155714Skris/* v3_conf.c */ 2280304Sjkim/* 3280304Sjkim * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4280304Sjkim * 1999. 555714Skris */ 655714Skris/* ==================================================================== 7160814Ssimon * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. 855714Skris * 955714Skris * Redistribution and use in source and binary forms, with or without 1055714Skris * modification, are permitted provided that the following conditions 1155714Skris * are met: 1255714Skris * 1355714Skris * 1. Redistributions of source code must retain the above copyright 14280304Sjkim * notice, this list of conditions and the following disclaimer. 1555714Skris * 1655714Skris * 2. Redistributions in binary form must reproduce the above copyright 1755714Skris * notice, this list of conditions and the following disclaimer in 1855714Skris * the documentation and/or other materials provided with the 1955714Skris * distribution. 2055714Skris * 2155714Skris * 3. All advertising materials mentioning features or use of this 2255714Skris * software must display the following acknowledgment: 2355714Skris * "This product includes software developed by the OpenSSL Project 2455714Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2555714Skris * 2655714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2755714Skris * endorse or promote products derived from this software without 2855714Skris * prior written permission. For written permission, please contact 2955714Skris * licensing@OpenSSL.org. 3055714Skris * 3155714Skris * 5. Products derived from this software may not be called "OpenSSL" 3255714Skris * nor may "OpenSSL" appear in their names without prior written 3355714Skris * permission of the OpenSSL Project. 3455714Skris * 3555714Skris * 6. Redistributions of any form whatsoever must retain the following 3655714Skris * acknowledgment: 3755714Skris * "This product includes software developed by the OpenSSL Project 3855714Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3955714Skris * 4055714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4155714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4255714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4355714Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4455714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4555714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4655714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4755714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4955714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5055714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5155714Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5255714Skris * ==================================================================== 5355714Skris * 5455714Skris * This product includes cryptographic software written by Eric Young 5555714Skris * (eay@cryptsoft.com). This product includes software written by Tim 5655714Skris * Hudson (tjh@cryptsoft.com). 5755714Skris * 5855714Skris */ 5955714Skris/* extension creation utilities */ 6055714Skris 6155714Skris#include <stdio.h> 6255714Skris#include <ctype.h> 6355714Skris#include "cryptlib.h" 6455714Skris#include <openssl/conf.h> 6555714Skris#include <openssl/x509.h> 6655714Skris#include <openssl/x509v3.h> 6755714Skris 6855714Skrisstatic int v3_check_critical(char **value); 6955714Skrisstatic int v3_check_generic(char **value); 70280304Sjkimstatic X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, 71280304Sjkim int crit, char *value); 72280304Sjkimstatic X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 73280304Sjkim int crit, int type, 74280304Sjkim X509V3_CTX *ctx); 7555714Skrisstatic char *conf_lhash_get_string(void *db, char *section, char *value); 7655714Skrisstatic STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); 77280304Sjkimstatic X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, 78280304Sjkim int ext_nid, int crit, void *ext_struc); 79280304Sjkimstatic unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, 80280304Sjkim long *ext_len); 81109998Smarkm/* CONF *conf: Config file */ 8255714Skris/* char *name: Name */ 8355714Skris/* char *value: Value */ 84109998SmarkmX509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, 85280304Sjkim char *value) 86280304Sjkim{ 87280304Sjkim int crit; 88280304Sjkim int ext_type; 89280304Sjkim X509_EXTENSION *ret; 90280304Sjkim crit = v3_check_critical(&value); 91280304Sjkim if ((ext_type = v3_check_generic(&value))) 92280304Sjkim return v3_generic_extension(name, value, crit, ext_type, ctx); 93280304Sjkim ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); 94280304Sjkim if (!ret) { 95280304Sjkim X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION); 96280304Sjkim ERR_add_error_data(4, "name=", name, ", value=", value); 97280304Sjkim } 98280304Sjkim return ret; 99280304Sjkim} 10055714Skris 101109998Smarkm/* CONF *conf: Config file */ 10255714Skris/* char *value: Value */ 103109998SmarkmX509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, 104280304Sjkim char *value) 105280304Sjkim{ 106280304Sjkim int crit; 107280304Sjkim int ext_type; 108280304Sjkim crit = v3_check_critical(&value); 109280304Sjkim if ((ext_type = v3_check_generic(&value))) 110280304Sjkim return v3_generic_extension(OBJ_nid2sn(ext_nid), 111280304Sjkim value, crit, ext_type, ctx); 112280304Sjkim return do_ext_nconf(conf, ctx, ext_nid, crit, value); 113280304Sjkim} 11455714Skris 115109998Smarkm/* CONF *conf: Config file */ 11655714Skris/* char *value: Value */ 117109998Smarkmstatic X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, 118280304Sjkim int crit, char *value) 119280304Sjkim{ 120280304Sjkim const X509V3_EXT_METHOD *method; 121280304Sjkim X509_EXTENSION *ext; 122280304Sjkim STACK_OF(CONF_VALUE) *nval; 123280304Sjkim void *ext_struc; 124280304Sjkim if (ext_nid == NID_undef) { 125280304Sjkim X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); 126280304Sjkim return NULL; 127280304Sjkim } 128280304Sjkim if (!(method = X509V3_EXT_get_nid(ext_nid))) { 129280304Sjkim X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); 130280304Sjkim return NULL; 131280304Sjkim } 132280304Sjkim /* Now get internal extension representation based on type */ 133280304Sjkim if (method->v2i) { 134280304Sjkim if (*value == '@') 135280304Sjkim nval = NCONF_get_section(conf, value + 1); 136280304Sjkim else 137280304Sjkim nval = X509V3_parse_list(value); 138280304Sjkim if (sk_CONF_VALUE_num(nval) <= 0) { 139280304Sjkim X509V3err(X509V3_F_DO_EXT_NCONF, 140280304Sjkim X509V3_R_INVALID_EXTENSION_STRING); 141280304Sjkim ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", 142280304Sjkim value); 143280304Sjkim return NULL; 144280304Sjkim } 145280304Sjkim ext_struc = method->v2i(method, ctx, nval); 146280304Sjkim if (*value != '@') 147280304Sjkim sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); 148280304Sjkim if (!ext_struc) 149280304Sjkim return NULL; 150280304Sjkim } else if (method->s2i) { 151280304Sjkim if (!(ext_struc = method->s2i(method, ctx, value))) 152280304Sjkim return NULL; 153280304Sjkim } else if (method->r2i) { 154280304Sjkim if (!ctx->db || !ctx->db_meth) { 155280304Sjkim X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); 156280304Sjkim return NULL; 157280304Sjkim } 158280304Sjkim if (!(ext_struc = method->r2i(method, ctx, value))) 159280304Sjkim return NULL; 160280304Sjkim } else { 161280304Sjkim X509V3err(X509V3_F_DO_EXT_NCONF, 162280304Sjkim X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); 163280304Sjkim ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); 164280304Sjkim return NULL; 165280304Sjkim } 16655714Skris 167280304Sjkim ext = do_ext_i2d(method, ext_nid, crit, ext_struc); 168280304Sjkim if (method->it) 169280304Sjkim ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); 170280304Sjkim else 171280304Sjkim method->ext_free(ext_struc); 172280304Sjkim return ext; 17355714Skris 174280304Sjkim} 17555714Skris 176280304Sjkimstatic X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, 177280304Sjkim int ext_nid, int crit, void *ext_struc) 178280304Sjkim{ 179280304Sjkim unsigned char *ext_der; 180280304Sjkim int ext_len; 181280304Sjkim ASN1_OCTET_STRING *ext_oct; 182280304Sjkim X509_EXTENSION *ext; 183280304Sjkim /* Convert internal representation to DER */ 184280304Sjkim if (method->it) { 185280304Sjkim ext_der = NULL; 186280304Sjkim ext_len = 187280304Sjkim ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); 188280304Sjkim if (ext_len < 0) 189280304Sjkim goto merr; 190280304Sjkim } else { 191280304Sjkim unsigned char *p; 192280304Sjkim ext_len = method->i2d(ext_struc, NULL); 193280304Sjkim if (!(ext_der = OPENSSL_malloc(ext_len))) 194280304Sjkim goto merr; 195280304Sjkim p = ext_der; 196280304Sjkim method->i2d(ext_struc, &p); 197280304Sjkim } 198280304Sjkim if (!(ext_oct = M_ASN1_OCTET_STRING_new())) 199280304Sjkim goto merr; 200280304Sjkim ext_oct->data = ext_der; 201280304Sjkim ext_oct->length = ext_len; 202109998Smarkm 203280304Sjkim ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); 204280304Sjkim if (!ext) 205280304Sjkim goto merr; 206280304Sjkim M_ASN1_OCTET_STRING_free(ext_oct); 20755714Skris 208280304Sjkim return ext; 20955714Skris 210280304Sjkim merr: 211280304Sjkim X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); 212280304Sjkim return NULL; 21355714Skris 214280304Sjkim} 21555714Skris 21655714Skris/* Given an internal structure, nid and critical flag create an extension */ 21755714Skris 21855714SkrisX509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) 219280304Sjkim{ 220280304Sjkim const X509V3_EXT_METHOD *method; 221280304Sjkim if (!(method = X509V3_EXT_get_nid(ext_nid))) { 222280304Sjkim X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); 223280304Sjkim return NULL; 224280304Sjkim } 225280304Sjkim return do_ext_i2d(method, ext_nid, crit, ext_struc); 22655714Skris} 22755714Skris 22855714Skris/* Check the extension string for critical flag */ 22955714Skrisstatic int v3_check_critical(char **value) 23055714Skris{ 231280304Sjkim char *p = *value; 232280304Sjkim if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) 233280304Sjkim return 0; 234280304Sjkim p += 9; 235280304Sjkim while (isspace((unsigned char)*p)) 236280304Sjkim p++; 237280304Sjkim *value = p; 238280304Sjkim return 1; 23955714Skris} 24055714Skris 24155714Skris/* Check extension string for generic extension and return the type */ 24255714Skrisstatic int v3_check_generic(char **value) 24355714Skris{ 244280304Sjkim int gen_type = 0; 245280304Sjkim char *p = *value; 246280304Sjkim if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { 247280304Sjkim p += 4; 248280304Sjkim gen_type = 1; 249280304Sjkim } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { 250280304Sjkim p += 5; 251280304Sjkim gen_type = 2; 252280304Sjkim } else 253280304Sjkim return 0; 254160814Ssimon 255280304Sjkim while (isspace((unsigned char)*p)) 256280304Sjkim p++; 257280304Sjkim *value = p; 258280304Sjkim return gen_type; 25955714Skris} 26055714Skris 26159191Skris/* Create a generic extension: for now just handle DER type */ 26255714Skrisstatic X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 263280304Sjkim int crit, int gen_type, 264280304Sjkim X509V3_CTX *ctx) 265280304Sjkim{ 266280304Sjkim unsigned char *ext_der = NULL; 267280304Sjkim long ext_len; 268280304Sjkim ASN1_OBJECT *obj = NULL; 269280304Sjkim ASN1_OCTET_STRING *oct = NULL; 270280304Sjkim X509_EXTENSION *extension = NULL; 271280304Sjkim if (!(obj = OBJ_txt2obj(ext, 0))) { 272280304Sjkim X509V3err(X509V3_F_V3_GENERIC_EXTENSION, 273280304Sjkim X509V3_R_EXTENSION_NAME_ERROR); 274280304Sjkim ERR_add_error_data(2, "name=", ext); 275280304Sjkim goto err; 276280304Sjkim } 27755714Skris 278280304Sjkim if (gen_type == 1) 279280304Sjkim ext_der = string_to_hex(value, &ext_len); 280280304Sjkim else if (gen_type == 2) 281280304Sjkim ext_der = generic_asn1(value, ctx, &ext_len); 282160814Ssimon 283280304Sjkim if (ext_der == NULL) { 284280304Sjkim X509V3err(X509V3_F_V3_GENERIC_EXTENSION, 285280304Sjkim X509V3_R_EXTENSION_VALUE_ERROR); 286280304Sjkim ERR_add_error_data(2, "value=", value); 287280304Sjkim goto err; 288280304Sjkim } 28955714Skris 290280304Sjkim if (!(oct = M_ASN1_OCTET_STRING_new())) { 291280304Sjkim X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); 292280304Sjkim goto err; 293280304Sjkim } 29455714Skris 295280304Sjkim oct->data = ext_der; 296280304Sjkim oct->length = ext_len; 297280304Sjkim ext_der = NULL; 29855714Skris 299280304Sjkim extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); 30055714Skris 301280304Sjkim err: 302280304Sjkim ASN1_OBJECT_free(obj); 303280304Sjkim M_ASN1_OCTET_STRING_free(oct); 304280304Sjkim if (ext_der) 305280304Sjkim OPENSSL_free(ext_der); 306280304Sjkim return extension; 30755714Skris 308280304Sjkim} 30955714Skris 310280304Sjkimstatic unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, 311280304Sjkim long *ext_len) 312280304Sjkim{ 313280304Sjkim ASN1_TYPE *typ; 314280304Sjkim unsigned char *ext_der = NULL; 315280304Sjkim typ = ASN1_generate_v3(value, ctx); 316280304Sjkim if (typ == NULL) 317280304Sjkim return NULL; 318280304Sjkim *ext_len = i2d_ASN1_TYPE(typ, &ext_der); 319280304Sjkim ASN1_TYPE_free(typ); 320280304Sjkim return ext_der; 321280304Sjkim} 322109998Smarkm 323280304Sjkim/* 324280304Sjkim * This is the main function: add a bunch of extensions based on a config 325280304Sjkim * file section to an extension STACK. 32655714Skris */ 32755714Skris 328109998Smarkmint X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, 329280304Sjkim STACK_OF(X509_EXTENSION) **sk) 330280304Sjkim{ 331280304Sjkim X509_EXTENSION *ext; 332280304Sjkim STACK_OF(CONF_VALUE) *nval; 333280304Sjkim CONF_VALUE *val; 334280304Sjkim int i; 335280304Sjkim if (!(nval = NCONF_get_section(conf, section))) 336280304Sjkim return 0; 337280304Sjkim for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { 338280304Sjkim val = sk_CONF_VALUE_value(nval, i); 339280304Sjkim if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) 340280304Sjkim return 0; 341280304Sjkim if (sk) 342280304Sjkim X509v3_add_ext(sk, ext, -1); 343280304Sjkim X509_EXTENSION_free(ext); 344280304Sjkim } 345280304Sjkim return 1; 346280304Sjkim} 34755714Skris 348280304Sjkim/* 349280304Sjkim * Convenience functions to add extensions to a certificate, CRL and request 350280304Sjkim */ 351109998Smarkm 352109998Smarkmint X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 353280304Sjkim X509 *cert) 354280304Sjkim{ 355280304Sjkim STACK_OF(X509_EXTENSION) **sk = NULL; 356280304Sjkim if (cert) 357280304Sjkim sk = &cert->cert_info->extensions; 358280304Sjkim return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 359280304Sjkim} 360109998Smarkm 36155714Skris/* Same as above but for a CRL */ 36255714Skris 363109998Smarkmint X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 364280304Sjkim X509_CRL *crl) 365280304Sjkim{ 366280304Sjkim STACK_OF(X509_EXTENSION) **sk = NULL; 367280304Sjkim if (crl) 368280304Sjkim sk = &crl->crl->extensions; 369280304Sjkim return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 370280304Sjkim} 37155714Skris 37259191Skris/* Add extensions to certificate request */ 37359191Skris 374109998Smarkmint X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 375280304Sjkim X509_REQ *req) 376280304Sjkim{ 377280304Sjkim STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; 378280304Sjkim int i; 379280304Sjkim if (req) 380280304Sjkim sk = &extlist; 381280304Sjkim i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 382280304Sjkim if (!i || !sk) 383280304Sjkim return i; 384280304Sjkim i = X509_REQ_add_extensions(req, extlist); 385280304Sjkim sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); 386280304Sjkim return i; 387280304Sjkim} 38859191Skris 38955714Skris/* Config database functions */ 39055714Skris 391280304Sjkimchar *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) 392280304Sjkim{ 393280304Sjkim if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { 394280304Sjkim X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); 395280304Sjkim return NULL; 396280304Sjkim } 397280304Sjkim if (ctx->db_meth->get_string) 398280304Sjkim return ctx->db_meth->get_string(ctx->db, name, section); 399280304Sjkim return NULL; 400280304Sjkim} 40155714Skris 402280304SjkimSTACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) 403280304Sjkim{ 404280304Sjkim if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { 405280304Sjkim X509V3err(X509V3_F_X509V3_GET_SECTION, 406280304Sjkim X509V3_R_OPERATION_NOT_DEFINED); 407280304Sjkim return NULL; 408280304Sjkim } 409280304Sjkim if (ctx->db_meth->get_section) 410280304Sjkim return ctx->db_meth->get_section(ctx->db, section); 411280304Sjkim return NULL; 412280304Sjkim} 41355714Skris 41455714Skrisvoid X509V3_string_free(X509V3_CTX *ctx, char *str) 415280304Sjkim{ 416280304Sjkim if (!str) 417280304Sjkim return; 418280304Sjkim if (ctx->db_meth->free_string) 419280304Sjkim ctx->db_meth->free_string(ctx->db, str); 420280304Sjkim} 42155714Skris 42255714Skrisvoid X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) 423280304Sjkim{ 424280304Sjkim if (!section) 425280304Sjkim return; 426280304Sjkim if (ctx->db_meth->free_section) 427280304Sjkim ctx->db_meth->free_section(ctx->db, section); 428280304Sjkim} 42955714Skris 430109998Smarkmstatic char *nconf_get_string(void *db, char *section, char *value) 431280304Sjkim{ 432280304Sjkim return NCONF_get_string(db, section, value); 433280304Sjkim} 434109998Smarkm 435109998Smarkmstatic STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) 436280304Sjkim{ 437280304Sjkim return NCONF_get_section(db, section); 438280304Sjkim} 439109998Smarkm 440109998Smarkmstatic X509V3_CONF_METHOD nconf_method = { 441280304Sjkim nconf_get_string, 442280304Sjkim nconf_get_section, 443280304Sjkim NULL, 444280304Sjkim NULL 445109998Smarkm}; 446109998Smarkm 447109998Smarkmvoid X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) 448280304Sjkim{ 449280304Sjkim ctx->db_meth = &nconf_method; 450280304Sjkim ctx->db = conf; 451280304Sjkim} 452109998Smarkm 453109998Smarkmvoid X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, 454280304Sjkim X509_CRL *crl, int flags) 455280304Sjkim{ 456280304Sjkim ctx->issuer_cert = issuer; 457280304Sjkim ctx->subject_cert = subj; 458280304Sjkim ctx->crl = crl; 459280304Sjkim ctx->subject_req = req; 460280304Sjkim ctx->flags = flags; 461280304Sjkim} 462109998Smarkm 463109998Smarkm/* Old conf compatibility functions */ 464109998Smarkm 465238405SjkimX509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 466280304Sjkim char *name, char *value) 467280304Sjkim{ 468280304Sjkim CONF ctmp; 469280304Sjkim CONF_set_nconf(&ctmp, conf); 470280304Sjkim return X509V3_EXT_nconf(&ctmp, ctx, name, value); 471280304Sjkim} 472109998Smarkm 473109998Smarkm/* LHASH *conf: Config file */ 474109998Smarkm/* char *value: Value */ 475280304SjkimX509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, 476280304Sjkim X509V3_CTX *ctx, int ext_nid, char *value) 477280304Sjkim{ 478280304Sjkim CONF ctmp; 479280304Sjkim CONF_set_nconf(&ctmp, conf); 480280304Sjkim return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); 481280304Sjkim} 482109998Smarkm 48355714Skrisstatic char *conf_lhash_get_string(void *db, char *section, char *value) 484280304Sjkim{ 485280304Sjkim return CONF_get_string(db, section, value); 486280304Sjkim} 48755714Skris 48855714Skrisstatic STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) 489280304Sjkim{ 490280304Sjkim return CONF_get_section(db, section); 491280304Sjkim} 49255714Skris 49355714Skrisstatic X509V3_CONF_METHOD conf_lhash_method = { 494280304Sjkim conf_lhash_get_string, 495280304Sjkim conf_lhash_get_section, 496280304Sjkim NULL, 497280304Sjkim NULL 49855714Skris}; 49955714Skris 500238405Sjkimvoid X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) 501280304Sjkim{ 502280304Sjkim ctx->db_meth = &conf_lhash_method; 503280304Sjkim ctx->db = lhash; 504280304Sjkim} 50555714Skris 506238405Sjkimint X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 507280304Sjkim char *section, X509 *cert) 508280304Sjkim{ 509280304Sjkim CONF ctmp; 510280304Sjkim CONF_set_nconf(&ctmp, conf); 511280304Sjkim return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); 512280304Sjkim} 513109998Smarkm 514109998Smarkm/* Same as above but for a CRL */ 515109998Smarkm 516238405Sjkimint X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 517280304Sjkim char *section, X509_CRL *crl) 518280304Sjkim{ 519280304Sjkim CONF ctmp; 520280304Sjkim CONF_set_nconf(&ctmp, conf); 521280304Sjkim return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); 522280304Sjkim} 523109998Smarkm 524109998Smarkm/* Add extensions to certificate request */ 525109998Smarkm 526238405Sjkimint X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 527280304Sjkim char *section, X509_REQ *req) 528280304Sjkim{ 529280304Sjkim CONF ctmp; 530280304Sjkim CONF_set_nconf(&ctmp, conf); 531280304Sjkim return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); 532280304Sjkim} 533