summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorinoguchi <>2021-07-15 12:41:49 +0000
committerinoguchi <>2021-07-15 12:41:49 +0000
commit393913f70305174125c2a51b0096420de7c292f7 (patch)
treeab5f4c9d1f8d1c84f73e0583f36f5f301326eef6 /src
parent19c638444948306d88371953ff3d28f5ab16cc78 (diff)
downloadopenbsd-393913f70305174125c2a51b0096420de7c292f7.tar.gz
openbsd-393913f70305174125c2a51b0096420de7c292f7.tar.bz2
openbsd-393913f70305174125c2a51b0096420de7c292f7.zip
Wrap over 80 long lines in ca.c
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/ca.c237
1 files changed, 154 insertions, 83 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index cee7a9e56e..79bb9ac8b6 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.32 2021/07/15 11:43:27 inoguchi Exp $ */ 1/* $OpenBSD: ca.c,v 1.33 2021/07/15 12:41:49 inoguchi Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -716,7 +716,8 @@ ca_main(int argc, char **argv)
716 } 716 }
717 ca_config.configfile = tofree; 717 ca_config.configfile = tofree;
718 } 718 }
719 BIO_printf(bio_err, "Using configuration from %s\n", ca_config.configfile); 719 BIO_printf(bio_err, "Using configuration from %s\n",
720 ca_config.configfile);
720 conf = NCONF_new(NULL); 721 conf = NCONF_new(NULL);
721 if (NCONF_load(conf, ca_config.configfile, &errorline) <= 0) { 722 if (NCONF_load(conf, ca_config.configfile, &errorline) <= 0) {
722 if (errorline <= 0) 723 if (errorline <= 0)
@@ -734,7 +735,8 @@ ca_main(int argc, char **argv)
734 735
735 /* Lets get the config section we are using */ 736 /* Lets get the config section we are using */
736 if (ca_config.section == NULL) { 737 if (ca_config.section == NULL) {
737 ca_config.section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA); 738 ca_config.section = NCONF_get_string(conf, BASE_SECTION,
739 ENV_DEFAULT_CA);
738 if (ca_config.section == NULL) { 740 if (ca_config.section == NULL) {
739 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA); 741 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
740 goto err; 742 goto err;
@@ -819,19 +821,22 @@ ca_main(int argc, char **argv)
819 /*****************************************************************/ 821 /*****************************************************************/
820 /* we definitely need a private key, so let's get it */ 822 /* we definitely need a private key, so let's get it */
821 823
822 if ((ca_config.keyfile == NULL) && ((ca_config.keyfile = NCONF_get_string(conf, 824 if ((ca_config.keyfile == NULL) &&
823 ca_config.section, ENV_PRIVATE_KEY)) == NULL)) { 825 ((ca_config.keyfile = NCONF_get_string(conf, ca_config.section,
826 ENV_PRIVATE_KEY)) == NULL)) {
824 lookup_fail(ca_config.section, ENV_PRIVATE_KEY); 827 lookup_fail(ca_config.section, ENV_PRIVATE_KEY);
825 goto err; 828 goto err;
826 } 829 }
827 if (ca_config.key == NULL) { 830 if (ca_config.key == NULL) {
828 free_key = 1; 831 free_key = 1;
829 if (!app_passwd(bio_err, ca_config.passargin, NULL, &ca_config.key, NULL)) { 832 if (!app_passwd(bio_err, ca_config.passargin, NULL,
833 &ca_config.key, NULL)) {
830 BIO_printf(bio_err, "Error getting password\n"); 834 BIO_printf(bio_err, "Error getting password\n");
831 goto err; 835 goto err;
832 } 836 }
833 } 837 }
834 pkey = load_key(bio_err, ca_config.keyfile, ca_config.keyform, 0, ca_config.key, "CA private key"); 838 pkey = load_key(bio_err, ca_config.keyfile, ca_config.keyform, 0,
839 ca_config.key, "CA private key");
835 if (ca_config.key != NULL) 840 if (ca_config.key != NULL)
836 explicit_bzero(ca_config.key, strlen(ca_config.key)); 841 explicit_bzero(ca_config.key, strlen(ca_config.key));
837 if (pkey == NULL) { 842 if (pkey == NULL) {
@@ -840,7 +845,8 @@ ca_main(int argc, char **argv)
840 } 845 }
841 /*****************************************************************/ 846 /*****************************************************************/
842 /* we need a certificate */ 847 /* we need a certificate */
843 if (!ca_config.selfsign || ca_config.spkac_file != NULL || ca_config.ss_cert_file != NULL || ca_config.gencrl) { 848 if (!ca_config.selfsign || ca_config.spkac_file != NULL ||
849 ca_config.ss_cert_file != NULL || ca_config.gencrl) {
844 if ((ca_config.certfile == NULL) && 850 if ((ca_config.certfile == NULL) &&
845 ((ca_config.certfile = NCONF_get_string(conf, 851 ((ca_config.certfile = NCONF_get_string(conf,
846 ca_config.section, ENV_CERTIFICATE)) == NULL)) { 852 ca_config.section, ENV_CERTIFICATE)) == NULL)) {
@@ -910,8 +916,8 @@ ca_main(int argc, char **argv)
910 /*****************************************************************/ 916 /*****************************************************************/
911 /* lookup where to write new certificates */ 917 /* lookup where to write new certificates */
912 if (ca_config.outdir == NULL && ca_config.req) { 918 if (ca_config.outdir == NULL && ca_config.req) {
913 if ((ca_config.outdir = NCONF_get_string(conf, ca_config.section, 919 if ((ca_config.outdir = NCONF_get_string(conf,
914 ENV_NEW_CERTS_DIR)) == NULL) { 920 ca_config.section, ENV_NEW_CERTS_DIR)) == NULL) {
915 BIO_printf(bio_err, "output directory %s not defined\n", 921 BIO_printf(bio_err, "output directory %s not defined\n",
916 ENV_NEW_CERTS_DIR); 922 ENV_NEW_CERTS_DIR);
917 goto err; 923 goto err;
@@ -919,7 +925,8 @@ ca_main(int argc, char **argv)
919 } 925 }
920 /*****************************************************************/ 926 /*****************************************************************/
921 /* we need to load the database file */ 927 /* we need to load the database file */
922 if ((dbfile = NCONF_get_string(conf, ca_config.section, ENV_DATABASE)) == NULL) { 928 if ((dbfile = NCONF_get_string(conf, ca_config.section,
929 ENV_DATABASE)) == NULL) {
923 lookup_fail(ca_config.section, ENV_DATABASE); 930 lookup_fail(ca_config.section, ENV_DATABASE);
924 goto err; 931 goto err;
925 } 932 }
@@ -932,7 +939,9 @@ ca_main(int argc, char **argv)
932 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 939 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
933 if ((pp[DB_type][0] != DB_TYPE_REV) && 940 if ((pp[DB_type][0] != DB_TYPE_REV) &&
934 (pp[DB_rev_date][0] != '\0')) { 941 (pp[DB_rev_date][0] != '\0')) {
935 BIO_printf(bio_err, "entry %d: not revoked yet, but has a revocation date\n", i + 1); 942 BIO_printf(bio_err,
943 "entry %d: not revoked yet, but has a revocation date\n",
944 i + 1);
936 goto err; 945 goto err;
937 } 946 }
938 if ((pp[DB_type][0] == DB_TYPE_REV) && 947 if ((pp[DB_type][0] == DB_TYPE_REV) &&
@@ -961,14 +970,16 @@ ca_main(int argc, char **argv)
961 if (!(((*p >= '0') && (*p <= '9')) || 970 if (!(((*p >= '0') && (*p <= '9')) ||
962 ((*p >= 'A') && (*p <= 'F')) || 971 ((*p >= 'A') && (*p <= 'F')) ||
963 ((*p >= 'a') && (*p <= 'f')))) { 972 ((*p >= 'a') && (*p <= 'f')))) {
964 BIO_printf(bio_err, "entry %d: bad serial number characters, char pos %ld, char is '%c'\n", i + 1, (long) (p - pp[DB_serial]), *p); 973 BIO_printf(bio_err,
974 "entry %d: bad serial number characters, char pos %ld, char is '%c'\n",
975 i + 1, (long) (p - pp[DB_serial]), *p);
965 goto err; 976 goto err;
966 } 977 }
967 p++; 978 p++;
968 } 979 }
969 } 980 }
970 if (ca_config.verbose) { 981 if (ca_config.verbose) {
971 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); /* cannot fail */ 982 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
972 TXT_DB_write(out, db->db); 983 TXT_DB_write(out, db->db);
973 BIO_printf(bio_err, "%d entries loaded from the database\n", 984 BIO_printf(bio_err, "%d entries loaded from the database\n",
974 sk_OPENSSL_PSTRING_num(db->db->data)); 985 sk_OPENSSL_PSTRING_num(db->db->data));
@@ -1025,8 +1036,9 @@ ca_main(int argc, char **argv)
1025 ca_config.extfile); 1036 ca_config.extfile);
1026 1037
1027 /* We can have sections in the ext file */ 1038 /* We can have sections in the ext file */
1028 if (ca_config.extensions == NULL && (ca_config.extensions = NCONF_get_string(extconf, 1039 if (ca_config.extensions == NULL &&
1029 "default", "extensions")) == NULL) 1040 (ca_config.extensions = NCONF_get_string(extconf, "default",
1041 "extensions")) == NULL)
1030 ca_config.extensions = "default"; 1042 ca_config.extensions = "default";
1031 } 1043 }
1032 /*****************************************************************/ 1044 /*****************************************************************/
@@ -1040,7 +1052,8 @@ ca_main(int argc, char **argv)
1040 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 1052 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1041 } 1053 }
1042 } 1054 }
1043 if ((ca_config.md == NULL) && ((ca_config.md = NCONF_get_string(conf, ca_config.section, 1055 if ((ca_config.md == NULL) &&
1056 ((ca_config.md = NCONF_get_string(conf, ca_config.section,
1044 ENV_DEFAULT_MD)) == NULL)) { 1057 ENV_DEFAULT_MD)) == NULL)) {
1045 lookup_fail(ca_config.section, ENV_DEFAULT_MD); 1058 lookup_fail(ca_config.section, ENV_DEFAULT_MD);
1046 goto err; 1059 goto err;
@@ -1059,15 +1072,17 @@ ca_main(int argc, char **argv)
1059 goto err; 1072 goto err;
1060 } 1073 }
1061 if (ca_config.req) { 1074 if (ca_config.req) {
1062 if ((ca_config.email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf, 1075 if ((ca_config.email_dn == 1) &&
1063 ca_config.section, ENV_DEFAULT_EMAIL_DN)) != NULL)) { 1076 ((tmp_email_dn = NCONF_get_string(conf, ca_config.section,
1077 ENV_DEFAULT_EMAIL_DN)) != NULL)) {
1064 if (strcmp(tmp_email_dn, "no") == 0) 1078 if (strcmp(tmp_email_dn, "no") == 0)
1065 ca_config.email_dn = 0; 1079 ca_config.email_dn = 0;
1066 } 1080 }
1067 if (ca_config.verbose) 1081 if (ca_config.verbose)
1068 BIO_printf(bio_err, "message digest is %s\n", 1082 BIO_printf(bio_err, "message digest is %s\n",
1069 OBJ_nid2ln(dgst->type)); 1083 OBJ_nid2ln(dgst->type));
1070 if ((ca_config.policy == NULL) && ((ca_config.policy = NCONF_get_string(conf, 1084 if ((ca_config.policy == NULL) &&
1085 ((ca_config.policy = NCONF_get_string(conf,
1071 ca_config.section, ENV_POLICY)) == NULL)) { 1086 ca_config.section, ENV_POLICY)) == NULL)) {
1072 lookup_fail(ca_config.section, ENV_POLICY); 1087 lookup_fail(ca_config.section, ENV_POLICY);
1073 goto err; 1088 goto err;
@@ -1086,8 +1101,8 @@ ca_main(int argc, char **argv)
1086 * the main configuration file 1101 * the main configuration file
1087 */ 1102 */
1088 if (ca_config.extensions == NULL) { 1103 if (ca_config.extensions == NULL) {
1089 ca_config.extensions = NCONF_get_string(conf, ca_config.section, 1104 ca_config.extensions = NCONF_get_string(conf,
1090 ENV_EXTENSIONS); 1105 ca_config.section, ENV_EXTENSIONS);
1091 if (ca_config.extensions == NULL) 1106 if (ca_config.extensions == NULL)
1092 ERR_clear_error(); 1107 ERR_clear_error();
1093 } 1108 }
@@ -1107,8 +1122,8 @@ ca_main(int argc, char **argv)
1107 } 1122 }
1108 } 1123 }
1109 if (ca_config.startdate == NULL) { 1124 if (ca_config.startdate == NULL) {
1110 ca_config.startdate = NCONF_get_string(conf, ca_config.section, 1125 ca_config.startdate = NCONF_get_string(conf,
1111 ENV_DEFAULT_STARTDATE); 1126 ca_config.section, ENV_DEFAULT_STARTDATE);
1112 if (ca_config.startdate == NULL) 1127 if (ca_config.startdate == NULL)
1113 ERR_clear_error(); 1128 ERR_clear_error();
1114 } 1129 }
@@ -1116,8 +1131,8 @@ ca_main(int argc, char **argv)
1116 ca_config.startdate = "today"; 1131 ca_config.startdate = "today";
1117 1132
1118 if (ca_config.enddate == NULL) { 1133 if (ca_config.enddate == NULL) {
1119 ca_config.enddate = NCONF_get_string(conf, ca_config.section, 1134 ca_config.enddate = NCONF_get_string(conf,
1120 ENV_DEFAULT_ENDDATE); 1135 ca_config.section, ENV_DEFAULT_ENDDATE);
1121 if (ca_config.enddate == NULL) 1136 if (ca_config.enddate == NULL)
1122 ERR_clear_error(); 1137 ERR_clear_error();
1123 } 1138 }
@@ -1131,8 +1146,8 @@ ca_main(int argc, char **argv)
1131 "cannot lookup how many days to certify for\n"); 1146 "cannot lookup how many days to certify for\n");
1132 goto err; 1147 goto err;
1133 } 1148 }
1134 if ((serial = load_serial(serialfile, ca_config.create_serial, NULL)) == 1149 if ((serial = load_serial(serialfile, ca_config.create_serial,
1135 NULL) { 1150 NULL)) == NULL) {
1136 BIO_printf(bio_err, 1151 BIO_printf(bio_err,
1137 "error while loading serial number\n"); 1152 "error while loading serial number\n");
1138 goto err; 1153 goto err;
@@ -1149,9 +1164,10 @@ ca_main(int argc, char **argv)
1149 free(f); 1164 free(f);
1150 } 1165 }
1151 } 1166 }
1152 if ((attribs = NCONF_get_section(conf, ca_config.policy)) == NULL) { 1167 if ((attribs = NCONF_get_section(conf, ca_config.policy)) ==
1153 BIO_printf(bio_err, 1168 NULL) {
1154 "unable to find 'section' for %s\n", ca_config.policy); 1169 BIO_printf(bio_err, "unable to find 'section' for %s\n",
1170 ca_config.policy);
1155 goto err; 1171 goto err;
1156 } 1172 }
1157 if ((cert_sk = sk_X509_new_null()) == NULL) { 1173 if ((cert_sk = sk_X509_new_null()) == NULL) {
@@ -1160,11 +1176,14 @@ ca_main(int argc, char **argv)
1160 } 1176 }
1161 if (ca_config.spkac_file != NULL) { 1177 if (ca_config.spkac_file != NULL) {
1162 total++; 1178 total++;
1163 j = certify_spkac(&x, ca_config.spkac_file, pkey, x509, dgst, 1179 j = certify_spkac(&x, ca_config.spkac_file, pkey, x509,
1164 ca_config.sigopts, attribs, db, serial, ca_config.subj, ca_config.chtype, 1180 dgst, ca_config.sigopts, attribs, db, serial,
1165 ca_config.multirdn, ca_config.email_dn, ca_config.startdate, ca_config.enddate, ca_config.days, 1181 ca_config.subj, ca_config.chtype,
1166 ca_config.extensions, conf, ca_config.verbose, certopt, nameopt, 1182 ca_config.multirdn, ca_config.email_dn,
1167 default_op, ext_copy); 1183 ca_config.startdate, ca_config.enddate,
1184 ca_config.days, ca_config.extensions, conf,
1185 ca_config.verbose, certopt, nameopt, default_op,
1186 ext_copy);
1168 if (j < 0) 1187 if (j < 0)
1169 goto err; 1188 goto err;
1170 if (j > 0) { 1189 if (j > 0) {
@@ -1185,11 +1204,14 @@ ca_main(int argc, char **argv)
1185 } 1204 }
1186 if (ca_config.ss_cert_file != NULL) { 1205 if (ca_config.ss_cert_file != NULL) {
1187 total++; 1206 total++;
1188 j = certify_cert(&x, ca_config.ss_cert_file, pkey, x509, dgst, 1207 j = certify_cert(&x, ca_config.ss_cert_file, pkey, x509,
1189 ca_config.sigopts, attribs, db, serial, ca_config.subj, ca_config.chtype, 1208 dgst, ca_config.sigopts, attribs, db, serial,
1190 ca_config.multirdn, ca_config.email_dn, ca_config.startdate, ca_config.enddate, ca_config.days, ca_config.batch, 1209 ca_config.subj, ca_config.chtype,
1191 ca_config.extensions, conf, ca_config.verbose, certopt, nameopt, 1210 ca_config.multirdn, ca_config.email_dn,
1192 default_op, ext_copy); 1211 ca_config.startdate, ca_config.enddate,
1212 ca_config.days, ca_config.batch,
1213 ca_config.extensions, conf, ca_config.verbose,
1214 certopt, nameopt, default_op, ext_copy);
1193 if (j < 0) 1215 if (j < 0)
1194 goto err; 1216 goto err;
1195 if (j > 0) { 1217 if (j > 0) {
@@ -1206,11 +1228,15 @@ ca_main(int argc, char **argv)
1206 } 1228 }
1207 if (ca_config.infile != NULL) { 1229 if (ca_config.infile != NULL) {
1208 total++; 1230 total++;
1209 j = certify(&x, ca_config.infile, pkey, x509p, dgst, ca_config.sigopts, 1231 j = certify(&x, ca_config.infile, pkey, x509p, dgst,
1210 attribs, db, serial, ca_config.subj, ca_config.chtype, ca_config.multirdn, 1232 ca_config.sigopts, attribs, db, serial,
1211 ca_config.email_dn, ca_config.startdate, ca_config.enddate, ca_config.days, ca_config.batch, 1233 ca_config.subj, ca_config.chtype,
1212 ca_config.extensions, conf, ca_config.verbose, certopt, nameopt, 1234 ca_config.multirdn, ca_config.email_dn,
1213 default_op, ext_copy, ca_config.selfsign); 1235 ca_config.startdate, ca_config.enddate,
1236 ca_config.days, ca_config.batch,
1237 ca_config.extensions, conf, ca_config.verbose,
1238 certopt, nameopt, default_op, ext_copy,
1239 ca_config.selfsign);
1214 if (j < 0) 1240 if (j < 0)
1215 goto err; 1241 goto err;
1216 if (j > 0) { 1242 if (j > 0) {
@@ -1227,11 +1253,15 @@ ca_main(int argc, char **argv)
1227 } 1253 }
1228 for (i = 0; i < ca_config.infiles_num; i++) { 1254 for (i = 0; i < ca_config.infiles_num; i++) {
1229 total++; 1255 total++;
1230 j = certify(&x, ca_config.infiles[i], pkey, x509p, dgst, ca_config.sigopts, 1256 j = certify(&x, ca_config.infiles[i], pkey, x509p, dgst,
1231 attribs, db, serial, ca_config.subj, ca_config.chtype, ca_config.multirdn, 1257 ca_config.sigopts, attribs, db, serial,
1232 ca_config.email_dn, ca_config.startdate, ca_config.enddate, ca_config.days, ca_config.batch, 1258 ca_config.subj, ca_config.chtype,
1233 ca_config.extensions, conf, ca_config.verbose, certopt, nameopt, 1259 ca_config.multirdn, ca_config.email_dn,
1234 default_op, ext_copy, ca_config.selfsign); 1260 ca_config.startdate, ca_config.enddate,
1261 ca_config.days, ca_config.batch,
1262 ca_config.extensions, conf, ca_config.verbose,
1263 certopt, nameopt, default_op, ext_copy,
1264 ca_config.selfsign);
1235 if (j < 0) 1265 if (j < 0)
1236 goto err; 1266 goto err;
1237 if (j > 0) { 1267 if (j > 0) {
@@ -1255,20 +1285,27 @@ ca_main(int argc, char **argv)
1255 if (!ca_config.batch) { 1285 if (!ca_config.batch) {
1256 char answer[10]; 1286 char answer[10];
1257 1287
1258 BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total); 1288 BIO_printf(bio_err,
1289 "\n%d out of %d certificate requests certified, commit? [y/n]",
1290 total_done, total);
1259 (void) BIO_flush(bio_err); 1291 (void) BIO_flush(bio_err);
1260 if (fgets(answer, sizeof answer - 1, stdin) == NULL) { 1292 if (fgets(answer, sizeof answer - 1, stdin) ==
1261 BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n"); 1293 NULL) {
1294 BIO_printf(bio_err,
1295 "CERTIFICATION CANCELED: I/O error\n");
1262 ret = 0; 1296 ret = 0;
1263 goto err; 1297 goto err;
1264 } 1298 }
1265 if ((answer[0] != 'y') && (answer[0] != 'Y')) { 1299 if ((answer[0] != 'y') && (answer[0] != 'Y')) {
1266 BIO_printf(bio_err, "CERTIFICATION CANCELED\n"); 1300 BIO_printf(bio_err,
1301 "CERTIFICATION CANCELED\n");
1267 ret = 0; 1302 ret = 0;
1268 goto err; 1303 goto err;
1269 } 1304 }
1270 } 1305 }
1271 BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk)); 1306 BIO_printf(bio_err,
1307 "Write out database with %d new entries\n",
1308 sk_X509_num(cert_sk));
1272 1309
1273 if (!save_serial(serialfile, "new", serial, NULL)) 1310 if (!save_serial(serialfile, "new", serial, NULL))
1274 goto err; 1311 goto err;
@@ -1314,7 +1351,8 @@ ca_main(int argc, char **argv)
1314 goto err; 1351 goto err;
1315 } 1352 }
1316 write_new_certificate(Cout, x, 0, ca_config.notext); 1353 write_new_certificate(Cout, x, 0, ca_config.notext);
1317 write_new_certificate(Sout, x, output_der, ca_config.notext); 1354 write_new_certificate(Sout, x, output_der,
1355 ca_config.notext);
1318 } 1356 }
1319 1357
1320 if (sk_X509_num(cert_sk)) { 1358 if (sk_X509_num(cert_sk)) {
@@ -1332,7 +1370,8 @@ ca_main(int argc, char **argv)
1332 if (ca_config.gencrl) { 1370 if (ca_config.gencrl) {
1333 int crl_v2 = 0; 1371 int crl_v2 = 0;
1334 if (ca_config.crl_ext == NULL) { 1372 if (ca_config.crl_ext == NULL) {
1335 ca_config.crl_ext = NCONF_get_string(conf, ca_config.section, ENV_CRLEXT); 1373 ca_config.crl_ext = NCONF_get_string(conf,
1374 ca_config.section, ENV_CRLEXT);
1336 if (ca_config.crl_ext == NULL) 1375 if (ca_config.crl_ext == NULL)
1337 ERR_clear_error(); 1376 ERR_clear_error();
1338 } 1377 }
@@ -1341,7 +1380,8 @@ ca_main(int argc, char **argv)
1341 X509V3_CTX ctx; 1380 X509V3_CTX ctx;
1342 X509V3_set_ctx_test(&ctx); 1381 X509V3_set_ctx_test(&ctx);
1343 X509V3_set_nconf(&ctx, conf); 1382 X509V3_set_nconf(&ctx, conf);
1344 if (!X509V3_EXT_add_nconf(conf, &ctx, ca_config.crl_ext, NULL)) { 1383 if (!X509V3_EXT_add_nconf(conf, &ctx, ca_config.crl_ext,
1384 NULL)) {
1345 BIO_printf(bio_err, 1385 BIO_printf(bio_err,
1346 "Error Loading CRL extension section %s\n", 1386 "Error Loading CRL extension section %s\n",
1347 ca_config.crl_ext); 1387 ca_config.crl_ext);
@@ -1357,7 +1397,8 @@ ca_main(int argc, char **argv)
1357 "error while loading CRL number\n"); 1397 "error while loading CRL number\n");
1358 goto err; 1398 goto err;
1359 } 1399 }
1360 if (!ca_config.crldays && !ca_config.crlhours && !ca_config.crlsec) { 1400 if (!ca_config.crldays && !ca_config.crlhours &&
1401 !ca_config.crlsec) {
1361 if (!NCONF_get_number(conf, ca_config.section, 1402 if (!NCONF_get_number(conf, ca_config.section,
1362 ENV_DEFAULT_CRL_DAYS, &ca_config.crldays)) 1403 ENV_DEFAULT_CRL_DAYS, &ca_config.crldays))
1363 ca_config.crldays = 0; 1404 ca_config.crldays = 0;
@@ -1366,8 +1407,10 @@ ca_main(int argc, char **argv)
1366 ca_config.crlhours = 0; 1407 ca_config.crlhours = 0;
1367 ERR_clear_error(); 1408 ERR_clear_error();
1368 } 1409 }
1369 if ((ca_config.crldays == 0) && (ca_config.crlhours == 0) && (ca_config.crlsec == 0)) { 1410 if ((ca_config.crldays == 0) && (ca_config.crlhours == 0) &&
1370 BIO_printf(bio_err, "cannot lookup how long until the next CRL is issued\n"); 1411 (ca_config.crlsec == 0)) {
1412 BIO_printf(bio_err,
1413 "cannot lookup how long until the next CRL is issued\n");
1371 goto err; 1414 goto err;
1372 } 1415 }
1373 if (ca_config.verbose) 1416 if (ca_config.verbose)
@@ -1383,7 +1426,8 @@ ca_main(int argc, char **argv)
1383 X509_gmtime_adj(tmptm, 0); 1426 X509_gmtime_adj(tmptm, 0);
1384 X509_CRL_set_lastUpdate(crl, tmptm); 1427 X509_CRL_set_lastUpdate(crl, tmptm);
1385 if (X509_time_adj_ex(tmptm, ca_config.crldays, 1428 if (X509_time_adj_ex(tmptm, ca_config.crldays,
1386 ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) == NULL) { 1429 ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) ==
1430 NULL) {
1387 BIO_puts(bio_err, "error setting CRL nextUpdate\n"); 1431 BIO_puts(bio_err, "error setting CRL nextUpdate\n");
1388 goto err; 1432 goto err;
1389 } 1433 }
@@ -1459,7 +1503,8 @@ ca_main(int argc, char **argv)
1459 BN_free(crlnumber); 1503 BN_free(crlnumber);
1460 crlnumber = NULL; 1504 crlnumber = NULL;
1461 } 1505 }
1462 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, ca_config.sigopts)) 1506 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst,
1507 ca_config.sigopts))
1463 goto err; 1508 goto err;
1464 1509
1465 PEM_write_bio_X509_CRL(Sout, crl); 1510 PEM_write_bio_X509_CRL(Sout, crl);
@@ -1476,11 +1521,12 @@ ca_main(int argc, char **argv)
1476 goto err; 1521 goto err;
1477 } else { 1522 } else {
1478 X509 *revcert; 1523 X509 *revcert;
1479 revcert = load_cert(bio_err, ca_config.infile, FORMAT_PEM, 1524 revcert = load_cert(bio_err, ca_config.infile,
1480 NULL, ca_config.infile); 1525 FORMAT_PEM, NULL, ca_config.infile);
1481 if (revcert == NULL) 1526 if (revcert == NULL)
1482 goto err; 1527 goto err;
1483 j = do_revoke(revcert, db, ca_config.rev_type, ca_config.rev_arg); 1528 j = do_revoke(revcert, db, ca_config.rev_type,
1529 ca_config.rev_arg);
1484 if (j <= 0) 1530 if (j <= 0)
1485 goto err; 1531 goto err;
1486 X509_free(revcert); 1532 X509_free(revcert);
@@ -1668,7 +1714,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1668 unsigned long certopt, unsigned long nameopt, int default_op, 1714 unsigned long certopt, unsigned long nameopt, int default_op,
1669 int ext_copy, int selfsign) 1715 int ext_copy, int selfsign)
1670{ 1716{
1671 X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = NULL; 1717 X509_NAME *name = NULL, *CAname = NULL;
1718 X509_NAME *subject = NULL, *dn_subject = NULL;
1672 ASN1_UTCTIME *tm, *tmptm; 1719 ASN1_UTCTIME *tm, *tmptm;
1673 ASN1_STRING *str, *str2; 1720 ASN1_STRING *str, *str2;
1674 ASN1_OBJECT *obj; 1721 ASN1_OBJECT *obj;
@@ -1735,7 +1782,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1735 /* check some things */ 1782 /* check some things */
1736 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && 1783 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
1737 (str->type != V_ASN1_IA5STRING)) { 1784 (str->type != V_ASN1_IA5STRING)) {
1738 BIO_printf(bio_err, "\nemailAddress type needs to be of type IA5STRING\n"); 1785 BIO_printf(bio_err,
1786 "\nemailAddress type needs to be of type IA5STRING\n");
1739 goto err; 1787 goto err;
1740 } 1788 }
1741 if ((str->type != V_ASN1_BMPSTRING) && 1789 if ((str->type != V_ASN1_BMPSTRING) &&
@@ -1745,7 +1793,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1745 (str->type != V_ASN1_T61STRING)) || 1793 (str->type != V_ASN1_T61STRING)) ||
1746 ((j == V_ASN1_IA5STRING) && 1794 ((j == V_ASN1_IA5STRING) &&
1747 (str->type == V_ASN1_PRINTABLESTRING))) { 1795 (str->type == V_ASN1_PRINTABLESTRING))) {
1748 BIO_printf(bio_err, "\nThe string contains characters that are illegal for the ASN.1 type\n"); 1796 BIO_printf(bio_err,
1797 "\nThe string contains characters that are illegal for the ASN.1 type\n");
1749 goto err; 1798 goto err;
1750 } 1799 }
1751 } 1800 }
@@ -1770,7 +1819,9 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1770 for (i = 0; i < sk_CONF_VALUE_num(policy); i++) { 1819 for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
1771 cv = sk_CONF_VALUE_value(policy, i); /* get the object id */ 1820 cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
1772 if ((j = OBJ_txt2nid(cv->name)) == NID_undef) { 1821 if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
1773 BIO_printf(bio_err, "%s:unknown object type in 'policy' configuration\n", cv->name); 1822 BIO_printf(bio_err,
1823 "%s:unknown object type in 'policy' configuration\n",
1824 cv->name);
1774 goto err; 1825 goto err;
1775 } 1826 }
1776 obj = OBJ_nid2obj(j); 1827 obj = OBJ_nid2obj(j);
@@ -1795,7 +1846,9 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1795 push = tne; 1846 push = tne;
1796 } else if (strcmp(cv->value, "supplied") == 0) { 1847 } else if (strcmp(cv->value, "supplied") == 0) {
1797 if (tne == NULL) { 1848 if (tne == NULL) {
1798 BIO_printf(bio_err, "The %s field needed to be supplied and was missing\n", cv->name); 1849 BIO_printf(bio_err,
1850 "The %s field needed to be supplied and was missing\n",
1851 cv->name);
1799 goto err; 1852 goto err;
1800 } else 1853 } else
1801 push = tne; 1854 push = tne;
@@ -1803,15 +1856,20 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1803 int last2; 1856 int last2;
1804 1857
1805 if (tne == NULL) { 1858 if (tne == NULL) {
1806 BIO_printf(bio_err, "The mandatory %s field was missing\n", cv->name); 1859 BIO_printf(bio_err,
1860 "The mandatory %s field was missing\n",
1861 cv->name);
1807 goto err; 1862 goto err;
1808 } 1863 }
1809 last2 = -1; 1864 last2 = -1;
1810 1865
1811again2: 1866again2:
1812 j = X509_NAME_get_index_by_OBJ(CAname, obj, last2); 1867 j = X509_NAME_get_index_by_OBJ(CAname, obj,
1868 last2);
1813 if ((j < 0) && (last2 == -1)) { 1869 if ((j < 0) && (last2 == -1)) {
1814 BIO_printf(bio_err, "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n", cv->name); 1870 BIO_printf(bio_err,
1871 "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",
1872 cv->name);
1815 goto err; 1873 goto err;
1816 } 1874 }
1817 if (j >= 0) { 1875 if (j >= 0) {
@@ -1823,11 +1881,18 @@ again2:
1823 goto again2; 1881 goto again2;
1824 } 1882 }
1825 if (j < 0) { 1883 if (j < 0) {
1826 BIO_printf(bio_err, "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", cv->name, ((str2 == NULL) ? "NULL" : (char *) str2->data), ((str == NULL) ? "NULL" : (char *) str->data)); 1884 BIO_printf(bio_err,
1885 "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",
1886 cv->name, ((str2 == NULL) ?
1887 "NULL" : (char *) str2->data),
1888 ((str == NULL) ?
1889 "NULL" : (char *) str->data));
1827 goto err; 1890 goto err;
1828 } 1891 }
1829 } else { 1892 } else {
1830 BIO_printf(bio_err, "%s:invalid type in 'policy' configuration\n", cv->value); 1893 BIO_printf(bio_err,
1894 "%s:invalid type in 'policy' configuration\n",
1895 cv->value);
1831 goto err; 1896 goto err;
1832 } 1897 }
1833 1898
@@ -1854,7 +1919,8 @@ again2:
1854 goto err; 1919 goto err;
1855 } 1920 }
1856 if (verbose) 1921 if (verbose)
1857 BIO_printf(bio_err, "The subject name appears to be ok, checking data base for clashes\n"); 1922 BIO_printf(bio_err,
1923 "The subject name appears to be ok, checking data base for clashes\n");
1858 1924
1859 /* Build the correct Subject if no email is wanted in the subject */ 1925 /* Build the correct Subject if no email is wanted in the subject */
1860 /* 1926 /*
@@ -1906,7 +1972,8 @@ again2:
1906 BIO_printf(bio_err, 1972 BIO_printf(bio_err,
1907 "ERROR:Serial number %s has already been issued,\n", 1973 "ERROR:Serial number %s has already been issued,\n",
1908 row[DB_serial]); 1974 row[DB_serial]);
1909 BIO_printf(bio_err, " check the database/serial_file for corruption\n"); 1975 BIO_printf(bio_err,
1976 " check the database/serial_file for corruption\n");
1910 } 1977 }
1911 } 1978 }
1912 if (rrow != NULL) { 1979 if (rrow != NULL) {
@@ -1948,7 +2015,8 @@ again2:
1948 } 2015 }
1949 /* We are now totally happy, lets make and sign the certificate */ 2016 /* We are now totally happy, lets make and sign the certificate */
1950 if (verbose) 2017 if (verbose)
1951 BIO_printf(bio_err, "Everything appears to be ok, creating and signing the certificate\n"); 2018 BIO_printf(bio_err,
2019 "Everything appears to be ok, creating and signing the certificate\n");
1952 2020
1953 if ((ret = X509_new()) == NULL) 2021 if ((ret = X509_new()) == NULL)
1954 goto err; 2022 goto err;
@@ -2041,7 +2109,8 @@ again2:
2041 goto err; 2109 goto err;
2042 } 2110 }
2043 if (verbose) 2111 if (verbose)
2044 BIO_printf(bio_err, "Successfully added extensions from file.\n"); 2112 BIO_printf(bio_err,
2113 "Successfully added extensions from file.\n");
2045 } else if (ext_sect != NULL) { 2114 } else if (ext_sect != NULL) {
2046 /* We found extensions to be set from config file */ 2115 /* We found extensions to be set from config file */
2047 X509V3_set_nconf(&ctx, lconf); 2116 X509V3_set_nconf(&ctx, lconf);
@@ -2054,7 +2123,8 @@ again2:
2054 goto err; 2123 goto err;
2055 } 2124 }
2056 if (verbose) 2125 if (verbose)
2057 BIO_printf(bio_err, "Successfully added extensions from config\n"); 2126 BIO_printf(bio_err,
2127 "Successfully added extensions from config\n");
2058 } 2128 }
2059 } 2129 }
2060 /* Copy extensions from request (if any) */ 2130 /* Copy extensions from request (if any) */
@@ -2271,7 +2341,8 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2271 if (strcmp(type, "SPKAC") == 0) { 2341 if (strcmp(type, "SPKAC") == 0) {
2272 spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); 2342 spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
2273 if (spki == NULL) { 2343 if (spki == NULL) {
2274 BIO_printf(bio_err, "unable to load Netscape SPKAC structure\n"); 2344 BIO_printf(bio_err,
2345 "unable to load Netscape SPKAC structure\n");
2275 ERR_print_errors(bio_err); 2346 ERR_print_errors(bio_err);
2276 goto err; 2347 goto err;
2277 } 2348 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 21:41:58 +0000