int
main()
{
LHASH *conf;
long eline;
char *s;
#ifdef USE_WIN32
CONF_set_default_method(CONF_WIN32);
#endif
conf = CONF_load(NULL, "ssleay.cnf", &eline);
if (conf == NULL) {
ERR_load_crypto_strings();
printf("unable to load configuration, line %ld\n", eline);
ERR_print_errors_fp(stderr);
exit(1);
}
lh_stats(conf, stdout);
lh_node_stats(conf, stdout);
lh_node_usage_stats(conf, stdout);
s = CONF_get_string(conf, NULL, "init2");
printf("init2=%s\n", (s == NULL) ? "NULL" : s);
s = CONF_get_string(conf, NULL, "cipher1");
printf("cipher1=%s\n", (s == NULL) ? "NULL" : s);
s = CONF_get_string(conf, "s_client", "cipher1");
printf("s_client:cipher1=%s\n", (s == NULL) ? "NULL" : s);
printf("---------------------------- DUMP ------------------------\n");
CONF_dump_fp(conf, stdout);
return 0;
}
main()
{
LHASH *conf;
long eline;
char *s,*s2;
#ifdef USE_WIN32
CONF_set_default_method(CONF_WIN32);
#endif
conf=CONF_load(NULL,"ssleay.cnf",&eline);
if (conf == NULL)
{
ERR_load_crypto_strings();
TINYCLR_SSL_PRINTF("unable to load configuration, line %ld\n",eline);
ERR_print_errors_fp(OPENSSL_TYPE__FILE_STDERR);
TINYCLR_SSL_EXIT(1);
}
lh_stats(conf,OPENSSL_TYPE__FILE_STDOUT);
lh_node_stats(conf,OPENSSL_TYPE__FILE_STDOUT);
lh_node_usage_stats(conf,OPENSSL_TYPE__FILE_STDOUT);
s=CONF_get_string(conf,NULL,"init2");
TINYCLR_SSL_PRINTF("init2=%s\n",(s == NULL)?"NULL":s);
s=CONF_get_string(conf,NULL,"cipher1");
TINYCLR_SSL_PRINTF("cipher1=%s\n",(s == NULL)?"NULL":s);
s=CONF_get_string(conf,"s_client","cipher1");
TINYCLR_SSL_PRINTF("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
TINYCLR_SSL_PRINTF("---------------------------- DUMP ------------------------\n");
CONF_dump_fp(conf, OPENSSL_TYPE__FILE_STDOUT);
TINYCLR_SSL_EXIT(0);
}
int scep_config(scep_t *scep, char *configfile) {
char *name;
BIO *bio;
long eline;
/* open the configuration file */
scep->conf = CONF_load(NULL, (configfile) ? configfile
: OPENSCEPDIR "/openscep.cnf", &eline);
if (scep->conf == NULL) {
BIO_printf(bio_err, "%s:%d: cannot read config file %s\n",
__FILE__, __LINE__, configfile);
goto err;
}
/* see whether the configuration knows something about debug */
name = CONF_get_string(scep->conf, "scepd", "debug");
if (name) {
if (atoi(name) > 0)
debug = atoi(name);
if (debug)
BIO_printf(bio_err, "%s:%d: conf sets debug to %d\n",
__FILE__, __LINE__, debug);
}
/* scan the configuration for some common values */
scep->name = CONF_get_string(scep->conf, "scepd", "name");
if (debug)
BIO_printf(bio_err, "%s:%d: name: %s\n", __FILE__, __LINE__,
scep->name);
/* get the ca certificate, private key and crl */
name = CONF_get_string(scep->conf, "scepd", "cacert");
name = (name) ? name : OPENSCEPDIR "/cacert.pem";
bio = BIO_new(BIO_s_file());
BIO_read_filename(bio, name);
scep->cacert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (scep->cacert == NULL) {
BIO_printf(bio_err, "%s:%d: cannot read CA "
"certificate\n", __FILE__, __LINE__);
goto err;
}
BIO_free(bio);
if (debug)
BIO_printf(bio_err, "%s:%d: CA certificate from %s read\n",
__FILE__, __LINE__, name);
name = CONF_get_string(scep->conf, "scepd", "cakey");
name = (name) ? name : OPENSCEPDIR "/cakey.pem";
bio = BIO_new(BIO_s_file());
BIO_read_filename(bio, name);
scep->capkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
if (scep->capkey == NULL) {
BIO_printf(bio_err, "%s:%d: cannot read private key\n",
__FILE__, __LINE__);
goto err;
}
BIO_free(bio);
if (debug)
BIO_printf(bio_err, "%s:%d: CA private key from %s read\n",
__FILE__, __LINE__, name);
name = CONF_get_string(scep->conf, "scepd", "crl");
name = (name) ? name : OPENSCEPDIR "/crl.pem";
bio = BIO_new(BIO_s_file());
BIO_read_filename(bio, name);
scep->crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
if (scep->crl == NULL) {
BIO_printf(bio_err, "%s:%d: cannot read CRL\n",
__FILE__, __LINE__);
goto err;
}
BIO_free(bio);
if (debug)
BIO_printf(bio_err, "%s:%d: CA CRL from %s read\n",
__FILE__, __LINE__, name);
/* set ldap parameters */
scep->l.ldaphost = CONF_get_string(scep->conf, "ldap", "ldaphost");
scep->l.ldapport = atoi(CONF_get_string(scep->conf, "ldap", "ldapport"));
scep->l.ldapbase = CONF_get_string(scep->conf, "ldap", "ldapbase");
scep->l.binddn = CONF_get_string(scep->conf, "ldap", "binddn");
scep->l.bindpw = CONF_get_string(scep->conf, "ldap", "bindpw");
if (debug)
BIO_printf(bio_err, "%s:%d: LDAP parameters ldap://%s:%d, "
"base %s, bind as %s/%s\n", __FILE__, __LINE__,
scep->l.ldaphost, scep->l.ldapport,
(scep->l.ldapbase) ? scep->l.ldapbase : "(not set)",
(scep->l.binddn) ? scep->l.binddn : "(not set)",
(scep->l.bindpw) ? scep->l.bindpw : "(not set)");
/* configure automatic granting of requests */
name = CONF_get_string(scep->conf, "scepd", "automatic");
if (name != NULL) {
if (strcasecmp(name, "true") == 0) {
scep->automatic = 1;
if (debug)
BIO_printf(bio_err, "%s:%d: automatic mode "
"enabled\n", __FILE__, __LINE__);
}
}
/* check for transaction id checking against fingerprint */
name = CONF_get_string(scep->conf, "scepd", "checktransid");
if (name != NULL) {
if ((strcasecmp(name, "false") == 0) ||
(strcasecmp(name, "no") == 0)) {
scep->check_transid = 0;
if (debug)
BIO_printf(bio_err, "%s:%d: check of transid "
"against fingerprint disabled\n",
__FILE__, __LINE__);
}
}
/* check for the proxy community string */
name = CONF_get_string(scep->conf, "scepd", "proxycommunity");
if (name != NULL) {
scep->community = strdup(name);
if (debug)
BIO_printf(bio_err, "%s:%d: proxy community is '%s'\n",
__FILE__, __LINE__, scep->community);
}
return 0;
/* error return */
err:
ERR_print_errors(bio_err);
return -1;
}
/*
* this function implements the CAs sign operation, with all the extensions
* required for SCEP. In particular, it allows to issue certificates with
* a distinguished name different from the one in the request. We can
* make sure here that the distinguished name can be put into our directory.
*/
int cert_grant(scep_t *scep) {
char *cmd;
int st;
pid_t pid;
/* XXX there is some missing stuff here XXX */
/* get the subject name from the request */
/* get the public key from the request */
/* verify that the public key from the request matches the req */
/* make sure the certificate does not exist yet */
/* check the command */
cmd = CONF_get_string(scep->conf, "scepd", "grantcmd");
if (cmd == NULL) {
BIO_printf(bio_err, "%s:%d: no grant command name defined\n",
__FILE__, __LINE__);
goto err;
}
/* run the external program that does the granting */
pid = fork();
if (pid < 0) {
BIO_printf(bio_err, "%s:%d: cannot fork: %s (%d)\n",
__FILE__, __LINE__, strerror(errno), errno);
goto err;
}
if (pid > 0) {
/* parent, wait for the new child */
if (pid != waitpid(pid, &st, 0)) {
BIO_printf(bio_err, "%s:%d: wait failed: %s (%d)\n",
__FILE__, __LINE__, strerror(errno), errno);
goto err;
}
/* make sure the command exited normally */
if (!WIFEXITED(st)) {
BIO_printf(bio_err, "%s:%d: grant command failed\n",
__FILE__, __LINE__);
goto err;
}
/* check the exit status of the grant command */
if (WEXITSTATUS(st)) {
BIO_printf(bio_err, "%s:%d: certificate grant cmd "
"'%s' failed\n", __FILE__, __LINE__, cmd);
goto err;
}
syslog(LOG_DEBUG, "%s:%d: certificate granted automatically",
__FILE__, __LINE__);
} else {
/* make sure child will not write anything to stdout */
dup2(2, 1);
/* the child, try to execute the grant command */
execl(CONF_get_string(scep->conf, "scepd", "grantcmd"),
"scepgrant", scep->transId, NULL);
BIO_printf(bio_err, "%s:%d: cannot exec the grant command: "
"%s (%d)\n", __FILE__, __LINE__, strerror(errno),
errno);
exit(EXIT_FAILURE);
}
return 0;
err:
syslog(LOG_ERR, "%s:%d: granting certificate failed", __FILE__,
__LINE__);
return -1;
}
int main(int argc, char *argv[]) {
LHASH *conf;
long eline;
char *section = NULL, *variable = NULL, *value;
int c, n;
/* parse command line */
while (EOF != (c = getopt(argc, argv, "df:")))
switch (c) {
case 'd':
debug++;
break;
case 'f':
conffile = optarg;
break;
}
if (debug)
fprintf(stderr, "%s:%d: configuration file is '%s'\n",
__FILE__, __LINE__, conffile);
/* there should be one or two more arguments */
n = argc - optind;
if ((n < 1) || (n > 2)) {
fprintf(stderr, "%s:%d: wrong number of arguments\n",
__FILE__, __LINE__);
exit(EXIT_FAILURE);
}
switch (n) {
case 2:
section = argv[optind++];
case 1:
variable = argv[optind];
break;
}
/* load the configuration file */
conf = CONF_load(NULL, conffile, &eline);
if (conf == NULL) {
ERR_load_crypto_strings();
fprintf(stderr, "unable to load configuration, line %ld\n",
eline);
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
/* get the configuration value from the file */
if (debug)
fprintf(stderr, "%s:%d: looking for '%s' in section '%s'\n",
__FILE__, __LINE__, variable,
(section) ? section : "(null)");
value = CONF_get_string(conf, section, variable);
if (value == NULL) {
if (debug)
fprintf(stderr, "%s:%d: no value found\n", __FILE__,
__LINE__);
exit(EXIT_FAILURE);
}
if (debug)
fprintf(stderr, "%s:%d [%s]%s = %s\n", __FILE__, __LINE__,
(section) ? section : "-", variable, value);
printf("%s\n", value);
exit(EXIT_SUCCESS);
}
int MAIN(int argc, char **argv)
{
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0,pubkey=0;
char *infile = NULL,*outfile = NULL,*prog;
char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
apps_startup();
if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
keyfile= *(++argv);
}
else if (strcmp(*argv,"-challenge") == 0)
{
if (--argc < 1) goto bad;
challenge= *(++argv);
}
else if (strcmp(*argv,"-spkac") == 0)
{
if (--argc < 1) goto bad;
spkac= *(++argv);
}
else if (strcmp(*argv,"-spksect") == 0)
{
if (--argc < 1) goto bad;
spksect= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
pubkey=1;
else if (strcmp(*argv,"-verify") == 0)
verify=1;
else badops = 1;
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options]\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -key arg create SPKAC using private key\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -challenge arg challenge string\n");
BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
goto end;
}
ERR_load_crypto_strings();
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if(keyfile) {
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
else key = BIO_new_fp(stdin, BIO_NOCLOSE);
if(!key) {
BIO_printf(bio_err, "Error opening key file\n");
ERR_print_errors(bio_err);
goto end;
}
pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
if(!pkey) {
BIO_printf(bio_err, "Error reading private key\n");
ERR_print_errors(bio_err);
goto end;
}
spki = NETSCAPE_SPKI_new();
if(challenge) ASN1_STRING_set(spki->spkac->challenge,
challenge, strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (outfile) out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(out, "SPKAC=%s\n", spkstr);
OPENSSL_free(spkstr);
ret = 0;
goto end;
}
if (infile) in = BIO_new_file(infile, "r");
else in = BIO_new_fp(stdin, BIO_NOCLOSE);
if(!in) {
BIO_printf(bio_err, "Error opening input file\n");
ERR_print_errors(bio_err);
goto end;
}
conf = CONF_load_bio(NULL, in, NULL);
if(!conf) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
spkstr = CONF_get_string(conf, spksect, spkac);
if(!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
ERR_print_errors(bio_err);
goto end;
}
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if(!spki) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile) out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
goto end;
}
if(!noout) NETSCAPE_SPKI_print(out, spki);
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if(verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if(i) BIO_printf(bio_err, "Signature OK\n");
else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;
}
}
if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
ret = 0;
end:
CONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free_all(out);
BIO_free(key);
EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin);
EXIT(ret);
}