Allow additional information to be attached to a

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

  *) Extensive changes to support certificate auxiliary information.

     This involves the use of X509_CERT_AUX structure and X509_AUX

     functions. An X509_AUX function such as PEM_read_X509_AUX()

     can still read in a certificate file in the usual way but it

     will also read in any additional "auxiliary information". By

     doing things this way a fair degree of compatability can be

     retained: existing certificates can have this information added

     using the new 'x509' options. 

     Current auxiliary information includes an "alias" and some trust

     settings. The trust settings will ultimately be used in enhanced

     certificate chain verification routines: currently a certificate

     can only be trusted if it is self signed and then it is trusted

     for all purposes.

     [Steve Henson]

  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).  The

     problem was that one of the replacement routines had not been working since

     SSLeay releases.  For now the offending routine has been replaced with

" -dates          - both Before and After dates\n",

" -modulus        - print the RSA key modulus\n",

" -fingerprint    - print the certificate fingerprint\n",

" -alias          - output certificate alias\n",

" -noout          - no certificate output\n",

" -trustout       - output a \"trusted\" certificate\n",

" -clrtrust       - clear all trusted purposes\n",

" -clrnotrust     - clear all untrusted purposes\n",

" -addtrust arg   - mark certificate as trusted for a given purpose\n",

" -addnotrust arg - mark certificate as not trusted for a given purpose\n",

" -setalias arg   - set certificate alias\n",

" -days arg       - How long till expiry of a signed certificate - def 30 days\n",

" -signkey arg    - self sign cert with arg\n",

" -x509toreq      - output a certification request object\n",

	int i,num,badops=0;

	BIO *out=NULL;

	BIO *STDout=NULL;

	STACK *trust = NULL, *notrust = NULL;

	int informat,outformat,keyformat,CAformat,CAkeyformat;

	char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;

	char *CAkeyfile=NULL,*CAserial=NULL;

	char *alias=NULL, *trstr=NULL;

	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;

	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;

	int trustout=0,clrtrust=0,clrnotrust=0,aliasout=0;

	int C=0;

	int x509req=0,days=DEF_DAYS,modulus=0;

	int pprint = 0;

			if (--argc < 1) goto bad;

			CAserial= *(++argv);

			}

		else if (strcmp(*argv,"-addtrust") == 0)

			{

			if (--argc < 1) goto bad;

			trstr= *(++argv);

			if(!X509_trust_set_bit_asc(NULL, trstr, 0)) {

				BIO_printf(bio_err,

					"Unknown trust value %s\n", trstr);

				goto bad;

			}

			if(!trust) trust = sk_new_null();

			sk_push(trust, trstr);

			trustout = 1;

			}

		else if (strcmp(*argv,"-addnotrust") == 0)

			{

			if (--argc < 1) goto bad;

			trstr= *(++argv);

			if(!X509_notrust_set_bit_asc(NULL, trstr, 0)) {

				BIO_printf(bio_err,

					"Unknown trust value %s\n", trstr);

				goto bad;

			}

			if(!notrust) notrust = sk_new_null();

			sk_push(notrust, trstr);

			trustout = 1;

			}

		else if (strcmp(*argv,"-setalias") == 0)

			{

			if (--argc < 1) goto bad;

			alias= *(++argv);

			trustout = 1;

			}

		else if (strcmp(*argv,"-setalias") == 0)

			{

			if (--argc < 1) goto bad;

			alias= *(++argv);

			trustout = 1;

			}

		else if (strcmp(*argv,"-C") == 0)

			C= ++num;

		else if (strcmp(*argv,"-serial") == 0)

			enddate= ++num;

		else if (strcmp(*argv,"-noout") == 0)

			noout= ++num;

		else if (strcmp(*argv,"-trustout") == 0)

			trustout= 1;

		else if (strcmp(*argv,"-clrtrust") == 0)

			clrtrust= ++num;

		else if (strcmp(*argv,"-clrnotrust") == 0)

			clrnotrust= ++num;

		else if (strcmp(*argv,"-alias") == 0)

			aliasout= ++num;

		else if (strcmp(*argv,"-CAcreateserial") == 0)

			CA_createserial= ++num;

		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)

			}

		}

	if(alias) X509_alias_set(x, (unsigned char *)alias, -1);

	if(clrtrust) X509_trust_set_bit(x, -1, 0);

	if(clrnotrust) X509_notrust_set_bit(x, -1, 0);

	if(trust) {

		for(i = 0; i < sk_num(trust); i++) {

			trstr = sk_value(trust, i);

			X509_trust_set_bit_asc(x, trstr, 1);

		}

		sk_free(trust);

	}

	if(notrust) {

		for(i = 0; i < sk_num(notrust); i++) {

			trstr = sk_value(notrust, i);

			X509_notrust_set_bit_asc(x, trstr, 1);

		}

		sk_free(notrust);

	}

	if (num)

		{

		for (i=1; i<=num; i++)

				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);

				BIO_printf(STDout,"\n");

				}

			else if (aliasout == i)

				{

				unsigned char *alstr;

				alstr = X509_alias_get(x, NULL);

				if(alstr) BIO_printf(STDout,"%s\n", alstr);

				else BIO_puts(STDout,"<No Alias>\n");

				}

			else if (hash == i)

				{

				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));

	if 	(outformat == FORMAT_ASN1)

		i=i2d_X509_bio(out,x);

	else if (outformat == FORMAT_PEM)

		i=PEM_write_bio_X509(out,x);

	else if (outformat == FORMAT_NETSCAPE)

	else if (outformat == FORMAT_PEM) {

		if(trustout) i=PEM_write_bio_X509_AUX(out,x);

		else i=PEM_write_bio_X509(out,x);

	} else if (outformat == FORMAT_NETSCAPE)

		{

		ASN1_HEADER ah;

		ASN1_OCTET_STRING os;

		ah->data=NULL;

		}

	else if (format == FORMAT_PEM)

		x=PEM_read_bio_X509(cert,NULL,NULL,NULL);

		x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);

	else	{

		BIO_printf(bio_err,"bad input format specified for input cert\n");

		goto end;

	a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \

	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c \

	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \

	x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c nsseq.c \

	x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \

	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \

	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \

	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\

	t_req.c t_x509.c t_crl.c t_pkey.c t_spki.c \

	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \

	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \

	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \

	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \

	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \

	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o \

	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \

	x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o nsseq.o \

	x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \

	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \

	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \

	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \

	t_req.o t_x509.o t_crl.o t_pkey.o t_spki.o \

	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \

	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \

	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \

	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \

p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h

p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h

t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h

t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h

t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h

t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h

t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h

t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h

t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h

t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h

t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h

t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h

t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h

t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

t_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h

t_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h

t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h

t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md5.h

t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h

t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h

t_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h

t_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h

t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/x509.h

t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h

x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h

x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h

x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

x_x509.o: ../../include/openssl/stack.h ../../include/openssl/x509.h

x_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h

x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h

x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h

x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h

x_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h

x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h

x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

x_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md5.h

x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h

x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h

x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h

x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h

x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/x509.h

x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h

	ASN1_STRING *dest;

	unsigned char *p;

	int nchar;

	unsigned char strbuf[32];

	char strbuf[32];

	int (*cpyfunc)(unsigned long,void *) = NULL;

	if(len == -1) len = strlen((const char *)in);

	if(!mask) mask = dirstring_mask;

	ASN1_METHOD *meth;

	} ASN1_HEADER;

/* This is used to contain a list of bit names */

typedef struct BIT_STRING_BITNAME_st {

	int bitnum;

	const char *lname;

	const char *sname;

} BIT_STRING_BITNAME;

#define M_ASN1_STRING_length(x)	((x)->length)

#define M_ASN1_STRING_length_set(x, n)	((x)->length = (n))

#define M_ASN1_STRING_type(x)	((x)->type)

int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);

int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);

#ifdef HEADER_BIO_H

int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,

				BIT_STRING_BITNAME *tbl, int indent);

#endif

int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);

int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,

				BIT_STRING_BITNAME *tbl);

int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);

int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);

#define ASN1_F_D2I_X509					 159

#define ASN1_F_D2I_X509_ALGOR				 160

#define ASN1_F_D2I_X509_ATTRIBUTE			 161

#define ASN1_F_D2I_X509_CERT_AUX			 285

#define ASN1_F_D2I_X509_CINF				 162

#define ASN1_F_D2I_X509_CRL				 163

#define ASN1_F_D2I_X509_CRL_INFO			 164

#define ASN1_F_USERNOTICE_NEW				 275

#define ASN1_F_X509_ALGOR_NEW				 202

#define ASN1_F_X509_ATTRIBUTE_NEW			 203

#define ASN1_F_X509_CERT_AUX_NEW			 286

#define ASN1_F_X509_CINF_NEW				 204

#define ASN1_F_X509_CRL_INFO_NEW			 205

#define ASN1_F_X509_CRL_NEW				 206