v3_conf.c 14.9 KB
Newer Older
1
/* v3_conf.c */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 4 5
 * project 1999.
 */
/* ====================================================================
D
 
Dr. Stephen Henson 已提交
6
 * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
58
/* extension creation utilities */
59

60 61 62


#include <stdio.h>
63
#include <ctype.h>
64
#include "cryptlib.h"
65 66 67
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
68

69 70
static int v3_check_critical(char **value);
static int v3_check_generic(char **value);
D
 
Dr. Stephen Henson 已提交
71
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
D
 
Dr. Stephen Henson 已提交
72
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
73
static char *conf_lhash_get_string(void *db, char *section, char *value);
74
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75 76
static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
				  int crit, void *ext_struc);
D
 
Dr. Stephen Henson 已提交
77
static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
D
 
Dr. Stephen Henson 已提交
78
/* CONF *conf:  Config file    */
U
Ulf Möller 已提交
79 80
/* char *name:  Name    */
/* char *value:  Value    */
D
 
Dr. Stephen Henson 已提交
81
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
B
Ben Laurie 已提交
82
				 char *value)
D
 
Dr. Stephen Henson 已提交
83
	{
84 85
	int crit;
	int ext_type;
86
	X509_EXTENSION *ret;
87
	crit = v3_check_critical(&value);
D
 
Dr. Stephen Henson 已提交
88
	if ((ext_type = v3_check_generic(&value))) 
D
 
Dr. Stephen Henson 已提交
89
		return v3_generic_extension(name, value, crit, ext_type, ctx);
D
 
Dr. Stephen Henson 已提交
90 91 92
	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
	if (!ret)
		{
B
Bodo Möller 已提交
93
		X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION);
94
		ERR_add_error_data(4,"name=", name, ", value=", value);
D
 
Dr. Stephen Henson 已提交
95
		}
96
	return ret;
D
 
Dr. Stephen Henson 已提交
97
	}
98

D
 
Dr. Stephen Henson 已提交
99
/* CONF *conf:  Config file    */
U
Ulf Möller 已提交
100
/* char *value:  Value    */
D
 
Dr. Stephen Henson 已提交
101
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
B
Ben Laurie 已提交
102
				     char *value)
D
 
Dr. Stephen Henson 已提交
103
	{
104 105 106
	int crit;
	int ext_type;
	crit = v3_check_critical(&value);
D
 
Dr. Stephen Henson 已提交
107
	if ((ext_type = v3_check_generic(&value))) 
108
		return v3_generic_extension(OBJ_nid2sn(ext_nid),
D
 
Dr. Stephen Henson 已提交
109
						 value, crit, ext_type, ctx);
D
 
Dr. Stephen Henson 已提交
110 111
	return do_ext_nconf(conf, ctx, ext_nid, crit, value);
	}
112

D
 
Dr. Stephen Henson 已提交
113
/* CONF *conf:  Config file    */
U
Ulf Möller 已提交
114
/* char *value:  Value    */
D
 
Dr. Stephen Henson 已提交
115
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
B
Ben Laurie 已提交
116
				    int crit, char *value)
D
 
Dr. Stephen Henson 已提交
117
	{
118
	const X509V3_EXT_METHOD *method;
119
	X509_EXTENSION *ext;
120
	STACK_OF(CONF_VALUE) *nval;
121
	void *ext_struc;
D
 
Dr. Stephen Henson 已提交
122 123
	if (ext_nid == NID_undef)
		{
B
Bodo Möller 已提交
124
		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
125
		return NULL;
D
 
Dr. Stephen Henson 已提交
126 127 128
		}
	if (!(method = X509V3_EXT_get_nid(ext_nid)))
		{
B
Bodo Möller 已提交
129
		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
130
		return NULL;
D
 
Dr. Stephen Henson 已提交
131
		}
132
	/* Now get internal extension representation based on type */
D
 
Dr. Stephen Henson 已提交
133 134 135
	if (method->v2i)
		{
		if(*value == '@') nval = NCONF_get_section(conf, value + 1);
136
		else nval = X509V3_parse_list(value);
137
		if(sk_CONF_VALUE_num(nval) <= 0)
D
 
Dr. Stephen Henson 已提交
138
			{
B
Bodo Möller 已提交
139
			X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING);
140 141
			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
			return NULL;
D
 
Dr. Stephen Henson 已提交
142
			}
143
		ext_struc = method->v2i(method, ctx, nval);
144 145
		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
							 X509V3_conf_free);
146
		if(!ext_struc) return NULL;
D
 
Dr. Stephen Henson 已提交
147 148 149
		}
	else if(method->s2i)
		{
150
		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
D
 
Dr. Stephen Henson 已提交
151 152 153
		}
	else if(method->r2i)
		{
154
		if(!ctx->db || !ctx->db_meth)
D
 
Dr. Stephen Henson 已提交
155
			{
B
Bodo Möller 已提交
156
			X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE);
157
			return NULL;
D
 
Dr. Stephen Henson 已提交
158
			}
159
		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
D
 
Dr. Stephen Henson 已提交
160 161 162
		}
	else
		{
B
Bodo Möller 已提交
163
		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
164 165
		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
		return NULL;
D
 
Dr. Stephen Henson 已提交
166
		}
167

168
	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
169
	if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
D
 
Dr. Stephen Henson 已提交
170
	else method->ext_free(ext_struc);
171 172
	return ext;

D
 
Dr. Stephen Henson 已提交
173
	}
174

175
static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
B
Ben Laurie 已提交
176
				  int crit, void *ext_struc)
D
 
Dr. Stephen Henson 已提交
177
	{
D
 
Dr. Stephen Henson 已提交
178
	unsigned char *ext_der;
179 180 181 182
	int ext_len;
	ASN1_OCTET_STRING *ext_oct;
	X509_EXTENSION *ext;
	/* Convert internal representation to DER */
D
 
Dr. Stephen Henson 已提交
183 184
	if (method->it)
		{
185
		ext_der = NULL;
186
		ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
D
 
Dr. Stephen Henson 已提交
187 188 189 190
		if (ext_len < 0) goto merr;
		}
	 else
		{
D
 
Dr. Stephen Henson 已提交
191 192 193 194 195
		unsigned char *p;
		ext_len = method->i2d(ext_struc, NULL);
		if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
		p = ext_der;
		method->i2d(ext_struc, &p);
D
 
Dr. Stephen Henson 已提交
196 197
		}
	if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
198 199
	ext_oct->data = ext_der;
	ext_oct->length = ext_len;
D
 
Dr. Stephen Henson 已提交
200

201
	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
D
 
Dr. Stephen Henson 已提交
202
	if (!ext) goto merr;
203
	M_ASN1_OCTET_STRING_free(ext_oct);
204 205 206

	return ext;

207 208 209 210
	merr:
	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
	return NULL;

D
 
Dr. Stephen Henson 已提交
211
	}
212 213 214 215

/* Given an internal structure, nid and critical flag create an extension */

X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
D
 
Dr. Stephen Henson 已提交
216
	{
217
	const X509V3_EXT_METHOD *method;
D
 
Dr. Stephen Henson 已提交
218
	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
219 220 221 222
		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
		return NULL;
	}
	return do_ext_i2d(method, ext_nid, crit, ext_struc);
223 224
}

225
/* Check the extension string for critical flag */
U
Ulf Möller 已提交
226
static int v3_check_critical(char **value)
227 228
{
	char *p = *value;
D
 
Dr. Stephen Henson 已提交
229
	if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
230
	p+=9;
231
	while(isspace((unsigned char)*p)) p++;
232 233 234 235 236
	*value = p;
	return 1;
}

/* Check extension string for generic extension and return the type */
U
Ulf Möller 已提交
237
static int v3_check_generic(char **value)
238
{
D
 
Dr. Stephen Henson 已提交
239
	int gen_type = 0;
240
	char *p = *value;
D
Dr. Stephen Henson 已提交
241
	if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4))
D
 
Dr. Stephen Henson 已提交
242 243 244 245
		{
		p+=4;
		gen_type = 1;
		}
D
Dr. Stephen Henson 已提交
246
	else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5))
D
 
Dr. Stephen Henson 已提交
247 248 249 250 251 252 253
		{
		p+=5;
		gen_type = 2;
		}
	else
		return 0;

D
 
Dr. Stephen Henson 已提交
254
	while (isspace((unsigned char)*p)) p++;
255
	*value = p;
D
 
Dr. Stephen Henson 已提交
256
	return gen_type;
257 258
}

259
/* Create a generic extension: for now just handle DER type */
U
Ulf Möller 已提交
260
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
B
Ben Laurie 已提交
261 262
					    int crit, int gen_type,
					    X509V3_CTX *ctx)
D
 
Dr. Stephen Henson 已提交
263 264 265 266 267 268 269 270 271 272 273 274
	{
	unsigned char *ext_der=NULL;
	long ext_len;
	ASN1_OBJECT *obj=NULL;
	ASN1_OCTET_STRING *oct=NULL;
	X509_EXTENSION *extension=NULL;
	if (!(obj = OBJ_txt2obj(ext, 0)))
		{
		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
		ERR_add_error_data(2, "name=", ext);
		goto err;
		}
275

D
 
Dr. Stephen Henson 已提交
276 277 278 279 280 281
	if (gen_type == 1)
		ext_der = string_to_hex(value, &ext_len);
	else if (gen_type == 2)
		ext_der = generic_asn1(value, ctx, &ext_len);

	if (ext_der == NULL)
D
 
Dr. Stephen Henson 已提交
282 283 284 285 286
		{
		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
		ERR_add_error_data(2, "value=", value);
		goto err;
		}
287

D
 
Dr. Stephen Henson 已提交
288 289 290 291 292
	if (!(oct = M_ASN1_OCTET_STRING_new()))
		{
		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
		goto err;
		}
293

D
 
Dr. Stephen Henson 已提交
294 295 296
	oct->data = ext_der;
	oct->length = ext_len;
	ext_der = NULL;
297

D
 
Dr. Stephen Henson 已提交
298
	extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
299

D
 
Dr. Stephen Henson 已提交
300 301 302 303 304 305 306
	err:
	ASN1_OBJECT_free(obj);
	M_ASN1_OCTET_STRING_free(oct);
	if(ext_der) OPENSSL_free(ext_der);
	return extension;

	}
307

D
 
Dr. Stephen Henson 已提交
308 309 310 311 312 313 314 315 316 317 318
static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
	{
	ASN1_TYPE *typ;
	unsigned char *ext_der = NULL;
	typ = ASN1_generate_v3(value, ctx);
	if (typ == NULL)
		return NULL;
	*ext_len = i2d_ASN1_TYPE(typ, &ext_der);
	ASN1_TYPE_free(typ);
	return ext_der;
	}
319

D
Dr. Stephen Henson 已提交
320 321 322 323 324 325 326 327 328 329 330 331 332
static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
	{
	int idx;
	ASN1_OBJECT *obj;
	obj = X509_EXTENSION_get_object(dext);
	while ((idx = X509_EXTENSION_get_by_OBJ(sk, obj, -1)) >= 0)
		{
		X509_EXTENSION *tmpext= X509_get_ext(sk, idx);
		X509_del_ext(sk, idx);
		X509_EXTENSION_free(tmpext);
		}
	}

333
/* This is the main function: add a bunch of extensions based on a config file
D
 
Dr. Stephen Henson 已提交
334
 * section to an extension STACK.
335 336
 */

D
 
Dr. Stephen Henson 已提交
337 338

int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
B
Ben Laurie 已提交
339
			    STACK_OF(X509_EXTENSION) **sk)
D
 
Dr. Stephen Henson 已提交
340
	{
341
	X509_EXTENSION *ext;
342
	STACK_OF(CONF_VALUE) *nval;
343 344
	CONF_VALUE *val;	
	int i;
D
 
Dr. Stephen Henson 已提交
345 346 347
	if (!(nval = NCONF_get_section(conf, section))) return 0;
	for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
		{
348
		val = sk_CONF_VALUE_value(nval, i);
D
 
Dr. Stephen Henson 已提交
349
		if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
350
								return 0;
D
Dr. Stephen Henson 已提交
351 352
		if (ctx->flags == X509V3_CTX_FLAG_REPLACE)	
			delete_ext(*sk, ext);
D
 
Dr. Stephen Henson 已提交
353
		if (sk) X509v3_add_ext(sk, ext, -1);
354
		X509_EXTENSION_free(ext);
D
 
Dr. Stephen Henson 已提交
355
		}
356
	return 1;
D
 
Dr. Stephen Henson 已提交
357 358 359 360 361
	}

/* Convenience functions to add extensions to a certificate, CRL and request */

int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
B
Ben Laurie 已提交
362
			 X509 *cert)
D
 
Dr. Stephen Henson 已提交
363 364 365 366 367 368
	{
	STACK_OF(X509_EXTENSION) **sk = NULL;
	if (cert)
		sk = &cert->cert_info->extensions;
	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
	}
369

370 371
/* Same as above but for a CRL */

D
 
Dr. Stephen Henson 已提交
372
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
B
Ben Laurie 已提交
373
			     X509_CRL *crl)
D
 
Dr. Stephen Henson 已提交
374 375 376 377 378
	{
	STACK_OF(X509_EXTENSION) **sk = NULL;
	if (crl)
		sk = &crl->crl->extensions;
	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
379 380
	}

381 382
/* Add extensions to certificate request */

D
 
Dr. Stephen Henson 已提交
383
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
384
	     X509_REQ *req)
D
 
Dr. Stephen Henson 已提交
385 386
	{
	STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
387
	int i;
D
 
Dr. Stephen Henson 已提交
388 389 390 391 392 393
	if (req)
		sk = &extlist;
	i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
	if (!i || !sk)
		return i;
	i = X509_REQ_add_extensions(req, extlist);
394 395
	sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
	return i;
D
 
Dr. Stephen Henson 已提交
396
	}
397

398 399
/* Config database functions */

U
Ulf Möller 已提交
400
char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
D
 
Dr. Stephen Henson 已提交
401
	{
402 403 404 405 406
	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)
		{
		X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);
		return NULL;
		}
D
 
Dr. Stephen Henson 已提交
407
	if (ctx->db_meth->get_string)
408 409
			return ctx->db_meth->get_string(ctx->db, name, section);
	return NULL;
D
 
Dr. Stephen Henson 已提交
410
	}
411

412
STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
D
 
Dr. Stephen Henson 已提交
413
	{
414 415 416 417 418
	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)
		{
		X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);
		return NULL;
		}
D
 
Dr. Stephen Henson 已提交
419
	if (ctx->db_meth->get_section)
420 421
			return ctx->db_meth->get_section(ctx->db, section);
	return NULL;
D
 
Dr. Stephen Henson 已提交
422
	}
423

U
Ulf Möller 已提交
424
void X509V3_string_free(X509V3_CTX *ctx, char *str)
D
 
Dr. Stephen Henson 已提交
425 426 427
	{
	if (!str) return;
	if (ctx->db_meth->free_string)
428
			ctx->db_meth->free_string(ctx->db, str);
D
 
Dr. Stephen Henson 已提交
429
	}
430

431
void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
D
 
Dr. Stephen Henson 已提交
432 433 434
	{
	if (!section) return;
	if (ctx->db_meth->free_section)
435
			ctx->db_meth->free_section(ctx->db, section);
D
 
Dr. Stephen Henson 已提交
436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461
	}

static char *nconf_get_string(void *db, char *section, char *value)
	{
	return NCONF_get_string(db, section, value);
	}

static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
	{
	return NCONF_get_section(db, section);
	}

static X509V3_CONF_METHOD nconf_method = {
nconf_get_string,
nconf_get_section,
NULL,
NULL
};

void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
	{
	ctx->db_meth = &nconf_method;
	ctx->db = conf;
	}

void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
B
Ben Laurie 已提交
462
		    X509_CRL *crl, int flags)
D
 
Dr. Stephen Henson 已提交
463 464 465 466 467 468 469 470 471 472
	{
	ctx->issuer_cert = issuer;
	ctx->subject_cert = subj;
	ctx->crl = crl;
	ctx->subject_req = req;
	ctx->flags = flags;
	}

/* Old conf compatibility functions */

B
Ben Laurie 已提交
473 474
X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
				char *name, char *value)
D
 
Dr. Stephen Henson 已提交
475 476 477 478 479 480 481 482
	{
	CONF ctmp;
	CONF_set_nconf(&ctmp, conf);
	return X509V3_EXT_nconf(&ctmp, ctx, name, value);
	}

/* LHASH *conf:  Config file    */
/* char *value:  Value    */
B
Ben Laurie 已提交
483 484
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
				    int ext_nid, char *value)
D
 
Dr. Stephen Henson 已提交
485 486 487 488 489
	{
	CONF ctmp;
	CONF_set_nconf(&ctmp, conf);
	return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
	}
490

U
Ulf Möller 已提交
491
static char *conf_lhash_get_string(void *db, char *section, char *value)
D
 
Dr. Stephen Henson 已提交
492
	{
493
	return CONF_get_string(db, section, value);
D
 
Dr. Stephen Henson 已提交
494
	}
495

496
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
D
 
Dr. Stephen Henson 已提交
497
	{
498
	return CONF_get_section(db, section);
D
 
Dr. Stephen Henson 已提交
499
	}
500 501 502 503 504 505 506 507

static X509V3_CONF_METHOD conf_lhash_method = {
conf_lhash_get_string,
conf_lhash_get_section,
NULL,
NULL
};

B
Ben Laurie 已提交
508
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
D
 
Dr. Stephen Henson 已提交
509
	{
510 511
	ctx->db_meth = &conf_lhash_method;
	ctx->db = lhash;
D
 
Dr. Stephen Henson 已提交
512
	}
513

B
Ben Laurie 已提交
514 515
int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
			char *section, X509 *cert)
D
 
Dr. Stephen Henson 已提交
516 517 518 519 520 521 522 523
	{
	CONF ctmp;
	CONF_set_nconf(&ctmp, conf);
	return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
	}

/* Same as above but for a CRL */

B
Ben Laurie 已提交
524 525
int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
			    char *section, X509_CRL *crl)
D
 
Dr. Stephen Henson 已提交
526 527 528 529 530 531 532 533
	{
	CONF ctmp;
	CONF_set_nconf(&ctmp, conf);
	return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
	}

/* Add extensions to certificate request */

B
Ben Laurie 已提交
534 535
int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
			    char *section, X509_REQ *req)
D
 
Dr. Stephen Henson 已提交
536 537 538 539 540
	{
	CONF ctmp;
	CONF_set_nconf(&ctmp, conf);
	return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
	}