version 1.36, 2024/01/12 11:24:03 |
version 1.37, 2024/01/26 11:58:37 |
|
|
|
|
static int callb(int ok, X509_STORE_CTX *ctx); |
static int callb(int ok, X509_STORE_CTX *ctx); |
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, |
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, |
const EVP_MD *digest, CONF *conf, char *section, X509_NAME *issuer); |
const EVP_MD *digest, CONF *conf, char *section, X509_NAME *issuer, |
|
char *force_pubkey); |
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, |
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, |
X509 *x, X509 *xca, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *sigopts, |
X509 *x, X509 *xca, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *sigopts, |
char *serial, int create, int days, int clrext, CONF *conf, char *section, |
char *serial, int create, int days, int clrext, CONF *conf, char *section, |
|
|
const EVP_MD *md_alg; |
const EVP_MD *md_alg; |
int modulus; |
int modulus; |
int multirdn; |
int multirdn; |
|
int new; |
int next_serial; |
int next_serial; |
unsigned long nmflag; |
unsigned long nmflag; |
int noout; |
int noout; |
|
|
}, |
}, |
#endif |
#endif |
{ |
{ |
|
.name = "key", |
|
.argname = "file", |
|
.type = OPTION_ARG_FUNC, |
|
.opt.argfunc = x509_opt_signkey, |
|
}, |
|
{ |
.name = "keyform", |
.name = "keyform", |
.argname = "fmt", |
.argname = "fmt", |
.desc = "Private key format - default PEM", |
.desc = "Private key format - default PEM", |
|
|
.opt.argfunc = x509_opt_nameopt, |
.opt.argfunc = x509_opt_nameopt, |
}, |
}, |
{ |
{ |
|
.name = "new", |
|
.desc = "Generate a new certificate", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &cfg.new, |
|
}, |
|
{ |
.name = "next_serial", |
.name = "next_serial", |
.desc = "Print the next serial number", |
.desc = "Print the next serial number", |
.type = OPTION_ORDER, |
.type = OPTION_ORDER, |
|
|
" [-in file] [-inform der | net | pem] [-issuer]\n" |
" [-in file] [-inform der | net | pem] [-issuer]\n" |
" [-issuer_hash] [-issuer_hash_old] [-keyform der | pem]\n" |
" [-issuer_hash] [-issuer_hash_old] [-keyform der | pem]\n" |
" [-md5 | -sha1] [-modulus] [-multivalue-rdn]\n" |
" [-md5 | -sha1] [-modulus] [-multivalue-rdn]\n" |
" [-nameopt option] [-next_serial] [-noout] [-ocsp_uri]\n" |
" [-nameopt option] [-new] [-next_serial] [-noout] [-ocsp_uri]\n" |
" [-ocspid] [-out file] [-outform der | net | pem]\n" |
" [-ocspid] [-out file] [-outform der | net | pem]\n" |
" [-passin arg] [-pubkey] [-purpose] [-req] [-serial]\n" |
" [-passin arg] [-pubkey] [-purpose] [-req] [-serial]\n" |
" [-set_issuer name] [-set_serial n] [-set_subject name]\n" |
" [-set_issuer name] [-set_serial n] [-set_subject name]\n" |
|
|
X509 *x = NULL, *xca = NULL; |
X509 *x = NULL, *xca = NULL; |
X509_NAME *iname = NULL, *sname = NULL; |
X509_NAME *iname = NULL, *sname = NULL; |
EVP_PKEY *Fpkey = NULL, *Upkey = NULL, *CApkey = NULL; |
EVP_PKEY *Fpkey = NULL, *Upkey = NULL, *CApkey = NULL; |
|
EVP_PKEY *pkey; |
int i; |
int i; |
BIO *out = NULL; |
BIO *out = NULL; |
BIO *STDout = NULL; |
BIO *STDout = NULL; |
|
|
cfg.keyformat, 0, NULL, "Forced key")) == NULL) |
cfg.keyformat, 0, NULL, "Forced key")) == NULL) |
goto end; |
goto end; |
} |
} |
|
if (cfg.new) { |
|
if (cfg.infile != NULL) { |
|
BIO_printf(bio_err, "Can't combine -new and -in\n"); |
|
goto end; |
|
} |
|
if (cfg.reqfile) { |
|
BIO_printf(bio_err, "Can't combine -new and -req\n"); |
|
goto end; |
|
} |
|
if (cfg.set_subject == NULL) { |
|
BIO_printf(bio_err, "Must use -set_subject with -new\n"); |
|
goto end; |
|
} |
|
if (cfg.keyfile == NULL) { |
|
BIO_printf(bio_err, "Must use -signkey with -new\n"); |
|
goto end; |
|
} |
|
if ((Upkey = load_key(bio_err, cfg.keyfile, cfg.keyformat, 0, |
|
passin, "Private key")) == NULL) |
|
goto end; |
|
} |
if (cfg.reqfile) { |
if (cfg.reqfile) { |
EVP_PKEY *pkey; |
|
BIO *in; |
BIO *in; |
|
|
if (!cfg.sign_flag && !cfg.CA_flag) { |
if (!cfg.sign_flag && !cfg.CA_flag) { |
|
|
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), |
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), |
cfg.nmflag); |
cfg.nmflag); |
|
|
|
} |
|
if (cfg.reqfile || cfg.new) { |
if ((x = X509_new()) == NULL) |
if ((x = X509_new()) == NULL) |
goto end; |
goto end; |
|
|
|
|
if ((pkey = Fpkey) == NULL) |
if ((pkey = Fpkey) == NULL) |
pkey = X509_REQ_get0_pubkey(req); |
pkey = X509_REQ_get0_pubkey(req); |
if (pkey == NULL) |
if (pkey == NULL) |
|
pkey = Upkey; |
|
if (pkey == NULL) |
goto end; |
goto end; |
if (!X509_set_pubkey(x, pkey)) |
if (!X509_set_pubkey(x, pkey)) |
goto end; |
goto end; |
|
|
BIO_printf(STDout, "%02X%c", md[j], |
BIO_printf(STDout, "%02X%c", md[j], |
(j + 1 == (int)n) ? '\n' : ':'); |
(j + 1 == (int)n) ? '\n' : ':'); |
} |
} |
|
|
/* should be in the library */ |
|
} else if (cfg.sign_flag == i && cfg.x509req == 0) { |
} else if (cfg.sign_flag == i && cfg.x509req == 0) { |
BIO_printf(bio_err, "Getting Private key\n"); |
|
if (Upkey == NULL) { |
if (Upkey == NULL) { |
Upkey = load_key(bio_err, cfg.keyfile, |
Upkey = load_key(bio_err, cfg.keyfile, |
cfg.keyformat, 0, passin, |
cfg.keyformat, 0, passin, |
|
|
} |
} |
if (!sign(x, Upkey, cfg.days, |
if (!sign(x, Upkey, cfg.days, |
cfg.clrext, cfg.digest, |
cfg.clrext, cfg.digest, |
extconf, cfg.extsect, iname)) |
extconf, cfg.extsect, iname, |
|
cfg.force_pubkey)) |
goto end; |
goto end; |
} else if (cfg.CA_flag == i) { |
} else if (cfg.CA_flag == i) { |
BIO_printf(bio_err, "Getting CA Private Key\n"); |
|
if (cfg.CAkeyfile != NULL) { |
if (cfg.CAkeyfile != NULL) { |
CApkey = load_key(bio_err, cfg.CAkeyfile, |
CApkey = load_key(bio_err, cfg.CAkeyfile, |
cfg.CAkeyformat, 0, passin, |
cfg.CAkeyformat, 0, passin, |
|
|
/* self sign */ |
/* self sign */ |
static int |
static int |
sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, |
sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, |
CONF *conf, char *section, X509_NAME *issuer) |
CONF *conf, char *section, X509_NAME *issuer, char *force_pubkey) |
{ |
{ |
EVP_PKEY *pktmp; |
EVP_PKEY *pktmp; |
|
|
|
|
(long) 60 * 60 * 24 * days) == NULL) |
(long) 60 * 60 * 24 * days) == NULL) |
goto err; |
goto err; |
|
|
if (!X509_set_pubkey(x, pkey)) |
if (force_pubkey == NULL) { |
goto err; |
if (!X509_set_pubkey(x, pkey)) |
|
goto err; |
|
} |
if (clrext) { |
if (clrext) { |
while (X509_get_ext_count(x) > 0) { |
while (X509_get_ext_count(x) > 0) { |
if (X509_delete_ext(x, 0) == NULL) |
if (X509_delete_ext(x, 0) == NULL) |