* Why does the linker complain about undefined symbols?
* Where can I get a compiled version of OpenSSL?
* I've compiled a program under Windows and it crashes: why?
+* How do I read or write a DER encoded buffer using the ASN1 functions?
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
* I've called <some function> and it fails, why?
* I just get a load of numbers for the error output, what do they mean?
first BIO related read or write operation.
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+
+You have two options. You can either use a memory BIO in conjunction
+with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
+i2d_XXX(), d2i_XXX() functions directly. Since these are often the
+cause of grief here are some code fragments using PKCS7 as an example:
+
+unsigned char *buf, *p;
+int len;
+
+len = i2d_PKCS7(p7, NULL);
+buf = OPENSSL_Malloc(len); /* or Malloc, error checking omitted */
+p = buf;
+i2d_PKCS7(p7, &p);
+
+At this point buf contains the len bytes of the DER encoding of
+p7.
+
+The opposite assumes we already have len bytes in buf:
+
+unsigned char *p;
+p = buf;
+p7 = d2i_PKCS7(NULL, &p, len);
+
+At this point p7 contains a valid PKCS7 structure of NULL if an error
+occurred. If an error occurred ERR_print_errors(bio) should give more
+information.
+
+The reason for the temporary variable 'p' is that the ASN1 functions
+increment the passed pointer so it is ready to read or write the next
+structure. This is often a cause of problems: without the temporary
+variable the buffer pointer is changed to point just after the data
+that has been read or written. This may well be uninitialized data
+and attempts to free the buffer will have unpredictable results
+because it no longer points to the same address.
+
+
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
This usually happens when you try compiling something using the PKCS#12
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
- If "make" fails, please report the problem to <openssl-bugs@openssl.org>
- (note that your message will be forwarded to a public mailing list).
- Include the output of "make report" in your message.
+ If "make" fails, look at the output. There may be reasons for
+ the failure that isn't a problem in OpenSSL itself (like missing
+ standard headers). If it is a problem with OpenSSL itself, please
+ report the problem to <openssl-bugs@openssl.org> (note that your
+ message will be forwarded to a public mailing list). Include the
+ output of "make report" in your message.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]
$ make test
- If a test fails, try removing any compiler optimization flags from
- the CFLAGS line in Makefile.ssl and run "make clean; make". Please
- send a bug report to <openssl-bugs@openssl.org>, including the
- output of "make report".
+ If a test fails, look at the output. There may be reasons for
+ the failure that isn't a problem in OpenSSL itself (like a missing
+ or malfunctioning bc). If it is a problem with OpenSSL itself,
+ try removing any compiler optimization flags from the CFLAGS line
+ in Makefile.ssl and run "make clean; make". Please send a bug
+ report to <openssl-bugs@openssl.org>, including the output of
+ "make report".
4. If everything tests ok, install OpenSSL with
*
*/
#include "apps.h"
+#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
struct tm *ts;
-#if defined(THREADS) && !defined(WIN32)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
struct tm data;
-#endif
-#if defined(THREADS) && !defined(WIN32)
gmtime_r(&t,&data);
ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
#else
{
char *p;
struct tm *ts;
-#if defined(THREADS) && !defined(WIN32)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+
struct tm data;
#endif
if (s == NULL)
return(NULL);
-#if defined(THREADS) && !defined(WIN32)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
ts=&data;
#else
t -= offset*60; /* FIXME: may overflow in extreme cases */
-#if defined(THREADS) && !defined(WIN32)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
{ struct tm data; gmtime_r(&t, &data); tm = &data; }
#else
tm = gmtime(&t);
struct rpc_msg msg;
};
-static int rtcp_write(BIO *h,char *buf,int num);
+static int rtcp_write(BIO *h,const char *buf,int num);
static int rtcp_read(BIO *h,char *buf,int size);
-static int rtcp_puts(BIO *h,char *str);
+static int rtcp_puts(BIO *h,const char *str);
static int rtcp_gets(BIO *h,char *str,int size);
-static long rtcp_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);
static int rtcp_new(BIO *h);
static int rtcp_free(BIO *data);
return length;
}
-static int rtcp_write(BIO *b, char *in, int inl)
+static int rtcp_write(BIO *b, const char *in, int inl)
{
int status, i, segment, length;
struct rpc_ctx *ctx;
return(i);
}
-static long rtcp_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret=1;
return(0);
}
-static int rtcp_puts(BIO *bp, char *str)
+static int rtcp_puts(BIO *bp, const char *str)
{
int length;
if (str == NULL) return(0);
#endif
#include <assert.h>
+#include <string.h>
#include <openssl/conf.h>
#include <openssl/conf_api.h>
"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log"
$ LIB_STACK = "stack"
$ LIB_LHASH = "lhash,lh_stats"
-$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd"
+$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,rand_win"
$ LIB_ERR = "err,err_all,err_prn"
$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ -
"e_des,e_bf,e_idea,e_des3,"+ -
"e_rc4,names,"+ -
- "e_xcbc_d,e_rc2,e_cast,e_rc5,"
+ "e_xcbc_d,e_rc2,e_cast,e_rc5"
$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
"m_dss,m_dss1,m_mdc2,m_ripemd,"+ -
"p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."")
$ THEN
$!
-$! Tell The User That The File Dosen't Exist.
+$! Tell The User That The File Doesn't Exist.
$!
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Dosen't Exist."
+$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Doesn't Exist."
$ WRITE SYS$OUTPUT ""
$!
$! Exit The Build.
$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."")
$ THEN
$!
-$! Tell The User That The File Dosen't Exist.
+$! Tell The User That The File Doesn't Exist.
$!
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Dosen't Exist."
+$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Doesn't Exist."
$ WRITE SYS$OUTPUT ""
$!
$! Exit The Build.
$ IF (F$SEARCH(SOURCE_FILE).EQS."")
$ THEN
$!
-$! Tell The User That The File Dosen't Exist.
+$! Tell The User That The File Doesn't Exist.
$!
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
$ WRITE SYS$OUTPUT ""
$!
$! Exit The Build.
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code."
$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to"
-$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the"
+$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file doesn't have the"
$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file"
$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory"
$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files."
#include <sys/ioctl.h>
#endif
-#ifdef MSDOS
+#if defined(MSDOS) && !defined(__CYGWIN32__)
#include <conio.h>
#define fgets(a,b,c) noecho_fgets(a,b,c)
#endif
#undef ASN1_STRING_set_default_mask_asc
#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc
+#if 0 /* No longer needed, since safestack macro magic does the job */
/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF
#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF
+#endif
+#if 0 /* No longer needed, since safestack macro magic does the job */
/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECGINF
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF
#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECGINF
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF
+#endif
+#if 0 /* No longer needed, since safestack macro magic does the job */
/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC
#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC
+#endif
/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
#undef PEM_read_NETSCAPE_CERT_SEQUENCE
#undef X509_REVOKED_get_ext_by_critical
#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
+/* Hack some long CRYPTO names */
+#define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb
+#define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb
+#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb
+#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb
+#define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb
+#define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb
+
+/* Hack some long SSL names */
+#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
+#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx
+#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk
+#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk
+#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
+#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
+#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
+
#endif /* defined VMS */
that will copy all the subject alternative name values from the issuer
certificate (if possible).
+Example:
+
+issuserAltName = issuer:copy
+
+Authority Info Access.
+
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where 'location' has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful for example OCSP and caIssuers. OCSP gives the
+location of an OCSP responder: this is used by Netscape PSM and other software.
+
+Example:
+
+authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+
CRL distribution points.
This is a multi-valued extension that supports all the literal options of
projects / openssl / commitdiff