Richard Levitte via RT schrieb:
>
> Please resend a patch that is generated using one of the options -u
> (unified context diff, which is prefered) or -c (context diff).
Ok, I used diff -u.
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
changed files:
crypto/asn1/t_req.c
* introduce X509_REQ_print_ex
* X509_REQ_print_ex works like X509_print_ex
crypto/x509/x509.h
* added X509_FLAG_NO_ATTRIBUTES
apps/apps.c
* added X509_FLAG_NO_ATTRIBUTES to set_cert_ex
(I don't want to introduce so much stuff like for
certs for reqs too only for one option and a not supported
flag is not dangerous)
apps/req.c
* added option -reqopt
* full support for -nameopt
--- apps.c.org Mon May 27 11:50:52 2002
+++ apps.c Mon May 27 11:50:29 2002
@@ -1063,6 +1063,7 @@
{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
{ "no_aux", X509_FLAG_NO_AUX, 0},
+ { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
--- req.c.org Mon May 27 11:18:28 2002
+++ req.c Mon May 27 11:51:34 2002
@@ -151,7 +151,7 @@
#ifndef OPENSSL_NO_DSA
DSA *dsa_params=NULL;
#endif
- unsigned long nmflag = 0;
+ unsigned long nmflag = 0, reqflag = 0;
int ex=1,x509=0,days=30;
X509 *x509ss=NULL;
X509_REQ *req=NULL;
@@ -356,6 +356,11 @@
if (--argc < 1) goto bad;
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
}
+ else if (strcmp(*argv,"-reqopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
+ }
else if (strcmp(*argv,"-subject") == 0)
subject=1;
else if (strcmp(*argv,"-text") == 0)
@@ -448,7 +453,8 @@
BIO_printf(bio_err," -extensions .. specify certificate extension
section (override value in config file)\n");
BIO_printf(bio_err," -reqexts .. specify request extension section
(override value in config file)\n");
BIO_printf(bio_err," -utf8 input characters are UTF8 (default
ASCII)\n");
- BIO_printf(bio_err," -nameopt arg - various certificate name
options\n");
+ BIO_printf(bio_err," -nameopt arg - various certificate name
+options\n");
+ BIO_printf(bio_err," -reqopt arg - various request text
+options\n\n");
goto end;
}
@@ -981,9 +987,9 @@
if (text)
{
if (x509)
- X509_print(out,x509ss);
+ X509_print_ex(out, x509ss, nmflag, reqflag);
else
- X509_REQ_print(out,req);
+ X509_REQ_print_ex(out, req, nmflag, reqflag);
}
if(subject)
@@ -1144,18 +1150,120 @@
*/
static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
{
- X509_NAME *n;
+ size_t buflen = strlen (subject)+1; /* to copy the types and values into. due
+to escaping, the copy can only become shorter */
+ char *buf = malloc (buflen);
+ size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+ char **ne_types = malloc (max_ne * sizeof (char *));
+ char **ne_values = malloc (max_ne * sizeof (char *));
- if (!(n = do_subject(subject, chtype)))
- return 0;
+ char *sp = subject, *bp = buf;
+ int i, ne_num = 0;
- if (!X509_REQ_set_subject_name(req, n))
+ X509_NAME *n = NULL;
+ int nid;
+
+ if (!buf || !ne_types || !ne_values)
+ {
+ BIO_printf(bio_err, "malloc error\n");
+ goto error0;
+ }
+
+ if (*subject != '/')
+ {
+ BIO_printf(bio_err, "Subject does not start with '/'.\n");
+ goto error0;
+ }
+ sp++; /* skip leading / */
+
+ while (*sp)
+ {
+ /* collect type */
+ ne_types[ne_num] = bp;
+ while (*sp)
+ {
+ if (*sp == '\\') /* is there anything to escape in the
+type...? */
+ if (*++sp)
+ *bp++ = *sp++;
+ else
+ {
+ BIO_printf(bio_err, "escape character at end
+of string\n");
+ goto error0;
+ }
+ else if (*sp == '=')
+ {
+ sp++;
+ *bp++ = '\0';
+ break;
+ }
+ else
+ *bp++ = *sp++;
+ }
+ if (!*sp)
{
- X509_NAME_free(n);
- return 0;
+ BIO_printf(bio_err, "end of string encountered while
+processing type of subject name element #%d\n", ne_num);
+ goto error0;
}
+ ne_values[ne_num] = bp;
+ while (*sp)
+ {
+ if (*sp == '\\')
+ if (*++sp)
+ *bp++ = *sp++;
+ else
+ {
+ BIO_printf(bio_err, "escape character at end
+of string\n");
+ goto error0;
+ }
+ else if (*sp == '/')
+ {
+ sp++;
+ *bp++ = '\0';
+ break;
+ }
+ else
+ *bp++ = *sp++;
+ }
+ *bp++ = '\0';
+ ne_num++;
+ }
+
+ if (!(n = X509_NAME_new()))
+ goto error0;
+
+ for(i = 0; i < ne_num; i++)
+ {
+ if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
+ {
+ BIO_printf(bio_err, "Subject Attribute %s has no known NID,
+skipped\n", ne_types[i]);
+ continue;
+ }
+
+ if (!*ne_values[i])
+ {
+ BIO_printf(bio_err, "No value provided for Subject Attribute
+%s, skipped\n", ne_types[i]);
+ continue;
+ }
+
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned
+char*)ne_values[i], -1,-1,0))
+ goto error1;
+
+ }
+
+ if (!X509_REQ_set_subject_name(req, n))
+ goto error1;
X509_NAME_free(n);
+ free (ne_values);
+ free (ne_types);
+ free (buf);
return 1;
+
+error1:
+ X509_NAME_free(n);
+error0:
+ free (ne_values);
+ free (ne_types);
+ free (buf);
+ return 0;
}
--- t_req.c.org Mon May 27 11:18:48 2002
+++ t_req.c Mon May 27 11:17:42 2002
@@ -82,7 +82,7 @@
}
#endif
-int X509_REQ_print(BIO *bp, X509_REQ *x)
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
+cflag)
{
unsigned long l;
int i;
@@ -92,143 +92,185 @@
STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(X509_EXTENSION) *exts;
char str[128];
+ char mlch = ' ';
+ int nmindent = 0;
+
+ if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mlch = '\n';
+ nmindent = 12;
+ }
+
+ if(nmflags == X509_FLAG_COMPAT)
+ nmindent = 16;
+
ri=x->req_info;
- sprintf(str,"Certificate Request:\n");
- if (BIO_puts(bp,str) <= 0) goto err;
- sprintf(str,"%4sData:\n","");
- if (BIO_puts(bp,str) <= 0) goto err;
-
- neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
- l=0;
- for (i=0; i<ri->version->length; i++)
- { l<<=8; l+=ri->version->data[i]; }
- sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
- if (BIO_puts(bp,str) <= 0) goto err;
- sprintf(str,"%8sSubject: ","");
- if (BIO_puts(bp,str) <= 0) goto err;
-
- X509_NAME_print(bp,ri->subject,16);
- sprintf(str,"\n%8sSubject Public Key Info:\n","");
- if (BIO_puts(bp,str) <= 0) goto err;
- i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
- sprintf(str,"%12sPublic Key Algorithm: %s\n","",
- (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
- if (BIO_puts(bp,str) <= 0) goto err;
+ if(!(cflag & X509_FLAG_NO_HEADER))
+ {
+ if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+ if (BIO_write(bp," Data:\n",10) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_VERSION))
+ {
+ neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+ l=0;
+ for (i=0; i<ri->version->length; i++)
+ { l<<=8; l+=ri->version->data[i]; }
+ sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
+ if (BIO_puts(bp,str) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_SUBJECT))
+ {
+ if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
+ if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto
+err;
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_PUBKEY))
+ {
+ if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
+ goto err;
+ if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+ goto err;
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
- pkey=X509_REQ_get_pubkey(x);
+ pkey=X509_REQ_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ BIO_printf(bp,"%12sUnable to load Public Key\n","");
+ ERR_print_errors(bp);
+ }
+ else
#ifndef OPENSSL_NO_RSA
- if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
- {
- BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+ if (pkey->type == EVP_PKEY_RSA)
+ {
+ BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
BN_num_bits(pkey->pkey.rsa->n));
- RSA_print(bp,pkey->pkey.rsa,16);
- }
- else
+ RSA_print(bp,pkey->pkey.rsa,16);
+ }
+ else
#endif
#ifndef OPENSSL_NO_DSA
- if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
- {
- BIO_printf(bp,"%12sDSA Public Key:\n","");
- DSA_print(bp,pkey->pkey.dsa,16);
- }
- else
+ if (pkey->type == EVP_PKEY_DSA)
+ {
+ BIO_printf(bp,"%12sDSA Public Key:\n","");
+ DSA_print(bp,pkey->pkey.dsa,16);
+ }
+ else
#endif
- BIO_printf(bp,"%12sUnknown Public Key:\n","");
+ BIO_printf(bp,"%12sUnknown Public Key:\n","");
- if (pkey != NULL)
- EVP_PKEY_free(pkey);
-
- /* may not be */
- sprintf(str,"%8sAttributes:\n","");
- if (BIO_puts(bp,str) <= 0) goto err;
+ EVP_PKEY_free(pkey);
+ }
- sk=x->req_info->attributes;
- if (sk_X509_ATTRIBUTE_num(sk) == 0)
+ if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
{
- sprintf(str,"%12sa0:00\n","");
+ /* may not be */
+ sprintf(str,"%8sAttributes:\n","");
if (BIO_puts(bp,str) <= 0) goto err;
- }
- else
- {
- for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+
+ sk=x->req_info->attributes;
+ if (sk_X509_ATTRIBUTE_num(sk) == 0)
{
- ASN1_TYPE *at;
- X509_ATTRIBUTE *a;
- ASN1_BIT_STRING *bs=NULL;
- ASN1_TYPE *t;
- int j,type=0,count=1,ii=0;
-
- a=sk_X509_ATTRIBUTE_value(sk,i);
- if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
- continue;
- sprintf(str,"%12s","");
+ sprintf(str,"%12sa0:00\n","");
if (BIO_puts(bp,str) <= 0) goto err;
- if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+ }
+ else
{
- if (a->single)
+ for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
{
- t=a->value.single;
- type=t->type;
- bs=t->value.bit_string;
- }
- else
+ ASN1_TYPE *at;
+ X509_ATTRIBUTE *a;
+ ASN1_BIT_STRING *bs=NULL;
+ ASN1_TYPE *t;
+ int j,type=0,count=1,ii=0;
+
+ a=sk_X509_ATTRIBUTE_value(sk,i);
+ if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+ continue;
+ sprintf(str,"%12s","");
+ if (BIO_puts(bp,str) <= 0) goto err;
+ if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
{
- ii=0;
- count=sk_ASN1_TYPE_num(a->value.set);
+ if (a->single)
+ {
+ t=a->value.single;
+ type=t->type;
+ bs=t->value.bit_string;
+ }
+ else
+ {
+ ii=0;
+ count=sk_ASN1_TYPE_num(a->value.set);
get_next:
- at=sk_ASN1_TYPE_value(a->value.set,ii);
- type=at->type;
- bs=at->value.asn1_string;
+ at=sk_ASN1_TYPE_value(a->value.set,ii);
+ type=at->type;
+ bs=at->value.asn1_string;
+ }
+ }
+ for (j=25-j; j>0; j--)
+ if (BIO_write(bp," ",1) != 1) goto err;
+ if (BIO_puts(bp,":") <= 0) goto err;
+ if ( (type == V_ASN1_PRINTABLESTRING) ||
+ (type == V_ASN1_T61STRING) ||
+ (type == V_ASN1_IA5STRING))
+ {
+ if (BIO_write(bp,(char *)bs->data,bs->length)
+ != bs->length)
+ goto err;
+ BIO_puts(bp,"\n");
+ }
+ else
+ {
+ BIO_puts(bp,"unable to print attribute\n");
+ }
+ if (++ii < count) goto get_next;
}
}
- for (j=25-j; j>0; j--)
- if (BIO_write(bp," ",1) != 1) goto err;
- if (BIO_puts(bp,":") <= 0) goto err;
- if ( (type == V_ASN1_PRINTABLESTRING) ||
- (type == V_ASN1_T61STRING) ||
- (type == V_ASN1_IA5STRING))
+ }
+ if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+ {
+ exts = X509_REQ_get_extensions(x);
+ if(exts)
+ {
+ BIO_printf(bp,"%8sRequested Extensions:\n","");
+ for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
{
- if (BIO_write(bp,(char *)bs->data,bs->length)
- != bs->length)
+ ASN1_OBJECT *obj;
+ X509_EXTENSION *ex;
+ int j;
+ ex=sk_X509_EXTENSION_value(exts, i);
+ if (BIO_printf(bp,"%12s","") <= 0) goto err;
+ obj=X509_EXTENSION_get_object(ex);
+ i2a_ASN1_OBJECT(bp,obj);
+ j=X509_EXTENSION_get_critical(ex);
+ if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
goto err;
- BIO_puts(bp,"\n");
+ if(!X509V3_EXT_print(bp, ex, 0, 16))
+ {
+ BIO_printf(bp, "%16s", "");
+ M_ASN1_OCTET_STRING_print(bp,ex->value);
+ }
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
}
- else
- {
- BIO_puts(bp,"unable to print attribute\n");
- }
- if (++ii < count) goto get_next;
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
}
- exts = X509_REQ_get_extensions(x);
- if(exts) {
- BIO_printf(bp,"%8sRequested Extensions:\n","");
- for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ex;
- int j;
- ex=sk_X509_EXTENSION_value(exts, i);
- if (BIO_printf(bp,"%12s","") <= 0) goto err;
- obj=X509_EXTENSION_get_object(ex);
- i2a_ASN1_OBJECT(bp,obj);
- j=X509_EXTENSION_get_critical(ex);
- if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
- goto err;
- if(!X509V3_EXT_print(bp, ex, 0, 16)) {
- BIO_printf(bp, "%16s", "");
- M_ASN1_OCTET_STRING_print(bp,ex->value);
- }
- if (BIO_write(bp,"\n",1) <= 0) goto err;
+ if(!(cflag & X509_FLAG_NO_SIGDUMP))
+ {
+ if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
}
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- }
-
- if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
return(1);
err:
X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
return(0);
+ }
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+ {
+ return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
}
--- x509.h.org Mon May 27 11:19:03 2002
+++ x509.h Mon May 27 11:26:55 2002
@@ -331,6 +331,7 @@
#define X509_FLAG_NO_EXTENSIONS (1L << 8)
#define X509_FLAG_NO_SIGDUMP (1L << 9)
#define X509_FLAG_NO_AUX (1L << 10)
+#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
/* Flags specific to X509_NAME_print_ex() */
@@ -1015,6 +1016,7 @@
int X509_ocspid_print(BIO *bp,X509 *x);
int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
int X509_CRL_print(BIO *bp,X509_CRL *x);
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned
+long cflag);
int X509_REQ_print(BIO *bp,X509_REQ *req);
#endif
