Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
ae1bb4e5
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ae1bb4e5
编写于
2月 19, 2000
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add -clrext option to 'x509'
上级
fb77c6fb
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
24 addition
and
25 deletion
+24
-25
NEWS
NEWS
+3
-2
apps/x509.c
apps/x509.c
+21
-23
未找到文件。
NEWS
浏览文件 @
ae1bb4e5
...
...
@@ -13,7 +13,7 @@
o Fixes to make s_client, s_server work under Windows
o Support for multiple fieldnames in SPKACs
o New SPKAC command line utilty and associated library functions
o Options to allow passwords to be
passed on command line or environment
o Options to allow passwords to be
obtained from various sources
o New public key PEM format and options to handle it
o Many other fixes and enhancements to command line utilities
o Usable certificate chain verification
...
...
@@ -22,10 +22,11 @@
o Support of authority information access extension
o Extensions in certificate requests
o Simplified X509 name and attribute routines
o Initial
incomplete
support for international character sets
o Initial
(incomplete)
support for international character sets
o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
o Read only memory BIOs and simplified creation function
o TLS/SSL code now "tolerates" MS SGC
o Work around for Netscape client certificate hang bug.
o RSA_NULL option that removes RSA patent code but keeps other
RSA functionality
o Memory leak detection now allows applications to add extra information
...
...
apps/x509.c
浏览文件 @
ae1bb4e5
...
...
@@ -126,17 +126,18 @@ static char *x509_usage[]={
" -md2/-md5/-sha1/-mdc2 - digest to use
\n
"
,
" -extfile - configuration file with X509V3 extensions to add
\n
"
,
" -extensions - section from config file with X509V3 extensions to add
\n
"
,
" -crlext - delete extensions before signing and input certificate
\n
"
,
NULL
};
static
int
MS_CALLBACK
callb
(
int
ok
,
X509_STORE_CTX
*
ctx
);
static
EVP_PKEY
*
load_key
(
char
*
file
,
int
format
,
char
*
passin
);
static
X509
*
load_cert
(
char
*
file
,
int
format
);
static
int
sign
(
X509
*
x
,
EVP_PKEY
*
pkey
,
int
days
,
const
EVP_MD
*
digest
,
static
int
sign
(
X509
*
x
,
EVP_PKEY
*
pkey
,
int
days
,
int
clrext
,
const
EVP_MD
*
digest
,
LHASH
*
conf
,
char
*
section
);
static
int
x509_certify
(
X509_STORE
*
ctx
,
char
*
CAfile
,
const
EVP_MD
*
digest
,
X509
*
x
,
X509
*
xca
,
EVP_PKEY
*
pkey
,
char
*
serial
,
int
create
,
int
days
,
LHASH
*
conf
,
char
*
section
);
int
create
,
int
days
,
int
clrext
,
LHASH
*
conf
,
char
*
section
);
static
int
purpose_print
(
BIO
*
bio
,
X509
*
cert
,
X509_PURPOSE
*
pt
);
static
int
reqfile
=
0
;
...
...
@@ -159,7 +160,7 @@ int MAIN(int argc, char **argv)
char
*
alias
=
NULL
;
int
text
=
0
,
serial
=
0
,
hash
=
0
,
subject
=
0
,
issuer
=
0
,
startdate
=
0
,
enddate
=
0
;
int
noout
=
0
,
sign_flag
=
0
,
CA_flag
=
0
,
CA_createserial
=
0
;
int
trustout
=
0
,
clrtrust
=
0
,
clrreject
=
0
,
aliasout
=
0
;
int
trustout
=
0
,
clrtrust
=
0
,
clrreject
=
0
,
aliasout
=
0
,
clrext
=
0
;
int
C
=
0
;
int
x509req
=
0
,
days
=
DEF_DAYS
,
modulus
=
0
,
pubkey
=
0
;
int
pprint
=
0
;
...
...
@@ -364,6 +365,8 @@ int MAIN(int argc, char **argv)
aliasout
=
++
num
;
else
if
(
strcmp
(
*
argv
,
"-CAcreateserial"
)
==
0
)
CA_createserial
=
++
num
;
else
if
(
strcmp
(
*
argv
,
"-crlext"
)
==
0
)
clrext
=
1
;
else
if
((
md_alg
=
EVP_get_digestbyname
(
*
argv
+
1
)))
{
/* ok */
...
...
@@ -764,7 +767,7 @@ bad:
#endif
assert
(
need_rand
);
if
(
!
sign
(
x
,
Upkey
,
days
,
digest
,
if
(
!
sign
(
x
,
Upkey
,
days
,
clrext
,
digest
,
extconf
,
extsect
))
goto
end
;
}
else
if
(
CA_flag
==
i
)
...
...
@@ -782,7 +785,7 @@ bad:
assert
(
need_rand
);
if
(
!
x509_certify
(
ctx
,
CAfile
,
digest
,
x
,
xca
,
CApkey
,
CAserial
,
CA_createserial
,
days
,
CApkey
,
CAserial
,
CA_createserial
,
days
,
clrext
,
extconf
,
extsect
))
goto
end
;
}
...
...
@@ -881,7 +884,7 @@ end:
static
int
x509_certify
(
X509_STORE
*
ctx
,
char
*
CAfile
,
const
EVP_MD
*
digest
,
X509
*
x
,
X509
*
xca
,
EVP_PKEY
*
pkey
,
char
*
serialfile
,
int
create
,
int
days
,
LHASH
*
conf
,
char
*
section
)
int
days
,
int
clrext
,
LHASH
*
conf
,
char
*
section
)
{
int
ret
=
0
;
BIO
*
io
=
NULL
;
...
...
@@ -897,7 +900,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
EVP_PKEY_free
(
upkey
);
X509_STORE_CTX_init
(
&
xsc
,
ctx
,
x
,
NULL
);
buf
=
(
char
*
)
Malloc
(
EVP_PKEY_size
(
pkey
)
*
2
+
buf
=
Malloc
(
EVP_PKEY_size
(
pkey
)
*
2
+
((
serialfile
==
NULL
)
?
(
strlen
(
CAfile
)
+
strlen
(
POSTFIX
)
+
1
)
:
(
strlen
(
serialfile
)))
+
1
);
...
...
@@ -1002,6 +1005,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
if
(
X509_gmtime_adj
(
X509_get_notAfter
(
x
),(
long
)
60
*
60
*
24
*
days
)
==
NULL
)
goto
end
;
if
(
clrext
)
{
while
(
X509_get_ext_count
(
x
)
>
0
)
X509_delete_ext
(
x
,
0
);
}
if
(
conf
)
{
X509V3_CTX
ctx2
;
X509_set_version
(
x
,
2
);
/* version 3 certificate */
...
...
@@ -1077,23 +1084,11 @@ static EVP_PKEY *load_key(char *file, int format, char *passin)
perror
(
file
);
goto
end
;
}
#ifndef NO_RSA
if
(
format
==
FORMAT_ASN1
)
if
(
format
==
FORMAT_ASN1
)
{
RSA
*
rsa
;
rsa
=
d2i_RSAPrivateKey_bio
(
key
,
NULL
);
if
(
rsa
!=
NULL
)
{
if
((
pkey
=
EVP_PKEY_new
())
!=
NULL
)
EVP_PKEY_assign_RSA
(
pkey
,
rsa
);
else
RSA_free
(
rsa
);
}
pkey
=
d2i_PrivateKey_bio
(
key
,
NULL
);
}
else
#endif
if
(
format
==
FORMAT_PEM
)
else
if
(
format
==
FORMAT_PEM
)
{
pkey
=
PEM_read_bio_PrivateKey
(
key
,
NULL
,
NULL
,
passin
);
}
...
...
@@ -1196,7 +1191,7 @@ end:
}
/* self sign */
static
int
sign
(
X509
*
x
,
EVP_PKEY
*
pkey
,
int
days
,
const
EVP_MD
*
digest
,
static
int
sign
(
X509
*
x
,
EVP_PKEY
*
pkey
,
int
days
,
int
clrext
,
const
EVP_MD
*
digest
,
LHASH
*
conf
,
char
*
section
)
{
...
...
@@ -1218,6 +1213,9 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest,
goto
err
;
if
(
!
X509_set_pubkey
(
x
,
pkey
))
goto
err
;
if
(
clrext
)
{
while
(
X509_get_ext_count
(
x
)
>
0
)
X509_delete_ext
(
x
,
0
);
}
if
(
conf
)
{
X509V3_CTX
ctx
;
X509_set_version
(
x
,
2
);
/* version 3 certificate */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录