main() { LHASH *conf; long eline; char *s,*s2; #ifdef USE_WIN32 CONF_set_default_method(CONF_WIN32); #endif conf=CONF_load(NULL,"ssleay.cnf",&eline); if (conf == NULL) { ERR_load_crypto_strings(); TINYCLR_SSL_PRINTF("unable to load configuration, line %ld\n",eline); ERR_print_errors_fp(OPENSSL_TYPE__FILE_STDERR); TINYCLR_SSL_EXIT(1); } lh_stats(conf,OPENSSL_TYPE__FILE_STDOUT); lh_node_stats(conf,OPENSSL_TYPE__FILE_STDOUT); lh_node_usage_stats(conf,OPENSSL_TYPE__FILE_STDOUT); s=CONF_get_string(conf,NULL,"init2"); TINYCLR_SSL_PRINTF("init2=%s\n",(s == NULL)?"NULL":s); s=CONF_get_string(conf,NULL,"cipher1"); TINYCLR_SSL_PRINTF("cipher1=%s\n",(s == NULL)?"NULL":s); s=CONF_get_string(conf,"s_client","cipher1"); TINYCLR_SSL_PRINTF("s_client:cipher1=%s\n",(s == NULL)?"NULL":s); TINYCLR_SSL_PRINTF("---------------------------- DUMP ------------------------\n"); CONF_dump_fp(conf, OPENSSL_TYPE__FILE_STDOUT); TINYCLR_SSL_EXIT(0); }
int main() { LHASH *conf; long eline; char *s; #ifdef USE_WIN32 CONF_set_default_method(CONF_WIN32); #endif conf = CONF_load(NULL, "ssleay.cnf", &eline); if (conf == NULL) { ERR_load_crypto_strings(); printf("unable to load configuration, line %ld\n", eline); ERR_print_errors_fp(stderr); exit(1); } lh_stats(conf, stdout); lh_node_stats(conf, stdout); lh_node_usage_stats(conf, stdout); s = CONF_get_string(conf, NULL, "init2"); printf("init2=%s\n", (s == NULL) ? "NULL" : s); s = CONF_get_string(conf, NULL, "cipher1"); printf("cipher1=%s\n", (s == NULL) ? "NULL" : s); s = CONF_get_string(conf, "s_client", "cipher1"); printf("s_client:cipher1=%s\n", (s == NULL) ? "NULL" : s); printf("---------------------------- DUMP ------------------------\n"); CONF_dump_fp(conf, stdout); return 0; }
int main(int argc, char **argv) { LHASH *conf; X509 *cert; FILE *inf; char *conf_file; int i; int count; X509_EXTENSION *ext; X509V3_add_standard_extensions(); ERR_load_crypto_strings(); if(!argv[1]) { fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n"); exit(1); } conf_file = argv[2]; if(!conf_file) conf_file = "test.cnf"; conf = CONF_load(NULL, "test.cnf", NULL); if(!conf) { fprintf(stderr, "Error opening Config file %s\n", conf_file); ERR_print_errors_fp(stderr); exit(1); } inf = fopen(argv[1], "r"); if(!inf) { fprintf(stderr, "Can't open certificate file %s\n", argv[1]); exit(1); } cert = PEM_read_X509(inf, NULL, NULL); if(!cert) { fprintf(stderr, "Error reading certificate file %s\n", argv[1]); exit(1); } fclose(inf); sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free); cert->cert_info->extensions = NULL; if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) { fprintf(stderr, "Error adding extensions\n"); ERR_print_errors_fp(stderr); exit(1); } count = X509_get_ext_count(cert); printf("%d extensions\n", count); for(i = 0; i < count; i++) { ext = X509_get_ext(cert, i); printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); if(ext->critical) printf(",critical:\n"); else printf(":\n"); X509V3_EXT_print_fp(stdout, ext, 0, 0); printf("\n"); } return 0; }
main() { LHASH *conf; long l; conf=CONF_load(NULL,"../../apps/openssl.cnf",&l); if (conf == NULL) { TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"error loading config, line %ld\n",l); TINYCLR_SSL_EXIT(1); } lh_doall(conf,LHASH_DOALL_FN(print_conf)); }
main() { LHASH *conf; long l; conf=CONF_load(NULL,"../../apps/openssl.cnf",&l); if (conf == NULL) { fprintf(stderr,"error loading config, line %ld\n",l); exit(1); } lh_doall(conf,print_conf); }
int scep_config(scep_t *scep, char *configfile) { char *name; BIO *bio; long eline; /* open the configuration file */ scep->conf = CONF_load(NULL, (configfile) ? configfile : OPENSCEPDIR "/openscep.cnf", &eline); if (scep->conf == NULL) { BIO_printf(bio_err, "%s:%d: cannot read config file %s\n", __FILE__, __LINE__, configfile); goto err; } /* see whether the configuration knows something about debug */ name = CONF_get_string(scep->conf, "scepd", "debug"); if (name) { if (atoi(name) > 0) debug = atoi(name); if (debug) BIO_printf(bio_err, "%s:%d: conf sets debug to %d\n", __FILE__, __LINE__, debug); } /* scan the configuration for some common values */ scep->name = CONF_get_string(scep->conf, "scepd", "name"); if (debug) BIO_printf(bio_err, "%s:%d: name: %s\n", __FILE__, __LINE__, scep->name); /* get the ca certificate, private key and crl */ name = CONF_get_string(scep->conf, "scepd", "cacert"); name = (name) ? name : OPENSCEPDIR "/cacert.pem"; bio = BIO_new(BIO_s_file()); BIO_read_filename(bio, name); scep->cacert = PEM_read_bio_X509(bio, NULL, NULL, NULL); if (scep->cacert == NULL) { BIO_printf(bio_err, "%s:%d: cannot read CA " "certificate\n", __FILE__, __LINE__); goto err; } BIO_free(bio); if (debug) BIO_printf(bio_err, "%s:%d: CA certificate from %s read\n", __FILE__, __LINE__, name); name = CONF_get_string(scep->conf, "scepd", "cakey"); name = (name) ? name : OPENSCEPDIR "/cakey.pem"; bio = BIO_new(BIO_s_file()); BIO_read_filename(bio, name); scep->capkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); if (scep->capkey == NULL) { BIO_printf(bio_err, "%s:%d: cannot read private key\n", __FILE__, __LINE__); goto err; } BIO_free(bio); if (debug) BIO_printf(bio_err, "%s:%d: CA private key from %s read\n", __FILE__, __LINE__, name); name = CONF_get_string(scep->conf, "scepd", "crl"); name = (name) ? name : OPENSCEPDIR "/crl.pem"; bio = BIO_new(BIO_s_file()); BIO_read_filename(bio, name); scep->crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL); if (scep->crl == NULL) { BIO_printf(bio_err, "%s:%d: cannot read CRL\n", __FILE__, __LINE__); goto err; } BIO_free(bio); if (debug) BIO_printf(bio_err, "%s:%d: CA CRL from %s read\n", __FILE__, __LINE__, name); /* set ldap parameters */ scep->l.ldaphost = CONF_get_string(scep->conf, "ldap", "ldaphost"); scep->l.ldapport = atoi(CONF_get_string(scep->conf, "ldap", "ldapport")); scep->l.ldapbase = CONF_get_string(scep->conf, "ldap", "ldapbase"); scep->l.binddn = CONF_get_string(scep->conf, "ldap", "binddn"); scep->l.bindpw = CONF_get_string(scep->conf, "ldap", "bindpw"); if (debug) BIO_printf(bio_err, "%s:%d: LDAP parameters ldap://%s:%d, " "base %s, bind as %s/%s\n", __FILE__, __LINE__, scep->l.ldaphost, scep->l.ldapport, (scep->l.ldapbase) ? scep->l.ldapbase : "(not set)", (scep->l.binddn) ? scep->l.binddn : "(not set)", (scep->l.bindpw) ? scep->l.bindpw : "(not set)"); /* configure automatic granting of requests */ name = CONF_get_string(scep->conf, "scepd", "automatic"); if (name != NULL) { if (strcasecmp(name, "true") == 0) { scep->automatic = 1; if (debug) BIO_printf(bio_err, "%s:%d: automatic mode " "enabled\n", __FILE__, __LINE__); } } /* check for transaction id checking against fingerprint */ name = CONF_get_string(scep->conf, "scepd", "checktransid"); if (name != NULL) { if ((strcasecmp(name, "false") == 0) || (strcasecmp(name, "no") == 0)) { scep->check_transid = 0; if (debug) BIO_printf(bio_err, "%s:%d: check of transid " "against fingerprint disabled\n", __FILE__, __LINE__); } } /* check for the proxy community string */ name = CONF_get_string(scep->conf, "scepd", "proxycommunity"); if (name != NULL) { scep->community = strdup(name); if (debug) BIO_printf(bio_err, "%s:%d: proxy community is '%s'\n", __FILE__, __LINE__, scep->community); } return 0; /* error return */ err: ERR_print_errors(bio_err); return -1; }
int main(int argc, char *argv[]) { LHASH *conf; long eline; char *section = NULL, *variable = NULL, *value; int c, n; /* parse command line */ while (EOF != (c = getopt(argc, argv, "df:"))) switch (c) { case 'd': debug++; break; case 'f': conffile = optarg; break; } if (debug) fprintf(stderr, "%s:%d: configuration file is '%s'\n", __FILE__, __LINE__, conffile); /* there should be one or two more arguments */ n = argc - optind; if ((n < 1) || (n > 2)) { fprintf(stderr, "%s:%d: wrong number of arguments\n", __FILE__, __LINE__); exit(EXIT_FAILURE); } switch (n) { case 2: section = argv[optind++]; case 1: variable = argv[optind]; break; } /* load the configuration file */ conf = CONF_load(NULL, conffile, &eline); if (conf == NULL) { ERR_load_crypto_strings(); fprintf(stderr, "unable to load configuration, line %ld\n", eline); ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } /* get the configuration value from the file */ if (debug) fprintf(stderr, "%s:%d: looking for '%s' in section '%s'\n", __FILE__, __LINE__, variable, (section) ? section : "(null)"); value = CONF_get_string(conf, section, variable); if (value == NULL) { if (debug) fprintf(stderr, "%s:%d: no value found\n", __FILE__, __LINE__); exit(EXIT_FAILURE); } if (debug) fprintf(stderr, "%s:%d [%s]%s = %s\n", __FILE__, __LINE__, (section) ? section : "-", variable, value); printf("%s\n", value); exit(EXIT_SUCCESS); }
CertificateRequestSPKAC* CertificateRequestFactory::fromSPKAC(std::string &path) throw (EncodeException, RandomException, NetscapeSPKIException) { STACK_OF(CONF_VALUE) *sk=NULL; LHASH_OF(CONF_VALUE) *parms=NULL; X509_REQ *req=NULL; CONF_VALUE *cv=NULL; NETSCAPE_SPKI *spki = NULL; X509_REQ_INFO *ri; char *type,*buf; EVP_PKEY *pktmp=NULL; X509_NAME *n=NULL; unsigned long chtype = MBSTRING_ASC; int i; long errline; int nid; CertificateRequestSPKAC* ret=NULL; /* * Load input file into a hash table. (This is just an easy * way to read and parse the file, then put it into a convenient * STACK format). */ parms=CONF_load(NULL,path.c_str(),&errline); if (parms == NULL) { throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC"); } sk=CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { if (parms != NULL) CONF_free(parms); throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC"); } /* * Now create a dummy X509 request structure. We don't actually * have an X509 request, but we have many of the components * (a public key, various DN components). The idea is that we * put these components into the right X509 request structure * and we can use the same code as if you had a real X509 request. */ req=X509_REQ_new(); if (req == NULL) { if (parms != NULL) CONF_free(parms); throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC"); } /* * Build up the subject name set. */ ri=req->req_info; n = ri->subject; for (i = 0; ; i++) { if (sk_CONF_VALUE_num(sk) <= i) break; cv=sk_CONF_VALUE_value(sk,i); type=cv->name; /* Skip past any leading X. X: X, etc to allow for * multiple instances */ for (buf = cv->name; *buf ; buf++) if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { buf++; if (*buf) type = buf; break; } buf=cv->value; if ((nid=OBJ_txt2nid(type)) == NID_undef) { if (strcmp(type, "SPKAC") == 0) { spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); if (spki == NULL) { if (parms != NULL) CONF_free(parms); throw EncodeException(EncodeException::BASE64_DECODE, "CertificateRequestFactory::fromSPKAC"); } } continue; } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *)buf, -1, -1, 0)) { if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC"); } } if (spki == NULL) { if (parms != NULL) CONF_free(parms); throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC"); } /* * Now extract the key from the SPKI structure. */ if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL) { if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC"); } X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); ret = new CertificateRequestSPKAC(req, spki); return ret; }