Modify apps to use NCONF code instead of old CONF code.

Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...

CHANGES

@@ -11,6 +11,14 @@
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
   *) Handle special case when X509_NAME is empty in X509 printing routines.
      [Steve Henson]
 

apps/apps.c

@@ -591,18 +591,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
 	return BUF_strdup(tpass);
 }
 
-int add_oid_section(BIO *err, LHASH *conf)
+int add_oid_section(BIO *err, CONF *conf)
 {	
 	char *p;
 	STACK_OF(CONF_VALUE) *sktmp;
 	CONF_VALUE *cnf;
 	int i;
-	if(!(p=CONF_get_string(conf,NULL,"oid_section")))
+	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
 		{
 		ERR_clear_error();
 		return 1;
 		}
-	if(!(sktmp = CONF_get_section(conf, p))) {
+	if(!(sktmp = NCONF_get_section(conf, p))) {
 		BIO_printf(err, "problem loading oid section %s\n", p);
 		return 0;
 	}

apps/apps.h

@@ -101,7 +101,7 @@ extern BIO *bio_err;
 #else
 
 #define MAIN(a,v)	PROG(a,v)
-extern LHASH *config;
+extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
 
@@ -175,7 +175,7 @@ int set_name_ex(unsigned long *flags, const char *arg);
 int set_ext_copy(int *copy_type, const char *arg);
 int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, LHASH *conf);
+int add_oid_section(BIO *err, CONF *conf);
 X509 *load_cert(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip);
 EVP_PKEY *load_key(BIO *err, const char *file, int format,

apps/ca.c

@@ -213,28 +213,28 @@ static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
 		   BIGNUM *serial, char *subj, char *startdate,char *enddate,
-		   int days, int batch, char *ext_sect, LHASH *conf,int verbose,
+		   long days, int batch, char *ext_sect, CONF *conf,int verbose,
 		   unsigned long certopt, unsigned long nameopt, int default_op,
 		   int ext_copy);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
 			TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,
-			char *enddate, int days, int batch, char *ext_sect,
+			char *enddate, long days, int batch, char *ext_sect,
-			LHASH *conf,int verbose, unsigned long certopt,
+			CONF *conf,int verbose, unsigned long certopt,
 			unsigned long nameopt, int default_op, int ext_copy,
 			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
 			 TXT_DB *db, BIGNUM *serial,char *subj, char *startdate,
-			 char *enddate, int days, char *ext_sect,LHASH *conf,
+			 char *enddate, long days, char *ext_sect,CONF *conf,
 			 int verbose, unsigned long certopt, unsigned long nameopt,
 			 int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
-	char *startdate, char *enddate, int days, int batch, int verbose,
+	char *startdate, char *enddate, long days, int batch, int verbose,
-	X509_REQ *req, char *ext_sect, LHASH *conf,
+	X509_REQ *req, char *ext_sect, CONF *conf,
 	unsigned long certopt, unsigned long nameopt, int default_op,
 	int ext_copy);
 static X509_NAME *do_subject(char *subject);
@@ -245,8 +245,8 @@ static int check_time_format(char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, char *str);
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static LHASH *conf=NULL;
+static CONF *conf=NULL;
-static LHASH *extconf=NULL;
+static CONF *extconf=NULL;
 static char *section=NULL;
 
 static int preserve=0;
@@ -300,7 +300,7 @@ int MAIN(int argc, char **argv)
 	BIGNUM *serial=NULL;
 	char *startdate=NULL;
 	char *enddate=NULL;
-	int days=0;
+	long days=0;
 	int batch=0;
 	int notext=0;
 	unsigned long nameopt = 0, certopt = 0;
@@ -571,7 +571,8 @@ bad:
 		}
 
 	BIO_printf(bio_err,"Using configuration from %s\n",configfile);
-	if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+	conf = NCONF_new(NULL);
+	if (NCONF_load(conf,configfile,&errorline) <= 0)
 		{
 		if (errorline <= 0)
 			BIO_printf(bio_err,"error loading the config file '%s'\n",
@@ -585,7 +586,7 @@ bad:
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
-		section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+		section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
 		if (section == NULL)
 			{
 			lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
@@ -595,7 +596,7 @@ bad:
 
 	if (conf != NULL)
 		{
-		p=CONF_get_string(conf,NULL,"oid_file");
+		p=NCONF_get_string(conf,NULL,"oid_file");
 		if (p == NULL)
 			ERR_clear_error();
 		if (p != NULL)
@@ -624,7 +625,7 @@ bad:
 			}
 		}
 
-	randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
 	if (randfile == NULL)
 		ERR_clear_error();
 	app_RAND_load_file(randfile, bio_err, 0);
@@ -643,7 +644,7 @@ bad:
 	/* report status of cert with serial number given on command line */
 	if (ser_status)
 	{
-		if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
 			{
 			lookup_fail(section,ENV_DATABASE);
 			goto err;
@@ -676,7 +677,7 @@ bad:
 	/*****************************************************************/
 	/* we definitely need a public key, so let's get it */
 
-	if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+	if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
 		section,ENV_PRIVATE_KEY)) == NULL))
 		{
 		lookup_fail(section,ENV_PRIVATE_KEY);
@@ -698,7 +699,7 @@ bad:
 
 	/*****************************************************************/
 	/* we need a certificate */
-	if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+	if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
 		section,ENV_CERTIFICATE)) == NULL))
 		{
 		lookup_fail(section,ENV_CERTIFICATE);
@@ -715,18 +716,18 @@ bad:
 		goto err;
 		}
 
-	f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+	f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
 	if (f == NULL)
 		ERR_clear_error();
 	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
 		preserve=1;
-	f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+	f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
 	if (f == NULL)
 		ERR_clear_error();
 	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
 		msie_hack=1;
 
-	f=CONF_get_string(conf,section,ENV_NAMEOPT);
+	f=NCONF_get_string(conf,section,ENV_NAMEOPT);
 
 	if (f)
 		{
@@ -740,7 +741,7 @@ bad:
 	else
 		ERR_clear_error();
 
-	f=CONF_get_string(conf,section,ENV_CERTOPT);
+	f=NCONF_get_string(conf,section,ENV_CERTOPT);
 
 	if (f)
 		{
@@ -754,7 +755,7 @@ bad:
 	else
 		ERR_clear_error();
 
-	f=CONF_get_string(conf,section,ENV_EXTCOPY);
+	f=NCONF_get_string(conf,section,ENV_EXTCOPY);
 
 	if (f)
 		{
@@ -773,7 +774,7 @@ bad:
 		{
 		struct stat sb;
 
-		if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+		if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
 			== NULL)
 			{
 			BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
@@ -816,7 +817,7 @@ bad:
 
 	/*****************************************************************/
 	/* we need to load the database file */
-	if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+	if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
 		{
 		lookup_fail(section,ENV_DATABASE);
 		goto err;
@@ -995,7 +996,8 @@ bad:
 	/* Read extentions config file                                   */
 	if (extfile)
 		{
-		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+		extconf = NCONF_new(NULL);
+		if (NCONF_load(extconf,extfile,&errorline) <= 0)
 			{
 			if (errorline <= 0)
 				BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
@@ -1011,7 +1013,7 @@ bad:
 			BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
 
 		/* We can have sections in the ext file */
-		if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions")))
+		if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
 			extensions = "default";
 		}
 
@@ -1040,7 +1042,7 @@ bad:
 
 	if (req)
 		{
-		if ((md == NULL) && ((md=CONF_get_string(conf,
+		if ((md == NULL) && ((md=NCONF_get_string(conf,
 			section,ENV_DEFAULT_MD)) == NULL))
 			{
 			lookup_fail(section,ENV_DEFAULT_MD);
@@ -1054,7 +1056,7 @@ bad:
 		if (verbose)
 			BIO_printf(bio_err,"message digest is %s\n",
 				OBJ_nid2ln(dgst->type));
-		if ((policy == NULL) && ((policy=CONF_get_string(conf,
+		if ((policy == NULL) && ((policy=NCONF_get_string(conf,
 			section,ENV_POLICY)) == NULL))
 			{
 			lookup_fail(section,ENV_POLICY);
@@ -1063,7 +1065,7 @@ bad:
 		if (verbose)
 			BIO_printf(bio_err,"policy is %s\n",policy);
 
-		if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+		if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
 			== NULL)
 			{
 			lookup_fail(section,ENV_SERIAL);
@@ -1076,7 +1078,7 @@ bad:
 			 * in the main configuration file */
 			if (!extensions)
 				{
-				extensions=CONF_get_string(conf,section,
+				extensions=NCONF_get_string(conf,section,
 								ENV_EXTENSIONS);
 				if (!extensions)
 					ERR_clear_error();
@@ -1086,8 +1088,8 @@ bad:
 				/* Check syntax of file */
 				X509V3_CTX ctx;
 				X509V3_set_ctx_test(&ctx);
-				X509V3_set_conf_lhash(&ctx, conf);
+				X509V3_set_nconf(&ctx, conf);
-				if (!X509V3_EXT_add_conf(conf, &ctx, extensions,
+				if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
 								NULL))
 					{
 					BIO_printf(bio_err,
@@ -1101,7 +1103,7 @@ bad:
 
 		if (startdate == NULL)
 			{
-			startdate=CONF_get_string(conf,section,
+			startdate=NCONF_get_string(conf,section,
 				ENV_DEFAULT_STARTDATE);
 			if (startdate == NULL)
 				ERR_clear_error();
@@ -1115,7 +1117,7 @@ bad:
 
 		if (enddate == NULL)
 			{
-			enddate=CONF_get_string(conf,section,
+			enddate=NCONF_get_string(conf,section,
 				ENV_DEFAULT_ENDDATE);
 			if (enddate == NULL)
 				ERR_clear_error();
@@ -1128,8 +1130,8 @@ bad:
 
 		if (days == 0)
 			{
-			days=(int)CONF_get_number(conf,section,
+			if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
-				ENV_DEFAULT_DAYS);
+				days = 0;
 			}
 		if (!enddate && (days == 0))
 			{
@@ -1149,7 +1151,7 @@ bad:
 			OPENSSL_free(f);
 			}
 
-		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+		if ((attribs=NCONF_get_section(conf,policy)) == NULL)
 			{
 			BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
 			goto err;
@@ -1404,7 +1406,7 @@ bad:
 		int crl_v2 = 0;
 		if (!crl_ext)
 			{
-			crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+			crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
 			if (!crl_ext)
 				ERR_clear_error();
 			}
@@ -1413,8 +1415,8 @@ bad:
 			/* Check syntax of file */
 			X509V3_CTX ctx;
 			X509V3_set_ctx_test(&ctx);
-			X509V3_set_conf_lhash(&ctx, conf);
+			X509V3_set_nconf(&ctx, conf);
-			if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
+			if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
 				{
 				BIO_printf(bio_err,
 				 "Error Loading CRL extension section %s\n",
@@ -1426,10 +1428,12 @@ bad:
 
 		if (!crldays && !crlhours)
 			{
-			crldays=CONF_get_number(conf,section,
+			if (!NCONF_get_number(conf,section,
-				ENV_DEFAULT_CRL_DAYS);
+				ENV_DEFAULT_CRL_DAYS, &crldays))
-			crlhours=CONF_get_number(conf,section,
+				crldays = 0;
-				ENV_DEFAULT_CRL_HOURS);
+			if (!NCONF_get_number(conf,section,
+				ENV_DEFAULT_CRL_HOURS, &crlhours))
+				crlhours = 0;
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
@@ -1505,9 +1509,9 @@ bad:
 			if (ci->version == NULL)
 				if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
 			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
-			X509V3_set_conf_lhash(&crlctx, conf);
+			X509V3_set_nconf(&crlctx, conf);
 
-			if (!X509V3_EXT_CRL_add_conf(conf, &crlctx,
+			if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
 				crl_ext, crl)) goto err;
 			}
 		if (crl_ext || crl_v2)
@@ -1593,7 +1597,7 @@ err:
 	EVP_PKEY_free(pkey);
 	X509_free(x509);
 	X509_CRL_free(crl);
-	CONF_free(conf);
+	NCONF_free(conf);
 	OBJ_cleanup();
 	apps_shutdown();
 	EXIT(ret);
@@ -1704,8 +1708,8 @@ err:
 
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
+	     BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
-	     int batch, char *ext_sect, LHASH *lconf, int verbose,
+	     int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
 	     int ext_copy)
 	{
@@ -1766,8 +1770,8 @@ err:
 
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
+	     BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
-	     int batch, char *ext_sect, LHASH *lconf, int verbose,
+	     int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
 	     int ext_copy, ENGINE *e)
 	{
@@ -1820,8 +1824,8 @@ err:
 
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
-	     char *startdate, char *enddate, int days, int batch, int verbose,
+	     char *startdate, char *enddate, long days, int batch, int verbose,
-	     X509_REQ *req, char *ext_sect, LHASH *lconf,
+	     X509_REQ *req, char *ext_sect, CONF *lconf,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
 	     int ext_copy)
 	{
@@ -2143,13 +2147,13 @@ again2:
 				BIO_printf(bio_err, "Extra configuration file found\n");
  
 			/* Use the extconf configuration db LHASH */
-			X509V3_set_conf_lhash(&ctx, extconf);
+			X509V3_set_nconf(&ctx, extconf);
  
 			/* Test the structure (needed?) */
 			/* X509V3_set_ctx_test(&ctx); */
 
 			/* Adds exts contained in the configuration file */
-			if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret))
+			if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
 				{
 				BIO_printf(bio_err,
 				    "ERROR: adding extensions in section %s\n",
@@ -2163,9 +2167,9 @@ again2:
 		else if (ext_sect)
 			{
 			/* We found extensions to be set from config file */
-			X509V3_set_conf_lhash(&ctx, lconf);
+			X509V3_set_nconf(&ctx, lconf);
 
-			if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret))
+			if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
 				{
 				BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
 				ERR_print_errors(bio_err);
@@ -2318,8 +2322,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
+	     BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
-	     char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt,
+	     char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
 	     unsigned long nameopt, int default_op, int ext_copy)
 	{
 	STACK_OF(CONF_VALUE) *sk=NULL;

apps/openssl.c

@@ -138,7 +138,7 @@ static unsigned long MS_CALLBACK hash(const void *a_void);
 static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-LHASH *config=NULL;
+CONF *config=NULL;
 char *default_config_file=NULL;
 
 /* Make sure there is only one when MONOLITH is defined */
@@ -269,8 +269,9 @@ int main(int Argc, char *Argv[])
 
 	default_config_file=p;
 
-	config=CONF_load(config,p,&errline);
+	config=NCONF_new(NULL);
-	if (config == NULL) ERR_clear_error();
+	i=NCONF_load(config,p,&errline);
+	if (i == 0) ERR_clear_error();
 
 	prog=prog_init();
 
@@ -339,7 +340,7 @@ int main(int Argc, char *Argv[])
 end:
 	if (config != NULL)
 		{
-		CONF_free(config);
+		NCONF_free(config);
 		config=NULL;
 		}
 	if (prog != NULL) lh_free(prog);

apps/req.c

@@ -119,20 +119,20 @@ static int prompt_info(X509_REQ *req,
 static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
 				STACK_OF(CONF_VALUE) *attr, int attribs);
 static int add_attribute_object(X509_REQ *req, char *text,
-				char *def, char *value, int nid, int min,
+				char *def, char *value, int nid, int n_min,
-				int max);
+				int n_max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-	int nid,int min,int max);
+	int nid,int n_min,int n_max);
 #ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
-static int req_check_len(int len,int min,int max);
+static int req_check_len(int len,int n_min,int n_max);
 static int check_end(char *str, char *end);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
-static LHASH *config=NULL;
+static CONF *config=NULL;
 #endif
-static LHASH *req_conf=NULL;
+static CONF *req_conf=NULL;
 static int batch=0;
 
 #define TYPE_RSA	1
@@ -152,7 +152,8 @@ int MAIN(int argc, char **argv)
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
 	EVP_PKEY *pkey=NULL;
-	int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
+	int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+	long newkey = -1;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0,subject=0;
@@ -457,7 +458,8 @@ bad:
 		p=config_name;
 		}
 	default_config_file=p;
-	config=CONF_load(config,p,NULL);
+	config=NCONF_new(NULL);
+	i=NCONF_load(config, p);
 #endif
 
 	if (template != NULL)
@@ -465,8 +467,9 @@ bad:
 		long errline;
 
 		BIO_printf(bio_err,"Using configuration from %s\n",template);
-		req_conf=CONF_load(NULL,template,&errline);
+		req_conf=NCONF_new(NULL);
-		if (req_conf == NULL)
+		i=NCONF_load(req_conf,template,&errline);
+		if (i == 0)
 			{
 			BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
 			goto end;
@@ -477,7 +480,7 @@ bad:
 		req_conf=config;
 		BIO_printf(bio_err,"Using configuration from %s\n",
 			default_config_file);
-		if (req_conf == NULL)
+		if (i == 0)
 			{
 			BIO_printf(bio_err,"Unable to load config info\n");
 			}
@@ -485,7 +488,7 @@ bad:
 
 	if (req_conf != NULL)
 		{
-		p=CONF_get_string(req_conf,NULL,"oid_file");
+		p=NCONF_get_string(req_conf,NULL,"oid_file");
 		if (p == NULL)
 			ERR_clear_error();
 		if (p != NULL)
@@ -511,7 +514,7 @@ bad:
 
 	if (md_alg == NULL)
 		{
-		p=CONF_get_string(req_conf,SECTION,"default_md");
+		p=NCONF_get_string(req_conf,SECTION,"default_md");
 		if (p == NULL)
 			ERR_clear_error();
 		if (p != NULL)
@@ -523,7 +526,7 @@ bad:
 
 	if (!extensions)
 		{
-		extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+		extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
 		if (!extensions)
 			ERR_clear_error();
 		}
@@ -531,8 +534,8 @@ bad:
 		/* Check syntax of file */
 		X509V3_CTX ctx;
 		X509V3_set_ctx_test(&ctx);
-		X509V3_set_conf_lhash(&ctx, req_conf);
+		X509V3_set_nconf(&ctx, req_conf);
-		if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
+		if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
 			BIO_printf(bio_err,
 			 "Error Loading extension section %s\n", extensions);
 			goto end;
@@ -541,19 +544,19 @@ bad:
 
 	if(!passin)
 		{
-		passin = CONF_get_string(req_conf, SECTION, "input_password");
+		passin = NCONF_get_string(req_conf, SECTION, "input_password");
 		if (!passin)
 			ERR_clear_error();
 		}
 	
 	if(!passout)
 		{
-		passout = CONF_get_string(req_conf, SECTION, "output_password");
+		passout = NCONF_get_string(req_conf, SECTION, "output_password");
 		if (!passout)
 			ERR_clear_error();
 		}
 
-	p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+	p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
 	if (!p)
 		ERR_clear_error();
 
@@ -564,7 +567,7 @@ bad:
 
 	if(!req_exts)
 		{
-		req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+		req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
 		if (!req_exts)
 			ERR_clear_error();
 		}
@@ -572,8 +575,8 @@ bad:
 		/* Check syntax of file */
 		X509V3_CTX ctx;
 		X509V3_set_ctx_test(&ctx);
-		X509V3_set_conf_lhash(&ctx, req_conf);
+		X509V3_set_nconf(&ctx, req_conf);
-		if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
+		if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
 			BIO_printf(bio_err,
 			 "Error Loading request extension section %s\n",
 								req_exts);
@@ -600,7 +603,7 @@ bad:
 			}
 		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
-			char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
 				ERR_clear_error();
 			app_RAND_load_file(randfile, bio_err, 0);
@@ -609,7 +612,7 @@ bad:
 
 	if (newreq && (pkey == NULL))
 		{
-		char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 		if (randfile == NULL)
 			ERR_clear_error();
 		app_RAND_load_file(randfile, bio_err, 0);
@@ -618,8 +621,7 @@ bad:
 	
 		if (newkey <= 0)
 			{
-			newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
+			if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-			if (newkey <= 0)
 				newkey=DEFAULT_KEY_LENGTH;
 			}
 
@@ -659,7 +661,7 @@ bad:
 
 		if (keyout == NULL)
 			{
-			keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
+			keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
 			if (keyout == NULL)
 				ERR_clear_error();
 			}
@@ -685,11 +687,11 @@ bad:
 				}
 			}
 
-		p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+		p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
 		if (p == NULL)
 			{
 			ERR_clear_error();
-			p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+			p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
 			if (p == NULL)
 				ERR_clear_error();
 			}
@@ -806,10 +808,10 @@ loop:
 			/* Set up V3 context struct */
 
 			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
-			X509V3_set_conf_lhash(&ext_ctx, req_conf);
+			X509V3_set_nconf(&ext_ctx, req_conf);
 
 			/* Add extensions */
-			if(extensions && !X509V3_EXT_add_conf(req_conf, 
+			if(extensions && !X509V3_EXT_add_nconf(req_conf, 
 				 	&ext_ctx, extensions, x509ss))
 				{
 				BIO_printf(bio_err,
@@ -828,10 +830,10 @@ loop:
 			/* Set up V3 context struct */
 
 			X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
-			X509V3_set_conf_lhash(&ext_ctx, req_conf);
+			X509V3_set_nconf(&ext_ctx, req_conf);
 
 			/* Add extensions */
-			if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, 
+			if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 
 				 	&ext_ctx, req_exts, req))
 				{
 				BIO_printf(bio_err,
@@ -1009,7 +1011,7 @@ end:
 		{
 		ERR_print_errors(bio_err);
 		}
-	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
+	if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
 	BIO_free(in);
 	BIO_free_all(out);
 	EVP_PKEY_free(pkey);
@@ -1033,26 +1035,26 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
 	STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
 	char *tmp, *dn_sect,*attr_sect;
 
-	tmp=CONF_get_string(req_conf,SECTION,PROMPT);
+	tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
 	if (tmp == NULL)
 		ERR_clear_error();
 	if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
 
-	dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+	dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
 	if (dn_sect == NULL)
 		{
 		BIO_printf(bio_err,"unable to find '%s' in config\n",
 			DISTINGUISHED_NAME);
 		goto err;
 		}
-	dn_sk=CONF_get_section(req_conf,dn_sect);
+	dn_sk=NCONF_get_section(req_conf,dn_sect);
 	if (dn_sk == NULL)
 		{
 		BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
 		goto err;
 		}
 
-	attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+	attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
 	if (attr_sect == NULL)
 		{
 		ERR_clear_error();		
@@ -1060,7 +1062,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
 		}
 	else
 		{
-		attr_sk=CONF_get_section(req_conf,attr_sect);
+		attr_sk=NCONF_get_section(req_conf,attr_sect);
 		if (attr_sk == NULL)
 			{
 			BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
@@ -1159,7 +1161,8 @@ static int prompt_info(X509_REQ *req,
 	int i;
 	char *p,*q;
 	char buf[100];
-	int nid,min,max;
+	int nid;
+	long n_min,n_max;
 	char *type,*def,*value;
 	CONF_VALUE *v;
 	X509_NAME *subj;
@@ -1204,27 +1207,29 @@ start:		for (;;)
 			/* If OBJ not recognised ignore it */
 			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
 			sprintf(buf,"%s_default",v->name);
-			if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+			if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				def="";
 				}
 				
 			sprintf(buf,"%s_value",v->name);
-			if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+			if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				value=NULL;
 				}
 
 			sprintf(buf,"%s_min",v->name);
-			min=(int)CONF_get_number(req_conf,dn_sect,buf);
+			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+				n_min = -1;
 
 			sprintf(buf,"%s_max",v->name);
-			max=(int)CONF_get_number(req_conf,dn_sect,buf);
+			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+				n_max = -1;
 
 			if (!add_DN_object(subj,v->value,def,value,nid,
-				min,max))
+				n_min,n_max))
 				return 0;
 			}
 		if (X509_NAME_entry_count(subj) == 0)
@@ -1255,7 +1260,7 @@ start2:			for (;;)
 					goto start2;
 
 				sprintf(buf,"%s_default",type);
-				if ((def=CONF_get_string(req_conf,attr_sect,buf))
+				if ((def=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
 					ERR_clear_error();
@@ -1264,7 +1269,7 @@ start2:			for (;;)
 				
 				
 				sprintf(buf,"%s_value",type);
-				if ((value=CONF_get_string(req_conf,attr_sect,buf))
+				if ((value=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
 					ERR_clear_error();
@@ -1272,13 +1277,15 @@ start2:			for (;;)
 					}
 
 				sprintf(buf,"%s_min",type);
-				min=(int)CONF_get_number(req_conf,attr_sect,buf);
+				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+					n_min = -1;
 
 				sprintf(buf,"%s_max",type);
-				max=(int)CONF_get_number(req_conf,attr_sect,buf);
+				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+					n_max = -1;
 
 				if (!add_attribute_object(req,
-					v->value,def,value,nid,min,max))
+					v->value,def,value,nid,n_min,n_max))
 					return 0;
 				}
 			}
@@ -1346,7 +1353,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 
 
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-	     int nid, int min, int max)
+	     int nid, int n_min, int n_max)
 	{
 	int i,ret=0;
 	MS_STATIC char buf[1024];
@@ -1393,7 +1400,7 @@ start:
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if(!req_check_len(i, min, max)) goto start;
+	if(!req_check_len(i, n_min, n_max)) goto start;
 	if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
 				(unsigned char *) buf, -1,-1,0)) goto err;
 	ret=1;
@@ -1402,8 +1409,8 @@ err:
 	}
 
 static int add_attribute_object(X509_REQ *req, char *text,
-				char *def, char *value, int nid, int min,
+				char *def, char *value, int nid, int n_min,
-				int max)
+				int n_max)
 	{
 	int i;
 	static char buf[1024];
@@ -1451,7 +1458,7 @@ start:
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if(!req_check_len(i, min, max)) goto start;
+	if(!req_check_len(i, n_min, n_max)) goto start;
 
 	if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
 					(unsigned char *)buf, -1)) {
@@ -1482,16 +1489,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	}
 #endif
 
-static int req_check_len(int len, int min, int max)
+static int req_check_len(int len, int n_min, int n_max)
 	{
-	if (len < min)
+	if ((n_min > 0) && (len < n_min))
 		{
-		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
+		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
 		return(0);
 		}
-	if ((max != 0) && (len > max))
+	if ((n_max >= 0) && (len > n_max))
 		{
-		BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",max);
+		BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",n_max);
 		return(0);
 		}
 	return(1);

apps/spkac.c

@@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
 	char *passargin = NULL, *passin = NULL;
 	char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
 	char *challenge = NULL, *keyfile = NULL;
-	LHASH *conf = NULL;
+	CONF *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
 	char *engine=NULL;
@@ -228,15 +228,16 @@ bad:
 		goto end;
 	}
 
-	conf = CONF_load_bio(NULL, in, NULL);
+	conf = NCONF_new(NULL);
+	i = NCONF_load_bio(conf, in, NULL);
 
-	if(!conf) {
+	if(!i) {
 		BIO_printf(bio_err, "Error parsing config file\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
 
-	spkstr = CONF_get_string(conf, spksect, spkac);
+	spkstr = NCONF_get_string(conf, spksect, spkac);
 		
 	if(!spkstr) {
 		BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
@@ -285,7 +286,7 @@ bad:
 	ret = 0;
 
 end:
-	CONF_free(conf);
+	NCONF_free(conf);
 	NETSCAPE_SPKI_free(spki);
 	BIO_free(in);
 	BIO_free_all(out);

apps/x509.c

@@ -139,10 +139,10 @@ NULL
 
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
 static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
-						LHASH *conf, char *section);
+						CONF *conf, char *section);
 static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
 			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
-			 int create,int days, int clrext, LHASH *conf, char *section,
+			 int create,int days, int clrext, CONF *conf, char *section,
 						ASN1_INTEGER *sno);
 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
 static int reqfile=0;
@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
 	int fingerprint=0;
 	char buf[256];
 	const EVP_MD *md_alg,*digest=EVP_md5();
-	LHASH *extconf = NULL;
+	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
@@ -479,7 +479,8 @@ bad:
 		{
 		long errorline;
 		X509V3_CTX ctx2;
-		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+		extconf = NCONF_new(NULL);
+		if (!NCONF_load(extconf, extfile,&errorline))
 			{
 			if (errorline <= 0)
 				BIO_printf(bio_err,
@@ -493,7 +494,7 @@ bad:
 			}
 		if (!extsect)
 			{
-			extsect = CONF_get_string(extconf, "default", "extensions");
+			extsect = NCONF_get_string(extconf, "default", "extensions");
 			if (!extsect)
 				{
 				ERR_clear_error();
@@ -501,8 +502,8 @@ bad:
 				}
 			}
 		X509V3_set_ctx_test(&ctx2);
-		X509V3_set_conf_lhash(&ctx2, extconf);
+		X509V3_set_nconf(&ctx2, extconf);
-		if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
+		if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
 			{
 			BIO_printf(bio_err,
 				"Error Loading extension section %s\n",
@@ -995,7 +996,7 @@ end:
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
 	OBJ_cleanup();
-	CONF_free(extconf);
+	NCONF_free(extconf);
 	BIO_free_all(out);
 	BIO_free_all(STDout);
 	X509_STORE_free(ctx);
@@ -1116,7 +1117,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 
 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
-	     int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno)
+	     int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
 	{
 	int ret=0;
 	ASN1_INTEGER *bs=NULL;
@@ -1166,8 +1167,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 		X509V3_CTX ctx2;
 		X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
-                X509V3_set_conf_lhash(&ctx2, conf);
+                X509V3_set_nconf(&ctx2, conf);
-                if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+                if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
 		}
 
 	if (!X509_sign(x,pkey,digest)) goto end;
@@ -1213,7 +1214,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 
 /* self sign */
 static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 
-						LHASH *conf, char *section)
+						CONF *conf, char *section)
 	{
 
 	EVP_PKEY *pktmp;
@@ -1243,8 +1244,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
 		X509V3_CTX ctx;
 		X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
-                X509V3_set_conf_lhash(&ctx, conf);
+                X509V3_set_nconf(&ctx, conf);
-                if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+                if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
 		}
 	if (!X509_sign(x,pkey,digest)) goto err;
 	return 1;

crypto/conf/conf.h

@@ -98,6 +98,7 @@ struct conf_method_st
 	};
 
 int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf,LHASH *hash);
 LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
 #ifndef OPENSSL_NO_FP_API
 LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
@@ -145,7 +146,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
 	 and should therefore be avoided */
 long NCONF_get_number(CONF *conf,char *group,char *name);
 #else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r);
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
 #endif
 
 

crypto/conf/conf_lib.c

@@ -67,6 +67,17 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
 
 static CONF_METHOD *default_CONF_method=NULL;
 
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH *hash)
+	{
+	if (default_CONF_method == NULL)
+		default_CONF_method = NCONF_default();
+
+	default_CONF_method->init(conf);
+	conf->data = hash;
+	}
+
 /* The following section contains the "CONF classic" functions,
    rewritten in terms of the new CONF interface. */
 
@@ -118,11 +129,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
 	CONF ctmp;
 	int ret;
 
-	if (default_CONF_method == NULL)
+	CONF_set_nconf(&ctmp, conf);
-		default_CONF_method = NCONF_default();
 
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
 	ret = NCONF_load_bio(&ctmp, bp, eline);
 	if (ret)
 		return ctmp.data;
@@ -138,12 +146,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
 	else
 		{
 		CONF ctmp;
-
+		CONF_set_nconf(&ctmp, conf);
-		if (default_CONF_method == NULL)
-			default_CONF_method = NCONF_default();
-
-		default_CONF_method->init(&ctmp);
-		ctmp.data = conf;
 		return NCONF_get_section(&ctmp, section);
 		}
 	}
@@ -157,12 +160,7 @@ char *CONF_get_string(LHASH *conf,char *group,char *name)
 	else
 		{
 		CONF ctmp;
-
+		CONF_set_nconf(&ctmp, conf);
-		if (default_CONF_method == NULL)
-			default_CONF_method = NCONF_default();
-
-		default_CONF_method->init(&ctmp);
-		ctmp.data = conf;
 		return NCONF_get_string(&ctmp, group, name);
 		}
 	}
@@ -179,12 +177,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
 	else
 		{
 		CONF ctmp;
-
+		CONF_set_nconf(&ctmp, conf);
-		if (default_CONF_method == NULL)
-			default_CONF_method = NCONF_default();
-
-		default_CONF_method->init(&ctmp);
-		ctmp.data = conf;
 		status = NCONF_get_number_e(&ctmp, group, name, &result);
 		}
 
@@ -199,12 +192,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
 void CONF_free(LHASH *conf)
 	{
 	CONF ctmp;
-
+	CONF_set_nconf(&ctmp, conf);
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
-
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
 	NCONF_free_data(&ctmp);
 	}
 
@@ -227,12 +215,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out)
 int CONF_dump_bio(LHASH *conf, BIO *out)
 	{
 	CONF ctmp;
-
+	CONF_set_nconf(&ctmp, conf);
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
-
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
 	return NCONF_dump_bio(&ctmp, out);
 	}
 
@@ -362,7 +345,7 @@ int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result)
 	if (str == NULL)
 		return 0;
 
-	for (;conf->meth->is_number(conf, *str);)
+	for (*result = 0;conf->meth->is_number(conf, *str);)
 		{
 		*result = (*result)*10 + conf->meth->to_int(conf, *str);
 		str++;

crypto/x509v3/v3_conf.c

@@ -68,122 +68,137 @@
 
 static int v3_check_critical(char **value);
 static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 						 int crit, void *ext_struc);
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
 	     char *value)
-{
+	{
 	int crit;
 	int ext_type;
 	X509_EXTENSION *ret;
 	crit = v3_check_critical(&value);
-	if((ext_type = v3_check_generic(&value))) 
+	if ((ext_type = v3_check_generic(&value))) 
 		return v3_generic_extension(name, value, crit, ext_type);
-	ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
+	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
-	if(!ret) {
+	if (!ret)
+		{
 		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
 		ERR_add_error_data(4,"name=", name, ", value=", value);
-	}
+		}
 	return ret;
-}
+	}
 
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 	     char *value)
-{
+	{
 	int crit;
 	int ext_type;
 	crit = v3_check_critical(&value);
-	if((ext_type = v3_check_generic(&value))) 
+	if ((ext_type = v3_check_generic(&value))) 
 		return v3_generic_extension(OBJ_nid2sn(ext_nid),
 							 value, crit, ext_type);
-	return do_ext_conf(conf, ctx, ext_nid, crit, value);
+	return do_ext_nconf(conf, ctx, ext_nid, crit, value);
-}
+	}
 
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *value:  Value    */
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 	     int crit, char *value)
-{
+	{
 	X509V3_EXT_METHOD *method;
 	X509_EXTENSION *ext;
 	STACK_OF(CONF_VALUE) *nval;
 	void *ext_struc;
-	if(ext_nid == NID_undef) {
+	if (ext_nid == NID_undef)
+		{
 		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
 		return NULL;
-	}
+		}
-	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+	if (!(method = X509V3_EXT_get_nid(ext_nid)))
+		{
 		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
 		return NULL;
-	}
+		}
 	/* Now get internal extension representation based on type */
-	if(method->v2i) {
+	if (method->v2i)
-		if(*value == '@') nval = CONF_get_section(conf, value + 1);
+		{
+		if(*value == '@') nval = NCONF_get_section(conf, value + 1);
 		else nval = X509V3_parse_list(value);
-		if(!nval) {
+		if(!nval)
+			{
 			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
 			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
 			return NULL;
-		}
+			}
 		ext_struc = method->v2i(method, ctx, nval);
 		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
 							 X509V3_conf_free);
 		if(!ext_struc) return NULL;
-	} else if(method->s2i) {
+		}
+	else if(method->s2i)
+		{
 		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
-	} else if(method->r2i) {
+		}
-		if(!ctx->db) {
+	else if(method->r2i)
+		{
+		if(!ctx->db)
+			{
 			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
 			return NULL;
-		}
+			}
 		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
-	} else {
+		}
+	else
+		{
 		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
 		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
 		return NULL;
-	}
+		}
 
 	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
 	if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
 	else method->ext_free(ext_struc);
 	return ext;
 
-}
+	}
 
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 						 int crit, void *ext_struc)
-{
+	{
 	unsigned char *ext_der;
 	int ext_len;
 	ASN1_OCTET_STRING *ext_oct;
 	X509_EXTENSION *ext;
 	/* Convert internal representation to DER */
-	if(method->it) {
+	if (method->it)
+		{
 		ext_der = NULL;
 		ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
-		if(ext_len < 0) goto merr;
+		if (ext_len < 0) goto merr;
-	} else {
+		}
+	 else
+		{
 		unsigned char *p;
 		ext_len = method->i2d(ext_struc, NULL);
 		if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
 		p = ext_der;
 		method->i2d(ext_struc, &p);
-	}
+		}
-	if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
+	if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
 	ext_oct->data = ext_der;
 	ext_oct->length = ext_len;
 
 	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
-	if(!ext) goto merr;
+	if (!ext) goto merr;
 	M_ASN1_OCTET_STRING_free(ext_oct);
 
 	return ext;
@@ -192,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
 	return NULL;
 
-}
+	}
 
 /* Given an internal structure, nid and critical flag create an extension */
 
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
-{
+	{
 	X509V3_EXT_METHOD *method;
-	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
 		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
 		return NULL;
 	}
@@ -210,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
 static int v3_check_critical(char **value)
 {
 	char *p = *value;
-	if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+	if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
 	p+=9;
 	while(isspace((unsigned char)*p)) p++;
 	*value = p;
@@ -221,9 +236,9 @@ static int v3_check_critical(char **value)
 static int v3_check_generic(char **value)
 {
 	char *p = *value;
-	if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
+	if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
 	p+=4;
-	while(isspace((unsigned char)*p)) p++;
+	while (isspace((unsigned char)*p)) p++;
 	*value = p;
 	return 1;
 }
@@ -231,148 +246,202 @@ static int v3_check_generic(char **value)
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
 	     int crit, int type)
-{
+	{
-unsigned char *ext_der=NULL;
+	unsigned char *ext_der=NULL;
-long ext_len;
+	long ext_len;
-ASN1_OBJECT *obj=NULL;
+	ASN1_OBJECT *obj=NULL;
-ASN1_OCTET_STRING *oct=NULL;
+	ASN1_OCTET_STRING *oct=NULL;
-X509_EXTENSION *extension=NULL;
+	X509_EXTENSION *extension=NULL;
-if(!(obj = OBJ_txt2obj(ext, 0))) {
+	if (!(obj = OBJ_txt2obj(ext, 0)))
-	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+		{
-	ERR_add_error_data(2, "name=", ext);
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
-	goto err;
+		ERR_add_error_data(2, "name=", ext);
-}
+		goto err;
+		}
 
-if(!(ext_der = string_to_hex(value, &ext_len))) {
+	if (!(ext_der = string_to_hex(value, &ext_len)))
-	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+		{
-	ERR_add_error_data(2, "value=", value);
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
-	goto err;
+		ERR_add_error_data(2, "value=", value);
-}
+		goto err;
+		}
 
-if(!(oct = M_ASN1_OCTET_STRING_new())) {
+	if (!(oct = M_ASN1_OCTET_STRING_new()))
-	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+		{
-	goto err;
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
-}
+		goto err;
+		}
 
-oct->data = ext_der;
+	oct->data = ext_der;
-oct->length = ext_len;
+	oct->length = ext_len;
-ext_der = NULL;
+	ext_der = NULL;
 
-extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+	extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
 
-err:
+	err:
-ASN1_OBJECT_free(obj);
+	ASN1_OBJECT_free(obj);
-M_ASN1_OCTET_STRING_free(oct);
+	M_ASN1_OCTET_STRING_free(oct);
-if(ext_der) OPENSSL_free(ext_der);
+	if(ext_der) OPENSSL_free(ext_der);
-return extension;
+	return extension;
-}
+
+	}
 
 
 /* This is the main function: add a bunch of extensions based on a config file
- * section
+ * section to an extension STACK.
  */
 
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+
-	     X509 *cert)
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-{
+	     STACK_OF(X509_EXTENSION) **sk)
+	{
 	X509_EXTENSION *ext;
 	STACK_OF(CONF_VALUE) *nval;
 	CONF_VALUE *val;	
 	int i;
-	if(!(nval = CONF_get_section(conf, section))) return 0;
+	if (!(nval = NCONF_get_section(conf, section))) return 0;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+	for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
+		{
 		val = sk_CONF_VALUE_value(nval, i);
-		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+		if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
 								return 0;
-		if(cert) X509_add_ext(cert, ext, -1);
+		if (sk) X509v3_add_ext(sk, ext, -1);
 		X509_EXTENSION_free(ext);
-	}
+		}
 	return 1;
-}
+	}
+
+/* Convenience functions to add extensions to a certificate, CRL and request */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+	     X509 *cert)
+	{
+	STACK_OF(X509_EXTENSION) **sk = NULL;
+	if (cert)
+		sk = &cert->cert_info->extensions;
+	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+	}
 
 /* Same as above but for a CRL */
 
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 	     X509_CRL *crl)
-{
+	{
-	X509_EXTENSION *ext;
+	STACK_OF(X509_EXTENSION) **sk = NULL;
-	STACK_OF(CONF_VALUE) *nval;
+	if (crl)
-	CONF_VALUE *val;	
+		sk = &crl->crl->extensions;
-	int i;
+	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-	if(!(nval = CONF_get_section(conf, section))) return 0;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
-								return 0;
-		if(crl) X509_CRL_add_ext(crl, ext, -1);
-		X509_EXTENSION_free(ext);
 	}
-	return 1;
-}
 
 /* Add extensions to certificate request */
 
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 	     X509_REQ *req)
-{
+	{
-	X509_EXTENSION *ext;
+	STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
-	STACK_OF(X509_EXTENSION) *extlist = NULL;
-	STACK_OF(CONF_VALUE) *nval;
-	CONF_VALUE *val;	
 	int i;
-	if(!(nval = CONF_get_section(conf, section))) return 0;
+	if (req)
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		sk = &extlist;
-		val = sk_CONF_VALUE_value(nval, i);
+	i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+	if (!i || !sk)
-								return 0;
+		return i;
-		if(!extlist) extlist = sk_X509_EXTENSION_new_null();
+	i = X509_REQ_add_extensions(req, extlist);
-		sk_X509_EXTENSION_push(extlist, ext);
-	}
-	if(req) i = X509_REQ_add_extensions(req, extlist);
-	else i = 1;
 	sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
 	return i;
-}
+	}
 
 /* Config database functions */
 
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-{
+	{
-	if(ctx->db_meth->get_string)
+	if (ctx->db_meth->get_string)
 			return ctx->db_meth->get_string(ctx->db, name, section);
 	return NULL;
-}
+	}
 
 STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
-{
+	{
-	if(ctx->db_meth->get_section)
+	if (ctx->db_meth->get_section)
 			return ctx->db_meth->get_section(ctx->db, section);
 	return NULL;
-}
+	}
 
 void X509V3_string_free(X509V3_CTX *ctx, char *str)
-{
+	{
-	if(!str) return;
+	if (!str) return;
-	if(ctx->db_meth->free_string)
+	if (ctx->db_meth->free_string)
 			ctx->db_meth->free_string(ctx->db, str);
-}
+	}
 
 void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
-{
+	{
-	if(!section) return;
+	if (!section) return;
-	if(ctx->db_meth->free_section)
+	if (ctx->db_meth->free_section)
 			ctx->db_meth->free_section(ctx->db, section);
-}
+	}
+
+static char *nconf_get_string(void *db, char *section, char *value)
+	{
+	return NCONF_get_string(db, section, value);
+	}
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+	{
+	return NCONF_get_section(db, section);
+	}
+
+static X509V3_CONF_METHOD nconf_method = {
+nconf_get_string,
+nconf_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+	{
+	ctx->db_meth = &nconf_method;
+	ctx->db = conf;
+	}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+	     X509_CRL *crl, int flags)
+	{
+	ctx->issuer_cert = issuer;
+	ctx->subject_cert = subj;
+	ctx->crl = crl;
+	ctx->subject_req = req;
+	ctx->flags = flags;
+	}
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+	     char *value)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+	}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+	     char *value)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+	}
 
 static char *conf_lhash_get_string(void *db, char *section, char *value)
-{
+	{
 	return CONF_get_string(db, section, value);
-}
+	}
 
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-{
+	{
 	return CONF_get_section(db, section);
-}
+	}
 
 static X509V3_CONF_METHOD conf_lhash_method = {
 conf_lhash_get_string,
@@ -382,17 +451,35 @@ NULL
 };
 
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
-{
+	{
 	ctx->db_meth = &conf_lhash_method;
 	ctx->db = lhash;
-}
+	}
 
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-	     X509_CRL *crl, int flags)
+	     X509 *cert)
-{
+	{
-	ctx->issuer_cert = issuer;
+	CONF ctmp;
-	ctx->subject_cert = subj;
+	CONF_set_nconf(&ctmp, conf);
-	ctx->crl = crl;
+	return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
-	ctx->subject_req = req;
+	}
-	ctx->flags = flags;
+
-}
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509_CRL *crl)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+	}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509_REQ *req)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+	}

crypto/x509v3/x509v3.h

@@ -459,15 +459,25 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
 #ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
 void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
 int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
 						STACK_OF(CONF_VALUE) **extlist);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
 #endif