diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-02-23 10:42:46 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-02-23 10:42:46 +0000 |
| commit | de6b12502cdf42d5d92118f1c0e38dc31becf7c5 (patch) | |
| tree | 0edac9c79f5a43e01913dd7f71c7abc487e5727b /src/scepclient | |
| parent | 172642669d4a23e17f1ed411fbc8629dcaa5fb46 (diff) | |
| download | vyos-strongswan-de6b12502cdf42d5d92118f1c0e38dc31becf7c5.tar.gz vyos-strongswan-de6b12502cdf42d5d92118f1c0e38dc31becf7c5.zip | |
Updated to new upstream release. interfaces Patch is not from upstream.
Diffstat (limited to 'src/scepclient')
| -rw-r--r-- | src/scepclient/Makefile.am | 41 | ||||
| -rw-r--r-- | src/scepclient/Makefile.in | 318 | ||||
| -rw-r--r-- | src/scepclient/loglite.c | 4 | ||||
| -rw-r--r-- | src/scepclient/pkcs10.c | 224 | ||||
| -rw-r--r-- | src/scepclient/pkcs10.h | 60 | ||||
| -rw-r--r-- | src/scepclient/scep.c | 63 | ||||
| -rw-r--r-- | src/scepclient/scep.h | 10 | ||||
| -rw-r--r-- | src/scepclient/scepclient.c | 274 |
8 files changed, 368 insertions, 626 deletions
diff --git a/src/scepclient/Makefile.am b/src/scepclient/Makefile.am index 20bf76065..3693b7532 100644 --- a/src/scepclient/Makefile.am +++ b/src/scepclient/Makefile.am @@ -1,5 +1,5 @@ ipsec_PROGRAMS = scepclient -scepclient_SOURCES = scepclient.c pkcs10.c pkcs10.h scep.c scep.h loglite.c +scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c PLUTODIR=$(top_srcdir)/src/pluto OPENACDIR=$(top_srcdir)/src/openac @@ -16,18 +16,15 @@ INCLUDES = \ -I$(WHACKDIR) AM_CFLAGS = \ --DIPSEC_CONFDIR=\"${confdir}\" \ --DIPSEC_PLUGINDIR=\"${plugindir}\" \ +-DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${pluto_plugins}\"" \ --DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ -DDEBUG -DNO_PLUTO LIBSTRONGSWANBUILDDIR=$(top_builddir)/src/libstrongswan LIBFREESWANBUILDDIR=$(top_builddir)/src/libfreeswan scepclient_LDADD = \ -ca.o crl.o certs.o constants.o defs.o fetch.o id.o keys.o lex.o \ -ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \ +constants.o defs.o lex.o pkcs7.o \ $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ $(LIBFREESWANBUILDDIR)/libfreeswan.a @@ -39,47 +36,15 @@ endif dist_man_MANS = scepclient.8 -ca.o : $(PLUTODIR)/ca.c $(PLUTODIR)/ca.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -certs.o : $(PLUTODIR)/certs.c $(PLUTODIR)/certs.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h $(COMPILE) $(INCLUDES) -c -o $@ $< -crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) $(INCLUDES) -c -o $@ $< -fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -id.o : $(PLUTODIR)/id.c $(PLUTODIR)/id.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h $(COMPILE) $(INCLUDES) -c -o $@ $< -ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -pem.o : $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -pgpcert.o : $(PLUTODIR)/pgpcert.c $(PLUTODIR)/pgpcert.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - pkcs7.o : $(PLUTODIR)/pkcs7.c $(PLUTODIR)/pkcs7.h $(COMPILE) $(INCLUDES) -c -o $@ $< -smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -x509.o : $(PLUTODIR)/x509.c $(PLUTODIR)/x509.h - $(COMPILE) $(INCLUDES) -c -o $@ $< diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 72cefb3b6..8438b81f9 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -41,26 +43,33 @@ subdir = src/scepclient DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) -am_scepclient_OBJECTS = scepclient.$(OBJEXT) pkcs10.$(OBJEXT) \ - scep.$(OBJEXT) loglite.$(OBJEXT) +am_scepclient_OBJECTS = scepclient.$(OBJEXT) scep.$(OBJEXT) \ + loglite.$(OBJEXT) scepclient_OBJECTS = $(am_scepclient_OBJECTS) am__DEPENDENCIES_1 = @USE_SMARTCARD_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) -scepclient_DEPENDENCIES = ca.o crl.o certs.o constants.o defs.o \ - fetch.o id.o keys.o lex.o ocsp.o pem.o pgpcert.o pkcs7.o \ - smartcard.o x509.o $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ +scepclient_DEPENDENCIES = constants.o defs.o lex.o pkcs7.o \ + $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ $(LIBFREESWANBUILDDIR)/libfreeswan.a $(am__DEPENDENCIES_2) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -72,6 +81,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(scepclient_SOURCES) DIST_SOURCES = $(scepclient_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man8dir = $(mandir)/man8 NROFF = nroff MANS = $(dist_man_MANS) @@ -111,25 +141,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -141,11 +168,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -174,9 +204,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -199,7 +229,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -207,6 +237,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -215,10 +246,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -226,9 +259,10 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -scepclient_SOURCES = scepclient.c pkcs10.c pkcs10.h scep.c scep.h loglite.c +scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c PLUTODIR = $(top_srcdir)/src/pluto OPENACDIR = $(top_srcdir)/src/openac WHACKDIR = $(top_srcdir)/src/whack @@ -242,15 +276,12 @@ INCLUDES = \ -I$(LIBCRYPTODIR) \ -I$(WHACKDIR) -AM_CFLAGS = -DIPSEC_CONFDIR=\"${confdir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ - -DPLUGINS=\""${pluto_plugins}\"" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" -DDEBUG -DNO_PLUTO \ +AM_CFLAGS = -DIPSEC_CONFDIR=\"${sysconfdir}\" \ + -DPLUGINS=\""${pluto_plugins}\"" -DDEBUG -DNO_PLUTO \ $(am__append_1) LIBSTRONGSWANBUILDDIR = $(top_builddir)/src/libstrongswan LIBFREESWANBUILDDIR = $(top_builddir)/src/libfreeswan -scepclient_LDADD = ca.o crl.o certs.o constants.o defs.o fetch.o id.o \ - keys.o lex.o ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \ +scepclient_LDADD = constants.o defs.o lex.o pkcs7.o \ $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ $(LIBFREESWANBUILDDIR)/libfreeswan.a $(am__append_2) dist_man_MANS = scepclient.8 @@ -267,9 +298,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/scepclient/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/scepclient/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -287,34 +318,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list scepclient$(EXEEXT): $(scepclient_OBJECTS) $(scepclient_DEPENDENCIES) @rm -f scepclient$(EXEEXT) $(LINK) $(scepclient_OBJECTS) $(scepclient_LDADD) $(LIBS) @@ -326,27 +373,26 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/loglite.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs10.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scep.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scepclient.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -356,51 +402,44 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(dist_man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -414,7 +453,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -422,34 +461,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -465,13 +522,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -502,6 +563,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -523,6 +585,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -531,18 +595,28 @@ install-data-am: install-ipsecPROGRAMS install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -585,50 +659,18 @@ uninstall-man: uninstall-man8 uninstall-man uninstall-man8 -ca.o : $(PLUTODIR)/ca.c $(PLUTODIR)/ca.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -certs.o : $(PLUTODIR)/certs.c $(PLUTODIR)/certs.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h $(COMPILE) $(INCLUDES) -c -o $@ $< -crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) $(INCLUDES) -c -o $@ $< -fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -id.o : $(PLUTODIR)/id.c $(PLUTODIR)/id.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h $(COMPILE) $(INCLUDES) -c -o $@ $< -ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -pem.o : $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -pgpcert.o : $(PLUTODIR)/pgpcert.c $(PLUTODIR)/pgpcert.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - pkcs7.o : $(PLUTODIR)/pkcs7.c $(PLUTODIR)/pkcs7.h $(COMPILE) $(INCLUDES) -c -o $@ $< -smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -x509.o : $(PLUTODIR)/x509.c $(PLUTODIR)/x509.h - $(COMPILE) $(INCLUDES) -c -o $@ $< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/scepclient/loglite.c b/src/scepclient/loglite.c index 87041f114..539bb5f72 100644 --- a/src/scepclient/loglite.c +++ b/src/scepclient/loglite.c @@ -56,12 +56,12 @@ static void scepclient_dbg(int level, char *fmt, ...) else if (cur_debugging & DBG_RAW) { debug_level = 3; - } + } else if (cur_debugging & DBG_PARSING) { debug_level = 2; } - else + else { debug_level = 1; } diff --git a/src/scepclient/pkcs10.c b/src/scepclient/pkcs10.c deleted file mode 100644 index cdd68431e..000000000 --- a/src/scepclient/pkcs10.c +++ /dev/null @@ -1,224 +0,0 @@ -/** - * @file pkcs10.c - * @brief Functions to build PKCS#10 requests - * - * Contains functions to build DER encoded pkcs#10 certificate requests - */ - -/* Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <stdlib.h> -#include <string.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -#include <freeswan.h> -#include <asn1/asn1.h> -#include <asn1/oid.h> - -#include "../pluto/constants.h" -#include "../pluto/defs.h" -#include "../pluto/log.h" -#include "../pluto/x509.h" - -#include "pkcs10.h" - -/* some pre-coded OIDs */ - -static u_char ASN1_challengePassword_oid_str[] = { - 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07 -}; - -static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str); - -static u_char ASN1_extensionRequest_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E -}; - -static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str); - -/** - * @brief Adds a subjectAltName in DER-coded form to a linked list - * - * @param[in,out] subjectAltNames head of the linked list of subjectAltNames - * @param[in] kind type of the subjectAltName (which is a generalName) - * @param[in] value value of the subjectAltName as an ASCII string - */ -void -pkcs10_add_subjectAltName(generalName_t **subjectAltNames, generalNames_t kind -, char *value) -{ - generalName_t *gn; - asn1_t asn1_type = ASN1_EOC; - chunk_t name = { value, strlen(value) }; - - switch (kind) - { - case GN_RFC822_NAME: - asn1_type = ASN1_CONTEXT_S_1; - break; - case GN_DNS_NAME: - asn1_type = ASN1_CONTEXT_S_2; - break; - case GN_IP_ADDRESS: - { - struct in_addr addr; - - /* convert an ASCII dotted IPv4 address (e.g. 123.456.78.90) - * to a byte representation in network order - */ - if (!inet_aton(value, &addr)) - { - fprintf(stderr, "error in IPv4 subjectAltName\n"); - return; - } - asn1_type = ASN1_CONTEXT_S_7; - name.ptr = (u_char *) &addr.s_addr; - name.len = sizeof(addr.s_addr); - break; - } - default: - break; - } - - gn = malloc_thing(generalName_t); - gn->kind = kind; - gn->name = asn1_simple_object(asn1_type, name); - gn->next = *subjectAltNames; - *subjectAltNames = gn; -} - -/** - * @brief Builds the requestInfoAttributes of the certificationRequestInfo-field - * - * challenge password ans subjectAltNames are only included, - * when avaiable in given #pkcs10_t structure - * - * @param[in] pkcs10 Pointer to a #pkcs10_t structure - * @return 1 if succeeded, 0 otherwise - */ -static chunk_t -build_req_info_attributes(pkcs10_t* pkcs10) -{ - - chunk_t subjectAltNames = chunk_empty; - chunk_t challengePassword = chunk_empty; - - if (pkcs10->subjectAltNames != NULL) - { - - subjectAltNames = asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_extensionRequest_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_wrap(ASN1_SEQUENCE, "m" - , build_subjectAltNames(pkcs10->subjectAltNames) - ) - ) - ); - } - - if (pkcs10->challengePassword.len > 0) - { - asn1_t type = asn1_is_printablestring(pkcs10->challengePassword) - ? ASN1_PRINTABLESTRING : ASN1_T61STRING; - - challengePassword = asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_challengePassword_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_simple_object(type, pkcs10->challengePassword) - ) - ); - } - - return asn1_wrap(ASN1_CONTEXT_C_0, "mm" - , subjectAltNames - , challengePassword); -} - -/** - * @brief Builds a DER-code pkcs#10 certificate request - * - * @param[in] pkcs10 pointer to a pkcs10_t struct - * @return DER-code pkcs10 request - */ -static chunk_t -pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg) -{ - chunk_t key = pkcs10->public_key->get_encoding(pkcs10->public_key); - - chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", key)); - - chunk_t cert_req_info = asn1_wrap(ASN1_SEQUENCE, "ccmm", - ASN1_INTEGER_0, - pkcs10->subject, - keyInfo, - build_req_info_attributes(pkcs10)); - - chunk_t signature = x509_build_signature(cert_req_info, signature_alg, - pkcs10->private_key, TRUE); - - return asn1_wrap(ASN1_SEQUENCE, "mcm", - cert_req_info, - asn1_algorithmIdentifier(signature_alg), - signature); -} - -/** - * @brief Creates a pkcs#10 certificate request object - * - * To create a certificate request, the RSA key and the - * names to be included as subject in the certificate request - * (e.g. commonName, organization) are needed. An optional challenge - * password or some subjectAltNames may be included. - * - * @param[in] key rsakey of type #rsakey_t - * @param[in] subject DER-coded subject distinguished name - * @param[in] challengePassword challenge password or chunk_empty - * @param[in] subjectAltNames linked list of subjectAltNames or NULL - * @return pointer to a #pkcs10_t object - */ -pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public, - chunk_t subject, chunk_t challengePassword, - generalName_t *subjectAltNames, int signature_alg) -{ - pkcs10_t *pkcs10 = malloc_thing(pkcs10_t); - - pkcs10->subject = subject; - pkcs10->private_key = private; - pkcs10->public_key = public; - pkcs10->challengePassword = challengePassword; - pkcs10->subjectAltNames = subjectAltNames; - - pkcs10->request = pkcs10_build_request(pkcs10, signature_alg); - return pkcs10; -} - -/** - * @brief Frees the resources used by an #pkcs10_t object - * - * @param[in] pkcs10 #pkcs10_t to free - */ -void -pkcs10_free(pkcs10_t *pkcs10) -{ - if (pkcs10 != NULL) - { - free(pkcs10->request.ptr); - free(pkcs10); - } -} diff --git a/src/scepclient/pkcs10.h b/src/scepclient/pkcs10.h deleted file mode 100644 index 3f29f019a..000000000 --- a/src/scepclient/pkcs10.h +++ /dev/null @@ -1,60 +0,0 @@ -/** - * @file pkcs10.h - * @brief Functions to build PKCS#10 Request's - * - * Contains functions to build DER encoded pkcs#10 certificate requests - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef _PKCS10_H -#define _PKCS10_H - -#include <credentials/keys/private_key.h> -#include <credentials/keys/public_key.h> - -#include "../pluto/defs.h" -#include "../pluto/x509.h" - -typedef struct pkcs10_struct pkcs10_t; - -/** - * @brief type representating a pkcs#10 request. - * - * A pkcs#10 request contains a distinguished name, an optional - * challenge password, a public key and optional subjectAltNames. - * - * The RSA private key is needed to compute the signature of the given request - */ -struct pkcs10_struct { - private_key_t *private_key; - public_key_t *public_key; - chunk_t request; - chunk_t subject; - chunk_t challengePassword; - generalName_t *subjectAltNames; -}; - -extern const pkcs10_t empty_pkcs10; - -extern void pkcs10_add_subjectAltName(generalName_t **subjectAltNames, - generalNames_t kind, char *value); -extern pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public, - chunk_t subject, chunk_t challengePassword, - generalName_t *subjectAltNames, int signature_alg); -extern void pkcs10_free(pkcs10_t *pkcs10); - -#endif /* _PKCS10_H */ diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index a788c6f41..598705636 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -1,7 +1,7 @@ /** * @file scep.c * @brief SCEP specific functions - * + * * Contains functions to build SCEP request's and to parse SCEP reply's. */ @@ -39,24 +39,15 @@ #include "scep.h" -static char ASN1_messageType_oid_str[] = { +static const chunk_t ASN1_messageType_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02 -}; - -static char ASN1_senderNonce_oid_str[] = { +); +static const chunk_t ASN1_senderNonce_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 -}; - -static char ASN1_transId_oid_str[] = { +); +static const chunk_t ASN1_transId_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07 -}; - -static const chunk_t ASN1_messageType_oid = - chunk_from_buf(ASN1_messageType_oid_str); -static const chunk_t ASN1_senderNonce_oid = - chunk_from_buf(ASN1_senderNonce_oid_str); -static const chunk_t ASN1_transId_oid = - chunk_from_buf(ASN1_transId_oid_str); +); static const char *pkiStatus_values[] = { "0", "2", "3" }; @@ -239,7 +230,7 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs) DBG(DBG_CONTROL | DBG_PARSING, DBG_log("parsing attributes") ) - + while (parser->iterate(parser, &objectID, &object)) { switch (objectID) @@ -255,24 +246,23 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs) } } success = parser->success(parser); - + end: parser->destroy(parser); return success; } /** - * Generates a unique fingerprint of the pkcs10 request + * Generates a unique fingerprint of the pkcs10 request * by computing an MD5 hash over it */ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10) { - char digest_buf[HASH_SIZE_MD5]; - chunk_t digest = chunk_from_buf(digest_buf); + chunk_t digest = chunk_alloca(HASH_SIZE_MD5); hasher_t *hasher; hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - hasher->get_hash(hasher, pkcs10, digest_buf); + hasher->get_hash(hasher, pkcs10, digest.ptr); hasher->destroy(hasher); return chunk_to_hex(digest, NULL, FALSE); @@ -285,21 +275,20 @@ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10) void scep_generate_transaction_id(public_key_t *key, chunk_t *transID, chunk_t *serialNumber) { - char digest_buf[HASH_SIZE_MD5]; - chunk_t digest = chunk_from_buf(digest_buf); - chunk_t keyEncoding, keyInfo; + chunk_t digest = chunk_alloca(HASH_SIZE_MD5); + chunk_t keyEncoding = chunk_empty, keyInfo; hasher_t *hasher; bool msb_set; u_char *pos; - - keyEncoding = key->get_encoding(key); - keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", keyEncoding)); + key->get_encoding(key, KEY_PUB_ASN1_DER, &keyEncoding); + + keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + asn1_bitstring("m", keyEncoding)); hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - hasher->get_hash(hasher, keyInfo, digest_buf); + hasher->get_hash(hasher, keyInfo, digest.ptr); hasher->destroy(hasher); free(keyInfo.ptr); @@ -381,8 +370,8 @@ chunk_t scep_senderNonce_attribute(void) * Builds a pkcs7 enveloped and signed scep request */ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg, - const x509cert_t *enc_cert, int enc_alg, - const x509cert_t *signer_cert, int digest_alg, + certificate_t *enc_cert, int enc_alg, + certificate_t *signer_cert, int digest_alg, private_key_t *private_key) { chunk_t envelopedData, attributes, request; @@ -497,7 +486,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, free(escaped_req); status = lib->fetcher->fetch(lib->fetcher, complete_url, response, - FETCH_HTTP_VERSION_1_0, + FETCH_HTTP_VERSION_1_0, FETCH_REQUEST_HEADER, "Pragma:", FETCH_REQUEST_HEADER, "Host:", FETCH_REQUEST_HEADER, "Accept:", @@ -510,7 +499,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, complete_url = malloc(len); snprintf(complete_url, len, "%s?operation=%s", url, operation); - status = lib->fetcher->fetch(lib->fetcher, complete_url, response, + status = lib->fetcher->fetch(lib->fetcher, complete_url, response, FETCH_REQUEST_DATA, pkcs7, FETCH_REQUEST_TYPE, "", FETCH_REQUEST_HEADER, "Expect:", @@ -527,7 +516,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier" , url, operation); - status = lib->fetcher->fetch(lib->fetcher, complete_url, response, + status = lib->fetcher->fetch(lib->fetcher, complete_url, response, FETCH_END); } @@ -536,7 +525,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, } err_t scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data, - scep_attributes_t *attrs, x509cert_t *signer_cert) + scep_attributes_t *attrs, certificate_t *signer_cert) { chunk_t attributes; diff --git a/src/scepclient/scep.h b/src/scepclient/scep.h index e8dc87591..f64c6b1cc 100644 --- a/src/scepclient/scep.h +++ b/src/scepclient/scep.h @@ -1,7 +1,7 @@ /** * @file scep.h * @brief SCEP specific functions - * + * * Contains functions to build and parse SCEP requests and replies */ @@ -23,6 +23,8 @@ #ifndef _SCEP_H #define _SCEP_H +#include <credentials/certificates/certificate.h> + #include "../pluto/defs.h" #include "../pluto/pkcs7.h" @@ -81,13 +83,13 @@ extern chunk_t scep_transId_attribute(chunk_t transaction_id); extern chunk_t scep_messageType_attribute(scep_msg_t m); extern chunk_t scep_senderNonce_attribute(void); extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg, - const x509cert_t *enc_cert, int enc_alg, - const x509cert_t *signer_cert, int digest_alg, + certificate_t *enc_cert, int enc_alg, + certificate_t *signer_cert, int digest_alg, private_key_t *private_key); extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, bool http_get_request, chunk_t *response); extern err_t scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data, scep_attributes_t *attrs, - x509cert_t *signer_cert); + certificate_t *signer_cert); #endif /* _SCEP_H */ diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 6c0166d66..576ce1dc5 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -41,18 +41,22 @@ #include <asn1/oid.h> #include <utils/optionsfrom.h> #include <utils/enumerator.h> +#include <utils/linked_list.h> +#include <crypto/hashers/hasher.h> #include <crypto/crypters/crypter.h> #include <crypto/proposal/proposal_keywords.h> #include <credentials/keys/private_key.h> #include <credentials/keys/public_key.h> +#include <credentials/certificates/certificate.h> +#include <credentials/certificates/x509.h> +#include <credentials/certificates/pkcs10.h> #include "../pluto/constants.h" #include "../pluto/defs.h" #include "../pluto/log.h" -#include "../pluto/pkcs7.h" #include "../pluto/certs.h" +#include "../pluto/pkcs7.h" -#include "pkcs10.h" #include "scep.h" /* @@ -121,26 +125,27 @@ options_t *options; * Global variables */ -private_key_t *private_key = NULL; -public_key_t *public_key = NULL; - chunk_t pkcs1; chunk_t pkcs7; -chunk_t subject; chunk_t challengePassword; chunk_t serialNumber; chunk_t transID; chunk_t fingerprint; +chunk_t encoding; +chunk_t pkcs10_encoding; chunk_t issuerAndSubject; chunk_t getCertInitial; chunk_t scep_response; -cert_t cert; -x509cert_t *x509_signer = NULL; -x509cert_t *x509_ca_enc = NULL; -x509cert_t *x509_ca_sig = NULL; -generalName_t *subjectAltNames = NULL; -pkcs10_t *pkcs10 = NULL; +linked_list_t *subjectAltNames; + +identification_t *subject = NULL; +private_key_t *private_key = NULL; +public_key_t *public_key = NULL; +certificate_t *x509_signer = NULL; +certificate_t *x509_ca_enc = NULL; +certificate_t *x509_ca_sig = NULL; +certificate_t *pkcs10_req = NULL; /** * @brief exit scepclient @@ -152,27 +157,25 @@ exit_scepclient(err_t message, ...) { int status = 0; + DESTROY_IF(subject); DESTROY_IF(private_key); DESTROY_IF(public_key); + DESTROY_IF(x509_signer); + DESTROY_IF(x509_ca_enc); + DESTROY_IF(x509_ca_sig); + DESTROY_IF(pkcs10_req); + subjectAltNames->destroy_offset(subjectAltNames, + offsetof(identification_t, destroy)); free(pkcs1.ptr); free(pkcs7.ptr); - free(subject.ptr); free(serialNumber.ptr); free(transID.ptr); free(fingerprint.ptr); + free(encoding.ptr); + free(pkcs10_encoding.ptr); free(issuerAndSubject.ptr); free(getCertInitial.ptr); free(scep_response.ptr); - - free_generalNames(subjectAltNames, TRUE); - if (x509_signer != NULL) - { - x509_signer->subjectAltName = NULL; - } - free_x509cert(x509_signer); - free_x509cert(x509_ca_enc); - free_x509cert(x509_ca_sig); - pkcs10_free(pkcs10); options->destroy(options); /* print any error message to stderr */ @@ -279,7 +282,7 @@ static void print_plugins() char buf[BUF_LEN], *plugin; int len = 0; enumerator_t *enumerator; - + enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { @@ -357,8 +360,8 @@ int main(int argc, char **argv) /* digest algorithm used by pkcs7, default is SHA-1 */ int pkcs7_digest_alg = OID_SHA1; - /* signature algorithm used by pkcs10, default is SHA-1 with RSA encryption */ - int pkcs10_signature_alg = OID_SHA1; + /* signature algorithm used by pkcs10, default is SHA-1 */ + hash_algorithm_t pkcs10_signature_alg = HASH_SHA1; /* URL of the SCEP-Server */ char *scep_url = NULL; @@ -374,20 +377,8 @@ int main(int argc, char **argv) err_t ugh = NULL; - /* initialize global variables */ - pkcs1 = chunk_empty; - pkcs7 = chunk_empty; - serialNumber = chunk_empty; - transID = chunk_empty; - fingerprint = chunk_empty; - issuerAndSubject = chunk_empty; - challengePassword = chunk_empty; - getCertInitial = chunk_empty; - scep_response = chunk_empty; - log_to_stderr = TRUE; - /* initialize library */ - if (!library_init(STRONGSWAN_CONF)) + if (!library_init(NULL)) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); @@ -400,8 +391,21 @@ int main(int argc, char **argv) exit(SS_RC_DAEMON_INTEGRITY); } - /* initialize optionsfrom */ - options = options_create(); + /* initialize global variables */ + pkcs1 = chunk_empty; + pkcs7 = chunk_empty; + serialNumber = chunk_empty; + transID = chunk_empty; + fingerprint = chunk_empty; + encoding = chunk_empty; + pkcs10_encoding = chunk_empty; + issuerAndSubject = chunk_empty; + challengePassword = chunk_empty; + getCertInitial = chunk_empty; + scep_response = chunk_empty; + subjectAltNames = linked_list_create(); + options = options_create(); + log_to_stderr = TRUE; for (;;) { @@ -544,7 +548,7 @@ int main(int argc, char **argv) } continue; } - + case 'f': /* --force */ force = TRUE; continue; @@ -614,7 +618,6 @@ int main(int argc, char **argv) case 's': /* --subjectAltName */ { - generalNames_t kind; char *value = strstr(optarg, "="); if (value) @@ -625,25 +628,19 @@ int main(int argc, char **argv) value++; } - if (strcaseeq("email", optarg)) - { - kind = GN_RFC822_NAME; - } - else if (strcaseeq("dns", optarg)) + if (strcaseeq("email", optarg) || + strcaseeq("dns", optarg) || + strcaseeq("ip", optarg)) { - kind = GN_DNS_NAME; - } - else if (strcaseeq("ip", optarg)) - { - kind = GN_IP_ADDRESS; + subjectAltNames->insert_last(subjectAltNames, + identification_create_from_string(value)); + continue; } else { usage("invalid --subjectAltName type"); continue; } - pkcs10_add_subjectAltName(&subjectAltNames, kind, value); - continue; } case 'p': /* --password */ @@ -748,7 +745,7 @@ int main(int argc, char **argv) base_debugging |= DBG_PRIVATE; continue; #endif - default: + default: usage("unknown option"); } /* break from loop */ @@ -759,8 +756,11 @@ int main(int argc, char **argv) init_log("scepclient"); /* load plugins, further infrastructure may need it */ - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, - lib->settings->get_str(lib->settings, "scepclient.load", PLUGINS)); + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "scepclient.load", PLUGINS))) + { + exit_scepclient("plugin loading failed"); + } print_plugins(); if ((filetype_out == 0) && (!request_ca_certificate)) @@ -787,18 +787,18 @@ int main(int argc, char **argv) /* * input of PKCS#1 file */ - if (filetype_in & PKCS1) /* load an RSA key pair from file */ + if (filetype_in & PKCS1) /* load an RSA key pair from file */ { - prompt_pass_t pass = { "", FALSE, STDIN_FILENO }; char *path = concatenate_paths(PRIVATE_KEY_PATH, file_in_pkcs1); - private_key = load_private_key(path, &pass, KEY_RSA); + private_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_FROM_FILE, path, BUILD_END); } else /* generate an RSA key pair */ { private_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_KEY_SIZE, rsa_keylength, - BUILD_END); + BUILD_END); } if (private_key == NULL) { @@ -828,11 +828,6 @@ int main(int argc, char **argv) } else { - char buf[IDTOA_BUF]; - chunk_t dn = chunk_empty; - - dn.ptr = buf; - if (distinguishedName == NULL) { char buf[BUF_LEN]; @@ -850,34 +845,43 @@ int main(int argc, char **argv) DBG(DBG_CONTROL, DBG_log("dn: '%s'", distinguishedName); ) - ugh = atodn(distinguishedName, &dn); - if (ugh != NULL) + subject = identification_create_from_string(distinguishedName); + if (subject->get_type(subject) != ID_DER_ASN1_DN) { - exit_scepclient(ugh); + exit_scepclient("parsing of distinguished name failed"); } - subject = chunk_clone(dn); - DBG(DBG_CONTROL, DBG_log("building pkcs10 object:") ) - pkcs10 = pkcs10_build(private_key, public_key, subject, - challengePassword, subjectAltNames, - pkcs10_signature_alg); - fingerprint = scep_generate_pkcs10_fingerprint(pkcs10->request); + pkcs10_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_PKCS10_REQUEST, + BUILD_SIGNING_KEY, private_key, + BUILD_SUBJECT, subject, + BUILD_SUBJECT_ALTNAMES, subjectAltNames, + BUILD_PASSPHRASE, challengePassword, + BUILD_DIGEST_ALG, pkcs10_signature_alg, + BUILD_END); + if (!pkcs10_req) + { + exit_scepclient("generating pkcs10 request failed"); + } + pkcs10_encoding = pkcs10_req->get_encoding(pkcs10_req); + fingerprint = scep_generate_pkcs10_fingerprint(pkcs10_encoding); plog(" fingerprint: %s", fingerprint.ptr); } - /* + /* * output of PKCS#10 file */ if (filetype_out & PKCS10) { char *path = concatenate_paths(REQ_PATH, file_out_pkcs10); - if (!chunk_write(pkcs10->request, path, "pkcs10", 0022, force)) + if (!chunk_write(pkcs10_encoding, path, "pkcs10", 0022, force)) + { exit_scepclient("could not write pkcs10 file '%s'", path); - + } filetype_out &= ~PKCS10; /* delete PKCS10 flag */ } @@ -896,11 +900,11 @@ int main(int argc, char **argv) DBG(DBG_CONTROL, DBG_log("building pkcs1 object:") ) - pkcs1 = private_key->get_encoding(private_key); - - if (!chunk_write(pkcs1, path, "pkcs1", 0066, force)) + if (!private_key->get_encoding(private_key, KEY_PRIV_ASN1_DER, &pkcs1) || + !chunk_write(pkcs1, path, "pkcs1", 0066, force)) + { exit_scepclient("could not write pkcs1 file '%s'", path); - + } filetype_out &= ~PKCS1; /* delete PKCS1 flag */ } @@ -912,19 +916,23 @@ int main(int argc, char **argv) scep_generate_transaction_id(public_key, &transID, &serialNumber); plog(" transaction ID: %.*s", (int)transID.len, transID.ptr); + notBefore = notBefore ? notBefore : time(NULL); + notAfter = notAfter ? notAfter : (notBefore + validity); + /* generate a self-signed X.509 certificate */ - x509_signer = malloc_thing(x509cert_t); - *x509_signer = empty_x509cert; - x509_signer->serialNumber = serialNumber; - x509_signer->sigAlg = OID_SHA1_WITH_RSA; - x509_signer->issuer = subject; - x509_signer->notBefore = (notBefore)? notBefore - : time(NULL); - x509_signer->notAfter = (notAfter)? notAfter - : x509_signer->notBefore + validity; - x509_signer->subject = subject; - x509_signer->subjectAltName = subjectAltNames; - build_x509cert(x509_signer, public_key, private_key); + x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_SIGNING_KEY, private_key, + BUILD_PUBLIC_KEY, public_key, + BUILD_SUBJECT, subject, + BUILD_NOT_BEFORE_TIME, notBefore, + BUILD_NOT_AFTER_TIME, notAfter, + BUILD_SERIAL, serialNumber, + BUILD_SUBJECT_ALTNAMES, subjectAltNames, + BUILD_END); + if (!x509_signer) + { + exit_scepclient("generating certificate failed"); + } /* * output of self-signed X.509 certificate file @@ -933,9 +941,16 @@ int main(int argc, char **argv) { char *path = concatenate_paths(HOST_CERT_PATH, file_out_cert_self); - if (!chunk_write(x509_signer->certificate, path, "self-signed cert", 0022, force)) + encoding = x509_signer->get_encoding(x509_signer); + if (!encoding.ptr) + { + exit_scepclient("encoding certificate failed"); + } + if (!chunk_write(encoding, path, "self-signed cert", 0022, force)) + { exit_scepclient("could not write self-signed cert file '%s'", path); -; + } + chunk_free(&encoding); filetype_out &= ~CERT_SELF; /* delete CERT_SELF flag */ } @@ -949,16 +964,16 @@ int main(int argc, char **argv) */ { char *path = concatenate_paths(CA_CERT_PATH, file_in_cacert_enc); - cert_t cert; - - if (!load_cert(path, "encryption cacert", &cert)) + + x509_ca_enc = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, path, BUILD_END); + if (!x509_ca_enc) { exit_scepclient("could not load encryption cacert file '%s'", path); } - x509_ca_enc = cert.u.x509; } - /* + /* * input of PKCS#7 file */ if (filetype_in & PKCS7) @@ -976,10 +991,10 @@ int main(int argc, char **argv) DBG(DBG_CONTROL, DBG_log("building pkcs7 request") ) - pkcs7 = scep_build_request(pkcs10->request - , transID, SCEP_PKCSReq_MSG - , x509_ca_enc, pkcs7_symmetric_cipher - , x509_signer, pkcs7_digest_alg, private_key); + pkcs7 = scep_build_request(pkcs10_encoding, + transID, SCEP_PKCSReq_MSG, + x509_ca_enc, pkcs7_symmetric_cipher, + x509_signer, pkcs7_digest_alg, private_key); } /* @@ -1005,19 +1020,23 @@ int main(int argc, char **argv) */ if (filetype_out & CERT) { + certificate_t *cert; + enumerator_t *enumerator; char *path = concatenate_paths(CA_CERT_PATH, file_in_cacert_sig); - cert_t cert; - time_t poll_start; + time_t poll_start = 0; - x509cert_t *certs = NULL; + linked_list_t *certs = linked_list_create(); chunk_t envelopedData = chunk_empty; chunk_t certData = chunk_empty; contentInfo_t data = empty_contentInfo; scep_attributes_t attrs = empty_scep_attributes; - if (!load_cert(path, "signature cacert", &cert)) + x509_ca_sig = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, path, BUILD_END); + if (!x509_ca_sig) + { exit_scepclient("could not load signature cacert file '%s'", path); - x509_ca_sig = cert.u.x509; + } if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION, http_get_request, &scep_response)) @@ -1034,17 +1053,19 @@ int main(int argc, char **argv) /* in case of manual mode, we are going into a polling loop */ if (attrs.pkiStatus == SCEP_PENDING) { + identification_t *issuer = x509_ca_sig->get_subject(x509_ca_sig); + plog(" scep request pending, polling every %d seconds" , poll_interval); - time(&poll_start); - issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc" - , x509_ca_sig->subject - , subject); + poll_start = time_monotonic(NULL); + issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc", + issuer->get_encoding(issuer), + subject); } while (attrs.pkiStatus == SCEP_PENDING) { if (max_poll_time > 0 - && (time(NULL) - poll_start >= max_poll_time)) + && (time_monotonic(NULL) - poll_start >= max_poll_time)) { exit_scepclient("maximum poll time reached: %d seconds" , max_poll_time); @@ -1096,7 +1117,7 @@ int main(int argc, char **argv) { exit_scepclient("could not decrypt envelopedData"); } - if (!pkcs7_parse_signedData(certData, NULL, &certs, NULL, NULL)) + if (!pkcs7_parse_signedData(certData, NULL, certs, NULL, NULL)) { exit_scepclient("error parsing the scep response"); } @@ -1104,22 +1125,29 @@ int main(int argc, char **argv) /* store the end entity certificate */ path = concatenate_paths(HOST_CERT_PATH, file_out_cert); - while (certs != NULL) + + enumerator = certs->create_enumerator(certs); + while (enumerator->enumerate(enumerator, &cert)) { bool stored = FALSE; - x509cert_t *cert = certs; + x509_t *x509 = (x509_t*)cert; - if (!cert->isCA) + if (!(x509->get_flags(x509) & X509_CA)) { if (stored) + { exit_scepclient("multiple certs received, only first stored"); - if (!chunk_write(cert->certificate, path, "requested cert", 0022, force)) + } + encoding = cert->get_encoding(cert); + if (!chunk_write(encoding, path, "requested cert", 0022, force)) + { exit_scepclient("could not write cert file '%s'", path); + } + chunk_free(&encoding); stored = TRUE; } - certs = certs->next; - free_x509cert(cert); } + certs->destroy_offset(certs, offsetof(certificate_t, destroy)); filetype_out &= ~CERT; /* delete CERT flag */ } |