diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-01-25 01:09:21 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-01-25 01:09:21 +0000 |
commit | f317aa4c9cb03dd680247bdcf6a22c1b799890e7 (patch) | |
tree | 8eb5c59eb4c833f0c9079d5b58782dd783ddb1e0 /apps/req.c | |
parent | d0cc3d346001c181ef1f1aab986c4a3e6bd8624f (diff) | |
download | openssl-new-f317aa4c9cb03dd680247bdcf6a22c1b799890e7.tar.gz |
More X509 V3 stuff. Add support for extensions in the 'req' application
so that: openssl req -x509 -new -out cert.pem
will take extensions from openssl.cnf a sample for a CA is included.
Also change the directory order so pem is nearer the end. Otherwise 'make links'
wont work because pem.h can't be built.
Diffstat (limited to 'apps/req.c')
-rw-r--r-- | apps/req.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/apps/req.c b/apps/req.c index f37616feff..523139ecda 100644 --- a/apps/req.c +++ b/apps/req.c @@ -71,6 +71,7 @@ #include "err.h" #include "asn1.h" #include "x509.h" +#include "x509v3.h" #include "objects.h" #include "pem.h" @@ -80,6 +81,7 @@ #define KEYFILE "default_keyfile" #define DISTINGUISHED_NAME "distinguished_name" #define ATTRIBUTES "attributes" +#define V3_EXTENSIONS "x509_extensions" #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -147,6 +149,7 @@ char **argv; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; + char *extensions = NULL; EVP_CIPHER *cipher=NULL; int modulus=0; char *p; @@ -357,6 +360,7 @@ bad: } ERR_load_crypto_strings(); + X509V3_add_standard_extensions(); #ifndef MONOLITH /* Lets load up our environment a little */ @@ -427,6 +431,8 @@ bad: digest=md_alg; } + extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) @@ -628,12 +634,11 @@ loop: if (x509) { EVP_PKEY *tmppkey; + X509V3_CTX ext_ctx; if ((x509ss=X509_new()) == NULL) goto end; - /* don't set the version number, for starters - * the field is null and second, null is v0 - * if (!ASN1_INTEGER_set(ci->version,0L)) goto end; - */ + /* Set version to V3 */ + if(!X509_set_version(x509ss, 2)) goto end; ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L); X509_set_issuer_name(x509ss, @@ -647,6 +652,16 @@ loop: X509_set_pubkey(x509ss,tmppkey); EVP_PKEY_free(tmppkey); + /* Set up V3 context struct */ + + ext_ctx.issuer_cert = x509ss; + ext_ctx.subject_cert = x509ss; + ext_ctx.subject_req = NULL; + + /* Add extensions */ + if(extensions && !X509V3_EXT_add_conf(req_conf, + &ext_ctx, extensions, x509ss)) goto end; + if (!(i=X509_sign(x509ss,pkey,digest))) goto end; } |