Continued multibyte character support.

Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.

apps/ca.c

@@ -1691,8 +1691,7 @@ again2:
 
 			if (push != NULL)
 				{
-				if (!X509_NAME_add_entry(subject,push,
-					X509_NAME_entry_count(subject),0))
+				if (!X509_NAME_add_entry(subject,push, -1, 0))
 					{
 					if (push != NULL)
 						X509_NAME_ENTRY_free(push);
@@ -2053,8 +2052,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 			strlen(buf))) == NULL)
 			goto err;
 
-		if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
-			goto err;
+		if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
 		}
 	if (spki == NULL)
 		{

apps/openssl.cnf

@@ -86,6 +86,17 @@ distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 
+# This sets the permitted types in a DirectoryString. There are several
+# options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nobmp : PrintableString, T61String (no BMPStrings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+dirstring_type = nobmp
+
 # req_extensions = v3_req # The extensions to add to a certificate request
 
 [ req_distinguished_name ]

apps/req.c

@@ -82,6 +82,7 @@
 #define ATTRIBUTES	"attributes"
 #define V3_EXTENSIONS	"x509_extensions"
 #define REQ_EXTENSIONS	"req_extensions"
+#define DIRSTRING_TYPE	"dirstring_type"
 
 #define DEFAULT_KEY_LENGTH	512
 #define MIN_KEY_LENGTH		384
@@ -452,6 +453,13 @@ bad:
 		}
 	}
 
+	p = CONF_get_string(req_conf, SECTION, DIRSTRING_TYPE);
+
+	if(p && !ASN1_STRING_set_default_mask_asc(p)) {
+		BIO_printf(bio_err, "Invalid DiretoryString setting %s", p);
+		goto end;
+	}
+
 	if(!req_exts)
 		req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
 	if(req_exts) {
@@ -883,6 +891,9 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 
 	ri=req->req_info;
 
+	/* setup version number */
+	if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
+
 	BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
 	BIO_printf(bio_err,"into your certificate request.\n");
 	BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
@@ -891,8 +902,6 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
 	BIO_printf(bio_err,"-----\n");
 
-	/* setup version number */
-	if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
 
 	if (sk_CONF_VALUE_num(sk))
 		{
@@ -1003,8 +1012,7 @@ err:
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	     int nid, int min, int max)
 	{
-	int i,j,ret=0;
-	X509_NAME_ENTRY *ne=NULL;
+	int i,ret=0;
 	MS_STATIC char buf[1024];
 
 	BIO_printf(bio_err,"%s [%s]:",text,def);
@@ -1039,21 +1047,13 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 		}
 	buf[--i]='\0';
 
-	j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-	if (req_fix_data(nid,&j,i,min,max) == 0)
-		goto err;
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf,
-		strlen(buf)))
-		== NULL) goto err;
-	if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
-		goto err;
-
+	if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
+				(unsigned char *) buf, -1,-1,0)) goto err;
 	ret=1;
 err:
-	if (ne != NULL) X509_NAME_ENTRY_free(ne);
 	return(ret);
 	}