generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow the extension section specified in config files to be overridden

Browse Source 
on the command line for various utilities.
This commit is contained in:
Dr. Stephen Henson
1999-08-27 00:08:17 +00:00
parent f9150e5421
commit 87a25f9032
4 changed files with 46 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES
View File

@@ -4,6 +4,14 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999] Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Allow the config file extension section to be overwritten on the
command line. Based on an original idea from Massimiliano Pala
<madwolf@comune.modena.it>. The new option is called -extensions
and can be applied to ca, req and x509. Also -reqexts to override
the request extensions in req and -crlexts to override the crl extensions
in ca.
[Steve Henson]
*) Add new feature to the SPKAC handling in ca. Now you can include *) Add new feature to the SPKAC handling in ca. Now you can include
the same field multiple times by preceding it by "XXXX." for example: the same field multiple times by preceding it by "XXXX." for example:
1.OU="Unit name 1" 1.OU="Unit name 1"

18
apps/ca.c
View File

@@ -163,6 +163,8 @@ static char *ca_usage[]={
" -batch - Don't ask questions\n", " -batch - Don't ask questions\n",
" -msie_hack - msie modifications to handle all those universal strings\n", " -msie_hack - msie modifications to handle all those universal strings\n",
" -revoke file - Revoke a certificate (given in file)\n", " -revoke file - Revoke a certificate (given in file)\n",
" -extensions .. - Extension section (override value in config file)\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
NULL NULL
}; };
@@ -393,6 +395,16 @@ EF_ALIGNMENT=0;
infile= *(++argv); infile= *(++argv);
dorevoke=1; dorevoke=1;
} }
else if (strcmp(*argv,"-extensions") == 0)
{
if (--argc < 1) goto bad;
extensions= *(++argv);
}
else if (strcmp(*argv,"-crlexts") == 0)
{
if (--argc < 1) goto bad;
crl_ext= *(++argv);
}
else else
{ {
bad: bad:
@@ -720,8 +732,8 @@ bad:
lookup_fail(section,ENV_SERIAL); lookup_fail(section,ENV_SERIAL);
goto err; goto err;
} }
if(!extensions)
extensions=CONF_get_string(conf,section,ENV_EXTENSIONS); extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
if(extensions) { if(extensions) {
/* Check syntax of file */ /* Check syntax of file */
X509V3_CTX ctx; X509V3_CTX ctx;
@@ -1031,7 +1043,7 @@ bad:
/*****************************************************************/ /*****************************************************************/
if (gencrl) if (gencrl)
{ {
crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
if(crl_ext) { if(crl_ext) {
/* Check syntax of file */ /* Check syntax of file */
X509V3_CTX ctx; X509V3_CTX ctx;

19
apps/req.c
View File

@@ -310,8 +310,17 @@ int MAIN(int argc, char **argv)
/* ok */ /* ok */
digest=md_alg; digest=md_alg;
} }
else if (strcmp(*argv,"-extensions") == 0)
{
if (--argc < 1) goto bad;
extensions = *(++argv);
}
else if (strcmp(*argv,"-reqexts") == 0)
{
if (--argc < 1) goto bad;
req_exts = *(++argv);
}
else else
{ {
BIO_printf(bio_err,"unknown option %s\n",*argv); BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1; badops=1;
@@ -349,6 +358,8 @@ bad:
BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
BIO_printf(bio_err," have been reported as requiring\n"); BIO_printf(bio_err," have been reported as requiring\n");
BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n"); BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
goto end; goto end;
} }
@@ -427,7 +438,8 @@ bad:
digest=md_alg; digest=md_alg;
} }
extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); if(!extensions)
extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if(extensions) { if(extensions) {
/* Check syntax of file */ /* Check syntax of file */
X509V3_CTX ctx; X509V3_CTX ctx;
@@ -440,7 +452,8 @@ bad:
} }
} }
req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); if(!req_exts)
req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
if(req_exts) { if(req_exts) {
/* Check syntax of file */ /* Check syntax of file */
X509V3_CTX ctx; X509V3_CTX ctx;

8
apps/x509.c
View File

@@ -115,6 +115,7 @@ static char *x509_usage[]={
" -C - print out C code forms\n", " -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n", " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
" -extfile - configuration file with X509V3 extensions to add\n", " -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
NULL NULL
}; };
@@ -218,6 +219,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
extfile= *(++argv); extfile= *(++argv);
} }
else if (strcmp(*argv,"-extensions") == 0)
{
if (--argc < 1) goto bad;
extsect= *(++argv);
}
else if (strcmp(*argv,"-in") == 0) else if (strcmp(*argv,"-in") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
@@ -335,7 +341,7 @@ bad:
,errorline,extfile); ,errorline,extfile);
goto end; goto end;
} }
if(!(extsect = CONF_get_string(extconf, "default", if(!extsect && !(extsect = CONF_get_string(extconf, "default",
"extensions"))) extsect = "default"; "extensions"))) extsect = "default";
X509V3_set_ctx_test(&ctx2); X509V3_set_ctx_test(&ctx2);
X509V3_set_conf_lhash(&ctx2, extconf); X509V3_set_conf_lhash(&ctx2, extconf);