apps.c

mediastreamer2是开源的网络传输媒体流的库

			}
		}

 err:
	if (dbattr_conf) NCONF_free(dbattr_conf);
	if (tmpdb) TXT_DB_free(tmpdb);
	if (in) BIO_free_all(in);
	return retdb;
	}

int index_index(CA_DB *db)
	{
	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
				LHASH_HASH_FN(index_serial_hash),
				LHASH_COMP_FN(index_serial_cmp)))
		{
		BIO_printf(bio_err,
		  "error creating serial number index:(%ld,%ld,%ld)\n",
		  			db->db->error,db->db->arg1,db->db->arg2);
			return 0;
		}

	if (db->attributes.unique_subject
		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
			LHASH_HASH_FN(index_name_hash),
			LHASH_COMP_FN(index_name_cmp)))
		{
		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
			db->db->error,db->db->arg1,db->db->arg2);
		return 0;
		}
	return 1;
	}

int save_index(const char *dbfile, const char *suffix, CA_DB *db)
	{
	char buf[3][BSIZE];
	BIO *out = BIO_new(BIO_s_file());
	int j;

	if (out == NULL)
		{
		ERR_print_errors(bio_err);
		goto err;
		}

	j = strlen(dbfile) + strlen(suffix);
	if (j + 6 >= BSIZE)
		{
		BIO_printf(bio_err,"file name too long\n");
		goto err;
		}

#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
#else
	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
#else
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
#else
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
#endif
#ifdef RL_DEBUG
	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#endif
	if (BIO_write_filename(out,buf[0]) <= 0)
		{
		perror(dbfile);
		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
		goto err;
		}
	j=TXT_DB_write(out,db->db);
	if (j <= 0) goto err;
			
	BIO_free(out);

	out = BIO_new(BIO_s_file());
#ifdef RL_DEBUG
	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
#endif
	if (BIO_write_filename(out,buf[1]) <= 0)
		{
		perror(buf[2]);
		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
		goto err;
		}
	BIO_printf(out,"unique_subject = %s\n",
		db->attributes.unique_subject ? "yes" : "no");
	BIO_free(out);

	return 1;
 err:
	return 0;
	}

int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
	{
	char buf[5][BSIZE];
	int i,j;
	struct stat sb;

	i = strlen(dbfile) + strlen(old_suffix);
	j = strlen(dbfile) + strlen(new_suffix);
	if (i > j) j = i;
	if (j + 6 >= BSIZE)
		{
		BIO_printf(bio_err,"file name too long\n");
		goto err;
		}

#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
#else
	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
		dbfile, new_suffix);
#else
	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
		dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
		dbfile, new_suffix);
#else
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
		dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
		dbfile, old_suffix);
#else
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
		dbfile, old_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
		dbfile, old_suffix);
#else
	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
		dbfile, old_suffix);
#endif
	if (stat(dbfile,&sb) < 0)
		{
		if (errno != ENOENT 
#ifdef ENOTDIR
			&& errno != ENOTDIR
#endif
		   )
			goto err;
		}
	else
		{
#ifdef RL_DEBUG
		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
			dbfile, buf[1]);
#endif
		if (rename(dbfile,buf[1]) < 0)
			{
			BIO_printf(bio_err,
				"unable to rename %s to %s\n",
				dbfile, buf[1]);
			perror("reason");
			goto err;
			}
		}
#ifdef RL_DEBUG
	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
		buf[0],dbfile);
#endif
	if (rename(buf[0],dbfile) < 0)
		{
		BIO_printf(bio_err,
			"unable to rename %s to %s\n",
			buf[0],dbfile);
		perror("reason");
		rename(buf[1],dbfile);
		goto err;
		}
	if (stat(buf[4],&sb) < 0)
		{
		if (errno != ENOENT 
#ifdef ENOTDIR
			&& errno != ENOTDIR
#endif
		   )
			goto err;
		}
	else
		{
#ifdef RL_DEBUG
		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
			buf[4],buf[3]);
#endif
		if (rename(buf[4],buf[3]) < 0)
			{
			BIO_printf(bio_err,
				"unable to rename %s to %s\n",
				buf[4], buf[3]);
			perror("reason");
			rename(dbfile,buf[0]);
			rename(buf[1],dbfile);
			goto err;
			}
		}
#ifdef RL_DEBUG
	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
		buf[2],buf[4]);
#endif
	if (rename(buf[2],buf[4]) < 0)
		{
		BIO_printf(bio_err,
			"unable to rename %s to %s\n",
			buf[2],buf[4]);
		perror("reason");
		rename(buf[3],buf[4]);
		rename(dbfile,buf[0]);
		rename(buf[1],dbfile);
		goto err;
		}
	return 1;
 err:
	return 0;
	}

void free_index(CA_DB *db)
	{
	if (db)
		{
		if (db->db) TXT_DB_free(db->db);
		OPENSSL_free(db);
		}
	}

int parse_yesno(const char *str, int def)
	{
	int ret = def;
	if (str)
		{
		switch (*str)
			{
		case 'f': /* false */
		case 'F': /* FALSE */
		case 'n': /* no */
		case 'N': /* NO */
		case '0': /* 0 */
			ret = 0;
			break;
		case 't': /* true */
		case 'T': /* TRUE */
		case 'y': /* yes */
		case 'Y': /* YES */
		case '1': /* 1 */
			ret = 0;
			break;
		default:
			ret = def;
			break;
			}
		}
	return ret;
	}

/*
 * subject is expected to be in the format /type0=value0/type1=value1/type2=...
 * where characters may be escaped by \
 */
X509_NAME *parse_name(char *subject, long chtype, int multirdn)
	{
	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
	char *buf = OPENSSL_malloc(buflen);
	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
	int *mval = OPENSSL_malloc (max_ne * sizeof (int));

	char *sp = subject, *bp = buf;
	int i, ne_num = 0;

	X509_NAME *n = NULL;
	int nid;

	if (!buf || !ne_types || !ne_values)
		{
		BIO_printf(bio_err, "malloc error\n");
		goto error;
		}	

	if (*subject != '/')
		{
		BIO_printf(bio_err, "Subject does not start with '/'.\n");
		goto error;
		}
	sp++; /* skip leading / */

	/* no multivalued RDN by default */
	mval[ne_num] = 0;

	while (*sp)
		{
		/* collect type */
		ne_types[ne_num] = bp;
		while (*sp)
			{
			if (*sp == '\\') /* is there anything to escape in the type...? */
				{
				if (*++sp)
					*bp++ = *sp++;
				else	
					{
					BIO_printf(bio_err, "escape character at end of string\n");
					goto error;
					}
				}	
			else if (*sp == '=')
				{
				sp++;
				*bp++ = '\0';
				break;
				}
			else
				*bp++ = *sp++;
			}
		if (!*sp)
			{
			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
			goto error;
			}
		ne_values[ne_num] = bp;
		while (*sp)
			{
			if (*sp == '\\')
				{
				if (*++sp)
					*bp++ = *sp++;
				else
					{
					BIO_printf(bio_err, "escape character at end of string\n");
					goto error;
					}
				}
			else if (*sp == '/')
				{
				sp++;
				/* no multivalued RDN by default */
				mval[ne_num+1] = 0;
				break;
				}
			else if (*sp == '+' && multirdn)
				{
				/* a not escaped + signals a mutlivalued RDN */
				sp++;
				mval[ne_num+1] = -1;
				break;
				}
			else
				*bp++ = *sp++;
			}
		*bp++ = '\0';
		ne_num++;
		}	

	if (!(n = X509_NAME_new()))
		goto error;

	for (i = 0; i < ne_num; i++)
		{
		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
			{
			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
			continue;
			}

		if (!*ne_values[i])
			{
			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
			continue;
			}

		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
			goto error;
		}

	OPENSSL_free(ne_values);
	OPENSSL_free(ne_types);
	OPENSSL_free(buf);
	return n;

error:
	X509_NAME_free(n);
	if (ne_values)
		OPENSSL_free(ne_values);
	if (ne_types)
		OPENSSL_free(ne_types);
	if (buf)
		OPENSSL_free(buf);
	return NULL;
}

/* This code MUST COME AFTER anything that uses rename() */
#ifdef OPENSSL_SYS_WIN32
int WIN32_rename(const char *from, const char *to)
	{
#ifndef OPENSSL_SYS_WINCE
	/* Windows rename gives an error if 'to' exists, so delete it
	 * first and ignore file not found errror
	 */
	if((remove(to) != 0) && (errno != ENOENT))
		return -1;
#undef rename
	return rename(from, to);
#else
	/* convert strings to UNICODE */
	{
	BOOL result = FALSE;
	WCHAR* wfrom;
	WCHAR* wto;
	int i;
	wfrom = malloc((strlen(from)+1)*2);
	wto = malloc((strlen(to)+1)*2);
	if (wfrom != NULL && wto != NULL)
		{
		for (i=0; i<(int)strlen(from)+1; i++)
			wfrom[i] = (short)from[i];
		for (i=0; i<(int)strlen(to)+1; i++)
			wto[i] = (short)to[i];
		result = MoveFile(wfrom, wto);
		}
	if (wfrom != NULL)
		free(wfrom);
	if (wto != NULL)
		free(wto);
	return result;
	}
#endif
	}
#endif

int args_verify(char ***pargs, int *pargc,
			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
	{
	ASN1_OBJECT *otmp = NULL;
	unsigned long flags = 0;
	int i;
	int purpose = 0;
	char **oldargs = *pargs;
	char *arg = **pargs, *argn = (*pargs)[1];
	if (!strcmp(arg, "-policy"))
		{
		if (!argn)
			*badarg = 1;
		else
			{
			otmp = OBJ_txt2obj(argn, 0);
			if (!otmp)
				{
				BIO_printf(err, "Invalid Policy \"%s\"\n",
									argn);
				*badarg = 1;
				}
			}
		(*pargs)++;
		}
	else if (strcmp(arg,"-purpose") == 0)
		{
		X509_PURPOSE *xptmp;
		if (!argn)
			*badarg = 1;
		else
			{
			i = X509_PURPOSE_get_by_sname(argn);
			if(i < 0)
				{
				BIO_printf(err, "unrecognized purpose\n");
				*badarg = 1;
				}
			else
				{
				xptmp = X509_PURPOSE_get0(i);
				purpose = X509_PURPOSE_get_id(xptmp);
				}
			}
		(*pargs)++;
		}
	else if (!strcmp(arg, "-ignore_critical"))
		flags |= X509_V_FLAG_IGNORE_CRITICAL;
	else if (!strcmp(arg, "-issuer_checks"))
		flags |= X509_V_FLAG_CB_ISSUER_CHECK;
	else if (!strcmp(arg, "-crl_check"))
		flags |=  X509_V_FLAG_CRL_CHECK;
	else if (!strcmp(arg, "-crl_check_all"))
		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
	else if (!strcmp(arg, "-policy_check"))
		flags |= X509_V_FLAG_POLICY_CHECK;
	else if (!strcmp(arg, "-explicit_policy"))
		flags |= X509_V_FLAG_EXPLICIT_POLICY;
	else if (!strcmp(arg, "-x509_strict"))
		flags |= X509_V_FLAG_X509_STRICT;
	else if (!strcmp(arg, "-policy_print"))
		flags |= X509_V_FLAG_NOTIFY_POLICY;
	else
		return 0;

	if (*badarg)
		{
		if (*pm)
			X509_VERIFY_PARAM_free(*pm);
		*pm = NULL;
		goto end;
		}

	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
		{
		*badarg = 1;
		goto end;
		}

	if (otmp)
		X509_VERIFY_PARAM_add0_policy(*pm, otmp);
	if (flags)
		X509_VERIFY_PARAM_set_flags(*pm, flags);

	if (purpose)
		X509_VERIFY_PARAM_set_purpose(*pm, purpose);

	end:

	(*pargs)++;

	if (pargc)
		*pargc -= *pargs - oldargs;

	return 1;

	}

static void nodes_print(BIO *out, const char *name,
	STACK_OF(X509_POLICY_NODE) *nodes)
	{
	X509_POLICY_NODE *node;
	int i;
	BIO_printf(out, "%s Policies:", name);
	if (nodes)
		{
		BIO_puts(out, "\n");
		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
			{
			node = sk_X509_POLICY_NODE_value(nodes, i);
			X509_POLICY_NODE_print(out, node, 2);
			}
		}
	else
		BIO_puts(out, " <empty>\n");
	}

void policies_print(BIO *out, X509_STORE_CTX *ctx)
	{
	X509_POLICY_TREE *tree;
	int explicit_policy;
	int free_out = 0;
	if (out == NULL)
		{
		out = BIO_new_fp(stderr, BIO_NOCLOSE);
		free_out = 1;
		}
	tree = X509_STORE_CTX_get0_policy_tree(ctx);
	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);

	BIO_printf(out, "Require explicit Policy: %s\n",
				explicit_policy ? "True" : "False");

	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
	if (free_out)
		BIO_free(out);
	}