* The public definitions of conf_method_st and conf_st have been
deprecated. They will be made opaque in a future release.
- * Rich Salz *
+ *Rich Salz and Tomáš Mráz*
* Client-initiated renegotiation is disabled by default. To allow it, use
the -client_renegotiation option, the SSL_OP_ALLOW_CLIENT_RENEGOTIATION
static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
static void value_free_stack_doall(CONF_VALUE *a);
-OSSL_LIB_CTX *NCONF_get0_libctx(CONF *conf)
-{
- return conf->libctx;
-}
-
CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
{
CONF_VALUE vv;
conf->meth->destroy_data(conf);
}
+OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf)
+{
+ return conf->libctx;
+}
+
+typedef STACK_OF(OPENSSL_CSTRING) SECTION_NAMES;
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, SECTION_NAMES);
+
+static void collect_section_name(const CONF_VALUE *v, SECTION_NAMES *names)
+{
+ /* A section is a CONF_VALUE with name == NULL */
+ if (v->name == NULL)
+ sk_OPENSSL_CSTRING_push(names, v->section);
+}
+
+static int section_name_cmp(OPENSSL_CSTRING const *a, OPENSSL_CSTRING const *b)
+{
+ return strcmp(*a, *b);
+}
+
+STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *cnf)
+{
+ SECTION_NAMES *names;
+
+ if ((names = sk_OPENSSL_CSTRING_new(section_name_cmp)) == NULL)
+ return NULL;
+ lh_CONF_VALUE_doall_SECTION_NAMES(cnf->data, collect_section_name, names);
+ sk_OPENSSL_CSTRING_sort(names);
+ return names;
+}
+
int NCONF_load(CONF *conf, const char *file, long *eline)
{
if (conf == NULL) {
X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
const char *name, const char *value)
{
- CONF ctmp;
+ CONF *ctmp;
+ X509_EXTENSION *ret;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+ if ((ctmp = NCONF_new(NULL)) == NULL)
+ return NULL;
+ CONF_set_nconf(ctmp, conf);
+ ret = X509V3_EXT_nconf(ctmp, ctx, name, value);
+ NCONF_free(ctmp);
+ return ret;
}
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
X509V3_CTX *ctx, int ext_nid, const char *value)
{
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+ CONF *ctmp;
+ X509_EXTENSION *ret;
+
+ if ((ctmp = NCONF_new(NULL)) == NULL)
+ return NULL;
+ CONF_set_nconf(ctmp, conf);
+ ret = X509V3_EXT_nconf_nid(ctmp, ctx, ext_nid, value);
+ NCONF_free(ctmp);
+ return ret;
}
static char *conf_lhash_get_string(void *db, const char *section, const char *value)
int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
const char *section, X509 *cert)
{
- CONF ctmp;
+ CONF *ctmp;
+ int ret;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+ if ((ctmp = NCONF_new(NULL)) == NULL)
+ return 0;
+ CONF_set_nconf(ctmp, conf);
+ ret = X509V3_EXT_add_nconf(ctmp, ctx, section, cert);
+ NCONF_free(ctmp);
+ return ret;
}
/* Same as above but for a CRL */
int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
const char *section, X509_CRL *crl)
{
- CONF ctmp;
+ CONF *ctmp;
+ int ret;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+ if ((ctmp = NCONF_new(NULL)) == NULL)
+ return 0;
+ CONF_set_nconf(ctmp, conf);
+ ret = X509V3_EXT_CRL_add_nconf(ctmp, ctx, section, crl);
+ NCONF_free(ctmp);
+ return ret;
}
/* Add extensions to certificate request */
int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
const char *section, X509_REQ *req)
{
- CONF ctmp;
+ CONF *ctmp;
+ int ret;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+ if ((ctmp = NCONF_new(NULL)) == NULL)
+ return 0;
+ CONF_set_nconf(ctmp, conf);
+ ret = X509V3_EXT_REQ_add_nconf(ctmp, ctx, section, req);
+ NCONF_free(ctmp);
+ return ret;
}
=head1 NAME
NCONF_new_ex, NCONF_new, NCONF_free, NCONF_default, NCONF_load,
-NCONF_get0_libctx
+NCONF_get0_libctx, NCONF_get_section, NCONF_get_section_names
- functionality to Load and parse configuration files manually
=head1 SYNOPSIS
#include <openssl/conf.h>
+ typedef struct {
+ char *section;
+ char *name;
+ char *value;
+ } CONF_VALUE;
+
CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth);
CONF *NCONF_new(CONF_METHOD *meth);
void NCONF_free(CONF *conf);
CONF_METHOD *NCONF_default(void);
int NCONF_load(CONF *conf, const char *file, long *eline);
- OSSL_LIB_CTX *NCONF_get0_libctx(CONF *conf);
+ OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf);
+
+ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *name);
+ STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf);
=head1 DESCRIPTION
NCONF_get0_libctx() gets the library context associated with the I<conf>
parameter.
+NCONF_get_section_names() gets the names of the sections associated with
+the I<conf> as B<STACK_OF(OPENSSL_CSTRING)> strings. The individual strings
+are associated with the I<conf> and will be invalid after I<conf> is
+freed. The returned stack must be freed with sk_OPENSSL_CSTRING_free().
+
+NCONF_get_section() gets the config values associated with the I<conf> from
+the config section I<name> as B<STACK_OF(CONF_VALUE)> structures. The returned
+stack is associated with the I<conf> and will be invalid after I<conf>
+is freed. It must not be freed by the caller.
+
=head1 RETURN VALUES
NCONF_load() returns 1 on success or 0 on error.
=head1 HISTORY
-NCONF_new_ex() was added in OpenSSL 3.0.
+NCONF_new_ex(), NCONF_get0_libctx(), and NCONF_get_section_names() were added
+in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
*/
CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth);
-OSSL_LIB_CTX *NCONF_get0_libctx(CONF *conf);
+OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf);
CONF *NCONF_new(CONF_METHOD *meth);
CONF_METHOD *NCONF_default(void);
#ifndef OPENSSL_NO_DEPRECATED_3_0
int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
# endif
int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
+STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf);
STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
const char *section);
char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
#include <openssl/safestack.h>
#include <openssl/err.h>
-static STACK_OF(OPENSSL_CSTRING) *section_names = NULL;
-
-static void collect_section_name(CONF_VALUE *v)
-{
- /* A section is a CONF_VALUE with name == NULL */
- if (v->name == NULL)
- sk_OPENSSL_CSTRING_push(section_names, v->section);
-}
-
-static int section_name_cmp(OPENSSL_CSTRING const *a, OPENSSL_CSTRING const *b)
-{
- return strcmp(*a, *b);
-}
-
-static void collect_all_sections(const CONF *cnf)
-{
- section_names = sk_OPENSSL_CSTRING_new(section_name_cmp);
- lh_CONF_VALUE_doall(cnf->data, collect_section_name);
- sk_OPENSSL_CSTRING_sort(section_names);
-}
-
static void dump_section(const char *name, const CONF *cnf)
{
STACK_OF(CONF_VALUE) *sect = NCONF_get_section(cnf, name);
long eline;
CONF *conf = NCONF_new(NCONF_default());
int ret = 1;
+ STACK_OF(OPENSSL_CSTRING) *section_names = NULL;
if (conf != NULL && NCONF_load(conf, argv[1], &eline)) {
int i;
- collect_all_sections(conf);
+ section_names = NCONF_get_section_names(conf);
for (i = 0; i < sk_OPENSSL_CSTRING_num(section_names); i++) {
dump_section(sk_OPENSSL_CSTRING_value(section_names, i), conf);
}
b2i_PVK_bio_ex 5547 3_0_0 EXIST::FUNCTION:
i2b_PVK_bio_ex 5548 3_0_0 EXIST::FUNCTION:
NCONF_get0_libctx 5547 3_0_0 EXIST::FUNCTION:
+NCONF_get_section_names 5548 3_0_0 EXIST::FUNCTION: