Add functions to allow extensions to be added to certificate requests.
Modify obj_dat.pl to take its files from the command line. Usage is now perl obj_dat.pl objects.h obj_dat.h this should avoid redirection shell escape problems under Win32.
This commit is contained in:
Dr. Stephen Henson
parent
8b94634428
commit
fd52057729
10
CHANGES
10
CHANGES
@ -4,10 +4,14 @@
|
||||
|
||||
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
|
||||
|
||||
*) Changed obj_dat.pl script so it takes its input and output files on
|
||||
the command line. This should avoid shell escape redirection problems
|
||||
under Win32.
|
||||
[Steve Henson]
|
||||
|
||||
*) Initial support for certificate extension requests, these are included
|
||||
in things like Xenroll certificate requests. They will later be used to
|
||||
allow PKCS#10 requests to include a list of "requested extensions" which
|
||||
can be added.
|
||||
in things like Xenroll certificate requests. Included functions to allow
|
||||
extensions to be obtained and added.
|
||||
[Steve Henson]
|
||||
|
||||
*) -crlf option to s_client and s_server for sending newlines as
|
||||
|
||||
@ -724,7 +724,7 @@ if($IsWindows) {
|
||||
EOF
|
||||
close(OUT);
|
||||
|
||||
system "perl crypto/objects/obj_dat.pl <crypto\\objects\\objects.h >crypto\\objects\\obj_dat.h";
|
||||
system "perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h";
|
||||
} else {
|
||||
(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
|
||||
### (system 'make depend') == 0 or exit $? if $depflags ne "";
|
||||
|
||||
@ -38,7 +38,7 @@ top:
|
||||
all: obj_dat.h lib
|
||||
|
||||
obj_dat.h: objects.h obj_dat.pl
|
||||
$(PERL) ./obj_dat.pl < objects.h > obj_dat.h
|
||||
$(PERL) ./obj_dat.pl objects.h obj_dat.h
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
|
||||
@ -38,7 +38,10 @@ sub expand_obj
|
||||
return(%objn);
|
||||
}
|
||||
|
||||
while (<>)
|
||||
open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
|
||||
open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
|
||||
|
||||
while (<IN>)
|
||||
{
|
||||
next unless /^\#define\s+(\S+)\s+(.*)$/;
|
||||
$v=$1;
|
||||
@ -55,6 +58,7 @@ while (<>)
|
||||
$objd{$v}=$d;
|
||||
}
|
||||
}
|
||||
close IN;
|
||||
|
||||
%ob=&expand_obj(*objd);
|
||||
|
||||
@ -132,7 +136,7 @@ foreach (sort obj_cmp @a)
|
||||
push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
|
||||
}
|
||||
|
||||
print <<'EOF';
|
||||
print OUT <<'EOF';
|
||||
/* lib/obj/obj_dat.h */
|
||||
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
@ -193,21 +197,21 @@ print <<'EOF';
|
||||
|
||||
/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
|
||||
* following command:
|
||||
* perl obj_dat.pl < objects.h > obj_dat.h
|
||||
* perl obj_dat.pl objects.h obj_dat.h
|
||||
*/
|
||||
|
||||
EOF
|
||||
|
||||
printf "#define NUM_NID %d\n",$n;
|
||||
printf "#define NUM_SN %d\n",$#sn+1;
|
||||
printf "#define NUM_LN %d\n",$#ln+1;
|
||||
printf "#define NUM_OBJ %d\n\n",$#ob+1;
|
||||
printf OUT "#define NUM_NID %d\n",$n;
|
||||
printf OUT "#define NUM_SN %d\n",$#sn+1;
|
||||
printf OUT "#define NUM_LN %d\n",$#ln+1;
|
||||
printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
|
||||
|
||||
printf "static unsigned char lvalues[%d]={\n",$lvalues+1;
|
||||
print @lvalues;
|
||||
print "};\n\n";
|
||||
printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1;
|
||||
print OUT @lvalues;
|
||||
print OUT "};\n\n";
|
||||
|
||||
printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
|
||||
printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
|
||||
foreach (@out)
|
||||
{
|
||||
if (length($_) > 75)
|
||||
@ -218,30 +222,32 @@ foreach (@out)
|
||||
$t=$out.$_.",";
|
||||
if (length($t) > 70)
|
||||
{
|
||||
print "$out\n";
|
||||
print OUT "$out\n";
|
||||
$t="\t$_,";
|
||||
}
|
||||
$out=$t;
|
||||
}
|
||||
chop $out;
|
||||
print "$out";
|
||||
print OUT "$out";
|
||||
}
|
||||
else
|
||||
{ print $_; }
|
||||
{ print OUT $_; }
|
||||
}
|
||||
print "};\n\n";
|
||||
print OUT "};\n\n";
|
||||
|
||||
printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
|
||||
print @sn;
|
||||
print "};\n\n";
|
||||
printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
|
||||
print OUT @sn;
|
||||
print OUT "};\n\n";
|
||||
|
||||
printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
|
||||
print @ln;
|
||||
print "};\n\n";
|
||||
printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
|
||||
print OUT @ln;
|
||||
print OUT "};\n\n";
|
||||
|
||||
printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
|
||||
print @ob;
|
||||
print "};\n\n";
|
||||
printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
|
||||
print OUT @ob;
|
||||
print OUT "};\n\n";
|
||||
|
||||
close OUT;
|
||||
|
||||
sub der_it
|
||||
{
|
||||
|
||||
@ -791,6 +791,9 @@ int X509_REQ_extension_nid(int nid);
|
||||
int * X509_REQ_get_extesion_nids(void);
|
||||
void X509_REQ_set_extension_nids(int *nids);
|
||||
STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
|
||||
int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
|
||||
int nid);
|
||||
int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
|
||||
|
||||
int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
|
||||
|
||||
|
||||
@ -169,3 +169,48 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
|
||||
d2i_X509_EXTENSION, X509_EXTENSION_free,
|
||||
V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
|
||||
}
|
||||
|
||||
/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
|
||||
* in case we want to create a non standard one.
|
||||
*/
|
||||
|
||||
int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
|
||||
int nid)
|
||||
{
|
||||
unsigned char *p = NULL, *q;
|
||||
long len;
|
||||
ASN1_TYPE *at = NULL;
|
||||
X509_ATTRIBUTE *attr = NULL;
|
||||
if(!(at = ASN1_TYPE_new()) ||
|
||||
!(at->value.sequence = ASN1_STRING_new())) goto err;
|
||||
|
||||
at->type = V_ASN1_SEQUENCE;
|
||||
/* Generate encoding of extensions */
|
||||
len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
|
||||
V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
|
||||
if(!(p = Malloc(len))) goto err;
|
||||
q = p;
|
||||
i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
|
||||
V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
|
||||
at->value.sequence->data = p;
|
||||
p = NULL;
|
||||
at->value.sequence->length = len;
|
||||
if(!(attr = X509_ATTRIBUTE_new())) goto err;
|
||||
if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
|
||||
if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
|
||||
at = NULL;
|
||||
attr->set = 1;
|
||||
attr->object = OBJ_nid2obj(nid);
|
||||
if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
|
||||
return 1;
|
||||
err:
|
||||
if(p) Free(p);
|
||||
X509_ATTRIBUTE_free(attr);
|
||||
ASN1_TYPE_free(at);
|
||||
return 0;
|
||||
}
|
||||
/* This is the normal usage: use the "official" OID */
|
||||
int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
|
||||
{
|
||||
return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
|
||||
}
|
||||
|
||||
@ -561,7 +561,7 @@ takes the NID of the extension rather than its name.
|
||||
For example to produce basicConstraints with the CA flag and a path length of
|
||||
10:
|
||||
|
||||
x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10");
|
||||
x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
|
||||
|
||||
|
||||
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user