From 8ca533e37824a308e5b897486fc92c199bdf79a9 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 6 Oct 2000 11:51:47 +0000
Subject: More code for X509_print_ex() support.

---
 apps/apps.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++--------
 apps/apps.h |  1 +
 apps/x509.c | 10 ++++++++--
 3 files changed, 58 insertions(+), 10 deletions(-)

(limited to 'apps')

diff --git a/apps/apps.c b/apps/apps.c
index c22550b294..03bd9e2d3f 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -74,6 +74,14 @@
 #  include "bss_file.c"
 #endif
 
+typedef struct {
+	char *name;
+	unsigned long flag;
+	unsigned long mask;
+} NAME_EX_TBL;
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+
 int app_init(long mesgwin);
 #ifdef undef /* never finished - probably never will be :-) */
 int args_from_file(char *file, int *argc, char **argv[])
@@ -694,16 +702,43 @@ end:
 	return(othercerts);
 	}
 
-typedef struct {
-	char *name;
-	unsigned long flag;
-	unsigned long mask;
-} NAME_EX_TBL;
+
+#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT		0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+	static const NAME_EX_TBL cert_tbl[] = {
+		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
+		{ "no_header", X509_FLAG_NO_HEADER, 0},
+		{ "no_version", X509_FLAG_NO_VERSION, 0},
+		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
+		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
+		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
+		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
+		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+		{ "no_aux", X509_FLAG_NO_AUX, 0},
+		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ NULL, 0, 0}
+	};
+	return set_table_opts(flags, arg, cert_tbl);
+}
 
 int set_name_ex(unsigned long *flags, const char *arg)
 {
-	char c;
-	const NAME_EX_TBL *ptbl, ex_tbl[] = {
+	static const NAME_EX_TBL ex_tbl[] = {
 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
@@ -731,7 +766,13 @@ int set_name_ex(unsigned long *flags, const char *arg)
 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
 		{ NULL, 0, 0}
 	};
+	return set_table_opts(flags, arg, ex_tbl);
+}
 
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+	char c;
+	const NAME_EX_TBL *ptbl;
 	c = arg[0];
 
 	if(c == '-') {
@@ -742,7 +783,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
 		arg++;
 	} else c = 1;
 
-	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
+	for(ptbl = in_tbl; ptbl->name; ptbl++) {
 		if(!strcmp(arg, ptbl->name)) {
 			*flags &= ~ptbl->mask;
 			if(c) *flags |= ptbl->flag;
diff --git a/apps/apps.h b/apps/apps.h
index 82587b9770..0951299d58 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -147,6 +147,7 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 int dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
+int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
diff --git a/apps/x509.c b/apps/x509.c
index 76dd66db86..3bef1fc590 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -129,6 +129,7 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
+" -certopt arg    - various certificate text options\n",
 NULL
 };
 
@@ -174,7 +175,7 @@ int MAIN(int argc, char **argv)
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
-	unsigned long nmflag = 0;
+	unsigned long nmflag = 0, certflag = 0;
 
 	reqfile=0;
 
@@ -326,6 +327,11 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
+		else if (strcmp(*argv,"-certopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
+			}
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -774,7 +780,7 @@ bad:
 				}
 			else if (text == i)
 				{
-				X509_print(out,x);
+				X509_print_ex(out,x,nmflag, certflag);
 				}
 			else if (startdate == i)
 				{
-- 
cgit v1.2.3