Support for dirName from config files in GeneralName extensions.

CHANGES

@@ -4,6 +4,10 @@
 
  Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]
 
+  *) Support for directoryName in GeneralName related extensions
+     in config files.
+     [Steve Henson]
+
   *) Make it possible to link applications using Makefile.shared.
      Make that possible even when linking against static libraries!
      [Richard Levitte]

crypto/x509v3/v3_alt.c

@@ -66,6 +66,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
 
 X509V3_EXT_METHOD v3_alt[] = {
 { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
@@ -452,6 +453,13 @@ if(!name_cmp(name, "email")) {
 		goto err;
 		}
 	type = GEN_IPADD;
+} else if(!name_cmp(name, "dirName")) {
+	type = GEN_DIRNAME;
+	if (!do_dirname(gen, value, ctx))
+		{
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR);
+		goto err;
+		}
 } else if(!name_cmp(name, "otherName")) {
 	if (!do_othername(gen, value, ctx))
 		{
@@ -507,3 +515,27 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
 		return 0;
 	return 1;
 	}
+
+static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+	{
+	int ret;
+	STACK_OF(CONF_VALUE) *sk;
+	X509_NAME *nm;
+	if (!(nm = X509_NAME_new()))
+		return 0;
+	sk = X509V3_get_section(ctx, value);
+	if (!sk)
+		{
+		X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
+		ERR_add_error_data(2, "section=", value);
+		X509_NAME_free(nm);
+		return 0;
+		}
+	/* FIXME: should allow other character types... */
+	ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
+	if (!ret)
+		X509_NAME_free(nm);
+	gen->d.dirn = nm;
+		
+	return ret;
+	}

crypto/x509v3/v3_conf.c

@@ -151,7 +151,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 		}
 	else if(method->r2i)
 		{
-		if(!ctx->db)
+		if(!ctx->db || !ctx->db_meth)
 			{
 			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
 			return NULL;
@@ -383,6 +383,11 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
 	{
+	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)
+		{
+		X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);
+		return NULL;
+		}
 	if (ctx->db_meth->get_string)
 			return ctx->db_meth->get_string(ctx->db, name, section);
 	return NULL;
@@ -390,6 +395,11 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
 
 STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
 	{
+	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)
+		{
+		X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);
+		return NULL;
+		}
 	if (ctx->db_meth->get_section)
 			return ctx->db_meth->get_section(ctx->db, section);
 	return NULL;

crypto/x509v3/v3_utl.c

@@ -740,3 +740,38 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen)
 	return 1;
 	}
 
+
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
+						unsigned long chtype)
+	{
+	CONF_VALUE *v;
+	int i;
+	char *p, *type;
+	if (!nm)
+		return 0;
+
+	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
+		{
+		v=sk_CONF_VALUE_value(dn_sk,i);
+		type=v->name;
+		/* Skip past any leading X. X: X, etc to allow for
+		 * multiple instances 
+		 */
+		for(p = type; *p ; p++) 
+#ifndef CHARSET_EBCDIC
+			if ((*p == ':') || (*p == ',') || (*p == '.'))
+#else
+			if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))
+#endif
+				{
+				p++;
+				if(*p) type = p;
+				break;
+				}
+		if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
+				(unsigned char *) v->value,-1,-1,0))
+					return 0;
+
+		}
+	return 1;
+	}

crypto/x509v3/v3err.c

 /* crypto/x509v3/v3err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -68,6 +68,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 	{
 {ERR_PACK(0,X509V3_F_COPY_EMAIL,0),	"COPY_EMAIL"},
 {ERR_PACK(0,X509V3_F_COPY_ISSUER,0),	"COPY_ISSUER"},
+{ERR_PACK(0,X509V3_F_DO_DIRNAME,0),	"DO_DIRNAME"},
 {ERR_PACK(0,X509V3_F_DO_EXT_CONF,0),	"DO_EXT_CONF"},
 {ERR_PACK(0,X509V3_F_DO_EXT_I2D,0),	"DO_EXT_I2D"},
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),	"hex_to_string"},
@@ -104,6 +105,8 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),	"X509V3_EXT_add_alias"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),	"X509V3_EXT_conf"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0),	"X509V3_EXT_i2d"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_SECTION,0),	"X509V3_get_section"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_STRING,0),	"X509V3_get_string"},
 {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0),	"X509V3_get_value_bool"},
 {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),	"X509V3_parse_list"},
 {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0),	"X509_PURPOSE_add"},
@@ -117,6 +120,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_BAD_OBJECT                     ,"bad object"},
 {X509V3_R_BN_DEC2BN_ERROR                ,"bn dec2bn error"},
 {X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
+{X509V3_R_DIRNAME_ERROR                  ,"dirname error"},
 {X509V3_R_DUPLICATE_ZONE_ID              ,"duplicate zone id"},
 {X509V3_R_ERROR_CONVERTING_ZONE          ,"error converting zone"},
 {X509V3_R_ERROR_CREATING_EXTENSION       ,"error creating extension"},
@@ -152,7 +156,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_NO_PUBLIC_KEY                  ,"no public key"},
 {X509V3_R_NO_SUBJECT_DETAILS             ,"no subject details"},
 {X509V3_R_ODD_NUMBER_OF_DIGITS           ,"odd number of digits"},
+{X509V3_R_OPERATION_NOT_DEFINED          ,"operation not defined"},
 {X509V3_R_OTHERNAME_ERROR                ,"othername error"},
+{X509V3_R_SECTION_NOT_FOUND              ,"section not found"},
 {X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS   ,"unable to get issuer details"},
 {X509V3_R_UNABLE_TO_GET_ISSUER_KEYID     ,"unable to get issuer keyid"},
 {X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT    ,"unknown bit string argument"},

crypto/x509v3/x509v3.h

@@ -548,6 +548,8 @@ STACK *X509_REQ_get1_email(X509_REQ *x);
 void X509_email_free(STACK *sk);
 
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
+						unsigned long chtype);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -560,6 +562,7 @@ void ERR_load_X509V3_strings(void);
 /* Function codes. */
 #define X509V3_F_COPY_EMAIL				 122
 #define X509V3_F_COPY_ISSUER				 123
+#define X509V3_F_DO_DIRNAME				 144
 #define X509V3_F_DO_EXT_CONF				 124
 #define X509V3_F_DO_EXT_I2D				 135
 #define X509V3_F_HEX_TO_STRING				 111
@@ -596,6 +599,8 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
 #define X509V3_F_X509V3_EXT_CONF			 107
 #define X509V3_F_X509V3_EXT_I2D				 136
+#define X509V3_F_X509V3_GET_SECTION			 142
+#define X509V3_F_X509V3_GET_STRING			 143
 #define X509V3_F_X509V3_GET_VALUE_BOOL			 110
 #define X509V3_F_X509V3_PARSE_LIST			 109
 #define X509V3_F_X509_PURPOSE_ADD			 137
@@ -606,6 +611,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_BAD_OBJECT				 119
 #define X509V3_R_BN_DEC2BN_ERROR			 100
 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
+#define X509V3_R_DIRNAME_ERROR				 149
 #define X509V3_R_DUPLICATE_ZONE_ID			 133
 #define X509V3_R_ERROR_CONVERTING_ZONE			 131
 #define X509V3_R_ERROR_CREATING_EXTENSION		 144
@@ -641,7 +647,9 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_NO_PUBLIC_KEY				 114
 #define X509V3_R_NO_SUBJECT_DETAILS			 125
 #define X509V3_R_ODD_NUMBER_OF_DIGITS			 112
+#define X509V3_R_OPERATION_NOT_DEFINED			 148
 #define X509V3_R_OTHERNAME_ERROR			 147
+#define X509V3_R_SECTION_NOT_FOUND			 150
 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122
 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123
 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111