]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
454afd98 | 2 | * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. |
c7235be6 | 3 | * |
a1b4409d | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4f22f405 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
c7235be6 UM |
8 | */ |
9 | ||
e4468e6d P |
10 | /* We need to use some engine deprecated APIs */ |
11 | #define OPENSSL_SUPPRESS_DEPRECATED | |
12 | ||
c7235be6 UM |
13 | #include <string.h> |
14 | ||
1e26a8ba | 15 | #include <openssl/crypto.h> |
b39fc560 | 16 | #include "internal/cryptlib.h" |
c7235be6 | 17 | #include <openssl/pem.h> |
3c27208f | 18 | #include <openssl/engine.h> |
c7235be6 UM |
19 | #include <openssl/ts.h> |
20 | ||
852c2ed2 RS |
21 | DEFINE_STACK_OF(CONF_VALUE) |
22 | ||
c7235be6 | 23 | /* Macro definitions for the configuration file. */ |
0f113f3e MC |
24 | #define BASE_SECTION "tsa" |
25 | #define ENV_DEFAULT_TSA "default_tsa" | |
26 | #define ENV_SERIAL "serial" | |
27 | #define ENV_CRYPTO_DEVICE "crypto_device" | |
28 | #define ENV_SIGNER_CERT "signer_cert" | |
29 | #define ENV_CERTS "certs" | |
30 | #define ENV_SIGNER_KEY "signer_key" | |
e20b4727 | 31 | #define ENV_SIGNER_DIGEST "signer_digest" |
0f113f3e MC |
32 | #define ENV_DEFAULT_POLICY "default_policy" |
33 | #define ENV_OTHER_POLICIES "other_policies" | |
34 | #define ENV_DIGESTS "digests" | |
35 | #define ENV_ACCURACY "accuracy" | |
36 | #define ENV_ORDERING "ordering" | |
37 | #define ENV_TSA_NAME "tsa_name" | |
38 | #define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" | |
39 | #define ENV_VALUE_SECS "secs" | |
40 | #define ENV_VALUE_MILLISECS "millisecs" | |
41 | #define ENV_VALUE_MICROSECS "microsecs" | |
42 | #define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" | |
43 | #define ENV_VALUE_YES "yes" | |
44 | #define ENV_VALUE_NO "no" | |
f0ef20bf | 45 | #define ENV_ESS_CERT_ID_ALG "ess_cert_id_alg" |
c7235be6 UM |
46 | |
47 | /* Function definitions for certificate and key loading. */ | |
48 | ||
49 | X509 *TS_CONF_load_cert(const char *file) | |
0f113f3e MC |
50 | { |
51 | BIO *cert = NULL; | |
52 | X509 *x = NULL; | |
53 | ||
54 | if ((cert = BIO_new_file(file, "r")) == NULL) | |
55 | goto end; | |
56 | x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); | |
57 | end: | |
58 | if (x == NULL) | |
c0cf5b84 | 59 | TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT); |
0f113f3e MC |
60 | BIO_free(cert); |
61 | return x; | |
62 | } | |
c7235be6 UM |
63 | |
64 | STACK_OF(X509) *TS_CONF_load_certs(const char *file) | |
0f113f3e MC |
65 | { |
66 | BIO *certs = NULL; | |
67 | STACK_OF(X509) *othercerts = NULL; | |
68 | STACK_OF(X509_INFO) *allcerts = NULL; | |
69 | int i; | |
70 | ||
75ebbd9a | 71 | if ((certs = BIO_new_file(file, "r")) == NULL) |
0f113f3e | 72 | goto end; |
75ebbd9a | 73 | if ((othercerts = sk_X509_new_null()) == NULL) |
0f113f3e | 74 | goto end; |
75ebbd9a | 75 | |
0f113f3e MC |
76 | allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); |
77 | for (i = 0; i < sk_X509_INFO_num(allcerts); i++) { | |
78 | X509_INFO *xi = sk_X509_INFO_value(allcerts, i); | |
eeccc237 DDO |
79 | |
80 | if (xi->x509 != NULL) { | |
81 | if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) { | |
82 | sk_X509_pop_free(othercerts, X509_free); | |
83 | othercerts = NULL; | |
84 | goto end; | |
85 | } | |
0f113f3e MC |
86 | xi->x509 = NULL; |
87 | } | |
88 | } | |
89 | end: | |
90 | if (othercerts == NULL) | |
c0cf5b84 | 91 | TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT); |
0f113f3e MC |
92 | sk_X509_INFO_pop_free(allcerts, X509_INFO_free); |
93 | BIO_free(certs); | |
94 | return othercerts; | |
95 | } | |
c7235be6 UM |
96 | |
97 | EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) | |
0f113f3e MC |
98 | { |
99 | BIO *key = NULL; | |
100 | EVP_PKEY *pkey = NULL; | |
c7235be6 | 101 | |
75ebbd9a | 102 | if ((key = BIO_new_file(file, "r")) == NULL) |
0f113f3e MC |
103 | goto end; |
104 | pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); | |
c7235be6 | 105 | end: |
0f113f3e | 106 | if (pkey == NULL) |
c0cf5b84 | 107 | TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY); |
0f113f3e MC |
108 | BIO_free(key); |
109 | return pkey; | |
110 | } | |
c7235be6 UM |
111 | |
112 | /* Function definitions for handling configuration options. */ | |
113 | ||
9c422b5b | 114 | static void ts_CONF_lookup_fail(const char *name, const char *tag) |
0f113f3e | 115 | { |
c0cf5b84 RS |
116 | TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE); |
117 | ERR_add_error_data(3, name, "::", tag); | |
0f113f3e | 118 | } |
c7235be6 | 119 | |
9c422b5b | 120 | static void ts_CONF_invalid(const char *name, const char *tag) |
0f113f3e | 121 | { |
c0cf5b84 RS |
122 | TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE); |
123 | ERR_add_error_data(3, name, "::", tag); | |
0f113f3e | 124 | } |
c7235be6 UM |
125 | |
126 | const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) | |
0f113f3e MC |
127 | { |
128 | if (!section) { | |
129 | section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); | |
130 | if (!section) | |
9c422b5b | 131 | ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); |
0f113f3e MC |
132 | } |
133 | return section; | |
134 | } | |
c7235be6 UM |
135 | |
136 | int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, | |
0f113f3e MC |
137 | TS_RESP_CTX *ctx) |
138 | { | |
139 | int ret = 0; | |
140 | char *serial = NCONF_get_string(conf, section, ENV_SERIAL); | |
141 | if (!serial) { | |
9c422b5b | 142 | ts_CONF_lookup_fail(section, ENV_SERIAL); |
0f113f3e MC |
143 | goto err; |
144 | } | |
145 | TS_RESP_CTX_set_serial_cb(ctx, cb, serial); | |
146 | ||
147 | ret = 1; | |
c7235be6 | 148 | err: |
0f113f3e MC |
149 | return ret; |
150 | } | |
c7235be6 | 151 | |
70531c14 DSH |
152 | #ifndef OPENSSL_NO_ENGINE |
153 | ||
c7235be6 | 154 | int TS_CONF_set_crypto_device(CONF *conf, const char *section, |
0f113f3e MC |
155 | const char *device) |
156 | { | |
157 | int ret = 0; | |
158 | ||
75ebbd9a | 159 | if (device == NULL) |
0f113f3e MC |
160 | device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); |
161 | ||
162 | if (device && !TS_CONF_set_default_engine(device)) { | |
9c422b5b | 163 | ts_CONF_invalid(section, ENV_CRYPTO_DEVICE); |
0f113f3e MC |
164 | goto err; |
165 | } | |
166 | ret = 1; | |
c7235be6 | 167 | err: |
0f113f3e MC |
168 | return ret; |
169 | } | |
c7235be6 UM |
170 | |
171 | int TS_CONF_set_default_engine(const char *name) | |
0f113f3e MC |
172 | { |
173 | ENGINE *e = NULL; | |
174 | int ret = 0; | |
175 | ||
0f113f3e MC |
176 | if (strcmp(name, "builtin") == 0) |
177 | return 1; | |
178 | ||
75ebbd9a | 179 | if ((e = ENGINE_by_id(name)) == NULL) |
0f113f3e | 180 | goto err; |
0f113f3e MC |
181 | if (strcmp(name, "chil") == 0) |
182 | ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); | |
0f113f3e MC |
183 | if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) |
184 | goto err; | |
185 | ret = 1; | |
18cd23df | 186 | |
c7235be6 | 187 | err: |
0f113f3e MC |
188 | if (!ret) { |
189 | TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE); | |
190 | ERR_add_error_data(2, "engine:", name); | |
191 | } | |
efa7dd64 | 192 | ENGINE_free(e); |
0f113f3e MC |
193 | return ret; |
194 | } | |
c7235be6 | 195 | |
70531c14 DSH |
196 | #endif |
197 | ||
c7235be6 | 198 | int TS_CONF_set_signer_cert(CONF *conf, const char *section, |
0f113f3e MC |
199 | const char *cert, TS_RESP_CTX *ctx) |
200 | { | |
201 | int ret = 0; | |
202 | X509 *cert_obj = NULL; | |
75ebbd9a RS |
203 | |
204 | if (cert == NULL) { | |
0f113f3e | 205 | cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); |
75ebbd9a | 206 | if (cert == NULL) { |
9c422b5b | 207 | ts_CONF_lookup_fail(section, ENV_SIGNER_CERT); |
75ebbd9a RS |
208 | goto err; |
209 | } | |
0f113f3e | 210 | } |
75ebbd9a | 211 | if ((cert_obj = TS_CONF_load_cert(cert)) == NULL) |
0f113f3e MC |
212 | goto err; |
213 | if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) | |
214 | goto err; | |
215 | ||
216 | ret = 1; | |
c7235be6 | 217 | err: |
0f113f3e MC |
218 | X509_free(cert_obj); |
219 | return ret; | |
220 | } | |
c7235be6 UM |
221 | |
222 | int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, | |
0f113f3e MC |
223 | TS_RESP_CTX *ctx) |
224 | { | |
225 | int ret = 0; | |
226 | STACK_OF(X509) *certs_obj = NULL; | |
75ebbd9a RS |
227 | |
228 | if (certs == NULL) { | |
229 | /* Certificate chain is optional. */ | |
230 | if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL) | |
231 | goto end; | |
232 | } | |
233 | if ((certs_obj = TS_CONF_load_certs(certs)) == NULL) | |
0f113f3e MC |
234 | goto err; |
235 | if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) | |
236 | goto err; | |
c7235be6 | 237 | end: |
0f113f3e | 238 | ret = 1; |
c7235be6 | 239 | err: |
0f113f3e MC |
240 | sk_X509_pop_free(certs_obj, X509_free); |
241 | return ret; | |
242 | } | |
c7235be6 UM |
243 | |
244 | int TS_CONF_set_signer_key(CONF *conf, const char *section, | |
0f113f3e MC |
245 | const char *key, const char *pass, |
246 | TS_RESP_CTX *ctx) | |
247 | { | |
248 | int ret = 0; | |
249 | EVP_PKEY *key_obj = NULL; | |
250 | if (!key) | |
251 | key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); | |
252 | if (!key) { | |
9c422b5b | 253 | ts_CONF_lookup_fail(section, ENV_SIGNER_KEY); |
0f113f3e MC |
254 | goto err; |
255 | } | |
75ebbd9a | 256 | if ((key_obj = TS_CONF_load_key(key, pass)) == NULL) |
0f113f3e MC |
257 | goto err; |
258 | if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) | |
259 | goto err; | |
260 | ||
261 | ret = 1; | |
c7235be6 | 262 | err: |
0f113f3e MC |
263 | EVP_PKEY_free(key_obj); |
264 | return ret; | |
265 | } | |
c7235be6 | 266 | |
e20b4727 DSH |
267 | int TS_CONF_set_signer_digest(CONF *conf, const char *section, |
268 | const char *md, TS_RESP_CTX *ctx) | |
269 | { | |
270 | int ret = 0; | |
271 | const EVP_MD *sign_md = NULL; | |
272 | if (md == NULL) | |
273 | md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST); | |
274 | if (md == NULL) { | |
275 | ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST); | |
276 | goto err; | |
277 | } | |
278 | sign_md = EVP_get_digestbyname(md); | |
279 | if (sign_md == NULL) { | |
280 | ts_CONF_invalid(section, ENV_SIGNER_DIGEST); | |
281 | goto err; | |
282 | } | |
283 | if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md)) | |
284 | goto err; | |
285 | ||
286 | ret = 1; | |
287 | err: | |
288 | return ret; | |
289 | } | |
290 | ||
c7235be6 | 291 | int TS_CONF_set_def_policy(CONF *conf, const char *section, |
0f113f3e MC |
292 | const char *policy, TS_RESP_CTX *ctx) |
293 | { | |
294 | int ret = 0; | |
295 | ASN1_OBJECT *policy_obj = NULL; | |
12a765a5 RS |
296 | |
297 | if (policy == NULL) | |
0f113f3e | 298 | policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY); |
12a765a5 | 299 | if (policy == NULL) { |
9c422b5b | 300 | ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); |
0f113f3e MC |
301 | goto err; |
302 | } | |
75ebbd9a | 303 | if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) { |
9c422b5b | 304 | ts_CONF_invalid(section, ENV_DEFAULT_POLICY); |
0f113f3e MC |
305 | goto err; |
306 | } | |
307 | if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) | |
308 | goto err; | |
309 | ||
310 | ret = 1; | |
c7235be6 | 311 | err: |
0f113f3e MC |
312 | ASN1_OBJECT_free(policy_obj); |
313 | return ret; | |
314 | } | |
315 | ||
316 | int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
317 | { | |
318 | int ret = 0; | |
319 | int i; | |
320 | STACK_OF(CONF_VALUE) *list = NULL; | |
75ebbd9a RS |
321 | char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES); |
322 | ||
0f113f3e | 323 | /* If no other policy is specified, that's fine. */ |
75ebbd9a | 324 | if (policies && (list = X509V3_parse_list(policies)) == NULL) { |
9c422b5b | 325 | ts_CONF_invalid(section, ENV_OTHER_POLICIES); |
0f113f3e MC |
326 | goto err; |
327 | } | |
328 | for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { | |
329 | CONF_VALUE *val = sk_CONF_VALUE_value(list, i); | |
330 | const char *extval = val->value ? val->value : val->name; | |
331 | ASN1_OBJECT *objtmp; | |
75ebbd9a RS |
332 | |
333 | if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { | |
9c422b5b | 334 | ts_CONF_invalid(section, ENV_OTHER_POLICIES); |
0f113f3e MC |
335 | goto err; |
336 | } | |
337 | if (!TS_RESP_CTX_add_policy(ctx, objtmp)) | |
338 | goto err; | |
339 | ASN1_OBJECT_free(objtmp); | |
340 | } | |
341 | ||
342 | ret = 1; | |
c7235be6 | 343 | err: |
0f113f3e MC |
344 | sk_CONF_VALUE_pop_free(list, X509V3_conf_free); |
345 | return ret; | |
346 | } | |
347 | ||
348 | int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
349 | { | |
350 | int ret = 0; | |
351 | int i; | |
352 | STACK_OF(CONF_VALUE) *list = NULL; | |
353 | char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); | |
75ebbd9a RS |
354 | |
355 | if (digests == NULL) { | |
9c422b5b | 356 | ts_CONF_lookup_fail(section, ENV_DIGESTS); |
0f113f3e MC |
357 | goto err; |
358 | } | |
75ebbd9a | 359 | if ((list = X509V3_parse_list(digests)) == NULL) { |
9c422b5b | 360 | ts_CONF_invalid(section, ENV_DIGESTS); |
0f113f3e MC |
361 | goto err; |
362 | } | |
363 | if (sk_CONF_VALUE_num(list) == 0) { | |
9c422b5b | 364 | ts_CONF_invalid(section, ENV_DIGESTS); |
0f113f3e MC |
365 | goto err; |
366 | } | |
367 | for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { | |
368 | CONF_VALUE *val = sk_CONF_VALUE_value(list, i); | |
369 | const char *extval = val->value ? val->value : val->name; | |
370 | const EVP_MD *md; | |
75ebbd9a RS |
371 | |
372 | if ((md = EVP_get_digestbyname(extval)) == NULL) { | |
9c422b5b | 373 | ts_CONF_invalid(section, ENV_DIGESTS); |
0f113f3e MC |
374 | goto err; |
375 | } | |
376 | if (!TS_RESP_CTX_add_md(ctx, md)) | |
377 | goto err; | |
378 | } | |
379 | ||
380 | ret = 1; | |
c7235be6 | 381 | err: |
0f113f3e MC |
382 | sk_CONF_VALUE_pop_free(list, X509V3_conf_free); |
383 | return ret; | |
384 | } | |
c7235be6 UM |
385 | |
386 | int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
0f113f3e MC |
387 | { |
388 | int ret = 0; | |
389 | int i; | |
390 | int secs = 0, millis = 0, micros = 0; | |
391 | STACK_OF(CONF_VALUE) *list = NULL; | |
392 | char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); | |
393 | ||
75ebbd9a | 394 | if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) { |
9c422b5b | 395 | ts_CONF_invalid(section, ENV_ACCURACY); |
0f113f3e MC |
396 | goto err; |
397 | } | |
398 | for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { | |
399 | CONF_VALUE *val = sk_CONF_VALUE_value(list, i); | |
400 | if (strcmp(val->name, ENV_VALUE_SECS) == 0) { | |
401 | if (val->value) | |
402 | secs = atoi(val->value); | |
403 | } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) { | |
404 | if (val->value) | |
405 | millis = atoi(val->value); | |
406 | } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) { | |
407 | if (val->value) | |
408 | micros = atoi(val->value); | |
409 | } else { | |
9c422b5b | 410 | ts_CONF_invalid(section, ENV_ACCURACY); |
0f113f3e MC |
411 | goto err; |
412 | } | |
413 | } | |
414 | if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) | |
415 | goto err; | |
416 | ||
417 | ret = 1; | |
c7235be6 | 418 | err: |
0f113f3e MC |
419 | sk_CONF_VALUE_pop_free(list, X509V3_conf_free); |
420 | return ret; | |
421 | } | |
c7235be6 UM |
422 | |
423 | int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, | |
0f113f3e MC |
424 | TS_RESP_CTX *ctx) |
425 | { | |
426 | int ret = 0; | |
427 | long digits = 0; | |
428 | ||
429 | /* | |
430 | * If not specified, set the default value to 0, i.e. sec precision | |
431 | */ | |
432 | if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS, | |
433 | &digits)) | |
434 | digits = 0; | |
435 | if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { | |
9c422b5b | 436 | ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); |
0f113f3e MC |
437 | goto err; |
438 | } | |
439 | ||
440 | if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) | |
441 | goto err; | |
442 | ||
443 | return 1; | |
c7235be6 | 444 | err: |
0f113f3e MC |
445 | return ret; |
446 | } | |
447 | ||
9c422b5b | 448 | static int ts_CONF_add_flag(CONF *conf, const char *section, |
0f113f3e MC |
449 | const char *field, int flag, TS_RESP_CTX *ctx) |
450 | { | |
0f113f3e | 451 | const char *value = NCONF_get_string(conf, section, field); |
18cd23df | 452 | |
0f113f3e MC |
453 | if (value) { |
454 | if (strcmp(value, ENV_VALUE_YES) == 0) | |
455 | TS_RESP_CTX_add_flags(ctx, flag); | |
456 | else if (strcmp(value, ENV_VALUE_NO) != 0) { | |
9c422b5b | 457 | ts_CONF_invalid(section, field); |
0f113f3e MC |
458 | return 0; |
459 | } | |
460 | } | |
461 | ||
462 | return 1; | |
463 | } | |
c7235be6 UM |
464 | |
465 | int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
0f113f3e | 466 | { |
9c422b5b | 467 | return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); |
0f113f3e | 468 | } |
c7235be6 UM |
469 | |
470 | int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) | |
0f113f3e | 471 | { |
9c422b5b | 472 | return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); |
0f113f3e | 473 | } |
c7235be6 UM |
474 | |
475 | int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, | |
0f113f3e MC |
476 | TS_RESP_CTX *ctx) |
477 | { | |
9c422b5b | 478 | return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, |
0f113f3e MC |
479 | TS_ESS_CERT_ID_CHAIN, ctx); |
480 | } | |
f0ef20bf MK |
481 | |
482 | int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, | |
483 | TS_RESP_CTX *ctx) | |
484 | { | |
485 | int ret = 0; | |
486 | const EVP_MD *cert_md = NULL; | |
487 | const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG); | |
488 | ||
489 | if (md == NULL) | |
490 | md = "sha1"; | |
491 | ||
492 | cert_md = EVP_get_digestbyname(md); | |
493 | if (cert_md == NULL) { | |
494 | ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG); | |
495 | goto err; | |
496 | } | |
497 | ||
498 | if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md)) | |
499 | goto err; | |
500 | ||
501 | ret = 1; | |
502 | err: | |
503 | return ret; | |
504 | } |