Allow the 1.OU="my OU" syntax in 'ca' for SPKACs.

2 files changed, 17 insertions, 1 deletions

diff --git a/CHANGES b/CHANGES
index 348252ec11..32a46769fc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Add new feature to the SPKAC handling in ca.  Now you can include
+     the same field multiple times by preceding it by "XXXX." for example:
+     1.OU="Unit name 1"
+     2.OU="Unit name 2"
+     this is the same syntax as used in the req config file.
+     [Steve Henson]
+
   *) Allow certificate extensions to be added to certificate requests. These
      are specified in a 'req_extensions' option of the req section of the
      config file. They can be printed out with the -text option to req but
diff --git a/apps/ca.c b/apps/ca.c
index 9ed100dd3c..fa355ab0c9 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1986,8 +1986,17 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 
 		cv=sk_CONF_VALUE_value(sk,i);
 		type=cv->name;
-		buf=cv->value;
+		/* Skip past any leading X. X: X, etc to allow for
+		 * multiple instances
+		 */
+		for(buf = cv->name; *buf ; buf++)
+			if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
+					buf++;
+					if(*buf) type = buf;
+					break;
+		}
 
+		buf=cv->value;
 		if ((nid=OBJ_txt2nid(type)) == NID_undef)
 			{
 			if (strcmp(type, "SPKAC") == 0)