Commit d428bf8c authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

New option to CA.pl to sign request using CA extensions. 

This allows intermediate CAs to be created more easily.

PKCS12_create() now checks private key matches certificate.

Fix typo in x509 app.

Update docs.

New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
parent d096b524

apps/CA.pl.in

+5 −0
Original line number Diff line number Diff line
@@ -116,6 +116,11 @@ foreach (@ARGV) { 
							"-infiles newreq.pem");

	    $RET=$?;

	    print "Signed certificate is in newcert.pem\n";

	} elsif (/^(-signCA)$/) {

	    system ("$CA -policy policy_anything -out newcert.pem " .

					"-extensions v3_ca -infiles newreq.pem");

	    $RET=$?;

	    print "Signed CA certificate is in newcert.pem\n";

	} elsif (/^-signcert$/) {

	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .

								"-out tmp.pem");

apps/x509.c

+1 −1
Original line number Diff line number Diff line
@@ -611,7 +611,7 @@ bad: 
				}

			else if (subject == i) 

				{

				print_name(STDout, "issuer= ",

				print_name(STDout, "subject= ",

					X509_get_subject_name(x), nmflag);

				}

			else if (serial == i)

crypto/asn1/a_mbstr.c

+4 −1
Original line number Diff line number Diff line
@@ -92,6 +92,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, 
{

	int str_type;

	int ret;

	char free_out;

	int outform, outlen;

	ASN1_STRING *dest;

	unsigned char *p;
@@ -180,6 +181,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, 
	}

	if(!out) return str_type;

	if(*out) {

		free_out = 0;

		dest = *out;

		if(dest->data) {

			dest->length = 0;
@@ -188,6 +190,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, 
		}

		dest->type = str_type;

	} else {

		free_out = 1;

		dest = ASN1_STRING_type_new(str_type);

		if(!dest) {

			ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
@@ -229,7 +232,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, 
		break;

	}

	if(!(p = OPENSSL_malloc(outlen + 1))) {

		ASN1_STRING_free(dest);

		if(free_out) ASN1_STRING_free(dest);

		ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);

		return -1;

	}

crypto/asn1/a_strex.c

+21 −0
Original line number Diff line number Diff line
@@ -509,3 +509,24 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) 
{

	return do_print_ex(send_fp_chars, fp, flags, str);

}



/* Utility function: convert any string type to UTF8, returns number of bytes

 * in output string or a negative error code

 */



int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)

{

	ASN1_STRING stmp, *str = &stmp;

	int mbflag, type, ret;

	if(!*out || !in) return -1;

	type = in->type;

	if((type < 0) || (type > 30)) return -1;

	mbflag = tag2nbyte[type];

	if(mbflag == -1) return -1;

	mbflag |= MBSTRING_FLAG;

	stmp.data = NULL;

	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);

	if(ret < 0) return ret;

	if(out) *out = stmp.data;

	return stmp.length;

}

crypto/asn1/asn1.h

+2 −0
Original line number Diff line number Diff line
@@ -809,6 +809,8 @@ int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x); 
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);

#endif



int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);



#ifndef NO_BIO

char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);

int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);