|  |  | @@ -75,6 +75,39 @@ lock_strings(hx509_lock lock, getarg_strings *pass) | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  | } |  |  |  | } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | static char * | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | fix_store_name(hx509_context contextp, const char *sn, const char *def_type) | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | { | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     const char *residue = strchr(sn, ':'); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     char *s = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     if (residue) { | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         s = estrdup(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         s[residue - sn] = '\0'; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         if (_hx509_ks_type(contextp, s)) { | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |             free(s); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |             return estrdup(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(s); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         s = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     if (asprintf(&s, "%s:%s", def_type, sn) == -1 || s == NULL) | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         err(1, "Out of memory"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     return s; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | static char * | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | fix_csr_name(const char *cn, const char *def_type) | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | { | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     char *s = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     if (strncmp(cn, "PKCS10:", sizeof("PKCS10:") - 1) == 0 || strchr(cn, ':')) | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         return estrdup(cn); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     if (asprintf(&s, "%s:%s", def_type, cn) == -1 || s == NULL) | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         err(1, "Out of memory"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     return s; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | /* |  |  |  | /* | 
			
		
	
		
		
			
				
					
					|  |  |  |  * |  |  |  |  * | 
			
		
	
		
		
			
				
					
					|  |  |  |  */ |  |  |  |  */ | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -86,10 +119,13 @@ certs_strings(hx509_context contextp, const char *type, hx509_certs certs, | 
			
		
	
		
		
			
				
					
					|  |  |  |     int i, ret; |  |  |  |     int i, ret; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     for (i = 0; i < s->num_strings; i++) { |  |  |  |     for (i = 0; i < s->num_strings; i++) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_append(contextp, certs, lock, s->strings[i]); |  |  |  |         char *sn = fix_store_name(contextp, s->strings[i], "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	ret = hx509_certs_append(contextp, certs, lock, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(contextp, 1, ret, |  |  |  | 	    hx509_err(contextp, 1, ret, | 
			
		
	
		
		
			
				
					
					|  |  |  | 		      "hx509_certs_append: %s %s", type, s->strings[i]); |  |  |  | 		      "hx509_certs_append: %s %s", type, sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  | } |  |  |  | } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -752,8 +788,11 @@ pcert_print(struct print_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     lock_strings(lock, &opt->pass_strings); |  |  |  |     lock_strings(lock, &opt->pass_strings); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     while(argc--) { |  |  |  |     while(argc--) { | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *sn = fix_store_name(context, argv[0], "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	int ret; |  |  |  | 	int ret; | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_init(context, argv[0], 0, lock, &certs); |  |  |  |  | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	ret = hx509_certs_init(context, sn, 0, lock, &certs); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) { |  |  |  | 	if (ret) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    if (opt->never_fail_flag) { |  |  |  | 	    if (opt->never_fail_flag) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 		printf("ignoreing failure: %d\n", ret); |  |  |  | 		printf("ignoreing failure: %d\n", ret); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -800,8 +839,10 @@ pcert_validate(struct validate_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE); |  |  |  |     hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     while(argc--) { |  |  |  |     while(argc--) { | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *sn = fix_store_name(context, argv[0], "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	int ret; |  |  |  | 	int ret; | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_init(context, argv[0], 0, lock, &certs); |  |  |  |  | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	ret = hx509_certs_init(context, sn, 0, lock, &certs); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    errx(1, "hx509_certs_init: %d", ret); |  |  |  | 	    errx(1, "hx509_certs_init: %d", ret); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_certs_iter_f(context, certs, validate_f, ctx); |  |  |  | 	hx509_certs_iter_f(context, certs, validate_f, ctx); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -820,6 +861,7 @@ certificate_copy(struct certificate_copy_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | { |  |  |  | { | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_certs certs; |  |  |  |     hx509_certs certs; | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_lock inlock, outlock = NULL; |  |  |  |     hx509_lock inlock, outlock = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     char *sn; | 
			
		
	
		
		
			
				
					
					|  |  |  |     int ret; |  |  |  |     int ret; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_lock_init(context, &inlock); |  |  |  |     hx509_lock_init(context, &inlock); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -833,16 +875,21 @@ certificate_copy(struct certificate_copy_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | 		 opt->out_pass_string, ret); |  |  |  | 		 opt->out_pass_string, ret); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     ret = hx509_certs_init(context, argv[argc - 1], |  |  |  |     sn = fix_store_name(context, argv[argc - 1], "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     ret = hx509_certs_init(context, sn, | 
			
		
	
		
		
			
				
					
					|  |  |  | 			   HX509_CERTS_CREATE, inlock, &certs); |  |  |  | 			   HX509_CERTS_CREATE, inlock, &certs); | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (ret) |  |  |  |     if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_err(context, 1, ret, "hx509_certs_init"); |  |  |  | 	hx509_err(context, 1, ret, "hx509_certs_init %s", sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     while(argc-- > 1) { |  |  |  |     while(argc-- > 1) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	int retx; |  |  |  | 	int retx; | 
			
		
	
		
		
			
				
					
					|  |  |  | 	retx = hx509_certs_append(context, certs, inlock, argv[0]); |  |  |  |  | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         sn = fix_store_name(context, argv[0], "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	retx = hx509_certs_append(context, certs, inlock, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (retx) |  |  |  | 	if (retx) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, retx, "hx509_certs_append"); |  |  |  | 	    hx509_err(context, 1, retx, "hx509_certs_append %s", sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	argv++; |  |  |  | 	argv++; | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -951,29 +998,35 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	errx(1, "hx509_revoke_init: %d", ret); |  |  |  | 	errx(1, "hx509_revoke_init: %d", ret); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     while(argc--) { |  |  |  |     while(argc--) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	char *s = *argv++; |  |  |  | 	const char *s = *argv++; | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *sn = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (strncmp(s, "chain:", 6) == 0) { |  |  |  | 	if (strncmp(s, "chain:", 6) == 0) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    s += 6; |  |  |  | 	    s += 6; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    ret = hx509_certs_append(context, chain, NULL, s); |  |  |  |             sn = fix_store_name(context, s, "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	    ret = hx509_certs_append(context, chain, NULL, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    if (ret) |  |  |  | 	    if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 		hx509_err(context, 1, ret, "hx509_certs_append: chain: %s: %d", s, ret); |  |  |  |                 hx509_err(context, 1, ret, "hx509_certs_append: chain: %s: %d", | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |                           sn, ret); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	} else if (strncmp(s, "anchor:", 7) == 0) { |  |  |  | 	} else if (strncmp(s, "anchor:", 7) == 0) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    s += 7; |  |  |  | 	    s += 7; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    ret = hx509_certs_append(context, anchors, NULL, s); |  |  |  |             sn = fix_store_name(context, s, "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	    ret = hx509_certs_append(context, anchors, NULL, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    if (ret) |  |  |  | 	    if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 		hx509_err(context, 1, ret, "hx509_certs_append: anchor: %s: %d", s, ret); |  |  |  | 		hx509_err(context, 1, ret, | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |                           "hx509_certs_append: anchor: %s: %d", sn, ret); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	} else if (strncmp(s, "cert:", 5) == 0) { |  |  |  | 	} else if (strncmp(s, "cert:", 5) == 0) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    s += 5; |  |  |  | 	    s += 5; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    ret = hx509_certs_append(context, certs, NULL, s); |  |  |  |             sn = fix_store_name(context, s, "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	    ret = hx509_certs_append(context, certs, NULL, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    if (ret) |  |  |  | 	    if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 		hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d", |  |  |  | 		hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d", | 
			
		
	
		
		
			
				
					
					|  |  |  | 			  s, ret); |  |  |  | 			  sn, ret); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	} else if (strncmp(s, "crl:", 4) == 0) { |  |  |  | 	} else if (strncmp(s, "crl:", 4) == 0) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    s += 4; |  |  |  | 	    s += 4; | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -992,6 +1045,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	} else { |  |  |  | 	} else { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    errx(1, "unknown option to verify: `%s'\n", s); |  |  |  | 	    errx(1, "unknown option to verify: `%s'\n", s); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	} |  |  |  | 	} | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_verify_attach_anchors(ctx, anchors); |  |  |  |     hx509_verify_attach_anchors(ctx, anchors); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1044,10 +1098,12 @@ query(struct query_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); |  |  |  |     if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     while (argc > 0) { |  |  |  |     while (argc > 0) { | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *sn = fix_store_name(context, argv[0], "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_append(context, certs, lock, argv[0]); |  |  |  | 	ret = hx509_certs_append(context, certs, lock, sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    errx(1, "hx509_certs_append: %s: %d", argv[0], ret); |  |  |  | 	    errx(1, "hx509_certs_append: %s: %d", sn, ret); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	argc--; |  |  |  | 	argc--; | 
			
		
	
		
		
			
				
					
					|  |  |  | 	argv++; |  |  |  | 	argv++; | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1130,9 +1186,12 @@ ocsp_fetch(struct ocsp_fetch_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); |  |  |  |     if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     for (i = 1; i < argc; i++) { |  |  |  |     for (i = 1; i < argc; i++) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_append(context, reqcerts, lock, argv[i]); |  |  |  |         char *sn = fix_store_name(context, argv[i], "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	ret = hx509_certs_append(context, reqcerts, lock, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    errx(1, "hx509_certs_append: req: %s: %d", argv[i], ret); |  |  |  | 	    errx(1, "hx509_certs_append: req: %s: %d", sn, ret); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     ret = hx509_ocsp_request(context, reqcerts, pool, NULL, NULL, &req, nonce); |  |  |  |     ret = hx509_ocsp_request(context, reqcerts, pool, NULL, NULL, &req, nonce); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1257,9 +1316,12 @@ ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); |  |  |  |     if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     for (i = 0; i < argc; i++) { |  |  |  |     for (i = 0; i < argc; i++) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_append(context, certs, lock, argv[i]); |  |  |  |         char *sn = fix_store_name(context, argv[i], "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	ret = hx509_certs_append(context, certs, lock, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]); |  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_append: %s", sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     ret = hx509_certs_iter_f(context, certs, verify_o, &os); |  |  |  |     ret = hx509_certs_iter_f(context, certs, verify_o, &os); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1276,20 +1338,22 @@ read_private_key(const char *fn, hx509_private_key *key) | 
			
		
	
		
		
			
				
					
					|  |  |  | { |  |  |  | { | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_private_key *keys; |  |  |  |     hx509_private_key *keys; | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_certs certs; |  |  |  |     hx509_certs certs; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     char *sn = fix_store_name(context, fn, "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  |     int ret; |  |  |  |     int ret; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     *key = NULL; |  |  |  |     *key = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     ret = hx509_certs_init(context, fn, 0, NULL, &certs); |  |  |  |     ret = hx509_certs_init(context, sn, 0, NULL, &certs); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |     if (ret) |  |  |  |     if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_err(context, 1, ret, "hx509_certs_init: %s", fn); |  |  |  | 	hx509_err(context, 1, ret, "hx509_certs_init: %s", sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     ret = _hx509_certs_keys_get(context, certs, &keys); |  |  |  |     ret = _hx509_certs_keys_get(context, certs, &keys); | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_certs_free(&certs); |  |  |  |     hx509_certs_free(&certs); | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (ret) |  |  |  |     if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_err(context, 1, ret, "hx509_certs_keys_get"); |  |  |  | 	hx509_err(context, 1, ret, "hx509_certs_keys_get"); | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (keys[0] == NULL) |  |  |  |     if (keys[0] == NULL) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	errx(1, "no keys in key store: %s", fn); |  |  |  | 	errx(1, "no keys in key store: %s", sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     *key = _hx509_private_key_ref(keys[0]); |  |  |  |     *key = _hx509_private_key_ref(keys[0]); | 
			
		
	
		
		
			
				
					
					|  |  |  |     _hx509_certs_keys_free(context, keys); |  |  |  |     _hx509_certs_keys_free(context, keys); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1320,12 +1384,13 @@ get_key(const char *fn, const char *type, int optbits, | 
			
		
	
		
		
			
				
					
					|  |  |  |             hx509_err(context, 1, ret, "failed to generate private key of type %s", type); |  |  |  |             hx509_err(context, 1, ret, "failed to generate private key of type %s", type); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |         if (fn) { |  |  |  |         if (fn) { | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |             char *sn = fix_store_name(context, fn, "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  |             hx509_certs certs = NULL; |  |  |  |             hx509_certs certs = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |             hx509_cert cert = NULL; |  |  |  |             hx509_cert cert = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |             cert = hx509_cert_init_private_key(context, *signer, NULL); |  |  |  |             cert = hx509_cert_init_private_key(context, *signer, NULL); | 
			
		
	
		
		
			
				
					
					|  |  |  |             if (cert) |  |  |  |             if (cert) | 
			
		
	
		
		
			
				
					
					|  |  |  |                 ret = hx509_certs_init(context, fn, |  |  |  |                 ret = hx509_certs_init(context, sn, | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |                                        HX509_CERTS_CREATE | |  |  |  |                                        HX509_CERTS_CREATE | | 
			
		
	
		
		
			
				
					
					|  |  |  |                                        HX509_CERTS_UNPROTECT_ALL, |  |  |  |                                        HX509_CERTS_UNPROTECT_ALL, | 
			
		
	
		
		
			
				
					
					|  |  |  |                                        NULL, &certs); |  |  |  |                                        NULL, &certs); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1335,12 +1400,13 @@ get_key(const char *fn, const char *type, int optbits, | 
			
		
	
		
		
			
				
					
					|  |  |  |                 ret = hx509_certs_store(context, certs, 0, NULL); |  |  |  |                 ret = hx509_certs_store(context, certs, 0, NULL); | 
			
		
	
		
		
			
				
					
					|  |  |  |             if (ret) |  |  |  |             if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  |                 hx509_err(context, 1, ret, "failed to store generated private " |  |  |  |                 hx509_err(context, 1, ret, "failed to store generated private " | 
			
		
	
		
		
			
				
					
					|  |  |  |                           "key in %s", fn); |  |  |  |                           "key in %s", sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |             if (certs) |  |  |  |             if (certs) | 
			
		
	
		
		
			
				
					
					|  |  |  |                 hx509_certs_free(&certs); |  |  |  |                 hx509_certs_free(&certs); | 
			
		
	
		
		
			
				
					
					|  |  |  |             if (cert) |  |  |  |             if (cert) | 
			
		
	
		
		
			
				
					
					|  |  |  |                 hx509_cert_free(cert); |  |  |  |                 hx509_cert_free(cert); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |             free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |         } |  |  |  |         } | 
			
		
	
		
		
			
				
					
					|  |  |  |     } else { |  |  |  |     } else { | 
			
		
	
		
		
			
				
					
					|  |  |  |         if (fn == NULL) |  |  |  |         if (fn == NULL) | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1493,15 +1559,17 @@ request_print(struct request_print_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     for (i = 0; i < argc; i++) { |  |  |  |     for (i = 0; i < argc; i++) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_request req; |  |  |  | 	hx509_request req; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *cn = fix_csr_name(argv[i], "PKCS10"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_request_parse(context, argv[i], &req); |  |  |  | 	ret = hx509_request_parse(context, cn, &req); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "parse_request: %s", argv[i]); |  |  |  | 	    hx509_err(context, 1, ret, "parse_request: %s", cn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_request_print(context, req, stdout); |  |  |  | 	ret = hx509_request_print(context, req, stdout); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_request_free(&req); |  |  |  | 	hx509_request_free(&req); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "Failed to print file %s", argv[i]); |  |  |  | 	    hx509_err(context, 1, ret, "Failed to print file %s", cn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(cn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     return 0; |  |  |  |     return 0; | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1937,12 +2005,11 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (opt->ca_certificate_string) { |  |  |  |     if (opt->ca_certificate_string) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_certs cacerts = NULL; |  |  |  | 	hx509_certs cacerts = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_query *q; |  |  |  | 	hx509_query *q; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *sn = fix_store_name(context, opt->ca_certificate_string, "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_init(context, opt->ca_certificate_string, 0, |  |  |  |         ret = hx509_certs_init(context, sn, 0, NULL, &cacerts); | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  | 			       NULL, &cacerts); |  |  |  |  | 
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, |  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_init: %s", sn); | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  | 		      "hx509_certs_init: %s", opt->ca_certificate_string); |  |  |  |  | 
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_query_alloc(context, &q); |  |  |  | 	ret = hx509_query_alloc(context, &q); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1957,6 +2024,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_certs_free(&cacerts); |  |  |  | 	hx509_certs_free(&cacerts); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "no CA certificate found"); |  |  |  | 	    hx509_err(context, 1, ret, "no CA certificate found"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } else if (opt->self_signed_flag) { |  |  |  |     } else if (opt->self_signed_flag) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (opt->generate_key_string == NULL |  |  |  | 	if (opt->generate_key_string == NULL | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    && opt->ca_private_key_string == NULL) |  |  |  | 	    && opt->ca_private_key_string == NULL) | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -1983,23 +2051,24 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (opt->req_string) { |  |  |  |     if (opt->req_string) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_request req; |  |  |  | 	hx509_request req; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *cn = fix_csr_name(opt->req_string, "PKCS10"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |         /* |  |  |  |         /* | 
			
		
	
		
		
			
				
					
					|  |  |  |          * XXX Extract the CN and other attributes we want to preserve from the |  |  |  |          * Extract the CN and other attributes we want to preserve from the | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |          * requested subjectName and then set them in the hx509_env for the |  |  |  |          * requested subjectName and then set them in the hx509_env for the | 
			
		
	
		
		
			
				
					
					|  |  |  |          * template. |  |  |  |          * template. | 
			
		
	
		
		
			
				
					
					|  |  |  |          */ |  |  |  |          */ | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_request_parse(context, opt->req_string, &req); |  |  |  | 	ret = hx509_request_parse(context, cn, &req); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "parse_request: %s", opt->req_string); |  |  |  | 	    hx509_err(context, 1, ret, "parse_request: %s", cn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_request_get_name(context, req, &subject); |  |  |  | 	ret = hx509_request_get_name(context, req, &subject); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "get name"); |  |  |  | 	    hx509_err(context, 1, ret, "get name"); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_request_get_SubjectPublicKeyInfo(context, req, &spki); |  |  |  | 	ret = hx509_request_get_SubjectPublicKeyInfo(context, req, &spki); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "get spki"); |  |  |  | 	    hx509_err(context, 1, ret, "get spki"); | 
			
		
	
		
		
			
				
					
					|  |  |  |         /* XXX Add option to extract */ |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_request_free(&req); |  |  |  | 	hx509_request_free(&req); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(cn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (opt->generate_key_string) { |  |  |  |     if (opt->generate_key_string) { | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2092,13 +2161,13 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (opt->template_certificate_string) { |  |  |  |     if (opt->template_certificate_string) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_cert template; |  |  |  | 	hx509_cert template; | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_certs tcerts; |  |  |  | 	hx509_certs tcerts; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *sn = fix_store_name(context, opt->template_certificate_string, | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |                                   "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	int flags; |  |  |  | 	int flags; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_init(context, opt->template_certificate_string, 0, |  |  |  | 	ret = hx509_certs_init(context, sn, 0, NULL, &tcerts); | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  | 			       NULL, &tcerts); |  |  |  |  | 
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, |  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_init: %s", sn); | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  | 		      "hx509_certs_init: %s", opt->template_certificate_string); |  |  |  |  | 
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_get_one_cert(context, tcerts, &template); |  |  |  | 	ret = hx509_get_one_cert(context, tcerts, &template); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2114,6 +2183,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_template"); |  |  |  | 	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_template"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_cert_free(template); |  |  |  | 	hx509_cert_free(template); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (opt->serial_number_string) { |  |  |  |     if (opt->serial_number_string) { | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2246,9 +2316,9 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     { |  |  |  |     { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_certs certs; |  |  |  | 	hx509_certs certs; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *sn = fix_store_name(context, opt->certificate_string, "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_init(context, opt->certificate_string, |  |  |  |         ret = hx509_certs_init(context, sn, HX509_CERTS_CREATE, NULL, &certs); | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  | 			       HX509_CERTS_CREATE, NULL, &certs); |  |  |  |  | 
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_init"); |  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_init"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2261,6 +2331,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_store"); |  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_store"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_certs_free(&certs); |  |  |  | 	hx509_certs_free(&certs); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (subject) |  |  |  |     if (subject) | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2324,9 +2395,11 @@ test_crypto(struct test_crypto_options *opt, int argc, char ** argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); |  |  |  |     if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     for (i = 0; i < argc; i++) { |  |  |  |     for (i = 0; i < argc; i++) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_append(context, certs, lock, argv[i]); |  |  |  |         char *sn = fix_store_name(context, argv[i], "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	ret = hx509_certs_append(context, certs, lock, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_append"); |  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_append %s", sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     ret = hx509_verify_init_ctx(context, &vctx); |  |  |  |     ret = hx509_verify_init_ctx(context, &vctx); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2385,12 +2458,11 @@ crl_sign(struct crl_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     { |  |  |  |     { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_certs certs = NULL; |  |  |  | 	hx509_certs certs = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_query *q; |  |  |  | 	hx509_query *q; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         char *sn = fix_store_name(context, opt->signer_string, "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_certs_init(context, opt->signer_string, 0, |  |  |  |         ret = hx509_certs_init(context, sn, 0, NULL, &certs); | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  | 			       NULL, &certs); |  |  |  |  | 
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, |  |  |  | 	    hx509_err(context, 1, ret, "hx509_certs_init: %s", sn); | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  | 		      "hx509_certs_init: %s", opt->signer_string); |  |  |  |  | 
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	ret = hx509_query_alloc(context, &q); |  |  |  | 	ret = hx509_query_alloc(context, &q); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2403,6 +2475,7 @@ crl_sign(struct crl_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_certs_free(&certs); |  |  |  | 	hx509_certs_free(&certs); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	if (ret) |  |  |  | 	if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    hx509_err(context, 1, ret, "no signer certificate found"); |  |  |  | 	    hx509_err(context, 1, ret, "no signer certificate found"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     } |  |  |  |     } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (opt->lifetime_string) { |  |  |  |     if (opt->lifetime_string) { | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2426,9 +2499,11 @@ crl_sign(struct crl_sign_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  | 		      "hx509_certs_init: MEMORY cert"); |  |  |  | 		      "hx509_certs_init: MEMORY cert"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	for (i = 0; i < argc; i++) { |  |  |  | 	for (i = 0; i < argc; i++) { | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    ret = hx509_certs_append(context, revoked, lock, argv[i]); |  |  |  |             char *sn = fix_store_name(context, argv[i], "FILE"); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 	    ret = hx509_certs_append(context, revoked, lock, sn); | 
			
		
	
		
		
			
				
					
					|  |  |  | 	    if (ret) |  |  |  | 	    if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  | 		hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]); |  |  |  | 		hx509_err(context, 1, ret, "hx509_certs_append: %s", sn); | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 	} |  |  |  | 	} | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  | 	hx509_crl_add_revoked_certs(context, crl, revoked); |  |  |  | 	hx509_crl_add_revoked_certs(context, crl, revoked); | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2970,6 +3045,7 @@ acert(struct acert_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_query *q = NULL; |  |  |  |     hx509_query *q = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_certs certs = NULL; |  |  |  |     hx509_certs certs = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |     hx509_cert cert = NULL; |  |  |  |     hx509_cert cert = NULL; | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     char *sn = fix_store_name(context, argv[0], "FILE"); | 
			
		
	
		
		
			
				
					
					|  |  |  |     size_t n = 0; |  |  |  |     size_t n = 0; | 
			
		
	
		
		
			
				
					
					|  |  |  |     int matched = 0; |  |  |  |     int matched = 0; | 
			
		
	
		
		
			
				
					
					|  |  |  |     int ret; |  |  |  |     int ret; | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -2981,9 +3057,8 @@ acert(struct acert_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |         (opt->not_before_lt_string || opt->not_before_gt_string)) |  |  |  |         (opt->not_before_lt_string || opt->not_before_gt_string)) | 
			
		
	
		
		
			
				
					
					|  |  |  |         errx(1, "--not-before-eq should not be given with --not-before-lt/gt"); |  |  |  |         errx(1, "--not-before-eq should not be given with --not-before-lt/gt"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     if ((ret = hx509_certs_init(context, argv[0], 0, NULL, &certs))) |  |  |  |     if ((ret = hx509_certs_init(context, sn, 0, NULL, &certs))) | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  |         hx509_err(context, 1, ret, "Could not load certificates from %s", |  |  |  |         hx509_err(context, 1, ret, "Could not load certificates from %s", sn); | 
			
				
				
			
		
	
		
		
			
				
					
					|  |  |  |                   argv[0]); |  |  |  |  | 
			
		
	
		
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (opt->expr_string) { |  |  |  |     if (opt->expr_string) { | 
			
		
	
		
		
			
				
					
					|  |  |  |         if ((ret = hx509_query_alloc(context, &q)) || |  |  |  |         if ((ret = hx509_query_alloc(context, &q)) || | 
			
		
	
	
		
		
			
				
					
					|  |  | @@ -3015,6 +3090,7 @@ acert(struct acert_options *opt, int argc, char **argv) | 
			
		
	
		
		
			
				
					
					|  |  |  |     if (ret) |  |  |  |     if (ret) | 
			
		
	
		
		
			
				
					
					|  |  |  |         hx509_err(context, 1, ret, "Matching certificate did not meet " |  |  |  |         hx509_err(context, 1, ret, "Matching certificate did not meet " | 
			
		
	
		
		
			
				
					
					|  |  |  |                   "requirements"); |  |  |  |                   "requirements"); | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     free(sn); | 
			
		
	
		
		
			
				
					
					|  |  |  |     return 0; |  |  |  |     return 0; | 
			
		
	
		
		
			
				
					
					|  |  |  | } |  |  |  | } | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |  | 
			
		
	
	
		
		
			
				
					
					|  |  |   |