTX ctx2; |
X509V3_CTX ctx2; |
extconf = NCONF_new(NULL); |
extconf = NCONF_new(NULL); |
|
|
errorline, x509_config.extfile); |
errorline, x509_config.extfile); |
goto end; |
goto end; |
} |
} |
if (!x509_config.extsect) { |
if (x509_config.extsect == NULL) { |
x509_config.extsect = NCONF_get_string(extconf, |
x509_config.extsect = NCONF_get_string(extconf, |
"default", "extensions"); |
"default", "extensions"); |
if (!x509_config.extsect) { |
if (x509_config.extsect == NULL) { |
ERR_clear_error(); |
ERR_clear_error(); |
x509_config.extsect = "default"; |
x509_config.extsect = "default"; |
} |
} |
|
|
|
|
if (x509_config.sno == NULL) { |
if (x509_config.sno == NULL) { |
x509_config.sno = ASN1_INTEGER_new(); |
x509_config.sno = ASN1_INTEGER_new(); |
if (!x509_config.sno || |
if (x509_config.sno == NULL || |
!rand_serial(NULL, x509_config.sno)) |
!rand_serial(NULL, x509_config.sno)) |
goto end; |
goto end; |
if (!X509_set_serialNumber(x, x509_config.sno)) |
if (!X509_set_serialNumber(x, x509_config.sno)) |
|
|
} |
} |
} |
} |
} |
} |
if (x509_config.alias) |
if (x509_config.alias != NULL) |
X509_alias_set1(x, (unsigned char *) x509_config.alias, -1); |
X509_alias_set1(x, (unsigned char *) x509_config.alias, -1); |
|
|
if (x509_config.clrtrust) |
if (x509_config.clrtrust) |
|
|
if (x509_config.clrreject) |
if (x509_config.clrreject) |
X509_reject_clear(x); |
X509_reject_clear(x); |
|
|
if (x509_config.trust) { |
if (x509_config.trust != NULL) { |
for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { |
for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { |
x509_config.objtmp = sk_ASN1_OBJECT_value( |
x509_config.objtmp = sk_ASN1_OBJECT_value( |
x509_config.trust, i); |
x509_config.trust, i); |
X509_add1_trust_object(x, x509_config.objtmp); |
X509_add1_trust_object(x, x509_config.objtmp); |
} |
} |
} |
} |
if (x509_config.reject) { |
if (x509_config.reject != NULL) { |
for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { |
for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { |
x509_config.objtmp = sk_ASN1_OBJECT_value( |
x509_config.objtmp = sk_ASN1_OBJECT_value( |
x509_config.reject, i); |
x509_config.reject, i); |
|
|
ASN1_INTEGER *ser; |
ASN1_INTEGER *ser; |
ser = X509_get_serialNumber(x); |
ser = X509_get_serialNumber(x); |
bnser = ASN1_INTEGER_to_BN(ser, NULL); |
bnser = ASN1_INTEGER_to_BN(ser, NULL); |
if (!bnser) |
if (bnser == NULL) |
goto end; |
goto end; |
if (!BN_add_word(bnser, 1)) |
if (!BN_add_word(bnser, 1)) |
goto end; |
goto end; |
ser = BN_to_ASN1_INTEGER(bnser, NULL); |
ser = BN_to_ASN1_INTEGER(bnser, NULL); |
if (!ser) |
if (ser == NULL) |
goto end; |
goto end; |
BN_free(bnser); |
BN_free(bnser); |
i2a_ASN1_INTEGER(out, ser); |
i2a_ASN1_INTEGER(out, ser); |
|
|
} else if (x509_config.aliasout == i) { |
} else if (x509_config.aliasout == i) { |
unsigned char *alstr; |
unsigned char *alstr; |
alstr = X509_alias_get0(x, NULL); |
alstr = X509_alias_get0(x, NULL); |
if (alstr) |
if (alstr != NULL) |
BIO_printf(STDout, "%s\n", alstr); |
BIO_printf(STDout, "%s\n", alstr); |
else |
else |
BIO_puts(STDout, "<No Alias>\n"); |
BIO_puts(STDout, "<No Alias>\n"); |
|
|
unsigned char md[EVP_MAX_MD_SIZE]; |
unsigned char md[EVP_MAX_MD_SIZE]; |
const EVP_MD *fdig = x509_config.digest; |
const EVP_MD *fdig = x509_config.digest; |
|
|
if (!fdig) |
if (fdig == NULL) |
fdig = EVP_sha256(); |
fdig = EVP_sha256(); |
|
|
if (!X509_digest(x, fdig, md, &n)) { |
if (!X509_digest(x, fdig, md, &n)) { |
|
|
BIO_printf(bio_err, "Error initialising X509 store\n"); |
BIO_printf(bio_err, "Error initialising X509 store\n"); |
goto end; |
goto end; |
} |
} |
if (sno) |
if (sno != NULL) |
bs = sno; |
bs = sno; |
else if (!(bs = x509_load_serial(CAfile, serialfile, create))) |
else if ((bs = x509_load_serial(CAfile, serialfile, create)) == NULL) |
goto end; |
goto end; |
|
|
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ |
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ |
|
|
while (X509_get_ext_count(x) > 0) |
while (X509_get_ext_count(x) > 0) |
X509_delete_ext(x, 0); |
X509_delete_ext(x, 0); |
} |
} |
if (conf) { |
if (conf != NULL) { |
X509V3_CTX ctx2; |
X509V3_CTX ctx2; |
X509_set_version(x, 2); /* version 3 certificate */ |
X509_set_version(x, 2); /* version 3 certificate */ |
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); |
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); |
|
|
X509_STORE_CTX_cleanup(&xsc); |
X509_STORE_CTX_cleanup(&xsc); |
if (!ret) |
if (!ret) |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
if (!sno) |
if (sno == NULL) |
ASN1_INTEGER_free(bs); |
ASN1_INTEGER_free(bs); |
return ret; |
return ret; |
} |
} |
|
|
sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, |
sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, |
CONF *conf, char *section) |
CONF *conf, char *section) |
{ |
{ |
|
|
EVP_PKEY *pktmp; |
EVP_PKEY *pktmp; |
|
|
pktmp = X509_get_pubkey(x); |
pktmp = X509_get_pubkey(x); |
|
|
while (X509_get_ext_count(x) > 0) |
while (X509_get_ext_count(x) > 0) |
X509_delete_ext(x, 0); |
X509_delete_ext(x, 0); |
} |
} |
if (conf) { |
if (conf != NULL) { |
X509V3_CTX ctx; |
X509V3_CTX ctx; |
X509_set_version(x, 2); /* version 3 certificate */ |
X509_set_version(x, 2); /* version 3 certificate */ |
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); |
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); |