mirror of
https://github.com/openssl/openssl.git
synced 2024-11-21 01:15:20 +08:00
Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.
Update docs, change 'ca' to use the new callback parameter. Now moved key_callback into app.c because some other utilities will use it soon.
This commit is contained in:
parent
174a4a8c89
commit
53b1899e3c
5
STATUS
5
STATUS
@ -1,6 +1,6 @@
|
||||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 1999/10/30 19:09:01 $
|
||||
______________ $Date: 1999/11/11 13:58:22 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
@ -29,6 +29,7 @@
|
||||
Private key, certificate and CRL API and implementation.
|
||||
Checking and bugfixing PKCS#7 (S/MIME code).
|
||||
Various X509 issues: character sets, certificate request extensions.
|
||||
Documentation for the openssl utility.
|
||||
|
||||
o Mark is currently working on:
|
||||
Folding in any changes that are in the C2Net code base that were
|
||||
@ -60,10 +61,8 @@
|
||||
|
||||
NEEDS PATCH
|
||||
|
||||
o Arne Ansper: d2i_ASN1_bytes bug
|
||||
o salzr@certco.com (Rich Salz): Bug in X509_name_print
|
||||
<29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
|
||||
o NO_FP_API ("Andrija Antonijevic" <TheAntony@bigfoot.com>)
|
||||
o $(PERL) in */Makefile.ssl
|
||||
o "Sign the certificate?" - "n" creates empty certificate file
|
||||
|
||||
|
11
apps/apps.c
11
apps/apps.c
@ -324,3 +324,14 @@ int app_init(long mesgwin)
|
||||
return(1);
|
||||
}
|
||||
#endif
|
||||
|
||||
int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (key == NULL) return(0);
|
||||
i=strlen(key);
|
||||
i=(i > len)?len:i;
|
||||
memcpy(buf,key,i);
|
||||
return(i);
|
||||
}
|
||||
|
@ -142,6 +142,7 @@ int args_from_file(char *file, int *argc, char **argv[]);
|
||||
int str2fmt(char *s);
|
||||
void program_name(char *in,char *out,int size);
|
||||
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
|
||||
int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
|
||||
#define FORMAT_UNDEF 0
|
||||
#define FORMAT_ASN1 1
|
||||
#define FORMAT_TEXT 2
|
||||
|
16
apps/ca.c
16
apps/ca.c
@ -178,7 +178,6 @@ extern int EF_ALIGNMENT;
|
||||
|
||||
static int add_oid_section(LHASH *conf);
|
||||
static void lookup_fail(char *name,char *tag);
|
||||
static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
|
||||
static unsigned long index_serial_hash(char **a);
|
||||
static int index_serial_cmp(char **a, char **b);
|
||||
static unsigned long index_name_hash(char **a);
|
||||
@ -209,7 +208,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
||||
static int do_revoke(X509 *x509, TXT_DB *db);
|
||||
static int check_time_format(char *str);
|
||||
static LHASH *conf=NULL;
|
||||
static char *key=NULL;
|
||||
static char *section=NULL;
|
||||
|
||||
static int preserve=0;
|
||||
@ -217,6 +215,7 @@ static int msie_hack=0;
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
char *key=NULL;
|
||||
int total=0;
|
||||
int total_done=0;
|
||||
int badops=0;
|
||||
@ -535,7 +534,7 @@ bad:
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
|
||||
else
|
||||
{
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL);
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key);
|
||||
memset(key,0,strlen(key));
|
||||
}
|
||||
if (pkey == NULL)
|
||||
@ -1250,17 +1249,6 @@ static void lookup_fail(char *name, char *tag)
|
||||
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
|
||||
}
|
||||
|
||||
static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (key == NULL) return(0);
|
||||
i=strlen(key);
|
||||
i=(i > len)?len:i;
|
||||
memcpy(buf,key,i);
|
||||
return(i);
|
||||
}
|
||||
|
||||
static unsigned long index_serial_hash(char **a)
|
||||
{
|
||||
char *n;
|
||||
|
@ -86,28 +86,21 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
|
||||
LHASH *CONF_load(LHASH *h, const char *file, long *line)
|
||||
{
|
||||
LHASH *ltmp;
|
||||
FILE *in=NULL;
|
||||
BIO *in=NULL;
|
||||
|
||||
#ifdef VMS
|
||||
in=fopen(file,"r");
|
||||
#else
|
||||
in=fopen(file,"rb");
|
||||
#endif
|
||||
in=BIO_new_file(file, "rb");
|
||||
if (in == NULL)
|
||||
{
|
||||
SYSerr(SYS_F_FOPEN,get_last_sys_error());
|
||||
ERR_set_error_data(BUF_strdup(file),
|
||||
ERR_TXT_MALLOCED|ERR_TXT_STRING);
|
||||
CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ltmp = CONF_load_fp(h, in, line);
|
||||
fclose(in);
|
||||
ltmp = CONF_load_bio(h, in, line);
|
||||
BIO_free(in);
|
||||
|
||||
return ltmp;
|
||||
}
|
||||
|
||||
#ifndef NO_FP_API
|
||||
LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
|
||||
{
|
||||
BIO *btmp;
|
||||
@ -120,6 +113,7 @@ LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
|
||||
BIO_free(btmp);
|
||||
return ltmp;
|
||||
}
|
||||
#endif
|
||||
|
||||
LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
|
||||
{
|
||||
|
@ -78,7 +78,9 @@ typedef struct
|
||||
DECLARE_STACK_OF(CONF_VALUE)
|
||||
|
||||
LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
|
||||
#ifndef NO_FP_API
|
||||
LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
|
||||
#endif
|
||||
LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
|
||||
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
|
||||
char *CONF_get_string(LHASH *conf,char *group,char *name);
|
||||
|
@ -816,7 +816,7 @@ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef NO_FP_API
|
||||
int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
|
||||
char *kstr, int klen, pem_password_cb *cb, void *u)
|
||||
{
|
||||
@ -830,3 +830,4 @@ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
|
||||
BIO_free(bp);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
@ -130,7 +130,7 @@ for more information.
|
||||
|
||||
=item B<-msie_hack>
|
||||
|
||||
this is a legacy option for compatability with very old versions of
|
||||
this is a legacy option to make B<ca> work with very old versions of
|
||||
the IE certificate enrollment control "certenr3". It used UniversalStrings
|
||||
for almost everything. Since the old control has various security bugs
|
||||
its use is strongly discouraged. The newer control "Xenroll" does not
|
||||
@ -138,9 +138,11 @@ need this option.
|
||||
|
||||
=item B<-preserveDN>
|
||||
|
||||
this option is also for compatability with the older IE enrollment
|
||||
control. It only accepts certificates if their DNs match the
|
||||
order of the request. This is not needed for Xenroll.
|
||||
Normally the DN order of a certificate is the same as the order of the
|
||||
fields in the relevant policy section. When this option is set the order
|
||||
is the same as the request. This is largely for compatability with the
|
||||
older IE enrollment control which would only accept certificates if their
|
||||
DNs match the order of the request. This is not needed for Xenroll.
|
||||
|
||||
=item B<-batch>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user