]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
454afd98 | 2 | * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. |
c7235be6 | 3 | * |
a1b4409d | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4f22f405 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
c7235be6 UM |
8 | */ |
9 | ||
e4468e6d P |
10 | /* We need to use some engine deprecated APIs */ |
11 | #define OPENSSL_SUPPRESS_DEPRECATED | |
12 | ||
c7235be6 UM |
13 | #include <string.h> |
14 | ||
1e26a8ba | 15 | #include <openssl/crypto.h> |
b39fc560 | 16 | #include "internal/cryptlib.h" |
c7235be6 | 17 | #include <openssl/pem.h> |
3c27208f | 18 | #include <openssl/engine.h> |
c7235be6 | 19 | #include <openssl/ts.h> |
55c61473 | 20 | #include <openssl/conf_api.h> |
c7235be6 UM |
21 | |
22 | /* Macro definitions for the configuration file. */ | |
0f113f3e MC |
23 | #define BASE_SECTION "tsa" |
24 | #define ENV_DEFAULT_TSA "default_tsa" | |
25 | #define ENV_SERIAL "serial" | |
26 | #define ENV_CRYPTO_DEVICE "crypto_device" | |
27 | #define ENV_SIGNER_CERT "signer_cert" | |
28 | #define ENV_CERTS "certs" | |
29 | #define ENV_SIGNER_KEY "signer_key" | |
e20b4727 | 30 | #define ENV_SIGNER_DIGEST "signer_digest" |
0f113f3e MC |
31 | #define ENV_DEFAULT_POLICY "default_policy" |
32 | #define ENV_OTHER_POLICIES "other_policies" | |
33 | #define ENV_DIGESTS "digests" | |
34 | #define ENV_ACCURACY "accuracy" | |
35 | #define ENV_ORDERING "ordering" | |
36 | #define ENV_TSA_NAME "tsa_name" | |
37 | #define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" | |
38 | #define ENV_VALUE_SECS "secs" | |
39 | #define ENV_VALUE_MILLISECS "millisecs" | |
40 | #define ENV_VALUE_MICROSECS "microsecs" | |
41 | #define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" | |
42 | #define ENV_VALUE_YES "yes" | |
43 | #define ENV_VALUE_NO "no" | |
f0ef20bf | 44 | #define ENV_ESS_CERT_ID_ALG "ess_cert_id_alg" |
c7235be6 UM |
45 | |
46 | /* Function definitions for certificate and key loading. */ | |
47 | ||
48 | X509 *TS_CONF_load_cert(const char *file) | |
0f113f3e MC |
49 | { |
50 | BIO *cert = NULL; | |
51 | X509 *x = NULL; | |
52 | ||
53 | if ((cert = BIO_new_file(file, "r")) == NULL) | |
54 | goto end; | |
55 | x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); | |
56 | end: | |
57 | if (x == NULL) | |
9311d0c4 | 58 | ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT); |
0f113f3e MC |
59 | BIO_free(cert); |
60 | return x; | |
61 | } | |
c7235be6 UM |
62 | |
63 | STACK_OF(X509) *TS_CONF_load_certs(const char *file) | |
0f113f3e MC |
64 | { |
65 | BIO *certs = NULL; | |
66 | STACK_OF(X509) *othercerts = NULL; | |
67 | STACK_OF(X509_INFO) *allcerts = NULL; | |
68 | int i; | |
69 | ||
75ebbd9a | 70 | if ((certs = BIO_new_file(file, "r")) == NULL) |
0f113f3e | 71 | goto end; |
75ebbd9a | 72 | if ((othercerts = sk_X509_new_null()) == NULL) |
0f113f3e | 73 | goto end; |
75ebbd9a | 74 | |
0f113f3e MC |
75 | allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); |
76 | for (i = 0; i < sk_X509_INFO_num(allcerts); i++) { | |
77 | X509_INFO *xi = sk_X509_INFO_value(allcerts, i); | |
eeccc237 DDO |
78 | |
79 | if (xi->x509 != NULL) { | |
80 | if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) { | |
81 | sk_X509_pop_free(othercerts, X509_free); | |
82 | othercerts = NULL; | |
83 | goto end; | |
84 | } | |
0f113f3e MC |
85 | xi->x509 = NULL; |
86 | } | |
87 | } | |
88 | end: | |
89 | if (othercerts == NULL) | |
9311d0c4 | 90 | ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT); |
0f113f3e MC |
91 | sk_X509_INFO_pop_free(allcerts, X509_INFO_free); |
92 | BIO_free(certs); | |
93 | return othercerts; | |
94 | } | |
c7235be6 UM |
95 | |
96 | EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) | |
0f113f3e MC |
97 | { |
98 | BIO *key = NULL; | |
99 | EVP_PKEY *pkey = NULL; | |
c7235be6 | 100 | |
75ebbd9a | 101 | if ((key = BIO_new_file(file, "r")) == NULL) |
0f113f3e MC |
102 | goto end; |
103 | pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); | |
c7235be6 | 104 | end: |
0f113f3e | 105 | if (pkey == NULL) |
9311d0c4 | 106 | ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_KEY); |
0f113f3e MC |
107 | BIO_free(key); |
108 | return pkey; | |
109 | } | |
c7235be6 UM |
110 | |
111 | /* Function definitions for handling configuration options. */ | |
112 | ||
9c422b5b | 113 | static void ts_CONF_lookup_fail(const char *name, const char *tag) |
0f113f3e | 114 | { |
9311d0c4 | 115 | ERR_raise(ERR_LIB_TS, TS_R_VAR_LOOKUP_FAILURE); |
c0cf5b84 | 116 | ERR_add_error_data(3, name, "::", tag); |
0f113f3e | 117 | } |
c7235be6 | 118 | |
9c422b5b | 119 | static void ts_CONF_invalid(const char *name, const char *tag) |
0f113f3e | 120 | { |
9311d0c4 | 121 | ERR_raise(ERR_LIB_TS, TS_R_VAR_BAD_VALUE); |
c0cf5b84 | 122 | ERR_add_error_data(3, name, "::", tag); |
0f113f3e | 123 | } |
c7235be6 UM |
124 | |
125 | const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) | |
0f113f3e MC |
126 | { |
127 | if (!section) { | |
128 | section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); | |
129 | if (!section) | |
9c422b5b | 130 | ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); |
0f113f3e MC |
131 | } |
132 | return section; | |
133 | } | |
c7235be6 UM |
134 | |
135 | int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, | |
0f113f3e MC |
136 | TS_RESP_CTX *ctx) |
137 | { | |
138 | int ret = 0; | |
139 | char *serial = NCONF_get_string(conf, section, ENV_SERIAL); | |
140 | if (!serial) { | |
9c422b5b | 141 | ts_CONF_lookup_fail(section, ENV_SERIAL); |
0f113f3e MC |
142 | goto err; |
143 | } | |
144 | TS_RESP_CTX_set_serial_cb(ctx, cb, serial); | |
145 | ||
146 | ret = 1; | |
c7235be6 | 147 | err: |
0f113f3e MC |
148 | return ret; |
149 | } | |
c7235be6 | 150 | |
70531c14 DSH |
151 | #ifndef OPENSSL_NO_ENGINE |
152 | ||
c7235be6 | 153 | int TS_CONF_set_crypto_device(CONF *conf, const char *section, |
0f113f3e MC |
154 | const char *device) |
155 | { | |
156 | int ret = 0; | |
157 | ||
75ebbd9a | 158 | if (device == NULL) |
0f113f3e MC |
159 | device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); |
160 | ||
161 | if (device && !TS_CONF_set_default_engine(device)) { | |
9c422b5b | 162 | ts_CONF_invalid(section, ENV_CRYPTO_DEVICE); |
0f113f3e MC |
163 | goto err; |
164 | } | |
165 | ret = 1; | |
c7235be6 | 166 | err: |
0f113f3e MC |
167 | return ret; |
168 | } | |
c7235be6 UM |
169 | |
170 | int TS_CONF_set_default_engine(const char *name) | |
0f113f3e MC |
171 | { |
172 | ENGINE *e = NULL; | |
173 | int ret = 0; | |
174 | ||
0f113f3e MC |
175 | if (strcmp(name, "builtin") == 0) |
176 | return 1; | |
177 | ||
75ebbd9a | 178 | if ((e = ENGINE_by_id(name)) == NULL) |
0f113f3e | 179 | goto err; |
0f113f3e MC |
180 | if (strcmp(name, "chil") == 0) |
181 | ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); | |
0f113f3e MC |
182 | if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) |
183 | goto err; | |
184 | ret = 1; | |
18cd23df | 185 | |
c7235be6 | 186 | err: |
0f113f3e | 187 | if (!ret) { |
9311d0c4 | 188 | ERR_raise(ERR_LIB_TS, TS_R_COULD_NOT_SET_ENGINE); |
0f113f3e MC |
189 | ERR_add_error_data(2, "engine:", name); |
190 | } | |
efa7dd64 | 191 | ENGINE_free(e); |
0f113f3e MC |
192 | return ret; |
193 | } | |
c7235be6 | 194 | |
70531c14 DSH |
195 | #endif |
196 | ||
c7235be6 | 197 | int TS_CONF_set_signer_cert(CONF *conf, const char *section, |
0f113f3e MC |
198 | const char *cert, TS_RESP_CTX *ctx) |
199 | { | |
200 | int ret = 0; | |
201 | X509 *cert_obj = NULL; | |
75ebbd9a RS |
202 | |
203 | if (cert == NULL) { | |
0f113f3e | 204 | cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); |
75ebbd9a | 205 | if (cert == NULL) { |
9c422b5b | 206 | ts_CONF_lookup_fail(section, ENV_SIGNER_CERT); |
75ebbd9a RS |
207 | goto err; |
208 | } | |
0f113f3e | 209 | } |
75ebbd9a | 210 | if ((cert_obj = TS_CONF_load_cert(cert)) == NULL) |
0f113f3e MC |
211 | goto err; |
212 | if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) | |
213 | goto err; | |
214 | ||
215 | ret = 1; | |
c7235be6 | 216 | err: |
0f113f3e MC |
217 | X509_free(cert_obj); |
218 | return ret; | |
219 | } | |
c7235be6 UM |
220 | |
221 | int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, | |
0f113f3e MC |
222 | TS_RESP_CTX *ctx) |
223 | { | |
224 | int ret = 0; | |
225 | STACK_OF(X509) *certs_obj = NULL; | |
75ebbd9a RS |
226 | |
227 | if (certs == NULL) { | |
228 | /* Certificate chain is optional. */ | |
229 | if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL) | |
230 | goto end; | |
231 | } | |
232 | if ((certs_obj = TS_CONF_load_certs(certs)) == NULL) | |
0f113f3e MC |
233 | goto err; |
234 | if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) | |
235 | goto err; | |
c7235be6 | 236 | end: |
0f113f3e | 237 | ret = 1; |
c7235be6 | 238 | err: |
0f113f3e MC |
239 | sk_X509_pop_free(certs_obj, X509_free); |
240 | return ret; | |
241 | } | |
c7235be6 UM |
242 | |
243 | int TS_CONF_set_signer_key(CONF *conf, const char *section, | |
0f113f3e MC |
244 | const char *key, const char *pass, |
245 | TS_RESP_CTX *ctx) | |
246 | { | |
247 | int ret = 0; | |
248 | EVP_PKEY *key_obj = NULL; | |
249 | if (!key) | |
250 | key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); | |
251 | if (!key) { | |
9c422b5b | 252 | ts_CONF_lookup_fail(section, ENV_SIGNER_KEY); |
0f113f3e MC |
253 | goto err; |
254 | } | |
75ebbd9a | 255 | if ((key_obj = TS_CONF_load_key(key, pass)) == NULL) |
0f113f3e MC |
256 | goto err; |
257 | if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) | |
258 | goto err; | |
259 | ||
260 | ret = 1; | |
c7235be6 | 261 | err: |
0f113f3e MC |
262 | EVP_PKEY_free(key_obj); |
263 | return ret; | |
264 | } | |
c7235be6 | 265 | |
e20b4727 DSH |
266 | int TS_CONF_set_signer_digest(CONF *conf, const char *section, |
267 | const char *md, TS_RESP_CTX *ctx) | |
268 | { | |
269 | int ret = 0; | |
270 | const EVP_MD *sign_md = NULL; | |
271 | if (md == NULL) | |
272 | md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST); | |
273 | if (md == NULL) { | |
274 | ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST); | |
275 | goto err; | |
276 | } | |
277 | sign_md = EVP_get_digestbyname(md); | |
278 | if (sign_md == NULL) { | |
279 | ts_CONF_invalid(section, ENV_SIGNER_DIGEST); | |
280 | goto err; | |
281 | } | |
282 | if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md)) | |
283 | goto err; | |
284 | ||
285 | ret = 1; | |
286 | err: | |
287 | return ret; | |
288 | } | |
289 | ||
c7235be6 | 290 | int TS_CONF_set_def_policy(CONF *conf, const char *section, |
0f113f3e MC |
291 | const char *policy, TS_RESP_CTX *ctx) |
292 | { | |
293 | int ret = 0; | |
294 | ASN1_OBJECT *policy_obj = NULL; | |
12a765a5 RS |
295 | |
296 | if (policy == NULL) | |
0f113f3e | 297 | policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY); |
12a765a5 | 298 | if (policy == NULL) { |
9c422b5b | 299 | ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); |
0f113f3e MC |
300 | goto err; |
301 | } | |
75ebbd9a | 302 | if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) { |
9c422b5b | 303 | ts_CONF_invalid(section, ENV_DEFAULT_POLICY); |
0f113f3e MC |
304 | goto err; |
305 | } | |
306 | if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) | |
307 | goto err; | |
308 | ||
309 | ret = 1; | |
c7235be6 | 310 | err: |
0f113f3e MC |
311 | ASN1_OBJECT_free(policy_obj); |
312 | return ret; | |
313 | } | |
314 | ||
315 | int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
316 | { | |
317 | int ret = 0; | |
318 | int i; | |
319 | STACK_OF(CONF_VALUE) *list = NULL; | |
75ebbd9a RS |
320 | char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES); |
321 | ||
0f113f3e | 322 | /* If no other policy is specified, that's fine. */ |
75ebbd9a | 323 | if (policies && (list = X509V3_parse_list(policies)) == NULL) { |
9c422b5b | 324 | ts_CONF_invalid(section, ENV_OTHER_POLICIES); |
0f113f3e MC |
325 | goto err; |
326 | } | |
327 | for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { | |
328 | CONF_VALUE *val = sk_CONF_VALUE_value(list, i); | |
329 | const char *extval = val->value ? val->value : val->name; | |
330 | ASN1_OBJECT *objtmp; | |
75ebbd9a RS |
331 | |
332 | if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { | |
9c422b5b | 333 | ts_CONF_invalid(section, ENV_OTHER_POLICIES); |
0f113f3e MC |
334 | goto err; |
335 | } | |
336 | if (!TS_RESP_CTX_add_policy(ctx, objtmp)) | |
337 | goto err; | |
338 | ASN1_OBJECT_free(objtmp); | |
339 | } | |
340 | ||
341 | ret = 1; | |
c7235be6 | 342 | err: |
0f113f3e MC |
343 | sk_CONF_VALUE_pop_free(list, X509V3_conf_free); |
344 | return ret; | |
345 | } | |
346 | ||
347 | int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
348 | { | |
349 | int ret = 0; | |
350 | int i; | |
351 | STACK_OF(CONF_VALUE) *list = NULL; | |
352 | char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); | |
75ebbd9a RS |
353 | |
354 | if (digests == NULL) { | |
9c422b5b | 355 | ts_CONF_lookup_fail(section, ENV_DIGESTS); |
0f113f3e MC |
356 | goto err; |
357 | } | |
75ebbd9a | 358 | if ((list = X509V3_parse_list(digests)) == NULL) { |
9c422b5b | 359 | ts_CONF_invalid(section, ENV_DIGESTS); |
0f113f3e MC |
360 | goto err; |
361 | } | |
362 | if (sk_CONF_VALUE_num(list) == 0) { | |
9c422b5b | 363 | ts_CONF_invalid(section, ENV_DIGESTS); |
0f113f3e MC |
364 | goto err; |
365 | } | |
366 | for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { | |
367 | CONF_VALUE *val = sk_CONF_VALUE_value(list, i); | |
368 | const char *extval = val->value ? val->value : val->name; | |
369 | const EVP_MD *md; | |
75ebbd9a RS |
370 | |
371 | if ((md = EVP_get_digestbyname(extval)) == NULL) { | |
9c422b5b | 372 | ts_CONF_invalid(section, ENV_DIGESTS); |
0f113f3e MC |
373 | goto err; |
374 | } | |
375 | if (!TS_RESP_CTX_add_md(ctx, md)) | |
376 | goto err; | |
377 | } | |
378 | ||
379 | ret = 1; | |
c7235be6 | 380 | err: |
0f113f3e MC |
381 | sk_CONF_VALUE_pop_free(list, X509V3_conf_free); |
382 | return ret; | |
383 | } | |
c7235be6 UM |
384 | |
385 | int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
0f113f3e MC |
386 | { |
387 | int ret = 0; | |
388 | int i; | |
389 | int secs = 0, millis = 0, micros = 0; | |
390 | STACK_OF(CONF_VALUE) *list = NULL; | |
391 | char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); | |
392 | ||
75ebbd9a | 393 | if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) { |
9c422b5b | 394 | ts_CONF_invalid(section, ENV_ACCURACY); |
0f113f3e MC |
395 | goto err; |
396 | } | |
397 | for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { | |
398 | CONF_VALUE *val = sk_CONF_VALUE_value(list, i); | |
399 | if (strcmp(val->name, ENV_VALUE_SECS) == 0) { | |
400 | if (val->value) | |
401 | secs = atoi(val->value); | |
402 | } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) { | |
403 | if (val->value) | |
404 | millis = atoi(val->value); | |
405 | } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) { | |
406 | if (val->value) | |
407 | micros = atoi(val->value); | |
408 | } else { | |
9c422b5b | 409 | ts_CONF_invalid(section, ENV_ACCURACY); |
0f113f3e MC |
410 | goto err; |
411 | } | |
412 | } | |
413 | if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) | |
414 | goto err; | |
415 | ||
416 | ret = 1; | |
c7235be6 | 417 | err: |
0f113f3e MC |
418 | sk_CONF_VALUE_pop_free(list, X509V3_conf_free); |
419 | return ret; | |
420 | } | |
c7235be6 | 421 | |
55c61473 | 422 | int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section, |
0f113f3e MC |
423 | TS_RESP_CTX *ctx) |
424 | { | |
425 | int ret = 0; | |
426 | long digits = 0; | |
427 | ||
428 | /* | |
429 | * If not specified, set the default value to 0, i.e. sec precision | |
430 | */ | |
55c61473 | 431 | digits = _CONF_get_number(conf, section, ENV_CLOCK_PRECISION_DIGITS); |
0f113f3e | 432 | if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { |
9c422b5b | 433 | ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); |
0f113f3e MC |
434 | goto err; |
435 | } | |
436 | ||
437 | if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) | |
438 | goto err; | |
439 | ||
440 | return 1; | |
c7235be6 | 441 | err: |
0f113f3e MC |
442 | return ret; |
443 | } | |
444 | ||
9c422b5b | 445 | static int ts_CONF_add_flag(CONF *conf, const char *section, |
0f113f3e MC |
446 | const char *field, int flag, TS_RESP_CTX *ctx) |
447 | { | |
0f113f3e | 448 | const char *value = NCONF_get_string(conf, section, field); |
18cd23df | 449 | |
0f113f3e MC |
450 | if (value) { |
451 | if (strcmp(value, ENV_VALUE_YES) == 0) | |
452 | TS_RESP_CTX_add_flags(ctx, flag); | |
453 | else if (strcmp(value, ENV_VALUE_NO) != 0) { | |
9c422b5b | 454 | ts_CONF_invalid(section, field); |
0f113f3e MC |
455 | return 0; |
456 | } | |
457 | } | |
458 | ||
459 | return 1; | |
460 | } | |
c7235be6 UM |
461 | |
462 | int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
0f113f3e | 463 | { |
9c422b5b | 464 | return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); |
0f113f3e | 465 | } |
c7235be6 UM |
466 | |
467 | int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
0f113f3e | 468 | { |
9c422b5b | 469 | return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); |
0f113f3e | 470 | } |
c7235be6 UM |
471 | |
472 | int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, | |
0f113f3e MC |
473 | TS_RESP_CTX *ctx) |
474 | { | |
9c422b5b | 475 | return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, |
0f113f3e MC |
476 | TS_ESS_CERT_ID_CHAIN, ctx); |
477 | } | |
f0ef20bf MK |
478 | |
479 | int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, | |
480 | TS_RESP_CTX *ctx) | |
481 | { | |
482 | int ret = 0; | |
483 | const EVP_MD *cert_md = NULL; | |
484 | const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG); | |
485 | ||
486 | if (md == NULL) | |
487 | md = "sha1"; | |
488 | ||
489 | cert_md = EVP_get_digestbyname(md); | |
490 | if (cert_md == NULL) { | |
491 | ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG); | |
492 | goto err; | |
493 | } | |
494 | ||
495 | if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md)) | |
496 | goto err; | |
497 | ||
498 | ret = 1; | |
499 | err: | |
500 | return ret; | |
501 | } |