]>
Commit | Line | Data |
---|---|---|
9aeaf1b4 | 1 | /* v3_conf.c */ |
0f113f3e MC |
2 | /* |
3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project | |
4 | * 1999. | |
9aeaf1b4 DSH |
5 | */ |
6 | /* ==================================================================== | |
9ea1b878 | 7 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
9aeaf1b4 DSH |
8 | * |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 14 | * notice, this list of conditions and the following disclaimer. |
9aeaf1b4 DSH |
15 | * |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in | |
18 | * the documentation and/or other materials provided with the | |
19 | * distribution. | |
20 | * | |
21 | * 3. All advertising materials mentioning features or use of this | |
22 | * software must display the following acknowledgment: | |
23 | * "This product includes software developed by the OpenSSL Project | |
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 | * | |
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 | * endorse or promote products derived from this software without | |
28 | * prior written permission. For written permission, please contact | |
29 | * licensing@OpenSSL.org. | |
30 | * | |
31 | * 5. Products derived from this software may not be called "OpenSSL" | |
32 | * nor may "OpenSSL" appear in their names without prior written | |
33 | * permission of the OpenSSL Project. | |
34 | * | |
35 | * 6. Redistributions of any form whatsoever must retain the following | |
36 | * acknowledgment: | |
37 | * "This product includes software developed by the OpenSSL Project | |
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 | * | |
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 | * ==================================================================== | |
53 | * | |
54 | * This product includes cryptographic software written by Eric Young | |
55 | * (eay@cryptsoft.com). This product includes software written by Tim | |
56 | * Hudson (tjh@cryptsoft.com). | |
57 | * | |
58 | */ | |
388ff0b0 | 59 | /* extension creation utilities */ |
9aeaf1b4 | 60 | |
e527ba09 | 61 | #include <stdio.h> |
9aeaf1b4 | 62 | #include <ctype.h> |
e527ba09 | 63 | #include "cryptlib.h" |
ec577822 BM |
64 | #include <openssl/conf.h> |
65 | #include <openssl/x509.h> | |
66 | #include <openssl/x509v3.h> | |
9aeaf1b4 | 67 | |
388ff0b0 DSH |
68 | static int v3_check_critical(char **value); |
69 | static int v3_check_generic(char **value); | |
0f113f3e MC |
70 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
71 | int crit, char *value); | |
72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |
73 | int crit, int type, | |
74 | X509V3_CTX *ctx); | |
f5fedc04 | 75 | static char *conf_lhash_get_string(void *db, char *section, char *value); |
ba404b5e | 76 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); |
0f113f3e MC |
77 | static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, |
78 | int ext_nid, int crit, void *ext_struc); | |
79 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, | |
80 | long *ext_len); | |
b7a26e6d | 81 | /* CONF *conf: Config file */ |
6b691a5c UM |
82 | /* char *name: Name */ |
83 | /* char *value: Value */ | |
b7a26e6d | 84 | X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, |
0f113f3e MC |
85 | char *value) |
86 | { | |
87 | int crit; | |
88 | int ext_type; | |
89 | X509_EXTENSION *ret; | |
90 | crit = v3_check_critical(&value); | |
91 | if ((ext_type = v3_check_generic(&value))) | |
92 | return v3_generic_extension(name, value, crit, ext_type, ctx); | |
93 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); | |
94 | if (!ret) { | |
95 | X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION); | |
96 | ERR_add_error_data(4, "name=", name, ", value=", value); | |
97 | } | |
98 | return ret; | |
99 | } | |
9aeaf1b4 | 100 | |
b7a26e6d | 101 | /* CONF *conf: Config file */ |
6b691a5c | 102 | /* char *value: Value */ |
b7a26e6d | 103 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
0f113f3e MC |
104 | char *value) |
105 | { | |
106 | int crit; | |
107 | int ext_type; | |
108 | crit = v3_check_critical(&value); | |
109 | if ((ext_type = v3_check_generic(&value))) | |
110 | return v3_generic_extension(OBJ_nid2sn(ext_nid), | |
111 | value, crit, ext_type, ctx); | |
112 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); | |
113 | } | |
388ff0b0 | 114 | |
b7a26e6d | 115 | /* CONF *conf: Config file */ |
6b691a5c | 116 | /* char *value: Value */ |
b7a26e6d | 117 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
0f113f3e MC |
118 | int crit, char *value) |
119 | { | |
120 | const X509V3_EXT_METHOD *method; | |
121 | X509_EXTENSION *ext; | |
122 | STACK_OF(CONF_VALUE) *nval; | |
123 | void *ext_struc; | |
124 | if (ext_nid == NID_undef) { | |
125 | X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); | |
126 | return NULL; | |
127 | } | |
128 | if (!(method = X509V3_EXT_get_nid(ext_nid))) { | |
129 | X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); | |
130 | return NULL; | |
131 | } | |
132 | /* Now get internal extension representation based on type */ | |
133 | if (method->v2i) { | |
134 | if (*value == '@') | |
135 | nval = NCONF_get_section(conf, value + 1); | |
136 | else | |
137 | nval = X509V3_parse_list(value); | |
138 | if (sk_CONF_VALUE_num(nval) <= 0) { | |
139 | X509V3err(X509V3_F_DO_EXT_NCONF, | |
140 | X509V3_R_INVALID_EXTENSION_STRING); | |
141 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", | |
142 | value); | |
143 | return NULL; | |
144 | } | |
145 | ext_struc = method->v2i(method, ctx, nval); | |
146 | if (*value != '@') | |
147 | sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); | |
148 | if (!ext_struc) | |
149 | return NULL; | |
150 | } else if (method->s2i) { | |
151 | if (!(ext_struc = method->s2i(method, ctx, value))) | |
152 | return NULL; | |
153 | } else if (method->r2i) { | |
154 | if (!ctx->db || !ctx->db_meth) { | |
155 | X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); | |
156 | return NULL; | |
157 | } | |
158 | if (!(ext_struc = method->r2i(method, ctx, value))) | |
159 | return NULL; | |
160 | } else { | |
161 | X509V3err(X509V3_F_DO_EXT_NCONF, | |
162 | X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); | |
163 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); | |
164 | return NULL; | |
165 | } | |
166 | ||
167 | ext = do_ext_i2d(method, ext_nid, crit, ext_struc); | |
168 | if (method->it) | |
169 | ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); | |
170 | else | |
171 | method->ext_free(ext_struc); | |
172 | return ext; | |
173 | ||
174 | } | |
175 | ||
176 | static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, | |
177 | int ext_nid, int crit, void *ext_struc) | |
178 | { | |
179 | unsigned char *ext_der = NULL; | |
180 | int ext_len; | |
181 | ASN1_OCTET_STRING *ext_oct = NULL; | |
182 | X509_EXTENSION *ext; | |
183 | /* Convert internal representation to DER */ | |
184 | if (method->it) { | |
185 | ext_der = NULL; | |
186 | ext_len = | |
187 | ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); | |
188 | if (ext_len < 0) | |
189 | goto merr; | |
190 | } else { | |
191 | unsigned char *p; | |
192 | ext_len = method->i2d(ext_struc, NULL); | |
193 | if (!(ext_der = OPENSSL_malloc(ext_len))) | |
194 | goto merr; | |
195 | p = ext_der; | |
196 | method->i2d(ext_struc, &p); | |
197 | } | |
f422a514 | 198 | if (!(ext_oct = ASN1_OCTET_STRING_new())) |
0f113f3e MC |
199 | goto merr; |
200 | ext_oct->data = ext_der; | |
201 | ext_der = NULL; | |
202 | ext_oct->length = ext_len; | |
203 | ||
204 | ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); | |
205 | if (!ext) | |
206 | goto merr; | |
f422a514 | 207 | ASN1_OCTET_STRING_free(ext_oct); |
0f113f3e MC |
208 | |
209 | return ext; | |
210 | ||
211 | merr: | |
212 | X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); | |
b548a1f1 | 213 | OPENSSL_free(ext_der); |
0dfb9398 | 214 | ASN1_OCTET_STRING_free(ext_oct); |
0f113f3e MC |
215 | return NULL; |
216 | ||
217 | } | |
c8b41850 DSH |
218 | |
219 | /* Given an internal structure, nid and critical flag create an extension */ | |
220 | ||
221 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) | |
0f113f3e MC |
222 | { |
223 | const X509V3_EXT_METHOD *method; | |
224 | if (!(method = X509V3_EXT_get_nid(ext_nid))) { | |
225 | X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); | |
226 | return NULL; | |
227 | } | |
228 | return do_ext_i2d(method, ext_nid, crit, ext_struc); | |
9aeaf1b4 DSH |
229 | } |
230 | ||
388ff0b0 | 231 | /* Check the extension string for critical flag */ |
6b691a5c | 232 | static int v3_check_critical(char **value) |
388ff0b0 | 233 | { |
0f113f3e MC |
234 | char *p = *value; |
235 | if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) | |
236 | return 0; | |
237 | p += 9; | |
238 | while (isspace((unsigned char)*p)) | |
239 | p++; | |
240 | *value = p; | |
241 | return 1; | |
388ff0b0 DSH |
242 | } |
243 | ||
244 | /* Check extension string for generic extension and return the type */ | |
6b691a5c | 245 | static int v3_check_generic(char **value) |
388ff0b0 | 246 | { |
0f113f3e MC |
247 | int gen_type = 0; |
248 | char *p = *value; | |
86885c28 | 249 | if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { |
0f113f3e MC |
250 | p += 4; |
251 | gen_type = 1; | |
86885c28 | 252 | } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { |
0f113f3e MC |
253 | p += 5; |
254 | gen_type = 2; | |
255 | } else | |
256 | return 0; | |
257 | ||
258 | while (isspace((unsigned char)*p)) | |
259 | p++; | |
260 | *value = p; | |
261 | return gen_type; | |
388ff0b0 DSH |
262 | } |
263 | ||
c79b16e1 | 264 | /* Create a generic extension: for now just handle DER type */ |
6b691a5c | 265 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, |
0f113f3e MC |
266 | int crit, int gen_type, |
267 | X509V3_CTX *ctx) | |
268 | { | |
269 | unsigned char *ext_der = NULL; | |
4c9b0a03 | 270 | long ext_len = 0; |
0f113f3e MC |
271 | ASN1_OBJECT *obj = NULL; |
272 | ASN1_OCTET_STRING *oct = NULL; | |
273 | X509_EXTENSION *extension = NULL; | |
274 | if (!(obj = OBJ_txt2obj(ext, 0))) { | |
275 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION, | |
276 | X509V3_R_EXTENSION_NAME_ERROR); | |
277 | ERR_add_error_data(2, "name=", ext); | |
278 | goto err; | |
279 | } | |
280 | ||
281 | if (gen_type == 1) | |
282 | ext_der = string_to_hex(value, &ext_len); | |
283 | else if (gen_type == 2) | |
284 | ext_der = generic_asn1(value, ctx, &ext_len); | |
285 | ||
286 | if (ext_der == NULL) { | |
287 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION, | |
288 | X509V3_R_EXTENSION_VALUE_ERROR); | |
289 | ERR_add_error_data(2, "value=", value); | |
290 | goto err; | |
291 | } | |
292 | ||
f422a514 | 293 | if (!(oct = ASN1_OCTET_STRING_new())) { |
0f113f3e MC |
294 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); |
295 | goto err; | |
296 | } | |
297 | ||
298 | oct->data = ext_der; | |
299 | oct->length = ext_len; | |
300 | ext_der = NULL; | |
301 | ||
302 | extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); | |
303 | ||
304 | err: | |
305 | ASN1_OBJECT_free(obj); | |
f422a514 | 306 | ASN1_OCTET_STRING_free(oct); |
b548a1f1 | 307 | OPENSSL_free(ext_der); |
0f113f3e MC |
308 | return extension; |
309 | ||
310 | } | |
311 | ||
312 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, | |
313 | long *ext_len) | |
314 | { | |
315 | ASN1_TYPE *typ; | |
316 | unsigned char *ext_der = NULL; | |
317 | typ = ASN1_generate_v3(value, ctx); | |
318 | if (typ == NULL) | |
319 | return NULL; | |
320 | *ext_len = i2d_ASN1_TYPE(typ, &ext_der); | |
321 | ASN1_TYPE_free(typ); | |
322 | return ext_der; | |
323 | } | |
388ff0b0 | 324 | |
ebaa2cf5 | 325 | static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) |
0f113f3e MC |
326 | { |
327 | int idx; | |
328 | ASN1_OBJECT *obj; | |
329 | obj = X509_EXTENSION_get_object(dext); | |
330 | while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) { | |
331 | X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx); | |
332 | X509v3_delete_ext(sk, idx); | |
333 | X509_EXTENSION_free(tmpext); | |
334 | } | |
335 | } | |
9aeaf1b4 | 336 | |
0f113f3e MC |
337 | /* |
338 | * This is the main function: add a bunch of extensions based on a config | |
339 | * file section to an extension STACK. | |
340 | */ | |
b7a26e6d DSH |
341 | |
342 | int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, | |
0f113f3e MC |
343 | STACK_OF(X509_EXTENSION) **sk) |
344 | { | |
345 | X509_EXTENSION *ext; | |
346 | STACK_OF(CONF_VALUE) *nval; | |
347 | CONF_VALUE *val; | |
348 | int i; | |
349 | if (!(nval = NCONF_get_section(conf, section))) | |
350 | return 0; | |
351 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | |
352 | val = sk_CONF_VALUE_value(nval, i); | |
353 | if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) | |
354 | return 0; | |
355 | if (ctx->flags == X509V3_CTX_REPLACE) | |
356 | delete_ext(*sk, ext); | |
357 | if (sk) | |
358 | X509v3_add_ext(sk, ext, -1); | |
359 | X509_EXTENSION_free(ext); | |
360 | } | |
361 | return 1; | |
362 | } | |
363 | ||
364 | /* | |
365 | * Convenience functions to add extensions to a certificate, CRL and request | |
366 | */ | |
b7a26e6d DSH |
367 | |
368 | int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | |
0f113f3e MC |
369 | X509 *cert) |
370 | { | |
371 | STACK_OF(X509_EXTENSION) **sk = NULL; | |
372 | if (cert) | |
373 | sk = &cert->cert_info->extensions; | |
374 | return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | |
375 | } | |
9aeaf1b4 | 376 | |
1756d405 DSH |
377 | /* Same as above but for a CRL */ |
378 | ||
b7a26e6d | 379 | int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, |
0f113f3e MC |
380 | X509_CRL *crl) |
381 | { | |
382 | STACK_OF(X509_EXTENSION) **sk = NULL; | |
383 | if (crl) | |
384 | sk = &crl->crl->extensions; | |
385 | return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | |
386 | } | |
1756d405 | 387 | |
c79b16e1 DSH |
388 | /* Add extensions to certificate request */ |
389 | ||
b7a26e6d | 390 | int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, |
0f113f3e MC |
391 | X509_REQ *req) |
392 | { | |
393 | STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; | |
394 | int i; | |
395 | if (req) | |
396 | sk = &extlist; | |
397 | i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | |
398 | if (!i || !sk) | |
399 | return i; | |
400 | i = X509_REQ_add_extensions(req, extlist); | |
401 | sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); | |
402 | return i; | |
403 | } | |
c79b16e1 | 404 | |
1d48dd00 DSH |
405 | /* Config database functions */ |
406 | ||
0f113f3e MC |
407 | char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) |
408 | { | |
409 | if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { | |
410 | X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); | |
411 | return NULL; | |
412 | } | |
413 | if (ctx->db_meth->get_string) | |
414 | return ctx->db_meth->get_string(ctx->db, name, section); | |
415 | return NULL; | |
416 | } | |
417 | ||
418 | STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) | |
419 | { | |
420 | if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { | |
421 | X509V3err(X509V3_F_X509V3_GET_SECTION, | |
422 | X509V3_R_OPERATION_NOT_DEFINED); | |
423 | return NULL; | |
424 | } | |
425 | if (ctx->db_meth->get_section) | |
426 | return ctx->db_meth->get_section(ctx->db, section); | |
427 | return NULL; | |
428 | } | |
1d48dd00 | 429 | |
6b691a5c | 430 | void X509V3_string_free(X509V3_CTX *ctx, char *str) |
0f113f3e MC |
431 | { |
432 | if (!str) | |
433 | return; | |
434 | if (ctx->db_meth->free_string) | |
435 | ctx->db_meth->free_string(ctx->db, str); | |
436 | } | |
1d48dd00 | 437 | |
ba404b5e | 438 | void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) |
0f113f3e MC |
439 | { |
440 | if (!section) | |
441 | return; | |
442 | if (ctx->db_meth->free_section) | |
443 | ctx->db_meth->free_section(ctx->db, section); | |
444 | } | |
b7a26e6d DSH |
445 | |
446 | static char *nconf_get_string(void *db, char *section, char *value) | |
0f113f3e MC |
447 | { |
448 | return NCONF_get_string(db, section, value); | |
449 | } | |
b7a26e6d DSH |
450 | |
451 | static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) | |
0f113f3e MC |
452 | { |
453 | return NCONF_get_section(db, section); | |
454 | } | |
b7a26e6d DSH |
455 | |
456 | static X509V3_CONF_METHOD nconf_method = { | |
0f113f3e MC |
457 | nconf_get_string, |
458 | nconf_get_section, | |
459 | NULL, | |
460 | NULL | |
b7a26e6d DSH |
461 | }; |
462 | ||
463 | void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) | |
0f113f3e MC |
464 | { |
465 | ctx->db_meth = &nconf_method; | |
466 | ctx->db = conf; | |
467 | } | |
b7a26e6d DSH |
468 | |
469 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, | |
0f113f3e MC |
470 | X509_CRL *crl, int flags) |
471 | { | |
472 | ctx->issuer_cert = issuer; | |
473 | ctx->subject_cert = subj; | |
474 | ctx->crl = crl; | |
475 | ctx->subject_req = req; | |
476 | ctx->flags = flags; | |
477 | } | |
b7a26e6d DSH |
478 | |
479 | /* Old conf compatibility functions */ | |
480 | ||
3c1d6bbc | 481 | X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
0f113f3e MC |
482 | char *name, char *value) |
483 | { | |
484 | CONF ctmp; | |
485 | CONF_set_nconf(&ctmp, conf); | |
486 | return X509V3_EXT_nconf(&ctmp, ctx, name, value); | |
487 | } | |
b7a26e6d DSH |
488 | |
489 | /* LHASH *conf: Config file */ | |
490 | /* char *value: Value */ | |
0f113f3e MC |
491 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, |
492 | X509V3_CTX *ctx, int ext_nid, char *value) | |
493 | { | |
494 | CONF ctmp; | |
495 | CONF_set_nconf(&ctmp, conf); | |
496 | return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); | |
497 | } | |
1d48dd00 | 498 | |
6b691a5c | 499 | static char *conf_lhash_get_string(void *db, char *section, char *value) |
0f113f3e MC |
500 | { |
501 | return CONF_get_string(db, section, value); | |
502 | } | |
1d48dd00 | 503 | |
ba404b5e | 504 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) |
0f113f3e MC |
505 | { |
506 | return CONF_get_section(db, section); | |
507 | } | |
1d48dd00 DSH |
508 | |
509 | static X509V3_CONF_METHOD conf_lhash_method = { | |
0f113f3e MC |
510 | conf_lhash_get_string, |
511 | conf_lhash_get_section, | |
512 | NULL, | |
513 | NULL | |
1d48dd00 DSH |
514 | }; |
515 | ||
3c1d6bbc | 516 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) |
0f113f3e MC |
517 | { |
518 | ctx->db_meth = &conf_lhash_method; | |
519 | ctx->db = lhash; | |
520 | } | |
1d48dd00 | 521 | |
3c1d6bbc | 522 | int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
0f113f3e MC |
523 | char *section, X509 *cert) |
524 | { | |
525 | CONF ctmp; | |
526 | CONF_set_nconf(&ctmp, conf); | |
527 | return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); | |
528 | } | |
b7a26e6d DSH |
529 | |
530 | /* Same as above but for a CRL */ | |
531 | ||
3c1d6bbc | 532 | int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
0f113f3e MC |
533 | char *section, X509_CRL *crl) |
534 | { | |
535 | CONF ctmp; | |
536 | CONF_set_nconf(&ctmp, conf); | |
537 | return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); | |
538 | } | |
b7a26e6d DSH |
539 | |
540 | /* Add extensions to certificate request */ | |
541 | ||
3c1d6bbc | 542 | int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
0f113f3e MC |
543 | char *section, X509_REQ *req) |
544 | { | |
545 | CONF ctmp; | |
546 | CONF_set_nconf(&ctmp, conf); | |
547 | return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); | |
548 | } |