Loading CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] *) Allow certificate extensions to be added to certificate requests. These are specified in a 'req_extensions' option of the req section of the config file. They can be printed out with the -text option to req but are otherwise ignored at present. [Steve Henson] *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first data read consists of only the final block it would not decrypted because EVP_CipherUpdate() would correctly report zero bytes had been decrypted. Loading apps/openssl.cnf +14 −3 Original line number Diff line number Diff line Loading @@ -86,6 +86,8 @@ distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU Loading Loading @@ -170,8 +172,16 @@ authorityKeyIdentifier=keyid,issuer:always #nsCaPolicyUrl #nsSslServerName [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] # Extensions for a typical CA Loading Loading @@ -200,10 +210,11 @@ basicConstraints = CA:true # Copy issuer details # issuerAltName=issuer:copy # RAW DER hex encoding of an extension: beware experts only! # 1.2.3.5=RAW:02:03 # DER hex encoding of an extension: beware experts only! # obj=DER:02:03 # Where 'obj' is a standard or added object # You can even override a supported extension: # basicConstraints= critical, RAW:30:03:01:01:FF # basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] Loading apps/req.c +32 −0 Original line number Diff line number Diff line Loading @@ -82,6 +82,7 @@ #define DISTINGUISHED_NAME "distinguished_name" #define ATTRIBUTES "attributes" #define V3_EXTENSIONS "x509_extensions" #define REQ_EXTENSIONS "req_extensions" #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 Loading Loading @@ -142,6 +143,7 @@ int MAIN(int argc, char **argv) int nodes=0,kludge=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; char *extensions = NULL; char *req_exts = NULL; EVP_CIPHER *cipher=NULL; int modulus=0; char *p; Loading Loading @@ -438,6 +440,20 @@ bad: } } req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); if(req_exts) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_conf_lhash(&ctx, req_conf); if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) { BIO_printf(bio_err, "Error Loading request extension section %s\n", req_exts); goto end; } } in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) Loading Loading @@ -677,6 +693,22 @@ loop: } else { X509V3_CTX ext_ctx; /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); X509V3_set_conf_lhash(&ext_ctx, req_conf); /* Add extensions */ if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, &ext_ctx, req_exts, req)) { BIO_printf(bio_err, "Error Loading extension section %s\n", req_exts); goto end; } if (!(i=X509_REQ_sign(req,pkey,digest))) goto end; } Loading crypto/x509v3/v3_conf.c +25 −1 Original line number Diff line number Diff line Loading @@ -220,7 +220,7 @@ static int v3_check_generic(char **value) return 1; } /* Create a generic extension: for now just handle RAW type */ /* Create a generic extension: for now just handle DER type */ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type) { Loading Loading @@ -302,6 +302,30 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, return 1; } /* Add extensions to certificate request */ int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req) { X509_EXTENSION *ext; STACK_OF(X509_EXTENSION) *extlist = NULL; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; if(!(nval = CONF_get_section(conf, section))) return 0; for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) return 0; if(!extlist) extlist = sk_X509_EXTENSION_new_null(); sk_X509_EXTENSION_push(extlist, ext); } if(req) i = X509_REQ_add_extensions(req, extlist); else i = 1; sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); return i; } /* Config database functions */ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) Loading crypto/x509v3/x509v3.h +1 −0 Original line number Diff line number Diff line Loading @@ -386,6 +386,7 @@ void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); Loading Loading
CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] *) Allow certificate extensions to be added to certificate requests. These are specified in a 'req_extensions' option of the req section of the config file. They can be printed out with the -text option to req but are otherwise ignored at present. [Steve Henson] *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first data read consists of only the final block it would not decrypted because EVP_CipherUpdate() would correctly report zero bytes had been decrypted. Loading
apps/openssl.cnf +14 −3 Original line number Diff line number Diff line Loading @@ -86,6 +86,8 @@ distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU Loading Loading @@ -170,8 +172,16 @@ authorityKeyIdentifier=keyid,issuer:always #nsCaPolicyUrl #nsSslServerName [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] # Extensions for a typical CA Loading Loading @@ -200,10 +210,11 @@ basicConstraints = CA:true # Copy issuer details # issuerAltName=issuer:copy # RAW DER hex encoding of an extension: beware experts only! # 1.2.3.5=RAW:02:03 # DER hex encoding of an extension: beware experts only! # obj=DER:02:03 # Where 'obj' is a standard or added object # You can even override a supported extension: # basicConstraints= critical, RAW:30:03:01:01:FF # basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] Loading
apps/req.c +32 −0 Original line number Diff line number Diff line Loading @@ -82,6 +82,7 @@ #define DISTINGUISHED_NAME "distinguished_name" #define ATTRIBUTES "attributes" #define V3_EXTENSIONS "x509_extensions" #define REQ_EXTENSIONS "req_extensions" #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 Loading Loading @@ -142,6 +143,7 @@ int MAIN(int argc, char **argv) int nodes=0,kludge=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; char *extensions = NULL; char *req_exts = NULL; EVP_CIPHER *cipher=NULL; int modulus=0; char *p; Loading Loading @@ -438,6 +440,20 @@ bad: } } req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); if(req_exts) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_conf_lhash(&ctx, req_conf); if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) { BIO_printf(bio_err, "Error Loading request extension section %s\n", req_exts); goto end; } } in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) Loading Loading @@ -677,6 +693,22 @@ loop: } else { X509V3_CTX ext_ctx; /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); X509V3_set_conf_lhash(&ext_ctx, req_conf); /* Add extensions */ if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, &ext_ctx, req_exts, req)) { BIO_printf(bio_err, "Error Loading extension section %s\n", req_exts); goto end; } if (!(i=X509_REQ_sign(req,pkey,digest))) goto end; } Loading
crypto/x509v3/v3_conf.c +25 −1 Original line number Diff line number Diff line Loading @@ -220,7 +220,7 @@ static int v3_check_generic(char **value) return 1; } /* Create a generic extension: for now just handle RAW type */ /* Create a generic extension: for now just handle DER type */ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type) { Loading Loading @@ -302,6 +302,30 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, return 1; } /* Add extensions to certificate request */ int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req) { X509_EXTENSION *ext; STACK_OF(X509_EXTENSION) *extlist = NULL; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; if(!(nval = CONF_get_section(conf, section))) return 0; for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) return 0; if(!extlist) extlist = sk_X509_EXTENSION_new_null(); sk_X509_EXTENSION_push(extlist, ext); } if(req) i = X509_REQ_add_extensions(req, extlist); else i = 1; sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); return i; } /* Config database functions */ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) Loading
crypto/x509v3/x509v3.h +1 −0 Original line number Diff line number Diff line Loading @@ -386,6 +386,7 @@ void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); Loading
