summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/ca.c
diff options
context:
space:
mode:
authortb <>2023-03-06 14:32:06 +0000
committertb <>2023-03-06 14:32:06 +0000
commit6c965e26b1a93da63948edae6b68564be1ded507 (patch)
treebbe07d6e06b695cebe22802551f2db0a61354d7c /src/usr.bin/openssl/ca.c
parent48e828ea26ee91710242131cd75cd9d1d20b773c (diff)
downloadopenbsd-6c965e26b1a93da63948edae6b68564be1ded507.tar.gz
openbsd-6c965e26b1a93da63948edae6b68564be1ded507.tar.bz2
openbsd-6c965e26b1a93da63948edae6b68564be1ded507.zip
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
Diffstat (limited to 'src/usr.bin/openssl/ca.c')
-rw-r--r--src/usr.bin/openssl/ca.c518
1 files changed, 259 insertions, 259 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index e13354f4af..369d11ead6 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.54 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: ca.c,v 1.55 2023/03/06 14:32:05 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -207,63 +207,63 @@ static struct {
207 char *startdate; 207 char *startdate;
208 char *subj; 208 char *subj;
209 int verbose; 209 int verbose;
210} ca_config; 210} cfg;
211 211
212static int 212static int
213ca_opt_chtype_utf8(void) 213ca_opt_chtype_utf8(void)
214{ 214{
215 ca_config.chtype = MBSTRING_UTF8; 215 cfg.chtype = MBSTRING_UTF8;
216 return (0); 216 return (0);
217} 217}
218 218
219static int 219static int
220ca_opt_crl_ca_compromise(char *arg) 220ca_opt_crl_ca_compromise(char *arg)
221{ 221{
222 ca_config.rev_arg = arg; 222 cfg.rev_arg = arg;
223 ca_config.rev_type = REV_CA_COMPROMISE; 223 cfg.rev_type = REV_CA_COMPROMISE;
224 return (0); 224 return (0);
225} 225}
226 226
227static int 227static int
228ca_opt_crl_compromise(char *arg) 228ca_opt_crl_compromise(char *arg)
229{ 229{
230 ca_config.rev_arg = arg; 230 cfg.rev_arg = arg;
231 ca_config.rev_type = REV_KEY_COMPROMISE; 231 cfg.rev_type = REV_KEY_COMPROMISE;
232 return (0); 232 return (0);
233} 233}
234 234
235static int 235static int
236ca_opt_crl_hold(char *arg) 236ca_opt_crl_hold(char *arg)
237{ 237{
238 ca_config.rev_arg = arg; 238 cfg.rev_arg = arg;
239 ca_config.rev_type = REV_HOLD; 239 cfg.rev_type = REV_HOLD;
240 return (0); 240 return (0);
241} 241}
242 242
243static int 243static int
244ca_opt_crl_reason(char *arg) 244ca_opt_crl_reason(char *arg)
245{ 245{
246 ca_config.rev_arg = arg; 246 cfg.rev_arg = arg;
247 ca_config.rev_type = REV_CRL_REASON; 247 cfg.rev_type = REV_CRL_REASON;
248 return (0); 248 return (0);
249} 249}
250 250
251static int 251static int
252ca_opt_in(char *arg) 252ca_opt_in(char *arg)
253{ 253{
254 ca_config.infile = arg; 254 cfg.infile = arg;
255 ca_config.req = 1; 255 cfg.req = 1;
256 return (0); 256 return (0);
257} 257}
258 258
259static int 259static int
260ca_opt_infiles(int argc, char **argv, int *argsused) 260ca_opt_infiles(int argc, char **argv, int *argsused)
261{ 261{
262 ca_config.infiles_num = argc - 1; 262 cfg.infiles_num = argc - 1;
263 if (ca_config.infiles_num < 1) 263 if (cfg.infiles_num < 1)
264 return (1); 264 return (1);
265 ca_config.infiles = argv + 1; 265 cfg.infiles = argv + 1;
266 ca_config.req = 1; 266 cfg.req = 1;
267 *argsused = argc; 267 *argsused = argc;
268 return (0); 268 return (0);
269} 269}
@@ -271,19 +271,19 @@ ca_opt_infiles(int argc, char **argv, int *argsused)
271static int 271static int
272ca_opt_revoke(char *arg) 272ca_opt_revoke(char *arg)
273{ 273{
274 ca_config.infile = arg; 274 cfg.infile = arg;
275 ca_config.dorevoke = 1; 275 cfg.dorevoke = 1;
276 return (0); 276 return (0);
277} 277}
278 278
279static int 279static int
280ca_opt_sigopt(char *arg) 280ca_opt_sigopt(char *arg)
281{ 281{
282 if (ca_config.sigopts == NULL) 282 if (cfg.sigopts == NULL)
283 ca_config.sigopts = sk_OPENSSL_STRING_new_null(); 283 cfg.sigopts = sk_OPENSSL_STRING_new_null();
284 if (ca_config.sigopts == NULL) 284 if (cfg.sigopts == NULL)
285 return (1); 285 return (1);
286 if (!sk_OPENSSL_STRING_push(ca_config.sigopts, arg)) 286 if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
287 return (1); 287 return (1);
288 return (0); 288 return (0);
289} 289}
@@ -291,16 +291,16 @@ ca_opt_sigopt(char *arg)
291static int 291static int
292ca_opt_spkac(char *arg) 292ca_opt_spkac(char *arg)
293{ 293{
294 ca_config.spkac_file = arg; 294 cfg.spkac_file = arg;
295 ca_config.req = 1; 295 cfg.req = 1;
296 return (0); 296 return (0);
297} 297}
298 298
299static int 299static int
300ca_opt_ss_cert(char *arg) 300ca_opt_ss_cert(char *arg)
301{ 301{
302 ca_config.ss_cert_file = arg; 302 cfg.ss_cert_file = arg;
303 ca_config.req = 1; 303 cfg.req = 1;
304 return (0); 304 return (0);
305} 305}
306 306
@@ -309,27 +309,27 @@ static const struct option ca_options[] = {
309 .name = "batch", 309 .name = "batch",
310 .desc = "Operate in batch mode", 310 .desc = "Operate in batch mode",
311 .type = OPTION_FLAG, 311 .type = OPTION_FLAG,
312 .opt.flag = &ca_config.batch, 312 .opt.flag = &cfg.batch,
313 }, 313 },
314 { 314 {
315 .name = "cert", 315 .name = "cert",
316 .argname = "file", 316 .argname = "file",
317 .desc = "File containing the CA certificate", 317 .desc = "File containing the CA certificate",
318 .type = OPTION_ARG, 318 .type = OPTION_ARG,
319 .opt.arg = &ca_config.certfile, 319 .opt.arg = &cfg.certfile,
320 }, 320 },
321 { 321 {
322 .name = "config", 322 .name = "config",
323 .argname = "file", 323 .argname = "file",
324 .desc = "Specify an alternative configuration file", 324 .desc = "Specify an alternative configuration file",
325 .type = OPTION_ARG, 325 .type = OPTION_ARG,
326 .opt.arg = &ca_config.configfile, 326 .opt.arg = &cfg.configfile,
327 }, 327 },
328 { 328 {
329 .name = "create_serial", 329 .name = "create_serial",
330 .desc = "If reading serial fails, create a new random serial", 330 .desc = "If reading serial fails, create a new random serial",
331 .type = OPTION_FLAG, 331 .type = OPTION_FLAG,
332 .opt.flag = &ca_config.create_serial, 332 .opt.flag = &cfg.create_serial,
333 }, 333 },
334 { 334 {
335 .name = "crl_CA_compromise", 335 .name = "crl_CA_compromise",
@@ -367,62 +367,62 @@ static const struct option ca_options[] = {
367 .argname = "days", 367 .argname = "days",
368 .desc = "Number of days before the next CRL is due", 368 .desc = "Number of days before the next CRL is due",
369 .type = OPTION_ARG_LONG, 369 .type = OPTION_ARG_LONG,
370 .opt.lvalue = &ca_config.crldays, 370 .opt.lvalue = &cfg.crldays,
371 }, 371 },
372 { 372 {
373 .name = "crlexts", 373 .name = "crlexts",
374 .argname = "section", 374 .argname = "section",
375 .desc = "CRL extension section (override value in config file)", 375 .desc = "CRL extension section (override value in config file)",
376 .type = OPTION_ARG, 376 .type = OPTION_ARG,
377 .opt.arg = &ca_config.crl_ext, 377 .opt.arg = &cfg.crl_ext,
378 }, 378 },
379 { 379 {
380 .name = "crlhours", 380 .name = "crlhours",
381 .argname = "hours", 381 .argname = "hours",
382 .desc = "Number of hours before the next CRL is due", 382 .desc = "Number of hours before the next CRL is due",
383 .type = OPTION_ARG_LONG, 383 .type = OPTION_ARG_LONG,
384 .opt.lvalue = &ca_config.crlhours, 384 .opt.lvalue = &cfg.crlhours,
385 }, 385 },
386 { 386 {
387 .name = "crlsec", 387 .name = "crlsec",
388 .argname = "seconds", 388 .argname = "seconds",
389 .desc = "Number of seconds before the next CRL is due", 389 .desc = "Number of seconds before the next CRL is due",
390 .type = OPTION_ARG_LONG, 390 .type = OPTION_ARG_LONG,
391 .opt.lvalue = &ca_config.crlsec, 391 .opt.lvalue = &cfg.crlsec,
392 }, 392 },
393 { 393 {
394 .name = "days", 394 .name = "days",
395 .argname = "arg", 395 .argname = "arg",
396 .desc = "Number of days to certify the certificate for", 396 .desc = "Number of days to certify the certificate for",
397 .type = OPTION_ARG_LONG, 397 .type = OPTION_ARG_LONG,
398 .opt.lvalue = &ca_config.days, 398 .opt.lvalue = &cfg.days,
399 }, 399 },
400 { 400 {
401 .name = "enddate", 401 .name = "enddate",
402 .argname = "YYMMDDHHMMSSZ", 402 .argname = "YYMMDDHHMMSSZ",
403 .desc = "Certificate validity notAfter (overrides -days)", 403 .desc = "Certificate validity notAfter (overrides -days)",
404 .type = OPTION_ARG, 404 .type = OPTION_ARG,
405 .opt.arg = &ca_config.enddate, 405 .opt.arg = &cfg.enddate,
406 }, 406 },
407 { 407 {
408 .name = "extensions", 408 .name = "extensions",
409 .argname = "section", 409 .argname = "section",
410 .desc = "Extension section (override value in config file)", 410 .desc = "Extension section (override value in config file)",
411 .type = OPTION_ARG, 411 .type = OPTION_ARG,
412 .opt.arg = &ca_config.extensions, 412 .opt.arg = &cfg.extensions,
413 }, 413 },
414 { 414 {
415 .name = "extfile", 415 .name = "extfile",
416 .argname = "file", 416 .argname = "file",
417 .desc = "Configuration file with X509v3 extentions to add", 417 .desc = "Configuration file with X509v3 extentions to add",
418 .type = OPTION_ARG, 418 .type = OPTION_ARG,
419 .opt.arg = &ca_config.extfile, 419 .opt.arg = &cfg.extfile,
420 }, 420 },
421 { 421 {
422 .name = "gencrl", 422 .name = "gencrl",
423 .desc = "Generate a new CRL", 423 .desc = "Generate a new CRL",
424 .type = OPTION_FLAG, 424 .type = OPTION_FLAG,
425 .opt.flag = &ca_config.gencrl, 425 .opt.flag = &cfg.gencrl,
426 }, 426 },
427 { 427 {
428 .name = "in", 428 .name = "in",
@@ -443,93 +443,93 @@ static const struct option ca_options[] = {
443 .argname = "password", 443 .argname = "password",
444 .desc = "Key to decode the private key if it is encrypted", 444 .desc = "Key to decode the private key if it is encrypted",
445 .type = OPTION_ARG, 445 .type = OPTION_ARG,
446 .opt.arg = &ca_config.key, 446 .opt.arg = &cfg.key,
447 }, 447 },
448 { 448 {
449 .name = "keyfile", 449 .name = "keyfile",
450 .argname = "file", 450 .argname = "file",
451 .desc = "Private key file", 451 .desc = "Private key file",
452 .type = OPTION_ARG, 452 .type = OPTION_ARG,
453 .opt.arg = &ca_config.keyfile, 453 .opt.arg = &cfg.keyfile,
454 }, 454 },
455 { 455 {
456 .name = "keyform", 456 .name = "keyform",
457 .argname = "fmt", 457 .argname = "fmt",
458 .desc = "Private key file format (DER or PEM (default))", 458 .desc = "Private key file format (DER or PEM (default))",
459 .type = OPTION_ARG_FORMAT, 459 .type = OPTION_ARG_FORMAT,
460 .opt.value = &ca_config.keyform, 460 .opt.value = &cfg.keyform,
461 }, 461 },
462 { 462 {
463 .name = "md", 463 .name = "md",
464 .argname = "alg", 464 .argname = "alg",
465 .desc = "Message digest to use", 465 .desc = "Message digest to use",
466 .type = OPTION_ARG, 466 .type = OPTION_ARG,
467 .opt.arg = &ca_config.md, 467 .opt.arg = &cfg.md,
468 }, 468 },
469 { 469 {
470 .name = "msie_hack", 470 .name = "msie_hack",
471 .type = OPTION_FLAG, 471 .type = OPTION_FLAG,
472 .opt.flag = &ca_config.msie_hack, 472 .opt.flag = &cfg.msie_hack,
473 }, 473 },
474 { 474 {
475 .name = "multivalue-rdn", 475 .name = "multivalue-rdn",
476 .desc = "Enable support for multivalued RDNs", 476 .desc = "Enable support for multivalued RDNs",
477 .type = OPTION_FLAG, 477 .type = OPTION_FLAG,
478 .opt.flag = &ca_config.multirdn, 478 .opt.flag = &cfg.multirdn,
479 }, 479 },
480 { 480 {
481 .name = "name", 481 .name = "name",
482 .argname = "section", 482 .argname = "section",
483 .desc = "Specifies the configuration file section to use", 483 .desc = "Specifies the configuration file section to use",
484 .type = OPTION_ARG, 484 .type = OPTION_ARG,
485 .opt.arg = &ca_config.section, 485 .opt.arg = &cfg.section,
486 }, 486 },
487 { 487 {
488 .name = "noemailDN", 488 .name = "noemailDN",
489 .desc = "Do not add the EMAIL field to the DN", 489 .desc = "Do not add the EMAIL field to the DN",
490 .type = OPTION_VALUE, 490 .type = OPTION_VALUE,
491 .opt.value = &ca_config.email_dn, 491 .opt.value = &cfg.email_dn,
492 .value = 0, 492 .value = 0,
493 }, 493 },
494 { 494 {
495 .name = "notext", 495 .name = "notext",
496 .desc = "Do not print the generated certificate", 496 .desc = "Do not print the generated certificate",
497 .type = OPTION_FLAG, 497 .type = OPTION_FLAG,
498 .opt.flag = &ca_config.notext, 498 .opt.flag = &cfg.notext,
499 }, 499 },
500 { 500 {
501 .name = "out", 501 .name = "out",
502 .argname = "file", 502 .argname = "file",
503 .desc = "Output file (default stdout)", 503 .desc = "Output file (default stdout)",
504 .type = OPTION_ARG, 504 .type = OPTION_ARG,
505 .opt.arg = &ca_config.outfile, 505 .opt.arg = &cfg.outfile,
506 }, 506 },
507 { 507 {
508 .name = "outdir", 508 .name = "outdir",
509 .argname = "directory", 509 .argname = "directory",
510 .desc = " Directory to output certificates to", 510 .desc = " Directory to output certificates to",
511 .type = OPTION_ARG, 511 .type = OPTION_ARG,
512 .opt.arg = &ca_config.outdir, 512 .opt.arg = &cfg.outdir,
513 }, 513 },
514 { 514 {
515 .name = "passin", 515 .name = "passin",
516 .argname = "src", 516 .argname = "src",
517 .desc = "Private key input password source", 517 .desc = "Private key input password source",
518 .type = OPTION_ARG, 518 .type = OPTION_ARG,
519 .opt.arg = &ca_config.passargin, 519 .opt.arg = &cfg.passargin,
520 }, 520 },
521 { 521 {
522 .name = "policy", 522 .name = "policy",
523 .argname = "name", 523 .argname = "name",
524 .desc = "The CA 'policy' to support", 524 .desc = "The CA 'policy' to support",
525 .type = OPTION_ARG, 525 .type = OPTION_ARG,
526 .opt.arg = &ca_config.policy, 526 .opt.arg = &cfg.policy,
527 }, 527 },
528 { 528 {
529 .name = "preserveDN", 529 .name = "preserveDN",
530 .desc = "Do not re-order the DN", 530 .desc = "Do not re-order the DN",
531 .type = OPTION_FLAG, 531 .type = OPTION_FLAG,
532 .opt.flag = &ca_config.preserve, 532 .opt.flag = &cfg.preserve,
533 }, 533 },
534 { 534 {
535 .name = "revoke", 535 .name = "revoke",
@@ -542,7 +542,7 @@ static const struct option ca_options[] = {
542 .name = "selfsign", 542 .name = "selfsign",
543 .desc = "Sign a certificate using the key associated with it", 543 .desc = "Sign a certificate using the key associated with it",
544 .type = OPTION_FLAG, 544 .type = OPTION_FLAG,
545 .opt.flag = &ca_config.selfsign, 545 .opt.flag = &cfg.selfsign,
546 }, 546 },
547 { 547 {
548 .name = "sigopt", 548 .name = "sigopt",
@@ -570,27 +570,27 @@ static const struct option ca_options[] = {
570 .argname = "YYMMDDHHMMSSZ", 570 .argname = "YYMMDDHHMMSSZ",
571 .desc = "Certificate validity notBefore", 571 .desc = "Certificate validity notBefore",
572 .type = OPTION_ARG, 572 .type = OPTION_ARG,
573 .opt.arg = &ca_config.startdate, 573 .opt.arg = &cfg.startdate,
574 }, 574 },
575 { 575 {
576 .name = "status", 576 .name = "status",
577 .argname = "serial", 577 .argname = "serial",
578 .desc = "Shows certificate status given the serial number", 578 .desc = "Shows certificate status given the serial number",
579 .type = OPTION_ARG, 579 .type = OPTION_ARG,
580 .opt.arg = &ca_config.serial_status, 580 .opt.arg = &cfg.serial_status,
581 }, 581 },
582 { 582 {
583 .name = "subj", 583 .name = "subj",
584 .argname = "arg", 584 .argname = "arg",
585 .desc = "Use arg instead of request's subject", 585 .desc = "Use arg instead of request's subject",
586 .type = OPTION_ARG, 586 .type = OPTION_ARG,
587 .opt.arg = &ca_config.subj, 587 .opt.arg = &cfg.subj,
588 }, 588 },
589 { 589 {
590 .name = "updatedb", 590 .name = "updatedb",
591 .desc = "Updates db for expired certificates", 591 .desc = "Updates db for expired certificates",
592 .type = OPTION_FLAG, 592 .type = OPTION_FLAG,
593 .opt.flag = &ca_config.doupdatedb, 593 .opt.flag = &cfg.doupdatedb,
594 }, 594 },
595 { 595 {
596 .name = "utf8", 596 .name = "utf8",
@@ -602,7 +602,7 @@ static const struct option ca_options[] = {
602 .name = "verbose", 602 .name = "verbose",
603 .desc = "Verbose output during processing", 603 .desc = "Verbose output during processing",
604 .type = OPTION_FLAG, 604 .type = OPTION_FLAG,
605 .opt.flag = &ca_config.verbose, 605 .opt.flag = &cfg.verbose,
606 }, 606 },
607 { NULL }, 607 { NULL },
608}; 608};
@@ -690,11 +690,11 @@ ca_main(int argc, char **argv)
690 exit(1); 690 exit(1);
691 } 691 }
692 692
693 memset(&ca_config, 0, sizeof(ca_config)); 693 memset(&cfg, 0, sizeof(cfg));
694 ca_config.email_dn = 1; 694 cfg.email_dn = 1;
695 ca_config.keyform = FORMAT_PEM; 695 cfg.keyform = FORMAT_PEM;
696 ca_config.chtype = MBSTRING_ASC; 696 cfg.chtype = MBSTRING_ASC;
697 ca_config.rev_type = REV_NONE; 697 cfg.rev_type = REV_NONE;
698 698
699 conf = NULL; 699 conf = NULL;
700 700
@@ -705,37 +705,37 @@ ca_main(int argc, char **argv)
705 705
706 /*****************************************************************/ 706 /*****************************************************************/
707 tofree = NULL; 707 tofree = NULL;
708 if (ca_config.configfile == NULL) 708 if (cfg.configfile == NULL)
709 ca_config.configfile = getenv("OPENSSL_CONF"); 709 cfg.configfile = getenv("OPENSSL_CONF");
710 if (ca_config.configfile == NULL) { 710 if (cfg.configfile == NULL) {
711 if ((tofree = make_config_name()) == NULL) { 711 if ((tofree = make_config_name()) == NULL) {
712 BIO_printf(bio_err, "error making config file name\n"); 712 BIO_printf(bio_err, "error making config file name\n");
713 goto err; 713 goto err;
714 } 714 }
715 ca_config.configfile = tofree; 715 cfg.configfile = tofree;
716 } 716 }
717 BIO_printf(bio_err, "Using configuration from %s\n", 717 BIO_printf(bio_err, "Using configuration from %s\n",
718 ca_config.configfile); 718 cfg.configfile);
719 conf = NCONF_new(NULL); 719 conf = NCONF_new(NULL);
720 if (NCONF_load(conf, ca_config.configfile, &errorline) <= 0) { 720 if (NCONF_load(conf, cfg.configfile, &errorline) <= 0) {
721 if (errorline <= 0) 721 if (errorline <= 0)
722 BIO_printf(bio_err, 722 BIO_printf(bio_err,
723 "error loading the config file '%s'\n", 723 "error loading the config file '%s'\n",
724 ca_config.configfile); 724 cfg.configfile);
725 else 725 else
726 BIO_printf(bio_err, 726 BIO_printf(bio_err,
727 "error on line %ld of config file '%s'\n", 727 "error on line %ld of config file '%s'\n",
728 errorline, ca_config.configfile); 728 errorline, cfg.configfile);
729 goto err; 729 goto err;
730 } 730 }
731 free(tofree); 731 free(tofree);
732 tofree = NULL; 732 tofree = NULL;
733 733
734 /* Lets get the config section we are using */ 734 /* Lets get the config section we are using */
735 if (ca_config.section == NULL) { 735 if (cfg.section == NULL) {
736 ca_config.section = NCONF_get_string(conf, BASE_SECTION, 736 cfg.section = NCONF_get_string(conf, BASE_SECTION,
737 ENV_DEFAULT_CA); 737 ENV_DEFAULT_CA);
738 if (ca_config.section == NULL) { 738 if (cfg.section == NULL) {
739 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA); 739 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
740 goto err; 740 goto err;
741 } 741 }
@@ -765,7 +765,7 @@ ca_main(int argc, char **argv)
765 goto err; 765 goto err;
766 } 766 }
767 } 767 }
768 f = NCONF_get_string(conf, ca_config.section, STRING_MASK); 768 f = NCONF_get_string(conf, cfg.section, STRING_MASK);
769 if (f == NULL) 769 if (f == NULL)
770 ERR_clear_error(); 770 ERR_clear_error();
771 771
@@ -774,15 +774,15 @@ ca_main(int argc, char **argv)
774 "Invalid global string mask setting %s\n", f); 774 "Invalid global string mask setting %s\n", f);
775 goto err; 775 goto err;
776 } 776 }
777 if (ca_config.chtype != MBSTRING_UTF8) { 777 if (cfg.chtype != MBSTRING_UTF8) {
778 f = NCONF_get_string(conf, ca_config.section, UTF8_IN); 778 f = NCONF_get_string(conf, cfg.section, UTF8_IN);
779 if (f == NULL) 779 if (f == NULL)
780 ERR_clear_error(); 780 ERR_clear_error();
781 else if (strcmp(f, "yes") == 0) 781 else if (strcmp(f, "yes") == 0)
782 ca_config.chtype = MBSTRING_UTF8; 782 cfg.chtype = MBSTRING_UTF8;
783 } 783 }
784 db_attr.unique_subject = 1; 784 db_attr.unique_subject = 1;
785 p = NCONF_get_string(conf, ca_config.section, ENV_UNIQUE_SUBJECT); 785 p = NCONF_get_string(conf, cfg.section, ENV_UNIQUE_SUBJECT);
786 if (p != NULL) { 786 if (p != NULL) {
787 db_attr.unique_subject = parse_yesno(p, 1); 787 db_attr.unique_subject = parse_yesno(p, 1);
788 } else 788 } else
@@ -798,10 +798,10 @@ ca_main(int argc, char **argv)
798 } 798 }
799 /*****************************************************************/ 799 /*****************************************************************/
800 /* report status of cert with serial number given on command line */ 800 /* report status of cert with serial number given on command line */
801 if (ca_config.serial_status) { 801 if (cfg.serial_status) {
802 if ((dbfile = NCONF_get_string(conf, ca_config.section, 802 if ((dbfile = NCONF_get_string(conf, cfg.section,
803 ENV_DATABASE)) == NULL) { 803 ENV_DATABASE)) == NULL) {
804 lookup_fail(ca_config.section, ENV_DATABASE); 804 lookup_fail(cfg.section, ENV_DATABASE);
805 goto err; 805 goto err;
806 } 806 }
807 db = load_index(dbfile, &db_attr); 807 db = load_index(dbfile, &db_attr);
@@ -811,47 +811,47 @@ ca_main(int argc, char **argv)
811 if (!index_index(db)) 811 if (!index_index(db))
812 goto err; 812 goto err;
813 813
814 if (get_certificate_status(ca_config.serial_status, db) != 1) 814 if (get_certificate_status(cfg.serial_status, db) != 1)
815 BIO_printf(bio_err, "Error verifying serial %s!\n", 815 BIO_printf(bio_err, "Error verifying serial %s!\n",
816 ca_config.serial_status); 816 cfg.serial_status);
817 goto err; 817 goto err;
818 } 818 }
819 /*****************************************************************/ 819 /*****************************************************************/
820 /* we definitely need a private key, so let's get it */ 820 /* we definitely need a private key, so let's get it */
821 821
822 if ((ca_config.keyfile == NULL) && 822 if ((cfg.keyfile == NULL) &&
823 ((ca_config.keyfile = NCONF_get_string(conf, ca_config.section, 823 ((cfg.keyfile = NCONF_get_string(conf, cfg.section,
824 ENV_PRIVATE_KEY)) == NULL)) { 824 ENV_PRIVATE_KEY)) == NULL)) {
825 lookup_fail(ca_config.section, ENV_PRIVATE_KEY); 825 lookup_fail(cfg.section, ENV_PRIVATE_KEY);
826 goto err; 826 goto err;
827 } 827 }
828 if (ca_config.key == NULL) { 828 if (cfg.key == NULL) {
829 free_key = 1; 829 free_key = 1;
830 if (!app_passwd(bio_err, ca_config.passargin, NULL, 830 if (!app_passwd(bio_err, cfg.passargin, NULL,
831 &ca_config.key, NULL)) { 831 &cfg.key, NULL)) {
832 BIO_printf(bio_err, "Error getting password\n"); 832 BIO_printf(bio_err, "Error getting password\n");
833 goto err; 833 goto err;
834 } 834 }
835 } 835 }
836 pkey = load_key(bio_err, ca_config.keyfile, ca_config.keyform, 0, 836 pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0,
837 ca_config.key, "CA private key"); 837 cfg.key, "CA private key");
838 if (ca_config.key != NULL) 838 if (cfg.key != NULL)
839 explicit_bzero(ca_config.key, strlen(ca_config.key)); 839 explicit_bzero(cfg.key, strlen(cfg.key));
840 if (pkey == NULL) { 840 if (pkey == NULL) {
841 /* load_key() has already printed an appropriate message */ 841 /* load_key() has already printed an appropriate message */
842 goto err; 842 goto err;
843 } 843 }
844 /*****************************************************************/ 844 /*****************************************************************/
845 /* we need a certificate */ 845 /* we need a certificate */
846 if (!ca_config.selfsign || ca_config.spkac_file != NULL || 846 if (!cfg.selfsign || cfg.spkac_file != NULL ||
847 ca_config.ss_cert_file != NULL || ca_config.gencrl) { 847 cfg.ss_cert_file != NULL || cfg.gencrl) {
848 if ((ca_config.certfile == NULL) && 848 if ((cfg.certfile == NULL) &&
849 ((ca_config.certfile = NCONF_get_string(conf, 849 ((cfg.certfile = NCONF_get_string(conf,
850 ca_config.section, ENV_CERTIFICATE)) == NULL)) { 850 cfg.section, ENV_CERTIFICATE)) == NULL)) {
851 lookup_fail(ca_config.section, ENV_CERTIFICATE); 851 lookup_fail(cfg.section, ENV_CERTIFICATE);
852 goto err; 852 goto err;
853 } 853 }
854 x509 = load_cert(bio_err, ca_config.certfile, FORMAT_PEM, NULL, 854 x509 = load_cert(bio_err, cfg.certfile, FORMAT_PEM, NULL,
855 "CA certificate"); 855 "CA certificate");
856 if (x509 == NULL) 856 if (x509 == NULL)
857 goto err; 857 goto err;
@@ -862,21 +862,21 @@ ca_main(int argc, char **argv)
862 goto err; 862 goto err;
863 } 863 }
864 } 864 }
865 if (!ca_config.selfsign) 865 if (!cfg.selfsign)
866 x509p = x509; 866 x509p = x509;
867 867
868 f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE); 868 f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
869 if (f == NULL) 869 if (f == NULL)
870 ERR_clear_error(); 870 ERR_clear_error();
871 if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 871 if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
872 ca_config.preserve = 1; 872 cfg.preserve = 1;
873 f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK); 873 f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
874 if (f == NULL) 874 if (f == NULL)
875 ERR_clear_error(); 875 ERR_clear_error();
876 if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 876 if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
877 ca_config.msie_hack = 1; 877 cfg.msie_hack = 1;
878 878
879 f = NCONF_get_string(conf, ca_config.section, ENV_NAMEOPT); 879 f = NCONF_get_string(conf, cfg.section, ENV_NAMEOPT);
880 880
881 if (f != NULL) { 881 if (f != NULL) {
882 if (!set_name_ex(&nameopt, f)) { 882 if (!set_name_ex(&nameopt, f)) {
@@ -888,7 +888,7 @@ ca_main(int argc, char **argv)
888 } else 888 } else
889 ERR_clear_error(); 889 ERR_clear_error();
890 890
891 f = NCONF_get_string(conf, ca_config.section, ENV_CERTOPT); 891 f = NCONF_get_string(conf, cfg.section, ENV_CERTOPT);
892 892
893 if (f != NULL) { 893 if (f != NULL) {
894 if (!set_cert_ex(&certopt, f)) { 894 if (!set_cert_ex(&certopt, f)) {
@@ -900,7 +900,7 @@ ca_main(int argc, char **argv)
900 } else 900 } else
901 ERR_clear_error(); 901 ERR_clear_error();
902 902
903 f = NCONF_get_string(conf, ca_config.section, ENV_EXTCOPY); 903 f = NCONF_get_string(conf, cfg.section, ENV_EXTCOPY);
904 904
905 if (f != NULL) { 905 if (f != NULL) {
906 if (!set_ext_copy(&ext_copy, f)) { 906 if (!set_ext_copy(&ext_copy, f)) {
@@ -913,9 +913,9 @@ ca_main(int argc, char **argv)
913 913
914 /*****************************************************************/ 914 /*****************************************************************/
915 /* lookup where to write new certificates */ 915 /* lookup where to write new certificates */
916 if (ca_config.outdir == NULL && ca_config.req) { 916 if (cfg.outdir == NULL && cfg.req) {
917 if ((ca_config.outdir = NCONF_get_string(conf, 917 if ((cfg.outdir = NCONF_get_string(conf,
918 ca_config.section, ENV_NEW_CERTS_DIR)) == NULL) { 918 cfg.section, ENV_NEW_CERTS_DIR)) == NULL) {
919 BIO_printf(bio_err, "output directory %s not defined\n", 919 BIO_printf(bio_err, "output directory %s not defined\n",
920 ENV_NEW_CERTS_DIR); 920 ENV_NEW_CERTS_DIR);
921 goto err; 921 goto err;
@@ -923,9 +923,9 @@ ca_main(int argc, char **argv)
923 } 923 }
924 /*****************************************************************/ 924 /*****************************************************************/
925 /* we need to load the database file */ 925 /* we need to load the database file */
926 if ((dbfile = NCONF_get_string(conf, ca_config.section, 926 if ((dbfile = NCONF_get_string(conf, cfg.section,
927 ENV_DATABASE)) == NULL) { 927 ENV_DATABASE)) == NULL) {
928 lookup_fail(ca_config.section, ENV_DATABASE); 928 lookup_fail(cfg.section, ENV_DATABASE);
929 goto err; 929 goto err;
930 } 930 }
931 db = load_index(dbfile, &db_attr); 931 db = load_index(dbfile, &db_attr);
@@ -976,7 +976,7 @@ ca_main(int argc, char **argv)
976 p++; 976 p++;
977 } 977 }
978 } 978 }
979 if (ca_config.verbose) { 979 if (cfg.verbose) {
980 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 980 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
981 TXT_DB_write(out, db->db); 981 TXT_DB_write(out, db->db);
982 BIO_printf(bio_err, "%d entries loaded from the database\n", 982 BIO_printf(bio_err, "%d entries loaded from the database\n",
@@ -988,8 +988,8 @@ ca_main(int argc, char **argv)
988 988
989 /*****************************************************************/ 989 /*****************************************************************/
990 /* Update the db file for expired certificates */ 990 /* Update the db file for expired certificates */
991 if (ca_config.doupdatedb) { 991 if (cfg.doupdatedb) {
992 if (ca_config.verbose) 992 if (cfg.verbose)
993 BIO_printf(bio_err, "Updating %s ...\n", dbfile); 993 BIO_printf(bio_err, "Updating %s ...\n", dbfile);
994 994
995 i = do_updatedb(db); 995 i = do_updatedb(db);
@@ -997,7 +997,7 @@ ca_main(int argc, char **argv)
997 BIO_printf(bio_err, "Malloc failure\n"); 997 BIO_printf(bio_err, "Malloc failure\n");
998 goto err; 998 goto err;
999 } else if (i == 0) { 999 } else if (i == 0) {
1000 if (ca_config.verbose) 1000 if (cfg.verbose)
1001 BIO_printf(bio_err, 1001 BIO_printf(bio_err,
1002 "No entries found to mark expired\n"); 1002 "No entries found to mark expired\n");
1003 } else { 1003 } else {
@@ -1007,92 +1007,92 @@ ca_main(int argc, char **argv)
1007 if (!rotate_index(dbfile, "new", "old")) 1007 if (!rotate_index(dbfile, "new", "old"))
1008 goto err; 1008 goto err;
1009 1009
1010 if (ca_config.verbose) 1010 if (cfg.verbose)
1011 BIO_printf(bio_err, 1011 BIO_printf(bio_err,
1012 "Done. %d entries marked as expired\n", i); 1012 "Done. %d entries marked as expired\n", i);
1013 } 1013 }
1014 } 1014 }
1015 /*****************************************************************/ 1015 /*****************************************************************/
1016 /* Read extentions config file */ 1016 /* Read extentions config file */
1017 if (ca_config.extfile != NULL) { 1017 if (cfg.extfile != NULL) {
1018 extconf = NCONF_new(NULL); 1018 extconf = NCONF_new(NULL);
1019 if (NCONF_load(extconf, ca_config.extfile, &errorline) <= 0) { 1019 if (NCONF_load(extconf, cfg.extfile, &errorline) <= 0) {
1020 if (errorline <= 0) 1020 if (errorline <= 0)
1021 BIO_printf(bio_err, 1021 BIO_printf(bio_err,
1022 "ERROR: loading the config file '%s'\n", 1022 "ERROR: loading the config file '%s'\n",
1023 ca_config.extfile); 1023 cfg.extfile);
1024 else 1024 else
1025 BIO_printf(bio_err, 1025 BIO_printf(bio_err,
1026 "ERROR: on line %ld of config file '%s'\n", 1026 "ERROR: on line %ld of config file '%s'\n",
1027 errorline, ca_config.extfile); 1027 errorline, cfg.extfile);
1028 ret = 1; 1028 ret = 1;
1029 goto err; 1029 goto err;
1030 } 1030 }
1031 if (ca_config.verbose) 1031 if (cfg.verbose)
1032 BIO_printf(bio_err, 1032 BIO_printf(bio_err,
1033 "Successfully loaded extensions file %s\n", 1033 "Successfully loaded extensions file %s\n",
1034 ca_config.extfile); 1034 cfg.extfile);
1035 1035
1036 /* We can have sections in the ext file */ 1036 /* We can have sections in the ext file */
1037 if (ca_config.extensions == NULL && 1037 if (cfg.extensions == NULL &&
1038 (ca_config.extensions = NCONF_get_string(extconf, "default", 1038 (cfg.extensions = NCONF_get_string(extconf, "default",
1039 "extensions")) == NULL) 1039 "extensions")) == NULL)
1040 ca_config.extensions = "default"; 1040 cfg.extensions = "default";
1041 } 1041 }
1042 /*****************************************************************/ 1042 /*****************************************************************/
1043 if (ca_config.req || ca_config.gencrl) { 1043 if (cfg.req || cfg.gencrl) {
1044 if (ca_config.outfile != NULL) { 1044 if (cfg.outfile != NULL) {
1045 if (BIO_write_filename(Sout, ca_config.outfile) <= 0) { 1045 if (BIO_write_filename(Sout, cfg.outfile) <= 0) {
1046 perror(ca_config.outfile); 1046 perror(cfg.outfile);
1047 goto err; 1047 goto err;
1048 } 1048 }
1049 } else { 1049 } else {
1050 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 1050 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1051 } 1051 }
1052 } 1052 }
1053 if ((ca_config.md == NULL) && 1053 if ((cfg.md == NULL) &&
1054 ((ca_config.md = NCONF_get_string(conf, ca_config.section, 1054 ((cfg.md = NCONF_get_string(conf, cfg.section,
1055 ENV_DEFAULT_MD)) == NULL)) { 1055 ENV_DEFAULT_MD)) == NULL)) {
1056 lookup_fail(ca_config.section, ENV_DEFAULT_MD); 1056 lookup_fail(cfg.section, ENV_DEFAULT_MD);
1057 goto err; 1057 goto err;
1058 } 1058 }
1059 if (strcmp(ca_config.md, "default") == 0) { 1059 if (strcmp(cfg.md, "default") == 0) {
1060 int def_nid; 1060 int def_nid;
1061 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { 1061 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
1062 BIO_puts(bio_err, "no default digest\n"); 1062 BIO_puts(bio_err, "no default digest\n");
1063 goto err; 1063 goto err;
1064 } 1064 }
1065 ca_config.md = (char *) OBJ_nid2sn(def_nid); 1065 cfg.md = (char *) OBJ_nid2sn(def_nid);
1066 if (ca_config.md == NULL) 1066 if (cfg.md == NULL)
1067 goto err; 1067 goto err;
1068 } 1068 }
1069 if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) { 1069 if ((dgst = EVP_get_digestbyname(cfg.md)) == NULL) {
1070 BIO_printf(bio_err, 1070 BIO_printf(bio_err,
1071 "%s is an unsupported message digest type\n", ca_config.md); 1071 "%s is an unsupported message digest type\n", cfg.md);
1072 goto err; 1072 goto err;
1073 } 1073 }
1074 if (ca_config.req) { 1074 if (cfg.req) {
1075 if ((ca_config.email_dn == 1) && 1075 if ((cfg.email_dn == 1) &&
1076 ((tmp_email_dn = NCONF_get_string(conf, ca_config.section, 1076 ((tmp_email_dn = NCONF_get_string(conf, cfg.section,
1077 ENV_DEFAULT_EMAIL_DN)) != NULL)) { 1077 ENV_DEFAULT_EMAIL_DN)) != NULL)) {
1078 if (strcmp(tmp_email_dn, "no") == 0) 1078 if (strcmp(tmp_email_dn, "no") == 0)
1079 ca_config.email_dn = 0; 1079 cfg.email_dn = 0;
1080 } 1080 }
1081 if (ca_config.verbose) 1081 if (cfg.verbose)
1082 BIO_printf(bio_err, "message digest is %s\n", 1082 BIO_printf(bio_err, "message digest is %s\n",
1083 OBJ_nid2ln(EVP_MD_type(dgst))); 1083 OBJ_nid2ln(EVP_MD_type(dgst)));
1084 if ((ca_config.policy == NULL) && 1084 if ((cfg.policy == NULL) &&
1085 ((ca_config.policy = NCONF_get_string(conf, 1085 ((cfg.policy = NCONF_get_string(conf,
1086 ca_config.section, ENV_POLICY)) == NULL)) { 1086 cfg.section, ENV_POLICY)) == NULL)) {
1087 lookup_fail(ca_config.section, ENV_POLICY); 1087 lookup_fail(cfg.section, ENV_POLICY);
1088 goto err; 1088 goto err;
1089 } 1089 }
1090 if (ca_config.verbose) 1090 if (cfg.verbose)
1091 BIO_printf(bio_err, "policy is %s\n", ca_config.policy); 1091 BIO_printf(bio_err, "policy is %s\n", cfg.policy);
1092 1092
1093 if ((serialfile = NCONF_get_string(conf, ca_config.section, 1093 if ((serialfile = NCONF_get_string(conf, cfg.section,
1094 ENV_SERIAL)) == NULL) { 1094 ENV_SERIAL)) == NULL) {
1095 lookup_fail(ca_config.section, ENV_SERIAL); 1095 lookup_fail(cfg.section, ENV_SERIAL);
1096 goto err; 1096 goto err;
1097 } 1097 }
1098 if (extconf == NULL) { 1098 if (extconf == NULL) {
@@ -1100,59 +1100,59 @@ ca_main(int argc, char **argv)
1100 * no '-extfile' option, so we look for extensions in 1100 * no '-extfile' option, so we look for extensions in
1101 * the main configuration file 1101 * the main configuration file
1102 */ 1102 */
1103 if (ca_config.extensions == NULL) { 1103 if (cfg.extensions == NULL) {
1104 ca_config.extensions = NCONF_get_string(conf, 1104 cfg.extensions = NCONF_get_string(conf,
1105 ca_config.section, ENV_EXTENSIONS); 1105 cfg.section, ENV_EXTENSIONS);
1106 if (ca_config.extensions == NULL) 1106 if (cfg.extensions == NULL)
1107 ERR_clear_error(); 1107 ERR_clear_error();
1108 } 1108 }
1109 if (ca_config.extensions != NULL) { 1109 if (cfg.extensions != NULL) {
1110 /* Check syntax of file */ 1110 /* Check syntax of file */
1111 X509V3_CTX ctx; 1111 X509V3_CTX ctx;
1112 X509V3_set_ctx_test(&ctx); 1112 X509V3_set_ctx_test(&ctx);
1113 X509V3_set_nconf(&ctx, conf); 1113 X509V3_set_nconf(&ctx, conf);
1114 if (!X509V3_EXT_add_nconf(conf, &ctx, 1114 if (!X509V3_EXT_add_nconf(conf, &ctx,
1115 ca_config.extensions, NULL)) { 1115 cfg.extensions, NULL)) {
1116 BIO_printf(bio_err, 1116 BIO_printf(bio_err,
1117 "Error Loading extension section %s\n", 1117 "Error Loading extension section %s\n",
1118 ca_config.extensions); 1118 cfg.extensions);
1119 ret = 1; 1119 ret = 1;
1120 goto err; 1120 goto err;
1121 } 1121 }
1122 } 1122 }
1123 } 1123 }
1124 if (ca_config.startdate == NULL) { 1124 if (cfg.startdate == NULL) {
1125 ca_config.startdate = NCONF_get_string(conf, 1125 cfg.startdate = NCONF_get_string(conf,
1126 ca_config.section, ENV_DEFAULT_STARTDATE); 1126 cfg.section, ENV_DEFAULT_STARTDATE);
1127 if (ca_config.startdate == NULL) 1127 if (cfg.startdate == NULL)
1128 ERR_clear_error(); 1128 ERR_clear_error();
1129 } 1129 }
1130 if (ca_config.startdate == NULL) 1130 if (cfg.startdate == NULL)
1131 ca_config.startdate = "today"; 1131 cfg.startdate = "today";
1132 1132
1133 if (ca_config.enddate == NULL) { 1133 if (cfg.enddate == NULL) {
1134 ca_config.enddate = NCONF_get_string(conf, 1134 cfg.enddate = NCONF_get_string(conf,
1135 ca_config.section, ENV_DEFAULT_ENDDATE); 1135 cfg.section, ENV_DEFAULT_ENDDATE);
1136 if (ca_config.enddate == NULL) 1136 if (cfg.enddate == NULL)
1137 ERR_clear_error(); 1137 ERR_clear_error();
1138 } 1138 }
1139 if (ca_config.days == 0 && ca_config.enddate == NULL) { 1139 if (cfg.days == 0 && cfg.enddate == NULL) {
1140 if (!NCONF_get_number(conf, ca_config.section, 1140 if (!NCONF_get_number(conf, cfg.section,
1141 ENV_DEFAULT_DAYS, &ca_config.days)) 1141 ENV_DEFAULT_DAYS, &cfg.days))
1142 ca_config.days = 0; 1142 cfg.days = 0;
1143 } 1143 }
1144 if (ca_config.enddate == NULL && ca_config.days == 0) { 1144 if (cfg.enddate == NULL && cfg.days == 0) {
1145 BIO_printf(bio_err, 1145 BIO_printf(bio_err,
1146 "cannot lookup how many days to certify for\n"); 1146 "cannot lookup how many days to certify for\n");
1147 goto err; 1147 goto err;
1148 } 1148 }
1149 if ((serial = load_serial(serialfile, ca_config.create_serial, 1149 if ((serial = load_serial(serialfile, cfg.create_serial,
1150 NULL)) == NULL) { 1150 NULL)) == NULL) {
1151 BIO_printf(bio_err, 1151 BIO_printf(bio_err,
1152 "error while loading serial number\n"); 1152 "error while loading serial number\n");
1153 goto err; 1153 goto err;
1154 } 1154 }
1155 if (ca_config.verbose) { 1155 if (cfg.verbose) {
1156 if (BN_is_zero(serial)) 1156 if (BN_is_zero(serial))
1157 BIO_printf(bio_err, 1157 BIO_printf(bio_err,
1158 "next serial number is 00\n"); 1158 "next serial number is 00\n");
@@ -1164,25 +1164,25 @@ ca_main(int argc, char **argv)
1164 free(f); 1164 free(f);
1165 } 1165 }
1166 } 1166 }
1167 if ((attribs = NCONF_get_section(conf, ca_config.policy)) == 1167 if ((attribs = NCONF_get_section(conf, cfg.policy)) ==
1168 NULL) { 1168 NULL) {
1169 BIO_printf(bio_err, "unable to find 'section' for %s\n", 1169 BIO_printf(bio_err, "unable to find 'section' for %s\n",
1170 ca_config.policy); 1170 cfg.policy);
1171 goto err; 1171 goto err;
1172 } 1172 }
1173 if ((cert_sk = sk_X509_new_null()) == NULL) { 1173 if ((cert_sk = sk_X509_new_null()) == NULL) {
1174 BIO_printf(bio_err, "Memory allocation failure\n"); 1174 BIO_printf(bio_err, "Memory allocation failure\n");
1175 goto err; 1175 goto err;
1176 } 1176 }
1177 if (ca_config.spkac_file != NULL) { 1177 if (cfg.spkac_file != NULL) {
1178 total++; 1178 total++;
1179 j = certify_spkac(&x, ca_config.spkac_file, pkey, x509, 1179 j = certify_spkac(&x, cfg.spkac_file, pkey, x509,
1180 dgst, ca_config.sigopts, attribs, db, serial, 1180 dgst, cfg.sigopts, attribs, db, serial,
1181 ca_config.subj, ca_config.chtype, 1181 cfg.subj, cfg.chtype,
1182 ca_config.multirdn, ca_config.email_dn, 1182 cfg.multirdn, cfg.email_dn,
1183 ca_config.startdate, ca_config.enddate, 1183 cfg.startdate, cfg.enddate,
1184 ca_config.days, ca_config.extensions, conf, 1184 cfg.days, cfg.extensions, conf,
1185 ca_config.verbose, certopt, nameopt, default_op, 1185 cfg.verbose, certopt, nameopt, default_op,
1186 ext_copy); 1186 ext_copy);
1187 if (j < 0) 1187 if (j < 0)
1188 goto err; 1188 goto err;
@@ -1196,21 +1196,21 @@ ca_main(int argc, char **argv)
1196 "Memory allocation failure\n"); 1196 "Memory allocation failure\n");
1197 goto err; 1197 goto err;
1198 } 1198 }
1199 if (ca_config.outfile != NULL) { 1199 if (cfg.outfile != NULL) {
1200 output_der = 1; 1200 output_der = 1;
1201 ca_config.batch = 1; 1201 cfg.batch = 1;
1202 } 1202 }
1203 } 1203 }
1204 } 1204 }
1205 if (ca_config.ss_cert_file != NULL) { 1205 if (cfg.ss_cert_file != NULL) {
1206 total++; 1206 total++;
1207 j = certify_cert(&x, ca_config.ss_cert_file, pkey, x509, 1207 j = certify_cert(&x, cfg.ss_cert_file, pkey, x509,
1208 dgst, ca_config.sigopts, attribs, db, serial, 1208 dgst, cfg.sigopts, attribs, db, serial,
1209 ca_config.subj, ca_config.chtype, 1209 cfg.subj, cfg.chtype,
1210 ca_config.multirdn, ca_config.email_dn, 1210 cfg.multirdn, cfg.email_dn,
1211 ca_config.startdate, ca_config.enddate, 1211 cfg.startdate, cfg.enddate,
1212 ca_config.days, ca_config.batch, 1212 cfg.days, cfg.batch,
1213 ca_config.extensions, conf, ca_config.verbose, 1213 cfg.extensions, conf, cfg.verbose,
1214 certopt, nameopt, default_op, ext_copy); 1214 certopt, nameopt, default_op, ext_copy);
1215 if (j < 0) 1215 if (j < 0)
1216 goto err; 1216 goto err;
@@ -1226,17 +1226,17 @@ ca_main(int argc, char **argv)
1226 } 1226 }
1227 } 1227 }
1228 } 1228 }
1229 if (ca_config.infile != NULL) { 1229 if (cfg.infile != NULL) {
1230 total++; 1230 total++;
1231 j = certify(&x, ca_config.infile, pkey, x509p, dgst, 1231 j = certify(&x, cfg.infile, pkey, x509p, dgst,
1232 ca_config.sigopts, attribs, db, serial, 1232 cfg.sigopts, attribs, db, serial,
1233 ca_config.subj, ca_config.chtype, 1233 cfg.subj, cfg.chtype,
1234 ca_config.multirdn, ca_config.email_dn, 1234 cfg.multirdn, cfg.email_dn,
1235 ca_config.startdate, ca_config.enddate, 1235 cfg.startdate, cfg.enddate,
1236 ca_config.days, ca_config.batch, 1236 cfg.days, cfg.batch,
1237 ca_config.extensions, conf, ca_config.verbose, 1237 cfg.extensions, conf, cfg.verbose,
1238 certopt, nameopt, default_op, ext_copy, 1238 certopt, nameopt, default_op, ext_copy,
1239 ca_config.selfsign); 1239 cfg.selfsign);
1240 if (j < 0) 1240 if (j < 0)
1241 goto err; 1241 goto err;
1242 if (j > 0) { 1242 if (j > 0) {
@@ -1251,17 +1251,17 @@ ca_main(int argc, char **argv)
1251 } 1251 }
1252 } 1252 }
1253 } 1253 }
1254 for (i = 0; i < ca_config.infiles_num; i++) { 1254 for (i = 0; i < cfg.infiles_num; i++) {
1255 total++; 1255 total++;
1256 j = certify(&x, ca_config.infiles[i], pkey, x509p, dgst, 1256 j = certify(&x, cfg.infiles[i], pkey, x509p, dgst,
1257 ca_config.sigopts, attribs, db, serial, 1257 cfg.sigopts, attribs, db, serial,
1258 ca_config.subj, ca_config.chtype, 1258 cfg.subj, cfg.chtype,
1259 ca_config.multirdn, ca_config.email_dn, 1259 cfg.multirdn, cfg.email_dn,
1260 ca_config.startdate, ca_config.enddate, 1260 cfg.startdate, cfg.enddate,
1261 ca_config.days, ca_config.batch, 1261 cfg.days, cfg.batch,
1262 ca_config.extensions, conf, ca_config.verbose, 1262 cfg.extensions, conf, cfg.verbose,
1263 certopt, nameopt, default_op, ext_copy, 1263 certopt, nameopt, default_op, ext_copy,
1264 ca_config.selfsign); 1264 cfg.selfsign);
1265 if (j < 0) 1265 if (j < 0)
1266 goto err; 1266 goto err;
1267 if (j > 0) { 1267 if (j > 0) {
@@ -1282,7 +1282,7 @@ ca_main(int argc, char **argv)
1282 */ 1282 */
1283 1283
1284 if (sk_X509_num(cert_sk) > 0) { 1284 if (sk_X509_num(cert_sk) > 0) {
1285 if (!ca_config.batch) { 1285 if (!cfg.batch) {
1286 char answer[10]; 1286 char answer[10];
1287 1287
1288 BIO_printf(bio_err, 1288 BIO_printf(bio_err,
@@ -1313,7 +1313,7 @@ ca_main(int argc, char **argv)
1313 if (!save_index(dbfile, "new", db)) 1313 if (!save_index(dbfile, "new", db))
1314 goto err; 1314 goto err;
1315 } 1315 }
1316 if (ca_config.verbose) 1316 if (cfg.verbose)
1317 BIO_printf(bio_err, "writing new certificates\n"); 1317 BIO_printf(bio_err, "writing new certificates\n");
1318 for (i = 0; i < sk_X509_num(cert_sk); i++) { 1318 for (i = 0; i < sk_X509_num(cert_sk); i++) {
1319 ASN1_INTEGER *serialNumber; 1319 ASN1_INTEGER *serialNumber;
@@ -1334,7 +1334,7 @@ ca_main(int argc, char **argv)
1334 serialstr = strdup("00"); 1334 serialstr = strdup("00");
1335 if (serialstr != NULL) { 1335 if (serialstr != NULL) {
1336 k = snprintf(pempath, sizeof(pempath), 1336 k = snprintf(pempath, sizeof(pempath),
1337 "%s/%s.pem", ca_config.outdir, serialstr); 1337 "%s/%s.pem", cfg.outdir, serialstr);
1338 free(serialstr); 1338 free(serialstr);
1339 if (k < 0 || k >= sizeof(pempath)) { 1339 if (k < 0 || k >= sizeof(pempath)) {
1340 BIO_printf(bio_err, 1340 BIO_printf(bio_err,
@@ -1346,7 +1346,7 @@ ca_main(int argc, char **argv)
1346 "memory allocation failed\n"); 1346 "memory allocation failed\n");
1347 goto err; 1347 goto err;
1348 } 1348 }
1349 if (ca_config.verbose) 1349 if (cfg.verbose)
1350 BIO_printf(bio_err, "writing %s\n", pempath); 1350 BIO_printf(bio_err, "writing %s\n", pempath);
1351 1351
1352 if (BIO_write_filename(Cout, pempath) <= 0) { 1352 if (BIO_write_filename(Cout, pempath) <= 0) {
@@ -1354,10 +1354,10 @@ ca_main(int argc, char **argv)
1354 goto err; 1354 goto err;
1355 } 1355 }
1356 if (!write_new_certificate(Cout, x, 0, 1356 if (!write_new_certificate(Cout, x, 0,
1357 ca_config.notext)) 1357 cfg.notext))
1358 goto err; 1358 goto err;
1359 if (!write_new_certificate(Sout, x, output_der, 1359 if (!write_new_certificate(Sout, x, output_der,
1360 ca_config.notext)) 1360 cfg.notext))
1361 goto err; 1361 goto err;
1362 } 1362 }
1363 1363
@@ -1373,29 +1373,29 @@ ca_main(int argc, char **argv)
1373 } 1373 }
1374 } 1374 }
1375 /*****************************************************************/ 1375 /*****************************************************************/
1376 if (ca_config.gencrl) { 1376 if (cfg.gencrl) {
1377 int crl_v2 = 0; 1377 int crl_v2 = 0;
1378 if (ca_config.crl_ext == NULL) { 1378 if (cfg.crl_ext == NULL) {
1379 ca_config.crl_ext = NCONF_get_string(conf, 1379 cfg.crl_ext = NCONF_get_string(conf,
1380 ca_config.section, ENV_CRLEXT); 1380 cfg.section, ENV_CRLEXT);
1381 if (ca_config.crl_ext == NULL) 1381 if (cfg.crl_ext == NULL)
1382 ERR_clear_error(); 1382 ERR_clear_error();
1383 } 1383 }
1384 if (ca_config.crl_ext != NULL) { 1384 if (cfg.crl_ext != NULL) {
1385 /* Check syntax of file */ 1385 /* Check syntax of file */
1386 X509V3_CTX ctx; 1386 X509V3_CTX ctx;
1387 X509V3_set_ctx_test(&ctx); 1387 X509V3_set_ctx_test(&ctx);
1388 X509V3_set_nconf(&ctx, conf); 1388 X509V3_set_nconf(&ctx, conf);
1389 if (!X509V3_EXT_add_nconf(conf, &ctx, ca_config.crl_ext, 1389 if (!X509V3_EXT_add_nconf(conf, &ctx, cfg.crl_ext,
1390 NULL)) { 1390 NULL)) {
1391 BIO_printf(bio_err, 1391 BIO_printf(bio_err,
1392 "Error Loading CRL extension section %s\n", 1392 "Error Loading CRL extension section %s\n",
1393 ca_config.crl_ext); 1393 cfg.crl_ext);
1394 ret = 1; 1394 ret = 1;
1395 goto err; 1395 goto err;
1396 } 1396 }
1397 } 1397 }
1398 if ((crlnumberfile = NCONF_get_string(conf, ca_config.section, 1398 if ((crlnumberfile = NCONF_get_string(conf, cfg.section,
1399 ENV_CRLNUMBER)) != NULL) 1399 ENV_CRLNUMBER)) != NULL)
1400 if ((crlnumber = load_serial(crlnumberfile, 0, 1400 if ((crlnumber = load_serial(crlnumberfile, 0,
1401 NULL)) == NULL) { 1401 NULL)) == NULL) {
@@ -1403,23 +1403,23 @@ ca_main(int argc, char **argv)
1403 "error while loading CRL number\n"); 1403 "error while loading CRL number\n");
1404 goto err; 1404 goto err;
1405 } 1405 }
1406 if (!ca_config.crldays && !ca_config.crlhours && 1406 if (!cfg.crldays && !cfg.crlhours &&
1407 !ca_config.crlsec) { 1407 !cfg.crlsec) {
1408 if (!NCONF_get_number(conf, ca_config.section, 1408 if (!NCONF_get_number(conf, cfg.section,
1409 ENV_DEFAULT_CRL_DAYS, &ca_config.crldays)) 1409 ENV_DEFAULT_CRL_DAYS, &cfg.crldays))
1410 ca_config.crldays = 0; 1410 cfg.crldays = 0;
1411 if (!NCONF_get_number(conf, ca_config.section, 1411 if (!NCONF_get_number(conf, cfg.section,
1412 ENV_DEFAULT_CRL_HOURS, &ca_config.crlhours)) 1412 ENV_DEFAULT_CRL_HOURS, &cfg.crlhours))
1413 ca_config.crlhours = 0; 1413 cfg.crlhours = 0;
1414 ERR_clear_error(); 1414 ERR_clear_error();
1415 } 1415 }
1416 if ((ca_config.crldays == 0) && (ca_config.crlhours == 0) && 1416 if ((cfg.crldays == 0) && (cfg.crlhours == 0) &&
1417 (ca_config.crlsec == 0)) { 1417 (cfg.crlsec == 0)) {
1418 BIO_printf(bio_err, 1418 BIO_printf(bio_err,
1419 "cannot lookup how long until the next CRL is issued\n"); 1419 "cannot lookup how long until the next CRL is issued\n");
1420 goto err; 1420 goto err;
1421 } 1421 }
1422 if (ca_config.verbose) 1422 if (cfg.verbose)
1423 BIO_printf(bio_err, "making CRL\n"); 1423 BIO_printf(bio_err, "making CRL\n");
1424 if ((crl = X509_CRL_new()) == NULL) 1424 if ((crl = X509_CRL_new()) == NULL)
1425 goto err; 1425 goto err;
@@ -1430,8 +1430,8 @@ ca_main(int argc, char **argv)
1430 goto err; 1430 goto err;
1431 if (!X509_CRL_set_lastUpdate(crl, tmptm)) 1431 if (!X509_CRL_set_lastUpdate(crl, tmptm))
1432 goto err; 1432 goto err;
1433 if (X509_time_adj_ex(tmptm, ca_config.crldays, 1433 if (X509_time_adj_ex(tmptm, cfg.crldays,
1434 ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) == 1434 cfg.crlhours * 60 * 60 + cfg.crlsec, NULL) ==
1435 NULL) { 1435 NULL) {
1436 BIO_puts(bio_err, "error setting CRL nextUpdate\n"); 1436 BIO_puts(bio_err, "error setting CRL nextUpdate\n");
1437 goto err; 1437 goto err;
@@ -1475,19 +1475,19 @@ ca_main(int argc, char **argv)
1475 X509_CRL_sort(crl); 1475 X509_CRL_sort(crl);
1476 1476
1477 /* we now have a CRL */ 1477 /* we now have a CRL */
1478 if (ca_config.verbose) 1478 if (cfg.verbose)
1479 BIO_printf(bio_err, "signing CRL\n"); 1479 BIO_printf(bio_err, "signing CRL\n");
1480 1480
1481 /* Add any extensions asked for */ 1481 /* Add any extensions asked for */
1482 1482
1483 if (ca_config.crl_ext != NULL || crlnumberfile != NULL) { 1483 if (cfg.crl_ext != NULL || crlnumberfile != NULL) {
1484 X509V3_CTX crlctx; 1484 X509V3_CTX crlctx;
1485 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); 1485 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
1486 X509V3_set_nconf(&crlctx, conf); 1486 X509V3_set_nconf(&crlctx, conf);
1487 1487
1488 if (ca_config.crl_ext != NULL) 1488 if (cfg.crl_ext != NULL)
1489 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, 1489 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
1490 ca_config.crl_ext, crl)) 1490 cfg.crl_ext, crl))
1491 goto err; 1491 goto err;
1492 if (crlnumberfile != NULL) { 1492 if (crlnumberfile != NULL) {
1493 tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL); 1493 tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL);
@@ -1504,7 +1504,7 @@ ca_main(int argc, char **argv)
1504 goto err; 1504 goto err;
1505 } 1505 }
1506 } 1506 }
1507 if (ca_config.crl_ext != NULL || crl_v2) { 1507 if (cfg.crl_ext != NULL || crl_v2) {
1508 if (!X509_CRL_set_version(crl, 1)) 1508 if (!X509_CRL_set_version(crl, 1))
1509 goto err; /* version 2 CRL */ 1509 goto err; /* version 2 CRL */
1510 } 1510 }
@@ -1517,7 +1517,7 @@ ca_main(int argc, char **argv)
1517 crlnumber = NULL; 1517 crlnumber = NULL;
1518 1518
1519 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, 1519 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst,
1520 ca_config.sigopts)) 1520 cfg.sigopts))
1521 goto err; 1521 goto err;
1522 1522
1523 if (!PEM_write_bio_X509_CRL(Sout, crl)) 1523 if (!PEM_write_bio_X509_CRL(Sout, crl))
@@ -1529,18 +1529,18 @@ ca_main(int argc, char **argv)
1529 1529
1530 } 1530 }
1531 /*****************************************************************/ 1531 /*****************************************************************/
1532 if (ca_config.dorevoke) { 1532 if (cfg.dorevoke) {
1533 if (ca_config.infile == NULL) { 1533 if (cfg.infile == NULL) {
1534 BIO_printf(bio_err, "no input files\n"); 1534 BIO_printf(bio_err, "no input files\n");
1535 goto err; 1535 goto err;
1536 } else { 1536 } else {
1537 X509 *revcert; 1537 X509 *revcert;
1538 revcert = load_cert(bio_err, ca_config.infile, 1538 revcert = load_cert(bio_err, cfg.infile,
1539 FORMAT_PEM, NULL, ca_config.infile); 1539 FORMAT_PEM, NULL, cfg.infile);
1540 if (revcert == NULL) 1540 if (revcert == NULL)
1541 goto err; 1541 goto err;
1542 j = do_revoke(revcert, db, ca_config.rev_type, 1542 j = do_revoke(revcert, db, cfg.rev_type,
1543 ca_config.rev_arg); 1543 cfg.rev_arg);
1544 if (j <= 0) 1544 if (j <= 0)
1545 goto err; 1545 goto err;
1546 X509_free(revcert); 1546 X509_free(revcert);
@@ -1570,11 +1570,11 @@ ca_main(int argc, char **argv)
1570 if (ret) 1570 if (ret)
1571 ERR_print_errors(bio_err); 1571 ERR_print_errors(bio_err);
1572 if (free_key) 1572 if (free_key)
1573 free(ca_config.key); 1573 free(cfg.key);
1574 BN_free(serial); 1574 BN_free(serial);
1575 BN_free(crlnumber); 1575 BN_free(crlnumber);
1576 free_index(db); 1576 free_index(db);
1577 sk_OPENSSL_STRING_free(ca_config.sigopts); 1577 sk_OPENSSL_STRING_free(cfg.sigopts);
1578 EVP_PKEY_free(pkey); 1578 EVP_PKEY_free(pkey);
1579 X509_free(x509); 1579 X509_free(x509);
1580 X509_CRL_free(crl); 1580 X509_CRL_free(crl);
@@ -1778,7 +1778,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1778 if (obj == NULL) 1778 if (obj == NULL)
1779 goto err; 1779 goto err;
1780 1780
1781 if (ca_config.msie_hack) { 1781 if (cfg.msie_hack) {
1782 /* assume all type should be strings */ 1782 /* assume all type should be strings */
1783 nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); 1783 nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
1784 if (nid == NID_undef) 1784 if (nid == NID_undef)
@@ -1940,7 +1940,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1940 } 1940 }
1941 } 1941 }
1942 1942
1943 if (ca_config.preserve) { 1943 if (cfg.preserve) {
1944 X509_NAME_free(subject); 1944 X509_NAME_free(subject);
1945 /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ 1945 /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
1946 subject = X509_NAME_dup(name); 1946 subject = X509_NAME_dup(name);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 00:27:56 +0000