diff --git a/CHANGES b/CHANGES index 9d1ba42e91b24e2ece56681c0c24a47501dd51de..36a393c4b293e6d757feb22b7c98ad83e4f82f71 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7 and 0.9.8 [xx XXX 2002] + *) Make -nameopt work fully for req and add -reqopt switch. + [Michael Bell , Steve Henson] + *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt. As these are not official, they are not included in "ALL"; the "ECCdraft" ciphersuite group alias can be used to select them. diff --git a/apps/apps.c b/apps/apps.c index 6f64e6313f632964f9a49b440326442db79f97c7..1a24b1c596308be59ca5dabf13d4da3d57f2804c 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1088,6 +1088,7 @@ int set_cert_ex(unsigned long *flags, const char *arg) { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, { "no_aux", X509_FLAG_NO_AUX, 0}, + { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, diff --git a/apps/req.c b/apps/req.c index 1105e59e67755b6191f12e6ba2b257ebbb0ca95c..c4bec05436a91a15026f2e92b6ad0b1b383ff56e 100644 --- a/apps/req.c +++ b/apps/req.c @@ -155,7 +155,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ECDSA EC_KEY *ec_params = NULL; #endif - unsigned long nmflag = 0; + unsigned long nmflag = 0, reqflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; @@ -408,6 +408,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad; } + else if (strcmp(*argv,"-reqopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_cert_ex(&reqflag, *(++argv))) goto bad; + } else if (strcmp(*argv,"-subject") == 0) subject=1; else if (strcmp(*argv,"-text") == 0) @@ -503,7 +508,8 @@ bad: BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); - BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); goto end; } @@ -1051,9 +1057,9 @@ loop: if (text) { if (x509) - X509_print(out,x509ss); + X509_print_ex(out, x509ss, nmflag, reqflag); else - X509_REQ_print(out,req); + X509_REQ_print_ex(out, req, nmflag, reqflag); } if(subject) diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 7cf09a4646250bd8e75021aaefa2ad3fba1ba9fd..7ebb39b2160a3794a7932a5bcda4f4d3b25776a2 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -82,7 +82,7 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x) } #endif -int X509_REQ_print(BIO *bp, X509_REQ *x) +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag) { unsigned long l; int i; @@ -92,152 +92,193 @@ int X509_REQ_print(BIO *bp, X509_REQ *x) STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_EXTENSION) *exts; char str[128]; + char mlch = ' '; + int nmindent = 0; + + if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; + nmindent = 12; + } + + if(nmflags == X509_FLAG_COMPAT) + nmindent = 16; + ri=x->req_info; - sprintf(str,"Certificate Request:\n"); - if (BIO_puts(bp,str) <= 0) goto err; - sprintf(str,"%4sData:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; - - neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":""; - l=0; - for (i=0; iversion->length; i++) - { l<<=8; l+=ri->version->data[i]; } - sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l); - if (BIO_puts(bp,str) <= 0) goto err; - sprintf(str,"%8sSubject: ",""); - if (BIO_puts(bp,str) <= 0) goto err; - - X509_NAME_print(bp,ri->subject,16); - sprintf(str,"\n%8sSubject Public Key Info:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; - i=OBJ_obj2nid(ri->pubkey->algor->algorithm); - sprintf(str,"%12sPublic Key Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); - if (BIO_puts(bp,str) <= 0) goto err; - - pkey=X509_REQ_get_pubkey(x); -#ifndef OPENSSL_NO_RSA - if (pkey != NULL && pkey->type == EVP_PKEY_RSA) + if(!(cflag & X509_FLAG_NO_HEADER)) { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); + if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err; + if (BIO_write(bp," Data:\n",10) <= 0) goto err; } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey != NULL && pkey->type == EVP_PKEY_DSA) + if(!(cflag & X509_FLAG_NO_VERSION)) { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); + neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":""; + l=0; + for (i=0; iversion->length; i++) + { l<<=8; l+=ri->version->data[i]; } + sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l); + if (BIO_puts(bp,str) <= 0) goto err; } - else + if(!(cflag & X509_FLAG_NO_SUBJECT)) + { + if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; + if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; + } + if(!(cflag & X509_FLAG_NO_PUBKEY)) + { + if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) + goto err; + if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) + goto err; + if (BIO_puts(bp, "\n") <= 0) + goto err; + + pkey=X509_REQ_get_pubkey(x); + if (pkey == NULL) + { + BIO_printf(bp,"%12sUnable to load Public Key\n",""); + ERR_print_errors(bp); + } + else +#ifndef OPENSSL_NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", + BN_num_bits(pkey->pkey.rsa->n)); + RSA_print(bp,pkey->pkey.rsa,16); + } + else +#endif +#ifndef OPENSSL_NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + BIO_printf(bp,"%12sDSA Public Key:\n",""); + DSA_print(bp,pkey->pkey.dsa,16); + } + else #endif #ifndef OPENSSL_NO_EC - if (pkey != NULL && pkey->type == EVP_PKEY_EC) + if (pkey->type == EVP_PKEY_EC) { BIO_printf(bp, "%12sEC Public Key: \n",""); EC_KEY_print(bp, pkey->pkey.eckey, 16); } else #endif + BIO_printf(bp,"%12sUnknown Public Key:\n",""); - BIO_printf(bp,"%12sUnknown Public Key:\n",""); - - if (pkey != NULL) - EVP_PKEY_free(pkey); - - /* may not be */ - sprintf(str,"%8sAttributes:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; + EVP_PKEY_free(pkey); + } - sk=x->req_info->attributes; - if (sk_X509_ATTRIBUTE_num(sk) == 0) + if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) { - sprintf(str,"%12sa0:00\n",""); + /* may not be */ + sprintf(str,"%8sAttributes:\n",""); if (BIO_puts(bp,str) <= 0) goto err; - } - else - { - for (i=0; ireq_info->attributes; + if (sk_X509_ATTRIBUTE_num(sk) == 0) { - ASN1_TYPE *at; - X509_ATTRIBUTE *a; - ASN1_BIT_STRING *bs=NULL; - ASN1_TYPE *t; - int j,type=0,count=1,ii=0; - - a=sk_X509_ATTRIBUTE_value(sk,i); - if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) - continue; - sprintf(str,"%12s",""); + sprintf(str,"%12sa0:00\n",""); if (BIO_puts(bp,str) <= 0) goto err; - if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) + } + else { - if (a->single) + for (i=0; ivalue.single; - type=t->type; - bs=t->value.bit_string; - } - else + ASN1_TYPE *at; + X509_ATTRIBUTE *a; + ASN1_BIT_STRING *bs=NULL; + ASN1_TYPE *t; + int j,type=0,count=1,ii=0; + + a=sk_X509_ATTRIBUTE_value(sk,i); + if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) + continue; + sprintf(str,"%12s",""); + if (BIO_puts(bp,str) <= 0) goto err; + if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) { - ii=0; - count=sk_ASN1_TYPE_num(a->value.set); + if (a->single) + { + t=a->value.single; + type=t->type; + bs=t->value.bit_string; + } + else + { + ii=0; + count=sk_ASN1_TYPE_num(a->value.set); get_next: - at=sk_ASN1_TYPE_value(a->value.set,ii); - type=at->type; - bs=at->value.asn1_string; + at=sk_ASN1_TYPE_value(a->value.set,ii); + type=at->type; + bs=at->value.asn1_string; + } + } + for (j=25-j; j>0; j--) + if (BIO_write(bp," ",1) != 1) goto err; + if (BIO_puts(bp,":") <= 0) goto err; + if ( (type == V_ASN1_PRINTABLESTRING) || + (type == V_ASN1_T61STRING) || + (type == V_ASN1_IA5STRING)) + { + if (BIO_write(bp,(char *)bs->data,bs->length) + != bs->length) + goto err; + BIO_puts(bp,"\n"); + } + else + { + BIO_puts(bp,"unable to print attribute\n"); + } + if (++ii < count) goto get_next; } } - for (j=25-j; j>0; j--) - if (BIO_write(bp," ",1) != 1) goto err; - if (BIO_puts(bp,":") <= 0) goto err; - if ( (type == V_ASN1_PRINTABLESTRING) || - (type == V_ASN1_T61STRING) || - (type == V_ASN1_IA5STRING)) + } + if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) + { + exts = X509_REQ_get_extensions(x); + if(exts) + { + BIO_printf(bp,"%8sRequested Extensions:\n",""); + for (i=0; idata,bs->length) - != bs->length) + ASN1_OBJECT *obj; + X509_EXTENSION *ex; + int j; + ex=sk_X509_EXTENSION_value(exts, i); + if (BIO_printf(bp,"%12s","") <= 0) goto err; + obj=X509_EXTENSION_get_object(ex); + i2a_ASN1_OBJECT(bp,obj); + j=X509_EXTENSION_get_critical(ex); + if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) goto err; - BIO_puts(bp,"\n"); - } - else - { - BIO_puts(bp,"unable to print attribute\n"); + if(!X509V3_EXT_print(bp, ex, 0, 16)) + { + BIO_printf(bp, "%16s", ""); + M_ASN1_OCTET_STRING_print(bp,ex->value); + } + if (BIO_write(bp,"\n",1) <= 0) goto err; } - if (++ii < count) goto get_next; + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } } - exts = X509_REQ_get_extensions(x); - if(exts) { - BIO_printf(bp,"%8sRequested Extensions:\n",""); - for (i=0; ivalue); - } - if (BIO_write(bp,"\n",1) <= 0) goto err; + if(!(cflag & X509_FLAG_NO_SIGDUMP)) + { + if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; } - sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - } - - if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; return(1); err: X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); return(0); } + +int X509_REQ_print(BIO *bp, X509_REQ *x) + { + return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); + } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 8b42b09f61a40be66d2627a4134021b9adc8c988..96d3b6988892c1cd79cb28da8f15d323ae0978fc 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -348,6 +348,7 @@ DECLARE_STACK_OF(X509_TRUST) #define X509_FLAG_NO_EXTENSIONS (1L << 8) #define X509_FLAG_NO_SIGDUMP (1L << 9) #define X509_FLAG_NO_AUX (1L << 10) +#define X509_FLAG_NO_ATTRIBUTES (1L << 11) /* Flags specific to X509_NAME_print_ex() */ @@ -1060,6 +1061,7 @@ int X509_print(BIO *bp,X509 *x); int X509_ocspid_print(BIO *bp,X509 *x); int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp,X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); int X509_REQ_print(BIO *bp,X509_REQ *req); #endif