Allow the extension section specified in config files to be overridden

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

  *) Allow the config file extension section to be overwritten on the

     command line. Based on an original idea from Massimiliano Pala

     <madwolf@comune.modena.it>. The new option is called -extensions

     and can be applied to ca, req and x509. Also -reqexts to override

     the request extensions in req and -crlexts to override the crl extensions

     in ca.

     [Steve Henson]

  *) Add new feature to the SPKAC handling in ca.  Now you can include

     the same field multiple times by preceding it by "XXXX." for example:

     1.OU="Unit name 1"

" -batch          - Don't ask questions\n",

" -msie_hack      - msie modifications to handle all those universal strings\n",

" -revoke file    - Revoke a certificate (given in file)\n",

" -extensions ..  - Extension section (override value in config file)\n",

" -crlexts ..     - CRL extension section (override value in config file)\n",

NULL

};

			infile= *(++argv);

			dorevoke=1;

			}

		else if (strcmp(*argv,"-extensions") == 0)

			{

			if (--argc < 1) goto bad;

			extensions= *(++argv);

			}

		else if (strcmp(*argv,"-crlexts") == 0)

			{

			if (--argc < 1) goto bad;

			crl_ext= *(++argv);

			}

		else

			{

bad:

			lookup_fail(section,ENV_SERIAL);

			goto err;

			}

		if(!extensions)

			extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);

		if(extensions) {

			/* Check syntax of file */

	/*****************************************************************/

	if (gencrl)

		{

		crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);

		if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);

		if(crl_ext) {

			/* Check syntax of file */

			X509V3_CTX ctx;

			/* ok */

			digest=md_alg;

			}

		else if (strcmp(*argv,"-extensions") == 0)

			{

			if (--argc < 1) goto bad;

			extensions = *(++argv);

			}

		else if (strcmp(*argv,"-reqexts") == 0)

			{

			if (--argc < 1) goto bad;

			req_exts = *(++argv);

			}

		else

			{

			BIO_printf(bio_err,"unknown option %s\n",*argv);

			badops=1;

		BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");

		BIO_printf(bio_err,"                have been reported as requiring\n");

		BIO_printf(bio_err,"                [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");

		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");

		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");

		goto end;

		}

			digest=md_alg;

		}

	if(!extensions)

		extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);

	if(extensions) {

		/* Check syntax of file */

		}

	}

	if(!req_exts)

		req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);

	if(req_exts) {

		/* Check syntax of file */

" -C              - print out C code forms\n",

" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",

" -extfile        - configuration file with X509V3 extensions to add\n",

" -extensions     - section from config file with X509V3 extensions to add\n",

NULL

};

			if (--argc < 1) goto bad;

			extfile= *(++argv);

			}

		else if (strcmp(*argv,"-extensions") == 0)

			{

			if (--argc < 1) goto bad;

			extsect= *(++argv);

			}

		else if (strcmp(*argv,"-in") == 0)

			{

			if (--argc < 1) goto bad;

							,errorline,extfile);

			goto end;

		}

		if(!(extsect = CONF_get_string(extconf, "default",

		if(!extsect && !(extsect = CONF_get_string(extconf, "default",

					 "extensions"))) extsect = "default";

		X509V3_set_ctx_test(&ctx2);

		X509V3_set_conf_lhash(&ctx2, extconf);