155714Skris/* v3_conf.c */ 2296465Sdelphij/* 3296465Sdelphij * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4296465Sdelphij * 1999. 555714Skris */ 655714Skris/* ==================================================================== 7160814Ssimon * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. 855714Skris * 955714Skris * Redistribution and use in source and binary forms, with or without 1055714Skris * modification, are permitted provided that the following conditions 1155714Skris * are met: 1255714Skris * 1355714Skris * 1. Redistributions of source code must retain the above copyright 14296465Sdelphij * notice, this list of conditions and the following disclaimer. 1555714Skris * 1655714Skris * 2. Redistributions in binary form must reproduce the above copyright 1755714Skris * notice, this list of conditions and the following disclaimer in 1855714Skris * the documentation and/or other materials provided with the 1955714Skris * distribution. 2055714Skris * 2155714Skris * 3. All advertising materials mentioning features or use of this 2255714Skris * software must display the following acknowledgment: 2355714Skris * "This product includes software developed by the OpenSSL Project 2455714Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2555714Skris * 2655714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2755714Skris * endorse or promote products derived from this software without 2855714Skris * prior written permission. For written permission, please contact 2955714Skris * licensing@OpenSSL.org. 3055714Skris * 3155714Skris * 5. Products derived from this software may not be called "OpenSSL" 3255714Skris * nor may "OpenSSL" appear in their names without prior written 3355714Skris * permission of the OpenSSL Project. 3455714Skris * 3555714Skris * 6. Redistributions of any form whatsoever must retain the following 3655714Skris * acknowledgment: 3755714Skris * "This product includes software developed by the OpenSSL Project 3855714Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3955714Skris * 4055714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4155714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4255714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4355714Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4455714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4555714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4655714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4755714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4955714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5055714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5155714Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5255714Skris * ==================================================================== 5355714Skris * 5455714Skris * This product includes cryptographic software written by Eric Young 5555714Skris * (eay@cryptsoft.com). This product includes software written by Tim 5655714Skris * Hudson (tjh@cryptsoft.com). 5755714Skris * 5855714Skris */ 5955714Skris/* extension creation utilities */ 6055714Skris 6155714Skris#include <stdio.h> 6255714Skris#include <ctype.h> 6355714Skris#include "cryptlib.h" 6455714Skris#include <openssl/conf.h> 6555714Skris#include <openssl/x509.h> 6655714Skris#include <openssl/x509v3.h> 6755714Skris 6855714Skrisstatic int v3_check_critical(char **value); 6955714Skrisstatic int v3_check_generic(char **value); 70296465Sdelphijstatic X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, 71296465Sdelphij int crit, char *value); 72296465Sdelphijstatic X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 73296465Sdelphij int crit, int type, 74296465Sdelphij X509V3_CTX *ctx); 7555714Skrisstatic char *conf_lhash_get_string(void *db, char *section, char *value); 7655714Skrisstatic STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); 7755714Skrisstatic X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, 78296465Sdelphij int crit, void *ext_struc); 79296465Sdelphijstatic unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, 80296465Sdelphij long *ext_len); 81109998Smarkm/* CONF *conf: Config file */ 8255714Skris/* char *name: Name */ 8355714Skris/* char *value: Value */ 84109998SmarkmX509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, 85296465Sdelphij char *value) 86296465Sdelphij{ 87296465Sdelphij int crit; 88296465Sdelphij int ext_type; 89296465Sdelphij X509_EXTENSION *ret; 90296465Sdelphij crit = v3_check_critical(&value); 91296465Sdelphij if ((ext_type = v3_check_generic(&value))) 92296465Sdelphij return v3_generic_extension(name, value, crit, ext_type, ctx); 93296465Sdelphij ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); 94296465Sdelphij if (!ret) { 95296465Sdelphij X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION); 96296465Sdelphij ERR_add_error_data(4, "name=", name, ", value=", value); 97296465Sdelphij } 98296465Sdelphij return ret; 99296465Sdelphij} 10055714Skris 101109998Smarkm/* CONF *conf: Config file */ 10255714Skris/* char *value: Value */ 103109998SmarkmX509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, 104296465Sdelphij char *value) 105296465Sdelphij{ 106296465Sdelphij int crit; 107296465Sdelphij int ext_type; 108296465Sdelphij crit = v3_check_critical(&value); 109296465Sdelphij if ((ext_type = v3_check_generic(&value))) 110296465Sdelphij return v3_generic_extension(OBJ_nid2sn(ext_nid), 111296465Sdelphij value, crit, ext_type, ctx); 112296465Sdelphij return do_ext_nconf(conf, ctx, ext_nid, crit, value); 113296465Sdelphij} 11455714Skris 115109998Smarkm/* CONF *conf: Config file */ 11655714Skris/* char *value: Value */ 117109998Smarkmstatic X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, 118296465Sdelphij int crit, char *value) 119296465Sdelphij{ 120296465Sdelphij X509V3_EXT_METHOD *method; 121296465Sdelphij X509_EXTENSION *ext; 122296465Sdelphij STACK_OF(CONF_VALUE) *nval; 123296465Sdelphij void *ext_struc; 124296465Sdelphij if (ext_nid == NID_undef) { 125296465Sdelphij X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); 126296465Sdelphij return NULL; 127296465Sdelphij } 128296465Sdelphij if (!(method = X509V3_EXT_get_nid(ext_nid))) { 129296465Sdelphij X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); 130296465Sdelphij return NULL; 131296465Sdelphij } 132296465Sdelphij /* Now get internal extension representation based on type */ 133296465Sdelphij if (method->v2i) { 134296465Sdelphij if (*value == '@') 135296465Sdelphij nval = NCONF_get_section(conf, value + 1); 136296465Sdelphij else 137296465Sdelphij nval = X509V3_parse_list(value); 138296465Sdelphij if (sk_CONF_VALUE_num(nval) <= 0) { 139296465Sdelphij X509V3err(X509V3_F_DO_EXT_NCONF, 140296465Sdelphij X509V3_R_INVALID_EXTENSION_STRING); 141296465Sdelphij ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", 142296465Sdelphij value); 143296465Sdelphij return NULL; 144296465Sdelphij } 145296465Sdelphij ext_struc = method->v2i(method, ctx, nval); 146296465Sdelphij if (*value != '@') 147296465Sdelphij sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); 148296465Sdelphij if (!ext_struc) 149296465Sdelphij return NULL; 150296465Sdelphij } else if (method->s2i) { 151296465Sdelphij if (!(ext_struc = method->s2i(method, ctx, value))) 152296465Sdelphij return NULL; 153296465Sdelphij } else if (method->r2i) { 154296465Sdelphij if (!ctx->db || !ctx->db_meth) { 155296465Sdelphij X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); 156296465Sdelphij return NULL; 157296465Sdelphij } 158296465Sdelphij if (!(ext_struc = method->r2i(method, ctx, value))) 159296465Sdelphij return NULL; 160296465Sdelphij } else { 161296465Sdelphij X509V3err(X509V3_F_DO_EXT_NCONF, 162296465Sdelphij X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); 163296465Sdelphij ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); 164296465Sdelphij return NULL; 165296465Sdelphij } 16655714Skris 167296465Sdelphij ext = do_ext_i2d(method, ext_nid, crit, ext_struc); 168296465Sdelphij if (method->it) 169296465Sdelphij ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); 170296465Sdelphij else 171296465Sdelphij method->ext_free(ext_struc); 172296465Sdelphij return ext; 17355714Skris 174296465Sdelphij} 17555714Skris 17655714Skrisstatic X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, 177296465Sdelphij int crit, void *ext_struc) 178296465Sdelphij{ 179296465Sdelphij unsigned char *ext_der; 180296465Sdelphij int ext_len; 181296465Sdelphij ASN1_OCTET_STRING *ext_oct; 182296465Sdelphij X509_EXTENSION *ext; 183296465Sdelphij /* Convert internal representation to DER */ 184296465Sdelphij if (method->it) { 185296465Sdelphij ext_der = NULL; 186296465Sdelphij ext_len = 187296465Sdelphij ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); 188296465Sdelphij if (ext_len < 0) 189296465Sdelphij goto merr; 190296465Sdelphij } else { 191296465Sdelphij unsigned char *p; 192296465Sdelphij ext_len = method->i2d(ext_struc, NULL); 193296465Sdelphij if (!(ext_der = OPENSSL_malloc(ext_len))) 194296465Sdelphij goto merr; 195296465Sdelphij p = ext_der; 196296465Sdelphij method->i2d(ext_struc, &p); 197296465Sdelphij } 198296465Sdelphij if (!(ext_oct = M_ASN1_OCTET_STRING_new())) 199296465Sdelphij goto merr; 200296465Sdelphij ext_oct->data = ext_der; 201296465Sdelphij ext_oct->length = ext_len; 202109998Smarkm 203296465Sdelphij ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); 204296465Sdelphij if (!ext) 205296465Sdelphij goto merr; 206296465Sdelphij M_ASN1_OCTET_STRING_free(ext_oct); 20755714Skris 208296465Sdelphij return ext; 20955714Skris 210296465Sdelphij merr: 211296465Sdelphij X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); 212296465Sdelphij return NULL; 21355714Skris 214296465Sdelphij} 21555714Skris 21655714Skris/* Given an internal structure, nid and critical flag create an extension */ 21755714Skris 21855714SkrisX509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) 219296465Sdelphij{ 220296465Sdelphij X509V3_EXT_METHOD *method; 221296465Sdelphij if (!(method = X509V3_EXT_get_nid(ext_nid))) { 222296465Sdelphij X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); 223296465Sdelphij return NULL; 224296465Sdelphij } 225296465Sdelphij return do_ext_i2d(method, ext_nid, crit, ext_struc); 22655714Skris} 22755714Skris 22855714Skris/* Check the extension string for critical flag */ 22955714Skrisstatic int v3_check_critical(char **value) 23055714Skris{ 231296465Sdelphij char *p = *value; 232296465Sdelphij if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) 233296465Sdelphij return 0; 234296465Sdelphij p += 9; 235296465Sdelphij while (isspace((unsigned char)*p)) 236296465Sdelphij p++; 237296465Sdelphij *value = p; 238296465Sdelphij return 1; 23955714Skris} 24055714Skris 24155714Skris/* Check extension string for generic extension and return the type */ 24255714Skrisstatic int v3_check_generic(char **value) 24355714Skris{ 244296465Sdelphij int gen_type = 0; 245296465Sdelphij char *p = *value; 246296465Sdelphij if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { 247296465Sdelphij p += 4; 248296465Sdelphij gen_type = 1; 249296465Sdelphij } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { 250296465Sdelphij p += 5; 251296465Sdelphij gen_type = 2; 252296465Sdelphij } else 253296465Sdelphij return 0; 254160814Ssimon 255296465Sdelphij while (isspace((unsigned char)*p)) 256296465Sdelphij p++; 257296465Sdelphij *value = p; 258296465Sdelphij return gen_type; 25955714Skris} 26055714Skris 26159191Skris/* Create a generic extension: for now just handle DER type */ 26255714Skrisstatic X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 263296465Sdelphij int crit, int gen_type, 264296465Sdelphij X509V3_CTX *ctx) 265296465Sdelphij{ 266296465Sdelphij unsigned char *ext_der = NULL; 267296465Sdelphij long ext_len; 268296465Sdelphij ASN1_OBJECT *obj = NULL; 269296465Sdelphij ASN1_OCTET_STRING *oct = NULL; 270296465Sdelphij X509_EXTENSION *extension = NULL; 271296465Sdelphij if (!(obj = OBJ_txt2obj(ext, 0))) { 272296465Sdelphij X509V3err(X509V3_F_V3_GENERIC_EXTENSION, 273296465Sdelphij X509V3_R_EXTENSION_NAME_ERROR); 274296465Sdelphij ERR_add_error_data(2, "name=", ext); 275296465Sdelphij goto err; 276296465Sdelphij } 27755714Skris 278296465Sdelphij if (gen_type == 1) 279296465Sdelphij ext_der = string_to_hex(value, &ext_len); 280296465Sdelphij else if (gen_type == 2) 281296465Sdelphij ext_der = generic_asn1(value, ctx, &ext_len); 282160814Ssimon 283296465Sdelphij if (ext_der == NULL) { 284296465Sdelphij X509V3err(X509V3_F_V3_GENERIC_EXTENSION, 285296465Sdelphij X509V3_R_EXTENSION_VALUE_ERROR); 286296465Sdelphij ERR_add_error_data(2, "value=", value); 287296465Sdelphij goto err; 288296465Sdelphij } 28955714Skris 290296465Sdelphij if (!(oct = M_ASN1_OCTET_STRING_new())) { 291296465Sdelphij X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); 292296465Sdelphij goto err; 293296465Sdelphij } 29455714Skris 295296465Sdelphij oct->data = ext_der; 296296465Sdelphij oct->length = ext_len; 297296465Sdelphij ext_der = NULL; 29855714Skris 299296465Sdelphij extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); 30055714Skris 301296465Sdelphij err: 302296465Sdelphij ASN1_OBJECT_free(obj); 303296465Sdelphij M_ASN1_OCTET_STRING_free(oct); 304296465Sdelphij if (ext_der) 305296465Sdelphij OPENSSL_free(ext_der); 306296465Sdelphij return extension; 30755714Skris 308296465Sdelphij} 30955714Skris 310296465Sdelphijstatic unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, 311296465Sdelphij long *ext_len) 312296465Sdelphij{ 313296465Sdelphij ASN1_TYPE *typ; 314296465Sdelphij unsigned char *ext_der = NULL; 315296465Sdelphij typ = ASN1_generate_v3(value, ctx); 316296465Sdelphij if (typ == NULL) 317296465Sdelphij return NULL; 318296465Sdelphij *ext_len = i2d_ASN1_TYPE(typ, &ext_der); 319296465Sdelphij ASN1_TYPE_free(typ); 320296465Sdelphij return ext_der; 321296465Sdelphij} 322109998Smarkm 323296465Sdelphij/* 324296465Sdelphij * This is the main function: add a bunch of extensions based on a config 325296465Sdelphij * file section to an extension STACK. 32655714Skris */ 32755714Skris 328109998Smarkmint X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, 329296465Sdelphij STACK_OF(X509_EXTENSION) **sk) 330296465Sdelphij{ 331296465Sdelphij X509_EXTENSION *ext; 332296465Sdelphij STACK_OF(CONF_VALUE) *nval; 333296465Sdelphij CONF_VALUE *val; 334296465Sdelphij int i; 335296465Sdelphij if (!(nval = NCONF_get_section(conf, section))) 336296465Sdelphij return 0; 337296465Sdelphij for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { 338296465Sdelphij val = sk_CONF_VALUE_value(nval, i); 339296465Sdelphij if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) 340296465Sdelphij return 0; 341296465Sdelphij if (sk) 342296465Sdelphij X509v3_add_ext(sk, ext, -1); 343296465Sdelphij X509_EXTENSION_free(ext); 344296465Sdelphij } 345296465Sdelphij return 1; 346296465Sdelphij} 34755714Skris 348296465Sdelphij/* 349296465Sdelphij * Convenience functions to add extensions to a certificate, CRL and request 350296465Sdelphij */ 351109998Smarkm 352109998Smarkmint X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 353296465Sdelphij X509 *cert) 354296465Sdelphij{ 355296465Sdelphij STACK_OF(X509_EXTENSION) **sk = NULL; 356296465Sdelphij if (cert) 357296465Sdelphij sk = &cert->cert_info->extensions; 358296465Sdelphij return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 359296465Sdelphij} 360109998Smarkm 36155714Skris/* Same as above but for a CRL */ 36255714Skris 363109998Smarkmint X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 364296465Sdelphij X509_CRL *crl) 365296465Sdelphij{ 366296465Sdelphij STACK_OF(X509_EXTENSION) **sk = NULL; 367296465Sdelphij if (crl) 368296465Sdelphij sk = &crl->crl->extensions; 369296465Sdelphij return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 370296465Sdelphij} 37155714Skris 37259191Skris/* Add extensions to certificate request */ 37359191Skris 374109998Smarkmint X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 375296465Sdelphij X509_REQ *req) 376296465Sdelphij{ 377296465Sdelphij STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; 378296465Sdelphij int i; 379296465Sdelphij if (req) 380296465Sdelphij sk = &extlist; 381296465Sdelphij i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 382296465Sdelphij if (!i || !sk) 383296465Sdelphij return i; 384296465Sdelphij i = X509_REQ_add_extensions(req, extlist); 385296465Sdelphij sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); 386296465Sdelphij return i; 387296465Sdelphij} 38859191Skris 38955714Skris/* Config database functions */ 39055714Skris 391296465Sdelphijchar *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) 392296465Sdelphij{ 393296465Sdelphij if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { 394296465Sdelphij X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); 395296465Sdelphij return NULL; 396296465Sdelphij } 397296465Sdelphij if (ctx->db_meth->get_string) 398296465Sdelphij return ctx->db_meth->get_string(ctx->db, name, section); 399296465Sdelphij return NULL; 400296465Sdelphij} 40155714Skris 402296465SdelphijSTACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) 403296465Sdelphij{ 404296465Sdelphij if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { 405296465Sdelphij X509V3err(X509V3_F_X509V3_GET_SECTION, 406296465Sdelphij X509V3_R_OPERATION_NOT_DEFINED); 407296465Sdelphij return NULL; 408296465Sdelphij } 409296465Sdelphij if (ctx->db_meth->get_section) 410296465Sdelphij return ctx->db_meth->get_section(ctx->db, section); 411296465Sdelphij return NULL; 412296465Sdelphij} 41355714Skris 41455714Skrisvoid X509V3_string_free(X509V3_CTX *ctx, char *str) 415296465Sdelphij{ 416296465Sdelphij if (!str) 417296465Sdelphij return; 418296465Sdelphij if (ctx->db_meth->free_string) 419296465Sdelphij ctx->db_meth->free_string(ctx->db, str); 420296465Sdelphij} 42155714Skris 42255714Skrisvoid X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) 423296465Sdelphij{ 424296465Sdelphij if (!section) 425296465Sdelphij return; 426296465Sdelphij if (ctx->db_meth->free_section) 427296465Sdelphij ctx->db_meth->free_section(ctx->db, section); 428296465Sdelphij} 42955714Skris 430109998Smarkmstatic char *nconf_get_string(void *db, char *section, char *value) 431296465Sdelphij{ 432296465Sdelphij return NCONF_get_string(db, section, value); 433296465Sdelphij} 434109998Smarkm 435109998Smarkmstatic STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) 436296465Sdelphij{ 437296465Sdelphij return NCONF_get_section(db, section); 438296465Sdelphij} 439109998Smarkm 440109998Smarkmstatic X509V3_CONF_METHOD nconf_method = { 441296465Sdelphij nconf_get_string, 442296465Sdelphij nconf_get_section, 443296465Sdelphij NULL, 444296465Sdelphij NULL 445109998Smarkm}; 446109998Smarkm 447109998Smarkmvoid X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) 448296465Sdelphij{ 449296465Sdelphij ctx->db_meth = &nconf_method; 450296465Sdelphij ctx->db = conf; 451296465Sdelphij} 452109998Smarkm 453109998Smarkmvoid X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, 454296465Sdelphij X509_CRL *crl, int flags) 455296465Sdelphij{ 456296465Sdelphij ctx->issuer_cert = issuer; 457296465Sdelphij ctx->subject_cert = subj; 458296465Sdelphij ctx->crl = crl; 459296465Sdelphij ctx->subject_req = req; 460296465Sdelphij ctx->flags = flags; 461296465Sdelphij} 462109998Smarkm 463109998Smarkm/* Old conf compatibility functions */ 464109998Smarkm 465109998SmarkmX509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, 466296465Sdelphij char *value) 467296465Sdelphij{ 468296465Sdelphij CONF ctmp; 469296465Sdelphij CONF_set_nconf(&ctmp, conf); 470296465Sdelphij return X509V3_EXT_nconf(&ctmp, ctx, name, value); 471296465Sdelphij} 472109998Smarkm 473109998Smarkm/* LHASH *conf: Config file */ 474109998Smarkm/* char *value: Value */ 475109998SmarkmX509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, 476296465Sdelphij char *value) 477296465Sdelphij{ 478296465Sdelphij CONF ctmp; 479296465Sdelphij CONF_set_nconf(&ctmp, conf); 480296465Sdelphij return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); 481296465Sdelphij} 482109998Smarkm 48355714Skrisstatic char *conf_lhash_get_string(void *db, char *section, char *value) 484296465Sdelphij{ 485296465Sdelphij return CONF_get_string(db, section, value); 486296465Sdelphij} 48755714Skris 48855714Skrisstatic STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) 489296465Sdelphij{ 490296465Sdelphij return CONF_get_section(db, section); 491296465Sdelphij} 49255714Skris 49355714Skrisstatic X509V3_CONF_METHOD conf_lhash_method = { 494296465Sdelphij conf_lhash_get_string, 495296465Sdelphij conf_lhash_get_section, 496296465Sdelphij NULL, 497296465Sdelphij NULL 49855714Skris}; 49955714Skris 50055714Skrisvoid X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) 501296465Sdelphij{ 502296465Sdelphij ctx->db_meth = &conf_lhash_method; 503296465Sdelphij ctx->db = lhash; 504296465Sdelphij} 50555714Skris 506109998Smarkmint X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, 507296465Sdelphij X509 *cert) 508296465Sdelphij{ 509296465Sdelphij CONF ctmp; 510296465Sdelphij CONF_set_nconf(&ctmp, conf); 511296465Sdelphij return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); 512296465Sdelphij} 513109998Smarkm 514109998Smarkm/* Same as above but for a CRL */ 515109998Smarkm 516109998Smarkmint X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, 517296465Sdelphij X509_CRL *crl) 518296465Sdelphij{ 519296465Sdelphij CONF ctmp; 520296465Sdelphij CONF_set_nconf(&ctmp, conf); 521296465Sdelphij return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); 522296465Sdelphij} 523109998Smarkm 524109998Smarkm/* Add extensions to certificate request */ 525109998Smarkm 526109998Smarkmint X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, 527296465Sdelphij X509_REQ *req) 528296465Sdelphij{ 529296465Sdelphij CONF ctmp; 530296465Sdelphij CONF_set_nconf(&ctmp, conf); 531296465Sdelphij return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); 532296465Sdelphij} 533