diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-08-11 13:08:58 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-08-11 13:08:58 +0000 |
commit | fd52057729fcf050734882069e6fa3f02b555cd2 (patch) | |
tree | 1dc6553e5ffd1b7b9eb11ce5178abb0175a55285 /crypto/x509 | |
parent | 8b94634428fc4dd07e2946bde3ed6d1686605e5d (diff) | |
download | openssl-fd52057729fcf050734882069e6fa3f02b555cd2.tar.gz |
Add functions to allow extensions to be added to certificate requests.
Modify obj_dat.pl to take its files from the command line. Usage is now
perl obj_dat.pl objects.h obj_dat.h
this should avoid redirection shell escape problems under Win32.
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509.h | 3 | ||||
-rw-r--r-- | crypto/x509/x509_req.c | 45 |
2 files changed, 48 insertions, 0 deletions
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 80ca680594..7bb4dbf125 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -791,6 +791,9 @@ int X509_REQ_extension_nid(int nid); int * X509_REQ_get_extesion_nids(void); void X509_REQ_set_extension_nids(int *nids); STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 6544f03f2c..b52a59c263 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -169,3 +169,48 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) d2i_X509_EXTENSION, X509_EXTENSION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); } + +/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs + * in case we want to create a non standard one. + */ + +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid) +{ + unsigned char *p = NULL, *q; + long len; + ASN1_TYPE *at = NULL; + X509_ATTRIBUTE *attr = NULL; + if(!(at = ASN1_TYPE_new()) || + !(at->value.sequence = ASN1_STRING_new())) goto err; + + at->type = V_ASN1_SEQUENCE; + /* Generate encoding of extensions */ + len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, + V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(p = Malloc(len))) goto err; + q = p; + i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, + V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); + at->value.sequence->data = p; + p = NULL; + at->value.sequence->length = len; + if(!(attr = X509_ATTRIBUTE_new())) goto err; + if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; + if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; + at = NULL; + attr->set = 1; + attr->object = OBJ_nid2obj(nid); + if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; + return 1; + err: + if(p) Free(p); + X509_ATTRIBUTE_free(attr); + ASN1_TYPE_free(at); + return 0; +} +/* This is the normal usage: use the "official" OID */ +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) +{ + return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); +} |