summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/ca.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/ca.c')
-rw-r--r--src/usr.bin/openssl/ca.c518
1 files changed, 259 insertions, 259 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index e13354f4af..369d11ead6 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.54 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: ca.c,v 1.55 2023/03/06 14:32:05 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -207,63 +207,63 @@ static struct {
207 char *startdate; 207 char *startdate;
208 char *subj; 208 char *subj;
209 int verbose; 209 int verbose;
210} ca_config; 210} cfg;
211 211
212static int 212static int
213ca_opt_chtype_utf8(void) 213ca_opt_chtype_utf8(void)
214{ 214{
215 ca_config.chtype = MBSTRING_UTF8; 215 cfg.chtype = MBSTRING_UTF8;
216 return (0); 216 return (0);
217} 217}
218 218
219static int 219static int
220ca_opt_crl_ca_compromise(char *arg) 220ca_opt_crl_ca_compromise(char *arg)
221{ 221{
222 ca_config.rev_arg = arg; 222 cfg.rev_arg = arg;
223 ca_config.rev_type = REV_CA_COMPROMISE; 223 cfg.rev_type = REV_CA_COMPROMISE;
224 return (0); 224 return (0);
225} 225}
226 226
227static int 227static int
228ca_opt_crl_compromise(char *arg) 228ca_opt_crl_compromise(char *arg)
229{ 229{
230 ca_config.rev_arg = arg; 230 cfg.rev_arg = arg;
231 ca_config.rev_type = REV_KEY_COMPROMISE; 231 cfg.rev_type = REV_KEY_COMPROMISE;
232 return (0); 232 return (0);
233} 233}
234 234
235static int 235static int
236ca_opt_crl_hold(char *arg) 236ca_opt_crl_hold(char *arg)
237{ 237{
238 ca_config.rev_arg = arg; 238 cfg.rev_arg = arg;
239 ca_config.rev_type = REV_HOLD; 239 cfg.rev_type = REV_HOLD;
240 return (0); 240 return (0);
241} 241}
242 242
243static int 243static int
244ca_opt_crl_reason(char *arg) 244ca_opt_crl_reason(char *arg)
245{ 245{
246 ca_config.rev_arg = arg; 246 cfg.rev_arg = arg;
247 ca_config.rev_type = REV_CRL_REASON; 247 cfg.rev_type = REV_CRL_REASON;
248 return (0); 248 return (0);
249} 249}
250 250
251static int 251static int
252ca_opt_in(char *arg) 252ca_opt_in(char *arg)
253{ 253{
254 ca_config.infile = arg; 254 cfg.infile = arg;
255 ca_config.req = 1; 255 cfg.req = 1;
256 return (0); 256 return (0);
257} 257}
258 258
259static int 259static int
260ca_opt_infiles(int argc, char **argv, int *argsused) 260ca_opt_infiles(int argc, char **argv, int *argsused)
261{ 261{
262 ca_config.infiles_num = argc - 1; 262 cfg.infiles_num = argc - 1;
263 if (ca_config.infiles_num < 1) 263 if (cfg.infiles_num < 1)
264 return (1); 264 return (1);
265 ca_config.infiles = argv + 1; 265 cfg.infiles = argv + 1;
266 ca_config.req = 1; 266 cfg.req = 1;
267 *argsused = argc; 267 *argsused = argc;
268 return (0); 268 return (0);
269} 269}
@@ -271,19 +271,19 @@ ca_opt_infiles(int argc, char **argv, int *argsused)
271static int 271static int
272ca_opt_revoke(char *arg) 272ca_opt_revoke(char *arg)
273{ 273{
274 ca_config.infile = arg; 274 cfg.infile = arg;
275 ca_config.dorevoke = 1; 275 cfg.dorevoke = 1;
276 return (0); 276 return (0);
277} 277}
278 278
279static int 279static int
280ca_opt_sigopt(char *arg) 280ca_opt_sigopt(char *arg)
281{ 281{
282 if (ca_config.sigopts == NULL) 282 if (cfg.sigopts == NULL)
283 ca_config.sigopts = sk_OPENSSL_STRING_new_null(); 283 cfg.sigopts = sk_OPENSSL_STRING_new_null();
284 if (ca_config.sigopts == NULL) 284 if (cfg.sigopts == NULL)
285 return (1); 285 return (1);
286 if (!sk_OPENSSL_STRING_push(ca_config.sigopts, arg)) 286 if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
287 return (1); 287 return (1);
288 return (0); 288 return (0);
289} 289}
@@ -291,16 +291,16 @@ ca_opt_sigopt(char *arg)
291static int 291static int
292ca_opt_spkac(char *arg) 292ca_opt_spkac(char *arg)
293{ 293{
294 ca_config.spkac_file = arg; 294 cfg.spkac_file = arg;
295 ca_config.req = 1; 295 cfg.req = 1;
296 return (0); 296 return (0);
297} 297}
298 298
299static int 299static int
300ca_opt_ss_cert(char *arg) 300ca_opt_ss_cert(char *arg)
301{ 301{
302 ca_config.ss_cert_file = arg; 302 cfg.ss_cert_file = arg;
303 ca_config.req = 1; 303 cfg.req = 1;
304 return (0); 304 return (0);
305} 305}
306 306
@@ -309,27 +309,27 @@ static const struct option ca_options[] = {
309 .name = "batch", 309 .name = "batch",
310 .desc = "Operate in batch mode", 310 .desc = "Operate in batch mode",
311 .type = OPTION_FLAG, 311 .type = OPTION_FLAG,
312 .opt.flag = &ca_config.batch, 312 .opt.flag = &cfg.batch,
313 }, 313 },
314 { 314 {
315 .name = "cert", 315 .name = "cert",
316 .argname = "file", 316 .argname = "file",
317 .desc = "File containing the CA certificate", 317 .desc = "File containing the CA certificate",
318 .type = OPTION_ARG, 318 .type = OPTION_ARG,
319 .opt.arg = &ca_config.certfile, 319 .opt.arg = &cfg.certfile,
320 }, 320 },
321 { 321 {
322 .name = "config", 322 .name = "config",
323 .argname = "file", 323 .argname = "file",
324 .desc = "Specify an alternative configuration file", 324 .desc = "Specify an alternative configuration file",
325 .type = OPTION_ARG, 325 .type = OPTION_ARG,
326 .opt.arg = &ca_config.configfile, 326 .opt.arg = &cfg.configfile,
327 }, 327 },
328 { 328 {
329 .name = "create_serial", 329 .name = "create_serial",
330 .desc = "If reading serial fails, create a new random serial", 330 .desc = "If reading serial fails, create a new random serial",
331 .type = OPTION_FLAG, 331 .type = OPTION_FLAG,
332 .opt.flag = &ca_config.create_serial, 332 .opt.flag = &cfg.create_serial,
333 }, 333 },
334 { 334 {
335 .name = "crl_CA_compromise", 335 .name = "crl_CA_compromise",
@@ -367,62 +367,62 @@ static const struct option ca_options[] = {
367 .argname = "days", 367 .argname = "days",
368 .desc = "Number of days before the next CRL is due", 368 .desc = "Number of days before the next CRL is due",
369 .type = OPTION_ARG_LONG, 369 .type = OPTION_ARG_LONG,
370 .opt.lvalue = &ca_config.crldays, 370 .opt.lvalue = &cfg.crldays,
371 }, 371 },
372 { 372 {
373 .name = "crlexts", 373 .name = "crlexts",
374 .argname = "section", 374 .argname = "section",
375 .desc = "CRL extension section (override value in config file)", 375 .desc = "CRL extension section (override value in config file)",
376 .type = OPTION_ARG, 376 .type = OPTION_ARG,
377 .opt.arg = &ca_config.crl_ext, 377 .opt.arg = &cfg.crl_ext,
378 }, 378 },
379 { 379 {
380 .name = "crlhours", 380 .name = "crlhours",
381 .argname = "hours", 381 .argname = "hours",
382 .desc = "Number of hours before the next CRL is due", 382 .desc = "Number of hours before the next CRL is due",
383 .type = OPTION_ARG_LONG, 383 .type = OPTION_ARG_LONG,
384 .opt.lvalue = &ca_config.crlhours, 384 .opt.lvalue = &cfg.crlhours,
385 }, 385 },
386 { 386 {
387 .name = "crlsec", 387 .name = "crlsec",
388 .argname = "seconds", 388 .argname = "seconds",
389 .desc = "Number of seconds before the next CRL is due", 389 .desc = "Number of seconds before the next CRL is due",
390 .type = OPTION_ARG_LONG, 390 .type = OPTION_ARG_LONG,
391 .opt.lvalue = &ca_config.crlsec, 391 .opt.lvalue = &cfg.crlsec,
392 }, 392 },
393 { 393 {
394 .name = "days", 394 .name = "days",
395 .argname = "arg", 395 .argname = "arg",
396 .desc = "Number of days to certify the certificate for", 396 .desc = "Number of days to certify the certificate for",
397 .type = OPTION_ARG_LONG, 397 .type = OPTION_ARG_LONG,
398 .opt.lvalue = &ca_config.days, 398 .opt.lvalue = &cfg.days,
399 }, 399 },
400 { 400 {
401 .name = "enddate", 401 .name = "enddate",
402 .argname = "YYMMDDHHMMSSZ", 402 .argname = "YYMMDDHHMMSSZ",
403 .desc = "Certificate validity notAfter (overrides -days)", 403 .desc = "Certificate validity notAfter (overrides -days)",
404 .type = OPTION_ARG, 404 .type = OPTION_ARG,
405 .opt.arg = &ca_config.enddate, 405 .opt.arg = &cfg.enddate,
406 }, 406 },
407 { 407 {
408 .name = "extensions", 408 .name = "extensions",
409 .argname = "section", 409 .argname = "section",
410 .desc = "Extension section (override value in config file)", 410 .desc = "Extension section (override value in config file)",
411 .type = OPTION_ARG, 411 .type = OPTION_ARG,
412 .opt.arg = &ca_config.extensions, 412 .opt.arg = &cfg.extensions,
413 }, 413 },
414 { 414 {
415 .name = "extfile", 415 .name = "extfile",
416 .argname = "file", 416 .argname = "file",
417 .desc = "Configuration file with X509v3 extentions to add", 417 .desc = "Configuration file with X509v3 extentions to add",
418 .type = OPTION_ARG, 418 .type = OPTION_ARG,
419 .opt.arg = &ca_config.extfile, 419 .opt.arg = &cfg.extfile,
420 }, 420 },
421 { 421 {
422 .name = "gencrl", 422 .name = "gencrl",
423 .desc = "Generate a new CRL", 423 .desc = "Generate a new CRL",
424 .type = OPTION_FLAG, 424 .type = OPTION_FLAG,
425 .opt.flag = &ca_config.gencrl, 425 .opt.flag = &cfg.gencrl,
426 }, 426 },
427 { 427 {
428 .name = "in", 428 .name = "in",
@@ -443,93 +443,93 @@ static const struct option ca_options[] = {
443 .argname = "password", 443 .argname = "password",
444 .desc = "Key to decode the private key if it is encrypted", 444 .desc = "Key to decode the private key if it is encrypted",
445 .type = OPTION_ARG, 445 .type = OPTION_ARG,
446 .opt.arg = &ca_config.key, 446 .opt.arg = &cfg.key,
447 }, 447 },
448 { 448 {
449 .name = "keyfile", 449 .name = "keyfile",
450 .argname = "file", 450 .argname = "file",
451 .desc = "Private key file", 451 .desc = "Private key file",
452 .type = OPTION_ARG, 452 .type = OPTION_ARG,
453 .opt.arg = &ca_config.keyfile, 453 .opt.arg = &cfg.keyfile,
454 }, 454 },
455 { 455 {
456 .name = "keyform", 456 .name = "keyform",
457 .argname = "fmt", 457 .argname = "fmt",
458 .desc = "Private key file format (DER or PEM (default))", 458 .desc = "Private key file format (DER or PEM (default))",
459 .type = OPTION_ARG_FORMAT, 459 .type = OPTION_ARG_FORMAT,
460 .opt.value = &ca_config.keyform, 460 .opt.value = &cfg.keyform,
461 }, 461 },
462 { 462 {
463 .name = "md", 463 .name = "md",
464 .argname = "alg", 464 .argname = "alg",
465 .desc = "Message digest to use", 465 .desc = "Message digest to use",
466 .type = OPTION_ARG, 466 .type = OPTION_ARG,
467 .opt.arg = &ca_config.md, 467 .opt.arg = &cfg.md,
468 }, 468 },
469 { 469 {
470 .name = "msie_hack", 470 .name = "msie_hack",
471 .type = OPTION_FLAG, 471 .type = OPTION_FLAG,
472 .opt.flag = &ca_config.msie_hack, 472 .opt.flag = &cfg.msie_hack,
473 }, 473 },
474 { 474 {
475 .name = "multivalue-rdn", 475 .name = "multivalue-rdn",
476 .desc = "Enable support for multivalued RDNs", 476 .desc = "Enable support for multivalued RDNs",
477 .type = OPTION_FLAG, 477 .type = OPTION_FLAG,
478 .opt.flag = &ca_config.multirdn, 478 .opt.flag = &cfg.multirdn,
479 }, 479 },
480 { 480 {
481 .name = "name", 481 .name = "name",
482 .argname = "section", 482 .argname = "section",
483 .desc = "Specifies the configuration file section to use", 483 .desc = "Specifies the configuration file section to use",
484 .type = OPTION_ARG, 484 .type = OPTION_ARG,
485 .opt.arg = &ca_config.section, 485 .opt.arg = &cfg.section,
486 }, 486 },
487 { 487 {
488 .name = "noemailDN", 488 .name = "noemailDN",
489 .desc = "Do not add the EMAIL field to the DN", 489 .desc = "Do not add the EMAIL field to the DN",
490 .type = OPTION_VALUE, 490 .type = OPTION_VALUE,
491 .opt.value = &ca_config.email_dn, 491 .opt.value = &cfg.email_dn,
492 .value = 0, 492 .value = 0,
493 }, 493 },
494 { 494 {
495 .name = "notext", 495 .name = "notext",
496 .desc = "Do not print the generated certificate", 496 .desc = "Do not print the generated certificate",
497 .type = OPTION_FLAG, 497 .type = OPTION_FLAG,
498 .opt.flag = &ca_config.notext, 498 .opt.flag = &cfg.notext,
499 }, 499 },
500 { 500 {
501 .name = "out", 501 .name = "out",
502 .argname = "file", 502 .argname = "file",
503 .desc = "Output file (default stdout)", 503 .desc = "Output file (default stdout)",
504 .type = OPTION_ARG, 504 .type = OPTION_ARG,
505 .opt.arg = &ca_config.outfile, 505 .opt.arg = &cfg.outfile,
506 }, 506 },
507 { 507 {
508 .name = "outdir", 508 .name = "outdir",
509 .argname = "directory", 509 .argname = "directory",
510 .desc = " Directory to output certificates to", 510 .desc = " Directory to output certificates to",
511 .type = OPTION_ARG, 511 .type = OPTION_ARG,
512 .opt.arg = &ca_config.outdir, 512 .opt.arg = &cfg.outdir,
513 }, 513 },
514 { 514 {
515 .name = "passin", 515 .name = "passin",
516 .argname = "src", 516 .argname = "src",
517 .desc = "Private key input password source", 517 .desc = "Private key input password source",
518 .type = OPTION_ARG, 518 .type = OPTION_ARG,
519 .opt.arg = &ca_config.passargin, 519 .opt.arg = &cfg.passargin,
520 }, 520 },
521 { 521 {
522 .name = "policy", 522 .name = "policy",
523 .argname = "name", 523 .argname = "name",
524 .desc = "The CA 'policy' to support", 524 .desc = "The CA 'policy' to support",
525 .type = OPTION_ARG, 525 .type = OPTION_ARG,
526 .opt.arg = &ca_config.policy, 526 .opt.arg = &cfg.policy,
527 }, 527 },
528 { 528 {
529 .name = "preserveDN", 529 .name = "preserveDN",
530 .desc = "Do not re-order the DN", 530 .desc = "Do not re-order the DN",
531 .type = OPTION_FLAG, 531 .type = OPTION_FLAG,
532 .opt.flag = &ca_config.preserve, 532 .opt.flag = &cfg.preserve,
533 }, 533 },
534 { 534 {
535 .name = "revoke", 535 .name = "revoke",
@@ -542,7 +542,7 @@ static const struct option ca_options[] = {
542 .name = "selfsign", 542 .name = "selfsign",
543 .desc = "Sign a certificate using the key associated with it", 543 .desc = "Sign a certificate using the key associated with it",
544 .type = OPTION_FLAG, 544 .type = OPTION_FLAG,
545 .opt.flag = &ca_config.selfsign, 545 .opt.flag = &cfg.selfsign,
546 }, 546 },
547 { 547 {
548 .name = "sigopt", 548 .name = "sigopt",
@@ -570,27 +570,27 @@ static const struct option ca_options[] = {
570 .argname = "YYMMDDHHMMSSZ", 570 .argname = "YYMMDDHHMMSSZ",
571 .desc = "Certificate validity notBefore", 571 .desc = "Certificate validity notBefore",
572 .type = OPTION_ARG, 572 .type = OPTION_ARG,
573 .opt.arg = &ca_config.startdate, 573 .opt.arg = &cfg.startdate,
574 }, 574 },
575 { 575 {
576 .name = "status", 576 .name = "status",
577 .argname = "serial", 577 .argname = "serial",
578 .desc = "Shows certificate status given the serial number", 578 .desc = "Shows certificate status given the serial number",
579 .type = OPTION_ARG, 579 .type = OPTION_ARG,
580 .opt.arg = &ca_config.serial_status, 580 .opt.arg = &cfg.serial_status,
581 }, 581 },
582 { 582 {
583 .name = "subj", 583 .name = "subj",
584 .argname = "arg", 584 .argname = "arg",
585 .desc = "Use arg instead of request's subject", 585 .desc = "Use arg instead of request's subject",
586 .type = OPTION_ARG, 586 .type = OPTION_ARG,
587 .opt.arg = &ca_config.subj, 587 .opt.arg = &cfg.subj,
588 }, 588 },
589 { 589 {
590 .name = "updatedb", 590 .name = "updatedb",
591 .desc = "Updates db for expired certificates", 591 .desc = "Updates db for expired certificates",
592 .type = OPTION_FLAG, 592 .type = OPTION_FLAG,
593 .opt.flag = &ca_config.doupdatedb, 593 .opt.flag = &cfg.doupdatedb,
594 }, 594 },
595 { 595 {
596 .name = "utf8", 596 .name = "utf8",
@@ -602,7 +602,7 @@ static const struct option ca_options[] = {
602 .name = "verbose", 602 .name = "verbose",
603 .desc = "Verbose output during processing", 603 .desc = "Verbose output during processing",
604 .type = OPTION_FLAG, 604 .type = OPTION_FLAG,
605 .opt.flag = &ca_config.verbose, 605 .opt.flag = &cfg.verbose,
606 }, 606 },
607 { NULL }, 607 { NULL },
608}; 608};
@@ -690,11 +690,11 @@ ca_main(int argc, char **argv)
690 exit(1); 690 exit(1);
691 } 691 }
692 692
693 memset(&ca_config, 0, sizeof(ca_config)); 693 memset(&cfg, 0, sizeof(cfg));
694 ca_config.email_dn = 1; 694 cfg.email_dn = 1;
695 ca_config.keyform = FORMAT_PEM; 695 cfg.keyform = FORMAT_PEM;
696 ca_config.chtype = MBSTRING_ASC; 696 cfg.chtype = MBSTRING_ASC;
697 ca_config.rev_type = REV_NONE; 697 cfg.rev_type = REV_NONE;
698 698
699 conf = NULL; 699 conf = NULL;
700 700
@@ -705,37 +705,37 @@ ca_main(int argc, char **argv)
705 705
706 /*****************************************************************/ 706 /*****************************************************************/
707 tofree = NULL; 707 tofree = NULL;
708 if (ca_config.configfile == NULL) 708 if (cfg.configfile == NULL)
709 ca_config.configfile = getenv("OPENSSL_CONF"); 709 cfg.configfile = getenv("OPENSSL_CONF");
710 if (ca_config.configfile == NULL) { 710 if (cfg.configfile == NULL) {
711 if ((tofree = make_config_name()) == NULL) { 711 if ((tofree = make_config_name()) == NULL) {
712 BIO_printf(bio_err, "error making config file name\n"); 712 BIO_printf(bio_err, "error making config file name\n");
713 goto err; 713 goto err;
714 } 714 }
715 ca_config.configfile = tofree; 715 cfg.configfile = tofree;
716 } 716 }
717 BIO_printf(bio_err, "Using configuration from %s\n", 717 BIO_printf(bio_err, "Using configuration from %s\n",
718 ca_config.configfile); 718 cfg.configfile);
719 conf = NCONF_new(NULL); 719 conf = NCONF_new(NULL);
720 if (NCONF_load(conf, ca_config.configfile, &errorline) <= 0) { 720 if (NCONF_load(conf, cfg.configfile, &errorline) <= 0) {
721 if (errorline <= 0) 721 if (errorline <= 0)
722 BIO_printf(bio_err, 722 BIO_printf(bio_err,
723 "error loading the config file '%s'\n", 723 "error loading the config file '%s'\n",
724 ca_config.configfile); 724 cfg.configfile);
725 else 725 else
726 BIO_printf(bio_err, 726 BIO_printf(bio_err,
727 "error on line %ld of config file '%s'\n", 727 "error on line %ld of config file '%s'\n",
728 errorline, ca_config.configfile); 728 errorline, cfg.configfile);
729 goto err; 729 goto err;
730 } 730 }
731 free(tofree); 731 free(tofree);
732 tofree = NULL; 732 tofree = NULL;
733 733
734 /* Lets get the config section we are using */ 734 /* Lets get the config section we are using */
735 if (ca_config.section == NULL) { 735 if (cfg.section == NULL) {
736 ca_config.section = NCONF_get_string(conf, BASE_SECTION, 736 cfg.section = NCONF_get_string(conf, BASE_SECTION,
737 ENV_DEFAULT_CA); 737 ENV_DEFAULT_CA);
738 if (ca_config.section == NULL) { 738 if (cfg.section == NULL) {
739 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA); 739 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
740 goto err; 740 goto err;
741 } 741 }
@@ -765,7 +765,7 @@ ca_main(int argc, char **argv)
765 goto err; 765 goto err;
766 } 766 }
767 } 767 }
768 f = NCONF_get_string(conf, ca_config.section, STRING_MASK); 768 f = NCONF_get_string(conf, cfg.section, STRING_MASK);
769 if (f == NULL) 769 if (f == NULL)
770 ERR_clear_error(); 770 ERR_clear_error();
771 771
@@ -774,15 +774,15 @@ ca_main(int argc, char **argv)
774 "Invalid global string mask setting %s\n", f); 774 "Invalid global string mask setting %s\n", f);
775 goto err; 775 goto err;
776 } 776 }
777 if (ca_config.chtype != MBSTRING_UTF8) { 777 if (cfg.chtype != MBSTRING_UTF8) {
778 f = NCONF_get_string(conf, ca_config.section, UTF8_IN); 778 f = NCONF_get_string(conf, cfg.section, UTF8_IN);
779 if (f == NULL) 779 if (f == NULL)
780 ERR_clear_error(); 780 ERR_clear_error();
781 else if (strcmp(f, "yes") == 0) 781 else if (strcmp(f, "yes") == 0)
782 ca_config.chtype = MBSTRING_UTF8; 782 cfg.chtype = MBSTRING_UTF8;
783 } 783 }
784 db_attr.unique_subject = 1; 784 db_attr.unique_subject = 1;
785 p = NCONF_get_string(conf, ca_config.section, ENV_UNIQUE_SUBJECT); 785 p = NCONF_get_string(conf, cfg.section, ENV_UNIQUE_SUBJECT);
786 if (p != NULL) { 786 if (p != NULL) {
787 db_attr.unique_subject = parse_yesno(p, 1); 787 db_attr.unique_subject = parse_yesno(p, 1);
788 } else 788 } else
@@ -798,10 +798,10 @@ ca_main(int argc, char **argv)
798 } 798 }
799 /*****************************************************************/ 799 /*****************************************************************/
800 /* report status of cert with serial number given on command line */ 800 /* report status of cert with serial number given on command line */
801 if (ca_config.serial_status) { 801 if (cfg.serial_status) {
802 if ((dbfile = NCONF_get_string(conf, ca_config.section, 802 if ((dbfile = NCONF_get_string(conf, cfg.section,
803 ENV_DATABASE)) == NULL) { 803 ENV_DATABASE)) == NULL) {
804 lookup_fail(ca_config.section, ENV_DATABASE); 804 lookup_fail(cfg.section, ENV_DATABASE);
805 goto err; 805 goto err;
806 } 806 }
807 db = load_index(dbfile, &db_attr); 807 db = load_index(dbfile, &db_attr);
@@ -811,47 +811,47 @@ ca_main(int argc, char **argv)
811 if (!index_index(db)) 811 if (!index_index(db))
812 goto err; 812 goto err;
813 813
814 if (get_certificate_status(ca_config.serial_status, db) != 1) 814 if (get_certificate_status(cfg.serial_status, db) != 1)
815 BIO_printf(bio_err, "Error verifying serial %s!\n", 815 BIO_printf(bio_err, "Error verifying serial %s!\n",
816 ca_config.serial_status); 816 cfg.serial_status);
817 goto err; 817 goto err;
818 } 818 }
819 /*****************************************************************/ 819 /*****************************************************************/
820 /* we definitely need a private key, so let's get it */ 820 /* we definitely need a private key, so let's get it */
821 821
822 if ((ca_config.keyfile == NULL) && 822 if ((cfg.keyfile == NULL) &&
823 ((ca_config.keyfile = NCONF_get_string(conf, ca_config.section, 823 ((cfg.keyfile = NCONF_get_string(conf, cfg.section,
824 ENV_PRIVATE_KEY)) == NULL)) { 824 ENV_PRIVATE_KEY)) == NULL)) {
825 lookup_fail(ca_config.section, ENV_PRIVATE_KEY); 825 lookup_fail(cfg.section, ENV_PRIVATE_KEY);
826 goto err; 826 goto err;
827 } 827 }
828 if (ca_config.key == NULL) { 828 if (cfg.key == NULL) {
829 free_key = 1; 829 free_key = 1;
830 if (!app_passwd(bio_err, ca_config.passargin, NULL, 830 if (!app_passwd(bio_err, cfg.passargin, NULL,
831 &ca_config.key, NULL)) { 831 &cfg.key, NULL)) {
832 BIO_printf(bio_err, "Error getting password\n"); 832 BIO_printf(bio_err, "Error getting password\n");
833 goto err; 833 goto err;
834 } 834 }
835 } 835 }
836 pkey = load_key(bio_err, ca_config.keyfile, ca_config.keyform, 0, 836 pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0,
837 ca_config.key, "CA private key"); 837 cfg.key, "CA private key");
838 if (ca_config.key != NULL) 838 if (cfg.key != NULL)
839 explicit_bzero(ca_config.key, strlen(ca_config.key)); 839 explicit_bzero(cfg.key, strlen(cfg.key));
840 if (pkey == NULL) { 840 if (pkey == NULL) {
841 /* load_key() has already printed an appropriate message */ 841 /* load_key() has already printed an appropriate message */
842 goto err; 842 goto err;
843 } 843 }
844 /*****************************************************************/ 844 /*****************************************************************/
845 /* we need a certificate */ 845 /* we need a certificate */
846 if (!ca_config.selfsign || ca_config.spkac_file != NULL || 846 if (!cfg.selfsign || cfg.spkac_file != NULL ||
847 ca_config.ss_cert_file != NULL || ca_config.gencrl) { 847 cfg.ss_cert_file != NULL || cfg.gencrl) {
848 if ((ca_config.certfile == NULL) && 848 if ((cfg.certfile == NULL) &&
849 ((ca_config.certfile = NCONF_get_string(conf, 849 ((cfg.certfile = NCONF_get_string(conf,
850 ca_config.section, ENV_CERTIFICATE)) == NULL)) { 850 cfg.section, ENV_CERTIFICATE)) == NULL)) {
851 lookup_fail(ca_config.section, ENV_CERTIFICATE); 851 lookup_fail(cfg.section, ENV_CERTIFICATE);
852 goto err; 852 goto err;
853 } 853 }
854 x509 = load_cert(bio_err, ca_config.certfile, FORMAT_PEM, NULL, 854 x509 = load_cert(bio_err, cfg.certfile, FORMAT_PEM, NULL,
855 "CA certificate"); 855 "CA certificate");
856 if (x509 == NULL) 856 if (x509 == NULL)
857 goto err; 857 goto err;
@@ -862,21 +862,21 @@ ca_main(int argc, char **argv)
862 goto err; 862 goto err;
863 } 863 }
864 } 864 }
865 if (!ca_config.selfsign) 865 if (!cfg.selfsign)
866 x509p = x509; 866 x509p = x509;
867 867
868 f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE); 868 f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
869 if (f == NULL) 869 if (f == NULL)
870 ERR_clear_error(); 870 ERR_clear_error();
871 if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 871 if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
872 ca_config.preserve = 1; 872 cfg.preserve = 1;
873 f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK); 873 f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
874 if (f == NULL) 874 if (f == NULL)
875 ERR_clear_error(); 875 ERR_clear_error();
876 if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 876 if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
877 ca_config.msie_hack = 1; 877 cfg.msie_hack = 1;
878 878
879 f = NCONF_get_string(conf, ca_config.section, ENV_NAMEOPT); 879 f = NCONF_get_string(conf, cfg.section, ENV_NAMEOPT);
880 880
881 if (f != NULL) { 881 if (f != NULL) {
882 if (!set_name_ex(&nameopt, f)) { 882 if (!set_name_ex(&nameopt, f)) {
@@ -888,7 +888,7 @@ ca_main(int argc, char **argv)
888 } else 888 } else
889 ERR_clear_error(); 889 ERR_clear_error();
890 890
891 f = NCONF_get_string(conf, ca_config.section, ENV_CERTOPT); 891 f = NCONF_get_string(conf, cfg.section, ENV_CERTOPT);
892 892
893 if (f != NULL) { 893 if (f != NULL) {
894 if (!set_cert_ex(&certopt, f)) { 894 if (!set_cert_ex(&certopt, f)) {
@@ -900,7 +900,7 @@ ca_main(int argc, char **argv)
900 } else 900 } else
901 ERR_clear_error(); 901 ERR_clear_error();
902 902
903 f = NCONF_get_string(conf, ca_config.section, ENV_EXTCOPY); 903 f = NCONF_get_string(conf, cfg.section, ENV_EXTCOPY);
904 904
905 if (f != NULL) { 905 if (f != NULL) {
906 if (!set_ext_copy(&ext_copy, f)) { 906 if (!set_ext_copy(&ext_copy, f)) {
@@ -913,9 +913,9 @@ ca_main(int argc, char **argv)
913 913
914 /*****************************************************************/ 914 /*****************************************************************/
915 /* lookup where to write new certificates */ 915 /* lookup where to write new certificates */
916 if (ca_config.outdir == NULL && ca_config.req) { 916 if (cfg.outdir == NULL && cfg.req) {
917 if ((ca_config.outdir = NCONF_get_string(conf, 917 if ((cfg.outdir = NCONF_get_string(conf,
918 ca_config.section, ENV_NEW_CERTS_DIR)) == NULL) { 918 cfg.section, ENV_NEW_CERTS_DIR)) == NULL) {
919 BIO_printf(bio_err, "output directory %s not defined\n", 919 BIO_printf(bio_err, "output directory %s not defined\n",
920 ENV_NEW_CERTS_DIR); 920 ENV_NEW_CERTS_DIR);
921 goto err; 921 goto err;
@@ -923,9 +923,9 @@ ca_main(int argc, char **argv)
923 } 923 }
924 /*****************************************************************/ 924 /*****************************************************************/
925 /* we need to load the database file */ 925 /* we need to load the database file */
926 if ((dbfile = NCONF_get_string(conf, ca_config.section, 926 if ((dbfile = NCONF_get_string(conf, cfg.section,
927 ENV_DATABASE)) == NULL) { 927 ENV_DATABASE)) == NULL) {
928 lookup_fail(ca_config.section, ENV_DATABASE); 928 lookup_fail(cfg.section, ENV_DATABASE);
929 goto err; 929 goto err;
930 } 930 }
931 db = load_index(dbfile, &db_attr); 931 db = load_index(dbfile, &db_attr);
@@ -976,7 +976,7 @@ ca_main(int argc, char **argv)
976 p++; 976 p++;
977 } 977 }
978 } 978 }
979 if (ca_config.verbose) { 979 if (cfg.verbose) {
980 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 980 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
981 TXT_DB_write(out, db->db); 981 TXT_DB_write(out, db->db);
982 BIO_printf(bio_err, "%d entries loaded from the database\n", 982 BIO_printf(bio_err, "%d entries loaded from the database\n",
@@ -988,8 +988,8 @@ ca_main(int argc, char **argv)
988 988
989 /*****************************************************************/ 989 /*****************************************************************/
990 /* Update the db file for expired certificates */ 990 /* Update the db file for expired certificates */
991 if (ca_config.doupdatedb) { 991 if (cfg.doupdatedb) {
992 if (ca_config.verbose) 992 if (cfg.verbose)
993 BIO_printf(bio_err, "Updating %s ...\n", dbfile); 993 BIO_printf(bio_err, "Updating %s ...\n", dbfile);
994 994
995 i = do_updatedb(db); 995 i = do_updatedb(db);
@@ -997,7 +997,7 @@ ca_main(int argc, char **argv)
997 BIO_printf(bio_err, "Malloc failure\n"); 997 BIO_printf(bio_err, "Malloc failure\n");
998 goto err; 998 goto err;
999 } else if (i == 0) { 999 } else if (i == 0) {
1000 if (ca_config.verbose) 1000 if (cfg.verbose)
1001 BIO_printf(bio_err, 1001 BIO_printf(bio_err,
1002 "No entries found to mark expired\n"); 1002 "No entries found to mark expired\n");
1003 } else { 1003 } else {
@@ -1007,92 +1007,92 @@ ca_main(int argc, char **argv)
1007 if (!rotate_index(dbfile, "new", "old")) 1007 if (!rotate_index(dbfile, "new", "old"))
1008 goto err; 1008 goto err;
1009 1009
1010 if (ca_config.verbose) 1010 if (cfg.verbose)
1011 BIO_printf(bio_err, 1011 BIO_printf(bio_err,
1012 "Done. %d entries marked as expired\n", i); 1012 "Done. %d entries marked as expired\n", i);
1013 } 1013 }
1014 } 1014 }
1015 /*****************************************************************/ 1015 /*****************************************************************/
1016 /* Read extentions config file */ 1016 /* Read extentions config file */
1017 if (ca_config.extfile != NULL) { 1017 if (cfg.extfile != NULL) {
1018 extconf = NCONF_new(NULL); 1018 extconf = NCONF_new(NULL);
1019 if (NCONF_load(extconf, ca_config.extfile, &errorline) <= 0) { 1019 if (NCONF_load(extconf, cfg.extfile, &errorline) <= 0) {
1020 if (errorline <= 0) 1020 if (errorline <= 0)
1021 BIO_printf(bio_err, 1021 BIO_printf(bio_err,
1022 "ERROR: loading the config file '%s'\n", 1022 "ERROR: loading the config file '%s'\n",
1023 ca_config.extfile); 1023 cfg.extfile);
1024 else 1024 else
1025 BIO_printf(bio_err, 1025 BIO_printf(bio_err,
1026 "ERROR: on line %ld of config file '%s'\n", 1026 "ERROR: on line %ld of config file '%s'\n",
1027 errorline, ca_config.extfile); 1027 errorline, cfg.extfile);
1028 ret = 1; 1028 ret = 1;
1029 goto err; 1029 goto err;
1030 } 1030 }
1031 if (ca_config.verbose) 1031 if (cfg.verbose)
1032 BIO_printf(bio_err, 1032 BIO_printf(bio_err,
1033 "Successfully loaded extensions file %s\n", 1033 "Successfully loaded extensions file %s\n",
1034 ca_config.extfile); 1034 cfg.extfile);
1035 1035
1036 /* We can have sections in the ext file */ 1036 /* We can have sections in the ext file */
1037 if (ca_config.extensions == NULL && 1037 if (cfg.extensions == NULL &&
1038 (ca_config.extensions = NCONF_get_string(extconf, "default", 1038 (cfg.extensions = NCONF_get_string(extconf, "default",
1039 "extensions")) == NULL) 1039 "extensions")) == NULL)
1040 ca_config.extensions = "default"; 1040 cfg.extensions = "default";
1041 } 1041 }
1042 /*****************************************************************/ 1042 /*****************************************************************/
1043 if (ca_config.req || ca_config.gencrl) { 1043 if (cfg.req || cfg.gencrl) {
1044 if (ca_config.outfile != NULL) { 1044 if (cfg.outfile != NULL) {
1045 if (BIO_write_filename(Sout, ca_config.outfile) <= 0) { 1045 if (BIO_write_filename(Sout, cfg.outfile) <= 0) {
1046 perror(ca_config.outfile); 1046 perror(cfg.outfile);
1047 goto err; 1047 goto err;
1048 } 1048 }
1049 } else { 1049 } else {
1050 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 1050 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1051 } 1051 }
1052 } 1052 }
1053 if ((ca_config.md == NULL) && 1053 if ((cfg.md == NULL) &&
1054 ((ca_config.md = NCONF_get_string(conf, ca_config.section, 1054 ((cfg.md = NCONF_get_string(conf, cfg.section,
1055 ENV_DEFAULT_MD)) == NULL)) { 1055 ENV_DEFAULT_MD)) == NULL)) {
1056 lookup_fail(ca_config.section, ENV_DEFAULT_MD); 1056 lookup_fail(cfg.section, ENV_DEFAULT_MD);
1057 goto err; 1057 goto err;
1058 } 1058 }
1059 if (strcmp(ca_config.md, "default") == 0) { 1059 if (strcmp(cfg.md, "default") == 0) {
1060 int def_nid; 1060 int def_nid;
1061 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { 1061 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
1062 BIO_puts(bio_err, "no default digest\n"); 1062 BIO_puts(bio_err, "no default digest\n");
1063 goto err; 1063 goto err;
1064 } 1064 }
1065 ca_config.md = (char *) OBJ_nid2sn(def_nid); 1065 cfg.md = (char *) OBJ_nid2sn(def_nid);
1066 if (ca_config.md == NULL) 1066 if (cfg.md == NULL)
1067 goto err; 1067 goto err;
1068 } 1068 }
1069 if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) { 1069 if ((dgst = EVP_get_digestbyname(cfg.md)) == NULL) {
1070 BIO_printf(bio_err, 1070 BIO_printf(bio_err,
1071 "%s is an unsupported message digest type\n", ca_config.md); 1071 "%s is an unsupported message digest type\n", cfg.md);
1072 goto err; 1072 goto err;
1073 } 1073 }
1074 if (ca_config.req) { 1074 if (cfg.req) {
1075 if ((ca_config.email_dn == 1) && 1075 if ((cfg.email_dn == 1) &&
1076 ((tmp_email_dn = NCONF_get_string(conf, ca_config.section, 1076 ((tmp_email_dn = NCONF_get_string(conf, cfg.section,
1077 ENV_DEFAULT_EMAIL_DN)) != NULL)) { 1077 ENV_DEFAULT_EMAIL_DN)) != NULL)) {
1078 if (strcmp(tmp_email_dn, "no") == 0) 1078 if (strcmp(tmp_email_dn, "no") == 0)
1079 ca_config.email_dn = 0; 1079 cfg.email_dn = 0;
1080 } 1080 }
1081 if (ca_config.verbose) 1081 if (cfg.verbose)
1082 BIO_printf(bio_err, "message digest is %s\n", 1082 BIO_printf(bio_err, "message digest is %s\n",
1083 OBJ_nid2ln(EVP_MD_type(dgst))); 1083 OBJ_nid2ln(EVP_MD_type(dgst)));
1084 if ((ca_config.policy == NULL) && 1084 if ((cfg.policy == NULL) &&
1085 ((ca_config.policy = NCONF_get_string(conf, 1085 ((cfg.policy = NCONF_get_string(conf,
1086 ca_config.section, ENV_POLICY)) == NULL)) { 1086 cfg.section, ENV_POLICY)) == NULL)) {
1087 lookup_fail(ca_config.section, ENV_POLICY); 1087 lookup_fail(cfg.section, ENV_POLICY);
1088 goto err; 1088 goto err;
1089 } 1089 }
1090 if (ca_config.verbose) 1090 if (cfg.verbose)
1091 BIO_printf(bio_err, "policy is %s\n", ca_config.policy); 1091 BIO_printf(bio_err, "policy is %s\n", cfg.policy);
1092 1092
1093 if ((serialfile = NCONF_get_string(conf, ca_config.section, 1093 if ((serialfile = NCONF_get_string(conf, cfg.section,
1094 ENV_SERIAL)) == NULL) { 1094 ENV_SERIAL)) == NULL) {
1095 lookup_fail(ca_config.section, ENV_SERIAL); 1095 lookup_fail(cfg.section, ENV_SERIAL);
1096 goto err; 1096 goto err;
1097 } 1097 }
1098 if (extconf == NULL) { 1098 if (extconf == NULL) {
@@ -1100,59 +1100,59 @@ ca_main(int argc, char **argv)
1100 * no '-extfile' option, so we look for extensions in 1100 * no '-extfile' option, so we look for extensions in
1101 * the main configuration file 1101 * the main configuration file
1102 */ 1102 */
1103 if (ca_config.extensions == NULL) { 1103 if (cfg.extensions == NULL) {
1104 ca_config.extensions = NCONF_get_string(conf, 1104 cfg.extensions = NCONF_get_string(conf,
1105 ca_config.section, ENV_EXTENSIONS); 1105 cfg.section, ENV_EXTENSIONS);
1106 if (ca_config.extensions == NULL) 1106 if (cfg.extensions == NULL)
1107 ERR_clear_error(); 1107 ERR_clear_error();
1108 } 1108 }
1109 if (ca_config.extensions != NULL) { 1109 if (cfg.extensions != NULL) {
1110 /* Check syntax of file */ 1110 /* Check syntax of file */
1111 X509V3_CTX ctx; 1111 X509V3_CTX ctx;
1112 X509V3_set_ctx_test(&ctx); 1112 X509V3_set_ctx_test(&ctx);
1113 X509V3_set_nconf(&ctx, conf); 1113 X509V3_set_nconf(&ctx, conf);
1114 if (!X509V3_EXT_add_nconf(conf, &ctx, 1114 if (!X509V3_EXT_add_nconf(conf, &ctx,
1115 ca_config.extensions, NULL)) { 1115 cfg.extensions, NULL)) {
1116 BIO_printf(bio_err, 1116 BIO_printf(bio_err,
1117 "Error Loading extension section %s\n", 1117 "Error Loading extension section %s\n",
1118 ca_config.extensions); 1118 cfg.extensions);
1119 ret = 1; 1119 ret = 1;
1120 goto err; 1120 goto err;
1121 } 1121 }
1122 } 1122 }
1123 } 1123 }
1124 if (ca_config.startdate == NULL) { 1124 if (cfg.startdate == NULL) {
1125 ca_config.startdate = NCONF_get_string(conf, 1125 cfg.startdate = NCONF_get_string(conf,
1126 ca_config.section, ENV_DEFAULT_STARTDATE); 1126 cfg.section, ENV_DEFAULT_STARTDATE);
1127 if (ca_config.startdate == NULL) 1127 if (cfg.startdate == NULL)
1128 ERR_clear_error(); 1128 ERR_clear_error();
1129 } 1129 }
1130 if (ca_config.startdate == NULL) 1130 if (cfg.startdate == NULL)
1131 ca_config.startdate = "today"; 1131 cfg.startdate = "today";
1132 1132
1133 if (ca_config.enddate == NULL) { 1133 if (cfg.enddate == NULL) {
1134 ca_config.enddate = NCONF_get_string(conf, 1134 cfg.enddate = NCONF_get_string(conf,
1135 ca_config.section, ENV_DEFAULT_ENDDATE); 1135 cfg.section, ENV_DEFAULT_ENDDATE);
1136 if (ca_config.enddate == NULL) 1136 if (cfg.enddate == NULL)
1137 ERR_clear_error(); 1137 ERR_clear_error();
1138 } 1138 }
1139 if (ca_config.days == 0 && ca_config.enddate == NULL) { 1139 if (cfg.days == 0 && cfg.enddate == NULL) {
1140 if (!NCONF_get_number(conf, ca_config.section, 1140 if (!NCONF_get_number(conf, cfg.section,
1141 ENV_DEFAULT_DAYS, &ca_config.days)) 1141 ENV_DEFAULT_DAYS, &cfg.days))
1142 ca_config.days = 0; 1142 cfg.days = 0;
1143 } 1143 }
1144 if (ca_config.enddate == NULL && ca_config.days == 0) { 1144 if (cfg.enddate == NULL && cfg.days == 0) {
1145 BIO_printf(bio_err, 1145 BIO_printf(bio_err,
1146 "cannot lookup how many days to certify for\n"); 1146 "cannot lookup how many days to certify for\n");
1147 goto err; 1147 goto err;
1148 } 1148 }
1149 if ((serial = load_serial(serialfile, ca_config.create_serial, 1149 if ((serial = load_serial(serialfile, cfg.create_serial,
1150 NULL)) == NULL) { 1150 NULL)) == NULL) {
1151 BIO_printf(bio_err, 1151 BIO_printf(bio_err,
1152 "error while loading serial number\n"); 1152 "error while loading serial number\n");
1153 goto err; 1153 goto err;
1154 } 1154 }
1155 if (ca_config.verbose) { 1155 if (cfg.verbose) {
1156 if (BN_is_zero(serial)) 1156 if (BN_is_zero(serial))
1157 BIO_printf(bio_err, 1157 BIO_printf(bio_err,
1158 "next serial number is 00\n"); 1158 "next serial number is 00\n");
@@ -1164,25 +1164,25 @@ ca_main(int argc, char **argv)
1164 free(f); 1164 free(f);
1165 } 1165 }
1166 } 1166 }
1167 if ((attribs = NCONF_get_section(conf, ca_config.policy)) == 1167 if ((attribs = NCONF_get_section(conf, cfg.policy)) ==
1168 NULL) { 1168 NULL) {
1169 BIO_printf(bio_err, "unable to find 'section' for %s\n", 1169 BIO_printf(bio_err, "unable to find 'section' for %s\n",
1170 ca_config.policy); 1170 cfg.policy);
1171 goto err; 1171 goto err;
1172 } 1172 }
1173 if ((cert_sk = sk_X509_new_null()) == NULL) { 1173 if ((cert_sk = sk_X509_new_null()) == NULL) {
1174 BIO_printf(bio_err, "Memory allocation failure\n"); 1174 BIO_printf(bio_err, "Memory allocation failure\n");
1175 goto err; 1175 goto err;
1176 } 1176 }
1177 if (ca_config.spkac_file != NULL) { 1177 if (cfg.spkac_file != NULL) {
1178 total++; 1178 total++;
1179 j = certify_spkac(&x, ca_config.spkac_file, pkey, x509, 1179 j = certify_spkac(&x, cfg.spkac_file, pkey, x509,
1180 dgst, ca_config.sigopts, attribs, db, serial, 1180 dgst, cfg.sigopts, attribs, db, serial,
1181 ca_config.subj, ca_config.chtype, 1181 cfg.subj, cfg.chtype,
1182 ca_config.multirdn, ca_config.email_dn, 1182 cfg.multirdn, cfg.email_dn,
1183 ca_config.startdate, ca_config.enddate, 1183 cfg.startdate, cfg.enddate,
1184 ca_config.days, ca_config.extensions, conf, 1184 cfg.days, cfg.extensions, conf,
1185 ca_config.verbose, certopt, nameopt, default_op, 1185 cfg.verbose, certopt, nameopt, default_op,
1186 ext_copy); 1186 ext_copy);
1187 if (j < 0) 1187 if (j < 0)
1188 goto err; 1188 goto err;
@@ -1196,21 +1196,21 @@ ca_main(int argc, char **argv)
1196 "Memory allocation failure\n"); 1196 "Memory allocation failure\n");
1197 goto err; 1197 goto err;
1198 } 1198 }
1199 if (ca_config.outfile != NULL) { 1199 if (cfg.outfile != NULL) {
1200 output_der = 1; 1200 output_der = 1;
1201 ca_config.batch = 1; 1201 cfg.batch = 1;
1202 } 1202 }
1203 } 1203 }
1204 } 1204 }
1205 if (ca_config.ss_cert_file != NULL) { 1205 if (cfg.ss_cert_file != NULL) {
1206 total++; 1206 total++;
1207 j = certify_cert(&x, ca_config.ss_cert_file, pkey, x509, 1207 j = certify_cert(&x, cfg.ss_cert_file, pkey, x509,
1208 dgst, ca_config.sigopts, attribs, db, serial, 1208 dgst, cfg.sigopts, attribs, db, serial,
1209 ca_config.subj, ca_config.chtype, 1209 cfg.subj, cfg.chtype,
1210 ca_config.multirdn, ca_config.email_dn, 1210 cfg.multirdn, cfg.email_dn,
1211 ca_config.startdate, ca_config.enddate, 1211 cfg.startdate, cfg.enddate,
1212 ca_config.days, ca_config.batch, 1212 cfg.days, cfg.batch,
1213 ca_config.extensions, conf, ca_config.verbose, 1213 cfg.extensions, conf, cfg.verbose,
1214 certopt, nameopt, default_op, ext_copy); 1214 certopt, nameopt, default_op, ext_copy);
1215 if (j < 0) 1215 if (j < 0)
1216 goto err; 1216 goto err;
@@ -1226,17 +1226,17 @@ ca_main(int argc, char **argv)
1226 } 1226 }
1227 } 1227 }
1228 } 1228 }
1229 if (ca_config.infile != NULL) { 1229 if (cfg.infile != NULL) {
1230 total++; 1230 total++;
1231 j = certify(&x, ca_config.infile, pkey, x509p, dgst, 1231 j = certify(&x, cfg.infile, pkey, x509p, dgst,
1232 ca_config.sigopts, attribs, db, serial, 1232 cfg.sigopts, attribs, db, serial,
1233 ca_config.subj, ca_config.chtype, 1233 cfg.subj, cfg.chtype,
1234 ca_config.multirdn, ca_config.email_dn, 1234 cfg.multirdn, cfg.email_dn,
1235 ca_config.startdate, ca_config.enddate, 1235 cfg.startdate, cfg.enddate,
1236 ca_config.days, ca_config.batch, 1236 cfg.days, cfg.batch,
1237 ca_config.extensions, conf, ca_config.verbose, 1237 cfg.extensions, conf, cfg.verbose,
1238 certopt, nameopt, default_op, ext_copy, 1238 certopt, nameopt, default_op, ext_copy,
1239 ca_config.selfsign); 1239 cfg.selfsign);
1240 if (j < 0) 1240 if (j < 0)
1241 goto err; 1241 goto err;
1242 if (j > 0) { 1242 if (j > 0) {
@@ -1251,17 +1251,17 @@ ca_main(int argc, char **argv)
1251 } 1251 }
1252 } 1252 }
1253 } 1253 }
1254 for (i = 0; i < ca_config.infiles_num; i++) { 1254 for (i = 0; i < cfg.infiles_num; i++) {
1255 total++; 1255 total++;
1256 j = certify(&x, ca_config.infiles[i], pkey, x509p, dgst, 1256 j = certify(&x, cfg.infiles[i], pkey, x509p, dgst,
1257 ca_config.sigopts, attribs, db, serial, 1257 cfg.sigopts, attribs, db, serial,
1258 ca_config.subj, ca_config.chtype, 1258 cfg.subj, cfg.chtype,
1259 ca_config.multirdn, ca_config.email_dn, 1259 cfg.multirdn, cfg.email_dn,
1260 ca_config.startdate, ca_config.enddate, 1260 cfg.startdate, cfg.enddate,
1261 ca_config.days, ca_config.batch, 1261 cfg.days, cfg.batch,
1262 ca_config.extensions, conf, ca_config.verbose, 1262 cfg.extensions, conf, cfg.verbose,
1263 certopt, nameopt, default_op, ext_copy, 1263 certopt, nameopt, default_op, ext_copy,
1264 ca_config.selfsign); 1264 cfg.selfsign);
1265 if (j < 0) 1265 if (j < 0)
1266 goto err; 1266 goto err;
1267 if (j > 0) { 1267 if (j > 0) {
@@ -1282,7 +1282,7 @@ ca_main(int argc, char **argv)
1282 */ 1282 */
1283 1283
1284 if (sk_X509_num(cert_sk) > 0) { 1284 if (sk_X509_num(cert_sk) > 0) {
1285 if (!ca_config.batch) { 1285 if (!cfg.batch) {
1286 char answer[10]; 1286 char answer[10];
1287 1287
1288 BIO_printf(bio_err, 1288 BIO_printf(bio_err,
@@ -1313,7 +1313,7 @@ ca_main(int argc, char **argv)
1313 if (!save_index(dbfile, "new", db)) 1313 if (!save_index(dbfile, "new", db))
1314 goto err; 1314 goto err;
1315 } 1315 }
1316 if (ca_config.verbose) 1316 if (cfg.verbose)
1317 BIO_printf(bio_err, "writing new certificates\n"); 1317 BIO_printf(bio_err, "writing new certificates\n");
1318 for (i = 0; i < sk_X509_num(cert_sk); i++) { 1318 for (i = 0; i < sk_X509_num(cert_sk); i++) {
1319 ASN1_INTEGER *serialNumber; 1319 ASN1_INTEGER *serialNumber;
@@ -1334,7 +1334,7 @@ ca_main(int argc, char **argv)
1334 serialstr = strdup("00"); 1334 serialstr = strdup("00");
1335 if (serialstr != NULL) { 1335 if (serialstr != NULL) {
1336 k = snprintf(pempath, sizeof(pempath), 1336 k = snprintf(pempath, sizeof(pempath),
1337 "%s/%s.pem", ca_config.outdir, serialstr); 1337 "%s/%s.pem", cfg.outdir, serialstr);
1338 free(serialstr); 1338 free(serialstr);
1339 if (k < 0 || k >= sizeof(pempath)) { 1339 if (k < 0 || k >= sizeof(pempath)) {
1340 BIO_printf(bio_err, 1340 BIO_printf(bio_err,
@@ -1346,7 +1346,7 @@ ca_main(int argc, char **argv)
1346 "memory allocation failed\n"); 1346 "memory allocation failed\n");
1347 goto err; 1347 goto err;
1348 } 1348 }
1349 if (ca_config.verbose) 1349 if (cfg.verbose)
1350 BIO_printf(bio_err, "writing %s\n", pempath); 1350 BIO_printf(bio_err, "writing %s\n", pempath);
1351 1351
1352 if (BIO_write_filename(Cout, pempath) <= 0) { 1352 if (BIO_write_filename(Cout, pempath) <= 0) {
@@ -1354,10 +1354,10 @@ ca_main(int argc, char **argv)
1354 goto err; 1354 goto err;
1355 } 1355 }
1356 if (!write_new_certificate(Cout, x, 0, 1356 if (!write_new_certificate(Cout, x, 0,
1357 ca_config.notext)) 1357 cfg.notext))
1358 goto err; 1358 goto err;
1359 if (!write_new_certificate(Sout, x, output_der, 1359 if (!write_new_certificate(Sout, x, output_der,
1360 ca_config.notext)) 1360 cfg.notext))
1361 goto err; 1361 goto err;
1362 } 1362 }
1363 1363
@@ -1373,29 +1373,29 @@ ca_main(int argc, char **argv)
1373 } 1373 }
1374 } 1374 }
1375 /*****************************************************************/ 1375 /*****************************************************************/
1376 if (ca_config.gencrl) { 1376 if (cfg.gencrl) {
1377 int crl_v2 = 0; 1377 int crl_v2 = 0;
1378 if (ca_config.crl_ext == NULL) { 1378 if (cfg.crl_ext == NULL) {
1379 ca_config.crl_ext = NCONF_get_string(conf, 1379 cfg.crl_ext = NCONF_get_string(conf,
1380 ca_config.section, ENV_CRLEXT); 1380 cfg.section, ENV_CRLEXT);
1381 if (ca_config.crl_ext == NULL) 1381 if (cfg.crl_ext == NULL)
1382 ERR_clear_error(); 1382 ERR_clear_error();
1383 } 1383 }
1384 if (ca_config.crl_ext != NULL) { 1384 if (cfg.crl_ext != NULL) {
1385 /* Check syntax of file */ 1385 /* Check syntax of file */
1386 X509V3_CTX ctx; 1386 X509V3_CTX ctx;
1387 X509V3_set_ctx_test(&ctx); 1387 X509V3_set_ctx_test(&ctx);
1388 X509V3_set_nconf(&ctx, conf); 1388 X509V3_set_nconf(&ctx, conf);
1389 if (!X509V3_EXT_add_nconf(conf, &ctx, ca_config.crl_ext, 1389 if (!X509V3_EXT_add_nconf(conf, &ctx, cfg.crl_ext,
1390 NULL)) { 1390 NULL)) {
1391 BIO_printf(bio_err, 1391 BIO_printf(bio_err,
1392 "Error Loading CRL extension section %s\n", 1392 "Error Loading CRL extension section %s\n",
1393 ca_config.crl_ext); 1393 cfg.crl_ext);
1394 ret = 1; 1394 ret = 1;
1395 goto err; 1395 goto err;
1396 } 1396 }
1397 } 1397 }
1398 if ((crlnumberfile = NCONF_get_string(conf, ca_config.section, 1398 if ((crlnumberfile = NCONF_get_string(conf, cfg.section,
1399 ENV_CRLNUMBER)) != NULL) 1399 ENV_CRLNUMBER)) != NULL)
1400 if ((crlnumber = load_serial(crlnumberfile, 0, 1400 if ((crlnumber = load_serial(crlnumberfile, 0,
1401 NULL)) == NULL) { 1401 NULL)) == NULL) {
@@ -1403,23 +1403,23 @@ ca_main(int argc, char **argv)
1403 "error while loading CRL number\n"); 1403 "error while loading CRL number\n");
1404 goto err; 1404 goto err;
1405 } 1405 }
1406 if (!ca_config.crldays && !ca_config.crlhours && 1406 if (!cfg.crldays && !cfg.crlhours &&
1407 !ca_config.crlsec) { 1407 !cfg.crlsec) {
1408 if (!NCONF_get_number(conf, ca_config.section, 1408 if (!NCONF_get_number(conf, cfg.section,
1409 ENV_DEFAULT_CRL_DAYS, &ca_config.crldays)) 1409 ENV_DEFAULT_CRL_DAYS, &cfg.crldays))
1410 ca_config.crldays = 0; 1410 cfg.crldays = 0;
1411 if (!NCONF_get_number(conf, ca_config.section, 1411 if (!NCONF_get_number(conf, cfg.section,
1412 ENV_DEFAULT_CRL_HOURS, &ca_config.crlhours)) 1412 ENV_DEFAULT_CRL_HOURS, &cfg.crlhours))
1413 ca_config.crlhours = 0; 1413 cfg.crlhours = 0;
1414 ERR_clear_error(); 1414 ERR_clear_error();
1415 } 1415 }
1416 if ((ca_config.crldays == 0) && (ca_config.crlhours == 0) && 1416 if ((cfg.crldays == 0) && (cfg.crlhours == 0) &&
1417 (ca_config.crlsec == 0)) { 1417 (cfg.crlsec == 0)) {
1418 BIO_printf(bio_err, 1418 BIO_printf(bio_err,
1419 "cannot lookup how long until the next CRL is issued\n"); 1419 "cannot lookup how long until the next CRL is issued\n");
1420 goto err; 1420 goto err;
1421 } 1421 }
1422 if (ca_config.verbose) 1422 if (cfg.verbose)
1423 BIO_printf(bio_err, "making CRL\n"); 1423 BIO_printf(bio_err, "making CRL\n");
1424 if ((crl = X509_CRL_new()) == NULL) 1424 if ((crl = X509_CRL_new()) == NULL)
1425 goto err; 1425 goto err;
@@ -1430,8 +1430,8 @@ ca_main(int argc, char **argv)
1430 goto err; 1430 goto err;
1431 if (!X509_CRL_set_lastUpdate(crl, tmptm)) 1431 if (!X509_CRL_set_lastUpdate(crl, tmptm))
1432 goto err; 1432 goto err;
1433 if (X509_time_adj_ex(tmptm, ca_config.crldays, 1433 if (X509_time_adj_ex(tmptm, cfg.crldays,
1434 ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) == 1434 cfg.crlhours * 60 * 60 + cfg.crlsec, NULL) ==
1435 NULL) { 1435 NULL) {
1436 BIO_puts(bio_err, "error setting CRL nextUpdate\n"); 1436 BIO_puts(bio_err, "error setting CRL nextUpdate\n");
1437 goto err; 1437 goto err;
@@ -1475,19 +1475,19 @@ ca_main(int argc, char **argv)
1475 X509_CRL_sort(crl); 1475 X509_CRL_sort(crl);
1476 1476
1477 /* we now have a CRL */ 1477 /* we now have a CRL */
1478 if (ca_config.verbose) 1478 if (cfg.verbose)
1479 BIO_printf(bio_err, "signing CRL\n"); 1479 BIO_printf(bio_err, "signing CRL\n");
1480 1480
1481 /* Add any extensions asked for */ 1481 /* Add any extensions asked for */
1482 1482
1483 if (ca_config.crl_ext != NULL || crlnumberfile != NULL) { 1483 if (cfg.crl_ext != NULL || crlnumberfile != NULL) {
1484 X509V3_CTX crlctx; 1484 X509V3_CTX crlctx;
1485 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); 1485 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
1486 X509V3_set_nconf(&crlctx, conf); 1486 X509V3_set_nconf(&crlctx, conf);
1487 1487
1488 if (ca_config.crl_ext != NULL) 1488 if (cfg.crl_ext != NULL)
1489 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, 1489 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
1490 ca_config.crl_ext, crl)) 1490 cfg.crl_ext, crl))
1491 goto err; 1491 goto err;
1492 if (crlnumberfile != NULL) { 1492 if (crlnumberfile != NULL) {
1493 tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL); 1493 tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL);
@@ -1504,7 +1504,7 @@ ca_main(int argc, char **argv)
1504 goto err; 1504 goto err;
1505 } 1505 }
1506 } 1506 }
1507 if (ca_config.crl_ext != NULL || crl_v2) { 1507 if (cfg.crl_ext != NULL || crl_v2) {
1508 if (!X509_CRL_set_version(crl, 1)) 1508 if (!X509_CRL_set_version(crl, 1))
1509 goto err; /* version 2 CRL */ 1509 goto err; /* version 2 CRL */
1510 } 1510 }
@@ -1517,7 +1517,7 @@ ca_main(int argc, char **argv)
1517 crlnumber = NULL; 1517 crlnumber = NULL;
1518 1518
1519 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, 1519 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst,
1520 ca_config.sigopts)) 1520 cfg.sigopts))
1521 goto err; 1521 goto err;
1522 1522
1523 if (!PEM_write_bio_X509_CRL(Sout, crl)) 1523 if (!PEM_write_bio_X509_CRL(Sout, crl))
@@ -1529,18 +1529,18 @@ ca_main(int argc, char **argv)
1529 1529
1530 } 1530 }
1531 /*****************************************************************/ 1531 /*****************************************************************/
1532 if (ca_config.dorevoke) { 1532 if (cfg.dorevoke) {
1533 if (ca_config.infile == NULL) { 1533 if (cfg.infile == NULL) {
1534 BIO_printf(bio_err, "no input files\n"); 1534 BIO_printf(bio_err, "no input files\n");
1535 goto err; 1535 goto err;
1536 } else { 1536 } else {
1537 X509 *revcert; 1537 X509 *revcert;
1538 revcert = load_cert(bio_err, ca_config.infile, 1538 revcert = load_cert(bio_err, cfg.infile,
1539 FORMAT_PEM, NULL, ca_config.infile); 1539 FORMAT_PEM, NULL, cfg.infile);
1540 if (revcert == NULL) 1540 if (revcert == NULL)
1541 goto err; 1541 goto err;
1542 j = do_revoke(revcert, db, ca_config.rev_type, 1542 j = do_revoke(revcert, db, cfg.rev_type,
1543 ca_config.rev_arg); 1543 cfg.rev_arg);
1544 if (j <= 0) 1544 if (j <= 0)
1545 goto err; 1545 goto err;
1546 X509_free(revcert); 1546 X509_free(revcert);
@@ -1570,11 +1570,11 @@ ca_main(int argc, char **argv)
1570 if (ret) 1570 if (ret)
1571 ERR_print_errors(bio_err); 1571 ERR_print_errors(bio_err);
1572 if (free_key) 1572 if (free_key)
1573 free(ca_config.key); 1573 free(cfg.key);
1574 BN_free(serial); 1574 BN_free(serial);
1575 BN_free(crlnumber); 1575 BN_free(crlnumber);
1576 free_index(db); 1576 free_index(db);
1577 sk_OPENSSL_STRING_free(ca_config.sigopts); 1577 sk_OPENSSL_STRING_free(cfg.sigopts);
1578 EVP_PKEY_free(pkey); 1578 EVP_PKEY_free(pkey);
1579 X509_free(x509); 1579 X509_free(x509);
1580 X509_CRL_free(crl); 1580 X509_CRL_free(crl);
@@ -1778,7 +1778,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1778 if (obj == NULL) 1778 if (obj == NULL)
1779 goto err; 1779 goto err;
1780 1780
1781 if (ca_config.msie_hack) { 1781 if (cfg.msie_hack) {
1782 /* assume all type should be strings */ 1782 /* assume all type should be strings */
1783 nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); 1783 nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
1784 if (nid == NID_undef) 1784 if (nid == NID_undef)
@@ -1940,7 +1940,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1940 } 1940 }
1941 } 1941 }
1942 1942
1943 if (ca_config.preserve) { 1943 if (cfg.preserve) {
1944 X509_NAME_free(subject); 1944 X509_NAME_free(subject);
1945 /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ 1945 /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
1946 subject = X509_NAME_dup(name); 1946 subject = X509_NAME_dup(name);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:06:47 +0000