ca.c File Reference

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <openssl/conf.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/txt_db.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/ocsp.h>
#include <openssl/pem.h>
#include <sys/file.h>
#include "apps.h"

Go to the source code of this file.

Defines
#define	F_OK   0
#define	X_OK   1
#define	W_OK   2
#define	R_OK   4
#define	PROG   ca_main
#define	BASE_SECTION   "ca"
#define	CONFIG_FILE   "openssl.cnf"
#define	ENV_DEFAULT_CA   "default_ca"
#define	STRING_MASK   "string_mask"
#define	UTF8_IN   "utf8"
#define	ENV_DIR   "dir"
#define	ENV_CERTS   "certs"
#define	ENV_CRL_DIR   "crl_dir"
#define	ENV_CA_DB   "CA_DB"
#define	ENV_NEW_CERTS_DIR   "new_certs_dir"
#define	ENV_CERTIFICATE   "certificate"
#define	ENV_SERIAL   "serial"
#define	ENV_CRLNUMBER   "crlnumber"
#define	ENV_CRL   "crl"
#define	ENV_PRIVATE_KEY   "private_key"
#define	ENV_RANDFILE   "RANDFILE"
#define	ENV_DEFAULT_DAYS   "default_days"
#define	ENV_DEFAULT_STARTDATE   "default_startdate"
#define	ENV_DEFAULT_ENDDATE   "default_enddate"
#define	ENV_DEFAULT_CRL_DAYS   "default_crl_days"
#define	ENV_DEFAULT_CRL_HOURS   "default_crl_hours"
#define	ENV_DEFAULT_MD   "default_md"
#define	ENV_DEFAULT_EMAIL_DN   "email_in_dn"
#define	ENV_PRESERVE   "preserve"
#define	ENV_POLICY   "policy"
#define	ENV_EXTENSIONS   "x509_extensions"
#define	ENV_CRLEXT   "crl_extensions"
#define	ENV_MSIE_HACK   "msie_hack"
#define	ENV_NAMEOPT   "name_opt"
#define	ENV_CERTOPT   "cert_opt"
#define	ENV_EXTCOPY   "copy_extensions"
#define	ENV_UNIQUE_SUBJECT   "unique_subject"
#define	ENV_DATABASE   "database"
#define	REV_NONE   0
#define	REV_CRL_REASON   1
#define	REV_HOLD   2
#define	REV_KEY_COMPROMISE   3
#define	REV_CA_COMPROMISE   4
#define	BSIZE   256
#define	NUM_REASONS   (sizeof(crl_reasons) / sizeof(char *))
Functions
static void	lookup_fail (const char *name, const char *tag)
static int	certify (X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE)*policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign)
static int	certify_cert (X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE)*policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e)
static int	certify_spkac (X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE)*policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy)
static int	fix_data (int nid, int *type)
static void	write_new_certificate (BIO *bp, X509 *x, int output_der, int notext)
static int	do_body (X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE)*policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign)
static int	do_revoke (X509 *x509, CA_DB *db, int ext, char *extval)
static int	get_certificate_status (const char *ser_status, CA_DB *db)
static int	do_updatedb (CA_DB *db)
static int	check_time_format (char *str)
char *	make_revocation_str (int rev_type, char *rev_arg)
int	make_revoked (X509_REVOKED *rev, const char *str)
int	old_entry_print (BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
int	MAIN (int, char **)
int	unpack_revinfo (ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
Variables
static const char *	ca_usage []
static CONF *	conf = NULL
static CONF *	extconf = NULL
static char *	section = NULL
static int	preserve = 0
static int	msie_hack = 0
static const char *	crl_reasons []

---

Define Documentation

#define BASE_SECTION   "ca"

Definition at line 103 of file ca.c.

#define BSIZE   256

#define CONFIG_FILE   "openssl.cnf"

Definition at line 104 of file ca.c.

#define ENV_CA_DB   "CA_DB"

Definition at line 114 of file ca.c.

#define ENV_CERTIFICATE   "certificate"

Definition at line 116 of file ca.c.

#define ENV_CERTOPT   "cert_opt"

Definition at line 135 of file ca.c.

#define ENV_CERTS   "certs"

Definition at line 112 of file ca.c.

#define ENV_CRL   "crl"

Definition at line 119 of file ca.c.

#define ENV_CRL_DIR   "crl_dir"

Definition at line 113 of file ca.c.

#define ENV_CRLEXT   "crl_extensions"

Definition at line 132 of file ca.c.

#define ENV_CRLNUMBER   "crlnumber"

Definition at line 118 of file ca.c.

#define ENV_DATABASE   "database"

Definition at line 139 of file ca.c.

#define ENV_DEFAULT_CA   "default_ca"

Definition at line 106 of file ca.c.

#define ENV_DEFAULT_CRL_DAYS   "default_crl_days"

Definition at line 125 of file ca.c.

#define ENV_DEFAULT_CRL_HOURS   "default_crl_hours"

Definition at line 126 of file ca.c.

#define ENV_DEFAULT_DAYS   "default_days"

Definition at line 122 of file ca.c.

#define ENV_DEFAULT_EMAIL_DN   "email_in_dn"

Definition at line 128 of file ca.c.

#define ENV_DEFAULT_ENDDATE   "default_enddate"

Definition at line 124 of file ca.c.

#define ENV_DEFAULT_MD   "default_md"

Definition at line 127 of file ca.c.

#define ENV_DEFAULT_STARTDATE   "default_startdate"

Definition at line 123 of file ca.c.

#define ENV_DIR   "dir"

Definition at line 111 of file ca.c.

#define ENV_EXTCOPY   "copy_extensions"

Definition at line 136 of file ca.c.

#define ENV_EXTENSIONS   "x509_extensions"

Definition at line 131 of file ca.c.

#define ENV_MSIE_HACK   "msie_hack"

Definition at line 133 of file ca.c.

#define ENV_NAMEOPT   "name_opt"

Definition at line 134 of file ca.c.

#define ENV_NEW_CERTS_DIR   "new_certs_dir"

Definition at line 115 of file ca.c.

#define ENV_POLICY   "policy"

Definition at line 130 of file ca.c.

#define ENV_PRESERVE   "preserve"

Definition at line 129 of file ca.c.

#define ENV_PRIVATE_KEY   "private_key"

Definition at line 120 of file ca.c.

#define ENV_RANDFILE   "RANDFILE"

Definition at line 121 of file ca.c.

#define ENV_SERIAL   "serial"

Definition at line 117 of file ca.c.

#define ENV_UNIQUE_SUBJECT   "unique_subject"

Definition at line 137 of file ca.c.

#define F_OK   0

Definition at line 94 of file ca.c.

#define NUM_REASONS   (sizeof(crl_reasons) / sizeof(char *))

Definition at line 2697 of file ca.c. Referenced by unpack_revinfo().

#define PROG   ca_main

Definition at line 101 of file ca.c.

#define R_OK   4

Definition at line 97 of file ca.c.

#define REV_CA_COMPROMISE   4

Definition at line 147 of file ca.c. Referenced by make_revocation_str().

#define REV_CRL_REASON   1

Definition at line 144 of file ca.c. Referenced by make_revocation_str().

#define REV_HOLD   2

Definition at line 145 of file ca.c. Referenced by make_revocation_str().

#define REV_KEY_COMPROMISE   3

Definition at line 146 of file ca.c. Referenced by make_revocation_str().

#define REV_NONE   0

Definition at line 143 of file ca.c. Referenced by make_revocation_str().

#define STRING_MASK   "string_mask"

Definition at line 108 of file ca.c.

#define UTF8_IN   "utf8"

Definition at line 109 of file ca.c.

#define W_OK   2

Definition at line 96 of file ca.c.

#define X_OK   1

Definition at line 95 of file ca.c.

---

Function Documentation

static int certify (  X509 **  xret, char *  infile, EVP_PKEY *  pkey, X509 *  x509, const EVP_MD *  dgst, STACK_OF(CONF_VALUE)*  policy, CA_DB *  db, BIGNUM *  serial, char *  subj, unsigned long  chtype, int  multirdn, int  email_dn, char *  startdate, char *  enddate, long  days, int  batch, char *  ext_sect, CONF *  conf, int  verbose, unsigned long  certopt, unsigned long  nameopt, int  default_op, int  ext_copy, int  selfsign )  [static]

Definition at line 1533 of file ca.c. References BIO_free(), BIO_new(), BIO_printf(), BIO_read_filename, BIO_s_file(), do_body(), EVP_PKEY_free(), X509_REQ_check_private_key(), X509_REQ_get_pubkey(), X509_REQ_print(), and X509_REQ_verify(). { X509_REQ *req=NULL; BIO *in=NULL; EVP_PKEY *pktmp=NULL; int ok= -1,i; in=BIO_new(BIO_s_file()); if (BIO_read_filename(in,infile) <= 0) { perror(infile); goto err; } if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL) { BIO_printf(bio_err,"Error reading certificate request in %s\n", infile); goto err; } if (verbose) X509_REQ_print(bio_err,req); BIO_printf(bio_err,"Check that the request matches the signature\n"); if (selfsign && !X509_REQ_check_private_key(req,pkey)) { BIO_printf(bio_err,"Certificate request and CA private key do not match\n"); ok=0; goto err; } if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err,"error unpacking public key\n"); goto err; } i=X509_REQ_verify(req,pktmp); EVP_PKEY_free(pktmp); if (i < 0) { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); goto err; } else BIO_printf(bio_err,"Signature ok\n"); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, selfsign); err: if (req != NULL) X509_REQ_free(req); if (in != NULL) BIO_free(in); return(ok); }

static int certify_cert (  X509 **  xret, char *  infile, EVP_PKEY *  pkey, X509 *  x509, const EVP_MD *  dgst, STACK_OF(CONF_VALUE)*  policy, CA_DB *  db, BIGNUM *  serial, char *  subj, unsigned long  chtype, int  multirdn, int  email_dn, char *  startdate, char *  enddate, long  days, int  batch, char *  ext_sect, CONF *  conf, int  verbose, unsigned long  certopt, unsigned long  nameopt, int  default_op, int  ext_copy, ENGINE *  e )  [static]

Definition at line 1601 of file ca.c. References BIO_printf(), do_body(), EVP_md5(), EVP_PKEY_free(), FORMAT_PEM, load_cert(), X509_get_pubkey(), X509_print(), X509_to_X509_REQ(), and X509_verify(). { X509 *req=NULL; X509_REQ *rreq=NULL; EVP_PKEY *pktmp=NULL; int ok= -1,i; if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL) goto err; if (verbose) X509_print(bio_err,req); BIO_printf(bio_err,"Check that the request matches the signature\n"); if ((pktmp=X509_get_pubkey(req)) == NULL) { BIO_printf(bio_err,"error unpacking public key\n"); goto err; } i=X509_verify(req,pktmp); EVP_PKEY_free(pktmp); if (i < 0) { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate\n"); goto err; } else BIO_printf(bio_err,"Signature ok\n"); if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); err: if (rreq != NULL) X509_REQ_free(rreq); if (req != NULL) X509_free(req); return(ok); }

static int certify_spkac (  X509 **  xret, char *  infile, EVP_PKEY *  pkey, X509 *  x509, const EVP_MD *  dgst, STACK_OF(CONF_VALUE)*  policy, CA_DB *  db, BIGNUM *  serial, char *  subj, unsigned long  chtype, int  multirdn, int  email_dn, char *  startdate, char *  enddate, long  days, char *  ext_sect, CONF *  conf, int  verbose, unsigned long  certopt, unsigned long  nameopt, int  default_op, int  ext_copy )  [static]

Definition at line 2225 of file ca.c. References ASN1_PRINTABLE_type(), BIO_printf(), CONF_free(), CONF_load(), do_body(), ERR_print_errors(), EVP_PKEY_free(), fix_data(), CONF_VALUE::name, NETSCAPE_SPKI_b64_decode(), NETSCAPE_SPKI_get_pubkey(), NETSCAPE_SPKI_verify(), nid, NID_undef, OBJ_txt2nid(), X509_req_st::req_info, sk_CONF_VALUE_num, sk_CONF_VALUE_value, STACK_OF, X509_req_info_st::subject, type, CONF_VALUE::value, X509_NAME_add_entry(), X509_NAME_ENTRY_create_by_NID(), and X509_REQ_set_pubkey(). { STACK_OF(CONF_VALUE) *sk=NULL; LHASH *parms=NULL; X509_REQ *req=NULL; CONF_VALUE *cv=NULL; NETSCAPE_SPKI *spki = NULL; X509_REQ_INFO *ri; char *type,*buf; EVP_PKEY *pktmp=NULL; X509_NAME *n=NULL; X509_NAME_ENTRY *ne=NULL; int ok= -1,i,j; long errline; int nid; /* * Load input file into a hash table. (This is just an easy * way to read and parse the file, then put it into a convenient * STACK format). */ parms=CONF_load(NULL,infile,&errline); if (parms == NULL) { BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile); ERR_print_errors(bio_err); goto err; } sk=CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); CONF_free(parms); goto err; } /* * Now create a dummy X509 request structure. We don't actually * have an X509 request, but we have many of the components * (a public key, various DN components). The idea is that we * put these components into the right X509 request structure * and we can use the same code as if you had a real X509 request. */ req=X509_REQ_new(); if (req == NULL) { ERR_print_errors(bio_err); goto err; } /* * Build up the subject name set. */ ri=req->req_info; n = ri->subject; for (i = 0; ; i++) { if (sk_CONF_VALUE_num(sk) <= i) break; cv=sk_CONF_VALUE_value(sk,i); type=cv->name; /* Skip past any leading X. X: X, etc to allow for * multiple instances */ for (buf = cv->name; *buf ; buf++) if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { buf++; if (*buf) type = buf; break; } buf=cv->value; if ((nid=OBJ_txt2nid(type)) == NID_undef) { if (strcmp(type, "SPKAC") == 0) { spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); if (spki == NULL) { BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n"); ERR_print_errors(bio_err); goto err; } } continue; } /* if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0)) continue; */ j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); if (fix_data(nid, &j) == 0) { BIO_printf(bio_err, "invalid characters in string %s\n",buf); goto err; } if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j, (unsigned char *)buf, strlen(buf))) == NULL) goto err; if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err; } if (spki == NULL) { BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n", infile); goto err; } /* * Now extract the key from the SPKI structure. */ BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n"); if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL) { BIO_printf(bio_err,"error unpacking SPKAC public key\n"); goto err; } j = NETSCAPE_SPKI_verify(spki, pktmp); if (j <= 0) { BIO_printf(bio_err,"signature verification failed on SPKAC public key\n"); goto err; } BIO_printf(bio_err,"Signature ok\n"); X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); err: if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); if (ne != NULL) X509_NAME_ENTRY_free(ne); return(ok); }

static int check_time_format (  char *  str  )  [static]

Definition at line 2395 of file ca.c. References ASN1_UTCTIME_check(), asn1_string_st::data, asn1_string_st::length, asn1_string_st::type, and V_ASN1_UTCTIME. { ASN1_UTCTIME tm; tm.data=(unsigned char *)str; tm.length=strlen(str); tm.type=V_ASN1_UTCTIME; return(ASN1_UTCTIME_check(&tm)); }

static int do_body (  X509 **  xret, EVP_PKEY *  pkey, X509 *  x509, const EVP_MD *  dgst, STACK_OF(CONF_VALUE)*  policy, CA_DB *  db, BIGNUM *  serial, char *  subj, unsigned long  chtype, int  multirdn, int  email_dn, char *  startdate, char *  enddate, long  days, int  batch, int  verbose, X509_REQ *  req, char *  ext_sect, CONF *  conf, unsigned long  certopt, unsigned long  nameopt, int  default_op, int  ext_copy, int  selfsign )  [static]

Definition at line 1655 of file ca.c. References ASN1_INTEGER_set(), ASN1_PRINTABLE_type(), ASN1_STRING_cmp(), ASN1_UNIVERSALSTRING_to_string(), ASN1_UTCTIME_print(), ASN1_UTCTIME_set_string(), ca_db_st::attributes, BIO_flush, BIO_printf(), BN_bn2hex(), BN_is_zero, BN_to_ASN1_INTEGER(), BUF_strdup(), BUF_strlcpy(), x509_st::cert_info, copy_extensions(), asn1_string_st::data, ca_db_st::db, DB_file, DB_name, DB_NUMBER, DB_serial, DB_type, X509_req_info_st::enc, ERR_print_errors(), txt_db_st::error, EVP_dss1(), EVP_ecdsa(), EVP_PKEY_copy_parameters(), EVP_PKEY_DSA, EVP_PKEY_EC, EVP_PKEY_free(), EVP_PKEY_missing_parameters(), asn1_string_st::length, ASN1_ENCODING_st::modified, CONF_VALUE::name, nid, NID_pkcs9_emailAddress, NID_undef, obj, OBJ_nid2obj(), OBJ_obj2nid(), OBJ_txt2nid(), X509_name_entry_st::object, old_entry_print(), OPENSSL_free, OPENSSL_malloc, parse_name(), X509_req_st::req_info, x509_cinf_st::serialNumber, sk_CONF_VALUE_num, sk_CONF_VALUE_value, sk_X509_EXTENSION_pop_free, x509_cinf_st::subject, TXT_DB_get_by_index(), TXT_DB_insert(), evp_pkey_st::type, asn1_string_st::type, db_attr_st::unique_subject, V_ASN1_BMPSTRING, V_ASN1_IA5STRING, V_ASN1_PRINTABLESTRING, V_ASN1_T61STRING, V_ASN1_UNIVERSALSTRING, V_ASN1_UTF8STRING, CONF_VALUE::value, x509_cinf_st::version, void(), X509_FLAG_NO_SIGDUMP, X509_FLAG_NO_SIGNAME, X509_get_notAfter, X509_get_notBefore, X509_get_pubkey(), X509_get_subject_name(), X509_gmtime_adj(), X509_NAME_add_entry(), X509_NAME_delete_entry(), X509_NAME_dup(), X509_NAME_entry_count(), X509_NAME_ENTRY_get_data(), X509_NAME_ENTRY_get_object(), X509_NAME_get_entry(), X509_NAME_get_index_by_NID(), X509_NAME_get_index_by_OBJ(), X509_NAME_oneline(), X509_print_ex(), X509_REQ_get_pubkey(), X509_REQ_get_subject_name, X509_REQ_set_subject_name(), X509_set_issuer_name(), X509_set_pubkey(), X509_set_subject_name(), X509_set_version(), X509_sign(), X509V3_EXT_add_nconf(), X509V3_set_ctx(), and X509V3_set_nconf(). Referenced by certify(), certify_cert(), and certify_spkac(). { X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; ASN1_UTCTIME *tm,*tmptm; ASN1_STRING *str,*str2; ASN1_OBJECT *obj; X509 *ret=NULL; X509_CINF *ci; X509_NAME_ENTRY *ne; X509_NAME_ENTRY *tne,*push; EVP_PKEY *pktmp; int ok= -1,i,j,last,nid; const char *p; CONF_VALUE *cv; char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; char buf[25]; tmptm=ASN1_UTCTIME_new(); if (tmptm == NULL) { BIO_printf(bio_err,"malloc error\n"); return(0); } for (i=0; i<DB_NUMBER; i++) row[i]=NULL; if (subj) { X509_NAME *n = parse_name(subj, chtype, multirdn); if (!n) { ERR_print_errors(bio_err); goto err; } X509_REQ_set_subject_name(req,n); req->req_info->enc.modified = 1; X509_NAME_free(n); } if (default_op) BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n"); name=X509_REQ_get_subject_name(req); for (i=0; i<X509_NAME_entry_count(name); i++) { ne= X509_NAME_get_entry(name,i); str=X509_NAME_ENTRY_get_data(ne); obj=X509_NAME_ENTRY_get_object(ne); if (msie_hack) { /* assume all type should be strings */ nid=OBJ_obj2nid(ne->object); if (str->type == V_ASN1_UNIVERSALSTRING) ASN1_UNIVERSALSTRING_to_string(str); if ((str->type == V_ASN1_IA5STRING) && (nid != NID_pkcs9_emailAddress)) str->type=V_ASN1_T61STRING; if ((nid == NID_pkcs9_emailAddress) && (str->type == V_ASN1_PRINTABLESTRING)) str->type=V_ASN1_IA5STRING; } /* If no EMAIL is wanted in the subject */ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn)) continue; /* check some things */ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (str->type != V_ASN1_IA5STRING)) { BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n"); goto err; } if (