diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2000-01-06 01:26:48 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2000-01-06 01:26:48 +0000 |
commit | b38f9f66c3ac92d7ad1a23f6b951b966c779905c (patch) | |
tree | ecbc8a1df6047738039b36bc3857470a551dce4b /apps | |
parent | ca03109c3aa2a907885f299d7af749754c4d172d (diff) | |
download | openssl-b38f9f66c3ac92d7ad1a23f6b951b966c779905c.tar.gz |
Initial automation changes to 'req' and X509_ATTRIBUTE functions.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/openssl.cnf | 7 | ||||
-rw-r--r-- | apps/req.c | 273 |
2 files changed, 250 insertions, 30 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 13aeb9b0ba..dbe8cbefe0 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -95,16 +95,15 @@ x509_extensions = v3_ca # The extentions to add to the self signed cert # input_password = secret # output_password = secret -# This sets the permitted types in a DirectoryString. There are several -# options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. -# nobmp : PrintableString, T61String (no BMPStrings). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings # so use this option with caution! -dirstring_type = nobmp +string_mask = nombstr # req_extensions = v3_req # The extensions to add to a certificate request diff --git a/apps/req.c b/apps/req.c index 5c14c71e57..76a4514263 100644 --- a/apps/req.c +++ b/apps/req.c @@ -78,11 +78,12 @@ #define BITS "default_bits" #define KEYFILE "default_keyfile" +#define PROMPT "prompt" #define DISTINGUISHED_NAME "distinguished_name" #define ATTRIBUTES "attributes" #define V3_EXTENSIONS "x509_extensions" #define REQ_EXTENSIONS "req_extensions" -#define DIRSTRING_TYPE "dirstring_type" +#define STRING_MASK "string_mask" #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -109,6 +110,11 @@ */ static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); +static int prompt_info(X509_REQ *req, + STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, + STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs); +static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, + STACK_OF(CONF_VALUE) *attr, int attribs); static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text, char *def, char *value, int nid, int min, int max); @@ -491,10 +497,10 @@ bad: if(!passout) passout = CONF_get_string(req_conf, SECTION, "output_password"); - p = CONF_get_string(req_conf, SECTION, DIRSTRING_TYPE); + p = CONF_get_string(req_conf, SECTION, STRING_MASK); if(p && !ASN1_STRING_set_default_mask_asc(p)) { - BIO_printf(bio_err, "Invalid DiretoryString setting %s", p); + BIO_printf(bio_err, "Invalid global string mask setting %s", p); goto end; } @@ -892,46 +898,47 @@ end: static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) { int ret=0,i; - char *p,*q; - X509_REQ_INFO *ri; - char buf[100]; - int nid,min,max; - char *type,*def,*tmp,*value,*tmp_attr; - STACK_OF(CONF_VALUE) *sk, *attr=NULL; - CONF_VALUE *v; - - tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); - if (tmp == NULL) + char no_prompt = 0; + STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; + char *tmp, *dn_sect,*attr_sect; + + tmp=CONF_get_string(req_conf,SECTION,PROMPT); + if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1; + + dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); + if (dn_sect == NULL) { BIO_printf(bio_err,"unable to find '%s' in config\n", DISTINGUISHED_NAME); goto err; } - sk=CONF_get_section(req_conf,tmp); - if (sk == NULL) + dn_sk=CONF_get_section(req_conf,dn_sect); + if (dn_sk == NULL) { - BIO_printf(bio_err,"unable to get '%s' section\n",tmp); + BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect); goto err; } - tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES); - if (tmp_attr == NULL) - attr=NULL; + attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES); + if (attr_sect == NULL) + attr_sk=NULL; else { - attr=CONF_get_section(req_conf,tmp_attr); - if (attr == NULL) + attr_sk=CONF_get_section(req_conf,attr_sect); + if (attr_sk == NULL) { - BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr); + BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect); goto err; } } - ri=req->req_info; - /* setup version number */ - if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */ + if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */ + if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs); + else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs); + if(!i) goto err; +#if 0 BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); BIO_printf(bio_err,"into your certificate request.\n"); BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); @@ -1039,7 +1046,7 @@ start2: for (;;) BIO_printf(bio_err,"No template, please set one up.\n"); goto err; } - +#endif X509_REQ_set_pubkey(req,pkey); ret=1; @@ -1047,6 +1054,220 @@ err: return(ret); } + +static int prompt_info(X509_REQ *req, + STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, + STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs) + { + int i; + char *p,*q; + char buf[100]; + int nid,min,max; + char *type,*def,*value; + CONF_VALUE *v; + X509_NAME *subj; + subj = X509_REQ_get_subject_name(req); + BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); + BIO_printf(bio_err,"into your certificate request.\n"); + BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); + BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); + BIO_printf(bio_err,"For some fields there will be a default value,\n"); + BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); + BIO_printf(bio_err,"-----\n"); + + + if (sk_CONF_VALUE_num(dn_sk)) + { + i= -1; +start: for (;;) + { + i++; + if (sk_CONF_VALUE_num(dn_sk) <= i) break; + + v=sk_CONF_VALUE_value(dn_sk,i); + p=q=NULL; + type=v->name; + if(!check_end(type,"_min") || !check_end(type,"_max") || + !check_end(type,"_default") || + !check_end(type,"_value")) continue; + /* Skip past any leading X. X: X, etc to allow for + * multiple instances + */ + for(p = v->name; *p ; p++) + if ((*p == ':') || (*p == ',') || + (*p == '.')) { + p++; + if(*p) type = p; + break; + } + /* If OBJ not recognised ignore it */ + if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + sprintf(buf,"%s_default",v->name); + if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL) + def=""; + + sprintf(buf,"%s_value",v->name); + if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL) + value=NULL; + + sprintf(buf,"%s_min",v->name); + min=(int)CONF_get_number(req_conf,dn_sect,buf); + + sprintf(buf,"%s_max",v->name); + max=(int)CONF_get_number(req_conf,dn_sect,buf); + + if (!add_DN_object(subj,v->value,def,value,nid, + min,max)) + return 0; + } + if (X509_NAME_entry_count(subj) == 0) + { + BIO_printf(bio_err,"error, no objects specified in config file\n"); + return 0; + } + + if (attribs) + { + if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)) + { + BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); + BIO_printf(bio_err,"to be sent with your certificate request\n"); + } + + i= -1; +start2: for (;;) + { + i++; + if ((attr_sk == NULL) || + (sk_CONF_VALUE_num(attr_sk) <= i)) + break; + + v=sk_CONF_VALUE_value(attr_sk,i); + type=v->name; + if ((nid=OBJ_txt2nid(type)) == NID_undef) + goto start2; + + sprintf(buf,"%s_default",type); + if ((def=CONF_get_string(req_conf,attr_sect,buf)) + == NULL) + def=""; + + sprintf(buf,"%s_value",type); + if ((value=CONF_get_string(req_conf,attr_sect,buf)) + == NULL) + value=NULL; + + sprintf(buf,"%s_min",type); + min=(int)CONF_get_number(req_conf,attr_sect,buf); + + sprintf(buf,"%s_max",type); + max=(int)CONF_get_number(req_conf,attr_sect,buf); + + if (!add_attribute_object(req->req_info->attributes, + v->value,def,value,nid,min,max)) + return 0; + } + } + } + else + { + BIO_printf(bio_err,"No template, please set one up.\n"); + return 0; + } + + return 1; + + } + +static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, + STACK_OF(CONF_VALUE) *attr_sk, int attribs) + { + int i; + char *p,*q; + char *type; + CONF_VALUE *v; + X509_NAME *subj; + + subj = X509_REQ_get_subject_name(req); + + for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) + { + v=sk_CONF_VALUE_value(dn_sk,i); + p=q=NULL; + type=v->name; + /* Skip past any leading X. X: X, etc to allow for + * multiple instances + */ + for(p = v->name; *p ; p++) + if ((*p == ':') || (*p == ',') || (*p == '.')) { + p++; + if(*p) type = p; + break; + } + if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC, + (unsigned char *) v->value,-1,-1,0)) return 0; + + } + + if (!X509_NAME_entry_count(subj)) + { + BIO_printf(bio_err,"error, no objects specified in config file\n"); + return 0; + } +#if 0 + if (attribs) + { + if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)) + { + BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); + BIO_printf(bio_err,"to be sent with your certificate request\n"); + } + + i= -1; +start2: for (;;) + { + i++; + if ((attr_sk == NULL) || + (sk_CONF_VALUE_num(attr_sk) <= i)) + break; + + v=sk_CONF_VALUE_value(attr_sk,i); + type=v->name; + if ((nid=OBJ_txt2nid(type)) == NID_undef) + goto start2; + + sprintf(buf,"%s_default",type); + if ((def=CONF_get_string(req_conf,attr_sect,buf)) + == NULL) + def=""; + + sprintf(buf,"%s_value",type); + if ((value=CONF_get_string(req_conf,attr_sect,buf)) + == NULL) + value=NULL; + + sprintf(buf,"%s_min",type); + min=(int)CONF_get_number(req_conf,attr_sect,buf); + + sprintf(buf,"%s_max",type); + max=(int)CONF_get_number(req_conf,attr_sect,buf); + + if (!add_attribute_object(ri->attributes, + v->value,def,value,nid,min,max)) + return 0; + } + } + } + else + { + BIO_printf(bio_err,"No template, please set one up.\n"); + return 0; + } +#endif + return 1; + } + + static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, int nid, int min, int max) { |