New program 'nseq' added to apps to allow Netscape certificate sequences to

 Changes between 0.9.1c and 0.9.2

  *) New program nseq to manipulate netscape certificate sequences

     [Steve Henson]

  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a

     few typos.

     [Steve Henson]

  *) Add ASN1 and PEM code to support netscape certificate sequences.

     [Steve Henson]

  *) Add ASN1 and PEM code to support netscape certificate sequences.

     [Steve Henson]

  *) Add several PKIX and private extended key usage OIDs.

     [Steve Henson]

E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \

	rsa dsa dsaparam \

	x509 genrsa gendsa s_server s_client speed \

	s_time version pkcs7 crl2pkcs7 sess_id ciphers

	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq

PROGS= $(PROGRAM).c

	rsa.o dsa.o dsaparam.o \

	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \

	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \

	ciphers.o

	ciphers.o nseq.o

#	pem_mail.o

	rsa.c dsa.c dsaparam.c \

	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \

	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \

	ciphers.c

	ciphers.c nseq.c

#	pem_mail.c

/* nsutil.c */

/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL

 * project 1999.

 */

/* ====================================================================

 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer. 

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    licensing@OpenSSL.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 * ====================================================================

 *

 * This product includes cryptographic software written by Eric Young

 * (eay@cryptsoft.com).  This product includes software written by Tim

 * Hudson (tjh@cryptsoft.com).

 *

 */

#include <stdio.h>

#include "pem.h"

#include "err.h"

#include "apps.h"

#undef PROG

#define PROG nseq_main

#ifdef NOPROTO

static int dump_cert_text(BIO *out, X509 *x);

#else

static int dump_cert_text();

#endif

int MAIN(argc, argv)

int argc;

char **argv;

{

	char **args, *infile = NULL, *outfile = NULL;

	BIO *in = NULL, *out = NULL;

	int toseq = 0;

	X509 *x509 = NULL;

	NETSCAPE_CERT_SEQUENCE *seq = NULL;

	int i, ret = 1;

	int badarg = 0;

	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

	ERR_load_crypto_strings();

        SSLeay_add_all_algorithms();

	args = argv + 1;

	while (!badarg && *args && *args[0] == '-') {

		if (!strcmp (*args, "-toseq")) toseq = 1;

		else if (!strcmp (*args, "-in")) {

			if (args[1]) {

				args++;

				infile = *args;

			} else badarg = 1;

		} else if (!strcmp (*args, "-out")) {

			if (args[1]) {

				args++;

				outfile = *args;

			} else badarg = 1;

		} else badarg = 1;

		args++;

	}

	if (badarg) {

		BIO_printf (bio_err, "Netscape certificate sequence utility\n");

		BIO_printf (bio_err, "Usage nseq [options]\n");

		BIO_printf (bio_err, "where options are\n");

                BIO_printf (bio_err, "-in file  input file\n");

                BIO_printf (bio_err, "-out file output file\n");

                BIO_printf (bio_err, "-toseq    output NS Sequence file\n");

		EXIT(1);

	}

	if (infile) {

		if (!(in = BIO_new_file (infile, "r"))) {

			BIO_printf (bio_err,

				 "Can't open input file %s\n", infile);

			goto end;

		}

	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

	if (outfile) {

		if (!(out = BIO_new_file (outfile, "w"))) {

			BIO_printf (bio_err,

				 "Can't open output file %s\n", outfile);

			goto end;

		}

	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);

	if (toseq) {

		seq = NETSCAPE_CERT_SEQUENCE_new();

		seq->certs = sk_new(NULL);

		while((x509 = PEM_read_bio_X509(in, NULL, NULL))) 

					sk_push(seq->certs, (char *)x509);

		if(!sk_num(seq->certs))

		{

			BIO_printf (bio_err, "Error reading certs file %s\n", infile);

			ERR_print_errors(bio_err);

			goto end;

		}

		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);

		ret = 0;

		goto end;

	}

	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL))) {

		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);

		ERR_print_errors(bio_err);

		goto end;

	}

	for(i = 0; i < sk_num(seq->certs); i++) {

		x509 = (X509 *) sk_value(seq->certs, i);

		dump_cert_text(out, x509);

		PEM_write_bio_X509(out, x509);

	}

	ret = 0;

end:

	BIO_free(in);

	BIO_free(out);

	NETSCAPE_CERT_SEQUENCE_free(seq);

	EXIT(ret);

}

static int dump_cert_text(out, x)

BIO *out;

X509 *x;

{

        char buf[256];

        X509_NAME_oneline(X509_get_subject_name(x),buf,256);

        BIO_puts(out,"subject=");

        BIO_puts(out,buf);

        X509_NAME_oneline(X509_get_issuer_name(x),buf,256);

        BIO_puts(out,"\nissuer= ");

        BIO_puts(out,buf);

        BIO_puts(out,"\n");

        return 0;

}

extern int crl2pkcs7_main(int argc,char *argv[]);

extern int sess_id_main(int argc,char *argv[]);

extern int ciphers_main(int argc,char *argv[]);

extern int nseq_main(int argc,char *argv[]);

#else

extern int verify_main();

extern int asn1parse_main();

extern int crl2pkcs7_main();

extern int sess_id_main();

extern int ciphers_main();

extern int nseq_main();

#endif

#ifdef SSLEAY_SRC

#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))

	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},

#endif

	{FUNC_TYPE_GENERAL,"nseq",nseq_main},

	{FUNC_TYPE_MD,"md2",dgst_main},

	{FUNC_TYPE_MD,"md5",dgst_main},

	{FUNC_TYPE_MD,"sha",dgst_main},