int TS_CONF_set_policies(CONF *conf, const char *section,
TS_RESP_CTX *ctx)
{
int ret = 0;
int i;
STACK_OF(CONF_VALUE) *list = NULL;
char *policies = NCONF_get_string(conf, section,
ENV_OTHER_POLICIES);
/* If no other policy is specified, that's fine. */
if (policies && !(list = X509V3_parse_list(policies)))
{
TS_CONF_invalid(section, ENV_OTHER_POLICIES);
goto err;
}
for (i = 0; i < sk_CONF_VALUE_num(list); ++i)
{
CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
const char *extval = val->value ? val->value : val->name;
ASN1_OBJECT *objtmp;
if (!(objtmp = OBJ_txt2obj(extval, 0)))
{
TS_CONF_invalid(section, ENV_OTHER_POLICIES);
goto err;
}
if (!TS_RESP_CTX_add_policy(ctx, objtmp))
goto err;
ASN1_OBJECT_free(objtmp);
}
ret = 1;
err:
sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
return ret;
}
int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx)
{
int ret = 0;
int i;
STACK_OF(CONF_VALUE) *list = NULL;
char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
if (!digests) {
TS_CONF_lookup_fail(section, ENV_DIGESTS);
goto err;
}
if (!(list = X509V3_parse_list(digests))) {
TS_CONF_invalid(section, ENV_DIGESTS);
goto err;
}
if (sk_CONF_VALUE_num(list) == 0) {
TS_CONF_invalid(section, ENV_DIGESTS);
goto err;
}
for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
const char *extval = val->value ? val->value : val->name;
const EVP_MD *md;
if (!(md = EVP_get_digestbyname(extval))) {
TS_CONF_invalid(section, ENV_DIGESTS);
goto err;
}
if (!TS_RESP_CTX_add_md(ctx, md))
goto err;
}
ret = 1;
err:
sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
return ret;
}
int TS_CONF_set_def_policy(CONF *conf, const char *section,
const char *policy, TS_RESP_CTX *ctx)
{
int ret = 0;
ASN1_OBJECT *policy_obj = NULL;
if (!policy)
policy = NCONF_get_string(conf, section,
ENV_DEFAULT_POLICY);
if (!policy)
{
TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
goto err;
}
if (!(policy_obj = OBJ_txt2obj(policy, 0)))
{
TS_CONF_invalid(section, ENV_DEFAULT_POLICY);
goto err;
}
if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
goto err;
ret = 1;
err:
ASN1_OBJECT_free(policy_obj);
return ret;
}
int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
{
int ret = 0;
int i;
int secs = 0, millis = 0, micros = 0;
STACK_OF(CONF_VALUE) *list = NULL;
char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
if (accuracy && !(list = X509V3_parse_list(accuracy)))
{
TS_CONF_invalid(section, ENV_ACCURACY);
goto err;
}
for (i = 0; i < sk_CONF_VALUE_num(list); ++i)
{
CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
if (strcmp(val->name, ENV_VALUE_SECS) == 0)
{
if (val->value) secs = atoi(val->value);
}
else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0)
{
if (val->value) millis = atoi(val->value);
}
else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0)
{
if (val->value) micros = atoi(val->value);
}
else
{
TS_CONF_invalid(section, ENV_ACCURACY);
goto err;
}
}
if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros))
goto err;
ret = 1;
err:
sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
return ret;
}
static int TS_CONF_add_flag(CONF *conf, const char *section,
const char *field, int flag, TS_RESP_CTX *ctx)
{
/* Default is false. */
const char *value = NCONF_get_string(conf, section, field);
if (value) {
if (strcmp(value, ENV_VALUE_YES) == 0)
TS_RESP_CTX_add_flags(ctx, flag);
else if (strcmp(value, ENV_VALUE_NO) != 0) {
TS_CONF_invalid(section, field);
return 0;
}
}
return 1;
}
int TS_CONF_set_crypto_device(CONF *conf, const char *section,
const char *device)
{
int ret = 0;
if (!device)
device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
if (device && !TS_CONF_set_default_engine(device)) {
TS_CONF_invalid(section, ENV_CRYPTO_DEVICE);
goto err;
}
ret = 1;
err:
return ret;
}
int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
TS_RESP_CTX *ctx)
{
int ret = 0;
long digits = 0;
/* If not specified, set the default value to 0, i.e. sec precision */
if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
&digits))
digits = 0;
if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS)
{
TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
goto err;
}
if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits))
goto err;
return 1;
err:
return ret;
}