main()
{
LHASH *conf;
long eline;
char *s,*s2;
#ifdef USE_WIN32
CONF_set_default_method(CONF_WIN32);
#endif
conf=CONF_load(NULL,"ssleay.cnf",&eline);
if (conf == NULL)
{
ERR_load_crypto_strings();
TINYCLR_SSL_PRINTF("unable to load configuration, line %ld\n",eline);
ERR_print_errors_fp(OPENSSL_TYPE__FILE_STDERR);
TINYCLR_SSL_EXIT(1);
}
lh_stats(conf,OPENSSL_TYPE__FILE_STDOUT);
lh_node_stats(conf,OPENSSL_TYPE__FILE_STDOUT);
lh_node_usage_stats(conf,OPENSSL_TYPE__FILE_STDOUT);
s=CONF_get_string(conf,NULL,"init2");
TINYCLR_SSL_PRINTF("init2=%s\n",(s == NULL)?"NULL":s);
s=CONF_get_string(conf,NULL,"cipher1");
TINYCLR_SSL_PRINTF("cipher1=%s\n",(s == NULL)?"NULL":s);
s=CONF_get_string(conf,"s_client","cipher1");
TINYCLR_SSL_PRINTF("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
TINYCLR_SSL_PRINTF("---------------------------- DUMP ------------------------\n");
CONF_dump_fp(conf, OPENSSL_TYPE__FILE_STDOUT);
TINYCLR_SSL_EXIT(0);
}
int
main()
{
LHASH *conf;
long eline;
char *s;
#ifdef USE_WIN32
CONF_set_default_method(CONF_WIN32);
#endif
conf = CONF_load(NULL, "ssleay.cnf", &eline);
if (conf == NULL) {
ERR_load_crypto_strings();
printf("unable to load configuration, line %ld\n", eline);
ERR_print_errors_fp(stderr);
exit(1);
}
lh_stats(conf, stdout);
lh_node_stats(conf, stdout);
lh_node_usage_stats(conf, stdout);
s = CONF_get_string(conf, NULL, "init2");
printf("init2=%s\n", (s == NULL) ? "NULL" : s);
s = CONF_get_string(conf, NULL, "cipher1");
printf("cipher1=%s\n", (s == NULL) ? "NULL" : s);
s = CONF_get_string(conf, "s_client", "cipher1");
printf("s_client:cipher1=%s\n", (s == NULL) ? "NULL" : s);
printf("---------------------------- DUMP ------------------------\n");
CONF_dump_fp(conf, stdout);
return 0;
}
int main(int argc, char **argv)
{
LHASH *conf;
X509 *cert;
FILE *inf;
char *conf_file;
int i;
int count;
X509_EXTENSION *ext;
X509V3_add_standard_extensions();
ERR_load_crypto_strings();
if(!argv[1]) {
fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
exit(1);
}
conf_file = argv[2];
if(!conf_file) conf_file = "test.cnf";
conf = CONF_load(NULL, "test.cnf", NULL);
if(!conf) {
fprintf(stderr, "Error opening Config file %s\n", conf_file);
ERR_print_errors_fp(stderr);
exit(1);
}
inf = fopen(argv[1], "r");
if(!inf) {
fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
exit(1);
}
cert = PEM_read_X509(inf, NULL, NULL);
if(!cert) {
fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
exit(1);
}
fclose(inf);
sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
cert->cert_info->extensions = NULL;
if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
fprintf(stderr, "Error adding extensions\n");
ERR_print_errors_fp(stderr);
exit(1);
}
count = X509_get_ext_count(cert);
printf("%d extensions\n", count);
for(i = 0; i < count; i++) {
ext = X509_get_ext(cert, i);
printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
if(ext->critical) printf(",critical:\n");
else printf(":\n");
X509V3_EXT_print_fp(stdout, ext, 0, 0);
printf("\n");
}
return 0;
}
main()
{
LHASH *conf;
long l;
conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
if (conf == NULL)
{
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"error loading config, line %ld\n",l);
TINYCLR_SSL_EXIT(1);
}
lh_doall(conf,LHASH_DOALL_FN(print_conf));
}
main()
{
LHASH *conf;
long l;
conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
if (conf == NULL)
{
fprintf(stderr,"error loading config, line %ld\n",l);
exit(1);
}
lh_doall(conf,print_conf);
}
int scep_config(scep_t *scep, char *configfile) {
char *name;
BIO *bio;
long eline;
/* open the configuration file */
scep->conf = CONF_load(NULL, (configfile) ? configfile
: OPENSCEPDIR "/openscep.cnf", &eline);
if (scep->conf == NULL) {
BIO_printf(bio_err, "%s:%d: cannot read config file %s\n",
__FILE__, __LINE__, configfile);
goto err;
}
/* see whether the configuration knows something about debug */
name = CONF_get_string(scep->conf, "scepd", "debug");
if (name) {
if (atoi(name) > 0)
debug = atoi(name);
if (debug)
BIO_printf(bio_err, "%s:%d: conf sets debug to %d\n",
__FILE__, __LINE__, debug);
}
/* scan the configuration for some common values */
scep->name = CONF_get_string(scep->conf, "scepd", "name");
if (debug)
BIO_printf(bio_err, "%s:%d: name: %s\n", __FILE__, __LINE__,
scep->name);
/* get the ca certificate, private key and crl */
name = CONF_get_string(scep->conf, "scepd", "cacert");
name = (name) ? name : OPENSCEPDIR "/cacert.pem";
bio = BIO_new(BIO_s_file());
BIO_read_filename(bio, name);
scep->cacert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (scep->cacert == NULL) {
BIO_printf(bio_err, "%s:%d: cannot read CA "
"certificate\n", __FILE__, __LINE__);
goto err;
}
BIO_free(bio);
if (debug)
BIO_printf(bio_err, "%s:%d: CA certificate from %s read\n",
__FILE__, __LINE__, name);
name = CONF_get_string(scep->conf, "scepd", "cakey");
name = (name) ? name : OPENSCEPDIR "/cakey.pem";
bio = BIO_new(BIO_s_file());
BIO_read_filename(bio, name);
scep->capkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
if (scep->capkey == NULL) {
BIO_printf(bio_err, "%s:%d: cannot read private key\n",
__FILE__, __LINE__);
goto err;
}
BIO_free(bio);
if (debug)
BIO_printf(bio_err, "%s:%d: CA private key from %s read\n",
__FILE__, __LINE__, name);
name = CONF_get_string(scep->conf, "scepd", "crl");
name = (name) ? name : OPENSCEPDIR "/crl.pem";
bio = BIO_new(BIO_s_file());
BIO_read_filename(bio, name);
scep->crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
if (scep->crl == NULL) {
BIO_printf(bio_err, "%s:%d: cannot read CRL\n",
__FILE__, __LINE__);
goto err;
}
BIO_free(bio);
if (debug)
BIO_printf(bio_err, "%s:%d: CA CRL from %s read\n",
__FILE__, __LINE__, name);
/* set ldap parameters */
scep->l.ldaphost = CONF_get_string(scep->conf, "ldap", "ldaphost");
scep->l.ldapport = atoi(CONF_get_string(scep->conf, "ldap", "ldapport"));
scep->l.ldapbase = CONF_get_string(scep->conf, "ldap", "ldapbase");
scep->l.binddn = CONF_get_string(scep->conf, "ldap", "binddn");
scep->l.bindpw = CONF_get_string(scep->conf, "ldap", "bindpw");
if (debug)
BIO_printf(bio_err, "%s:%d: LDAP parameters ldap://%s:%d, "
"base %s, bind as %s/%s\n", __FILE__, __LINE__,
scep->l.ldaphost, scep->l.ldapport,
(scep->l.ldapbase) ? scep->l.ldapbase : "(not set)",
(scep->l.binddn) ? scep->l.binddn : "(not set)",
(scep->l.bindpw) ? scep->l.bindpw : "(not set)");
/* configure automatic granting of requests */
name = CONF_get_string(scep->conf, "scepd", "automatic");
if (name != NULL) {
if (strcasecmp(name, "true") == 0) {
scep->automatic = 1;
if (debug)
BIO_printf(bio_err, "%s:%d: automatic mode "
"enabled\n", __FILE__, __LINE__);
}
}
/* check for transaction id checking against fingerprint */
name = CONF_get_string(scep->conf, "scepd", "checktransid");
if (name != NULL) {
if ((strcasecmp(name, "false") == 0) ||
(strcasecmp(name, "no") == 0)) {
scep->check_transid = 0;
if (debug)
BIO_printf(bio_err, "%s:%d: check of transid "
"against fingerprint disabled\n",
__FILE__, __LINE__);
}
}
/* check for the proxy community string */
name = CONF_get_string(scep->conf, "scepd", "proxycommunity");
if (name != NULL) {
scep->community = strdup(name);
if (debug)
BIO_printf(bio_err, "%s:%d: proxy community is '%s'\n",
__FILE__, __LINE__, scep->community);
}
return 0;
/* error return */
err:
ERR_print_errors(bio_err);
return -1;
}
int main(int argc, char *argv[]) {
LHASH *conf;
long eline;
char *section = NULL, *variable = NULL, *value;
int c, n;
/* parse command line */
while (EOF != (c = getopt(argc, argv, "df:")))
switch (c) {
case 'd':
debug++;
break;
case 'f':
conffile = optarg;
break;
}
if (debug)
fprintf(stderr, "%s:%d: configuration file is '%s'\n",
__FILE__, __LINE__, conffile);
/* there should be one or two more arguments */
n = argc - optind;
if ((n < 1) || (n > 2)) {
fprintf(stderr, "%s:%d: wrong number of arguments\n",
__FILE__, __LINE__);
exit(EXIT_FAILURE);
}
switch (n) {
case 2:
section = argv[optind++];
case 1:
variable = argv[optind];
break;
}
/* load the configuration file */
conf = CONF_load(NULL, conffile, &eline);
if (conf == NULL) {
ERR_load_crypto_strings();
fprintf(stderr, "unable to load configuration, line %ld\n",
eline);
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
/* get the configuration value from the file */
if (debug)
fprintf(stderr, "%s:%d: looking for '%s' in section '%s'\n",
__FILE__, __LINE__, variable,
(section) ? section : "(null)");
value = CONF_get_string(conf, section, variable);
if (value == NULL) {
if (debug)
fprintf(stderr, "%s:%d: no value found\n", __FILE__,
__LINE__);
exit(EXIT_FAILURE);
}
if (debug)
fprintf(stderr, "%s:%d [%s]%s = %s\n", __FILE__, __LINE__,
(section) ? section : "-", variable, value);
printf("%s\n", value);
exit(EXIT_SUCCESS);
}
CertificateRequestSPKAC* CertificateRequestFactory::fromSPKAC(std::string &path)
throw (EncodeException, RandomException, NetscapeSPKIException)
{
STACK_OF(CONF_VALUE) *sk=NULL;
LHASH_OF(CONF_VALUE) *parms=NULL;
X509_REQ *req=NULL;
CONF_VALUE *cv=NULL;
NETSCAPE_SPKI *spki = NULL;
X509_REQ_INFO *ri;
char *type,*buf;
EVP_PKEY *pktmp=NULL;
X509_NAME *n=NULL;
unsigned long chtype = MBSTRING_ASC;
int i;
long errline;
int nid;
CertificateRequestSPKAC* ret=NULL;
/*
* Load input file into a hash table. (This is just an easy
* way to read and parse the file, then put it into a convenient
* STACK format).
*/
parms=CONF_load(NULL,path.c_str(),&errline);
if (parms == NULL)
{
throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC");
}
sk=CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0)
{
if (parms != NULL) CONF_free(parms);
throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC");
}
/*
* Now create a dummy X509 request structure. We don't actually
* have an X509 request, but we have many of the components
* (a public key, various DN components). The idea is that we
* put these components into the right X509 request structure
* and we can use the same code as if you had a real X509 request.
*/
req=X509_REQ_new();
if (req == NULL)
{
if (parms != NULL) CONF_free(parms);
throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC");
}
/*
* Build up the subject name set.
*/
ri=req->req_info;
n = ri->subject;
for (i = 0; ; i++)
{
if (sk_CONF_VALUE_num(sk) <= i) break;
cv=sk_CONF_VALUE_value(sk,i);
type=cv->name;
/* Skip past any leading X. X: X, etc to allow for
* multiple instances
*/
for (buf = cv->name; *buf ; buf++)
if ((*buf == ':') || (*buf == ',') || (*buf == '.'))
{
buf++;
if (*buf) type = buf;
break;
}
buf=cv->value;
if ((nid=OBJ_txt2nid(type)) == NID_undef)
{
if (strcmp(type, "SPKAC") == 0)
{
spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
if (spki == NULL)
{
if (parms != NULL) CONF_free(parms);
throw EncodeException(EncodeException::BASE64_DECODE, "CertificateRequestFactory::fromSPKAC");
}
}
continue;
}
if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *)buf, -1, -1, 0))
{
if (parms != NULL) CONF_free(parms);
if (spki != NULL) NETSCAPE_SPKI_free(spki);
throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC");
}
}
if (spki == NULL)
{
if (parms != NULL) CONF_free(parms);
throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC");
}
/*
* Now extract the key from the SPKI structure.
*/
if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)
{
if (parms != NULL) CONF_free(parms);
if (spki != NULL) NETSCAPE_SPKI_free(spki);
throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC");
}
X509_REQ_set_pubkey(req,pktmp);
EVP_PKEY_free(pktmp);
ret = new CertificateRequestSPKAC(req, spki);
return ret;
}
