> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Howard Chu
> The output from testca is still a little dodgy, there are a few certificate
> fields that are printed in ASCII that need to be translated to EBCDIC for
> appearance's sake. But that's simple to fix; if you're interested
> I'll submit
> patches for that later.
X509v3 extensions weren't handling EBCDIC correctly. Trying to set a
subjectAltName resulted in the EBCDIC strings going into the cert, instead of
ASCII. Here are the fixes for crypto/x509v3. Also, the ca app needs a small
patch to translate DN components from ASCII to EBCDIC when confirming their
values.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
--- v3_alt.c 2002/08/31 03:27:11 1.1
+++ v3_alt.c 2002/08/31 03:31:54
@@ -99,6 +99,15 @@
return ret;
}
+#ifdef CHARSET_EBCDIC
+static const char _unsup[] = {0x3c,0x75,0x6e,0x73,0x75,0x70,0x70,0x6f,
+ 0x72,0x74,0x65,0x64,0x3e,0 };
+static const char _inval[] = {0x3c,0x69,0x6e,0x76,0x61,0x6c,0x69,0x64,0x3e,0};
+#else
+static const char _unsup[] = "<unsupported>";
+static const char _inval[] = "<invalid>";
+#endif
+
STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
{
@@ -107,15 +116,15 @@
switch (gen->type)
{
case GEN_OTHERNAME:
- X509V3_add_value("othername","<unsupported>", &ret);
+ X509V3_add_value("othername",_unsup, &ret);
break;
case GEN_X400:
- X509V3_add_value("X400Name","<unsupported>", &ret);
+ X509V3_add_value("X400Name",_unsup, &ret);
break;
case GEN_EDIPARTY:
- X509V3_add_value("EdiPartyName","<unsupported>", &ret);
+ X509V3_add_value("EdiPartyName",_unsup, &ret);
break;
case GEN_EMAIL:
@@ -132,6 +141,9 @@
case GEN_DIRNAME:
X509_NAME_oneline(gen->d.dirn, oline, 256);
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(oline, oline, strlen(oline));
+#endif
X509V3_add_value("DirName",oline, &ret);
break;
@@ -139,15 +151,21 @@
p = gen->d.ip->data;
/* BUG: doesn't support IPV6 */
if(gen->d.ip->length != 4) {
- X509V3_add_value("IP Address","<invalid>", &ret);
+ X509V3_add_value("IP Address",_inval, &ret);
break;
}
sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(oline, oline, strlen(oline));
+#endif
X509V3_add_value("IP Address",oline, &ret);
break;
case GEN_RID:
i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(oline, oline, strlen(oline));
+#endif
X509V3_add_value("Registered ID",oline, &ret);
break;
}
@@ -383,6 +401,9 @@
}
if(is_string) {
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(value, value, strlen(value));
+#endif
if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
!ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
strlen(value))) {
--- v3_utl.c 2002/08/31 03:27:11 1.1
+++ v3_utl.c 2002/08/31 03:28:06
@@ -111,6 +111,14 @@
OPENSSL_free(conf);
}
+#ifdef CHARSET_EBCDIC
+static const char _true[] = {0x54, 0x52, 0x55, 0x45, 0x00 };
+static const char _false[] = {0x46, 0x41, 0x4c, 0x53, 0x45, 0x00};
+#else
+static const char _true[] = "TRUE";
+static const char _false[] = "FALSE";
+#endif
+
int X509V3_add_value_bool(const char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist)
{
--- ca.c 2002/08/31 03:38:01 1.1
+++ ca.c 2002/08/31 03:39:35
@@ -1596,13 +1596,22 @@
p=(char *)str->data;
for (j=str->length; j>0; j--)
{
+#ifdef CHARSET_EBCDIC
+ if ((*p >= 0x20) && (*p <= 0x7e))
+ BIO_printf(bio_err,"%c", os_toebcdic[*p]);
+#else
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bio_err,"%c",*p);
+#endif
else if (*p & 0x80)
BIO_printf(bio_err,"\\0x%02X",*p);
else if ((unsigned char)*p == 0xf7)
BIO_printf(bio_err,"^?");
+#ifdef CHARSET_EBCDIC
+ else BIO_printf(bio_err,"^%c",os_toebcdic[*p+'@']);
+#else
else BIO_printf(bio_err,"^%c",*p+'@');
+#endif
p++;
}
BIO_printf(bio_err,"'\n");
