" -addreject arg - reject certificate for a given purpose\n",
" -setalias arg - set certificate alias\n",
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
+" -checkend arg - check whether the cert expires in the next arg seconds\n",
+" exit 1 if so, 0 if not\n",
" -signkey arg - self sign cert with arg\n",
" -x509toreq - output a certification request object\n",
" -req - input is a certificate request, sign and output.\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
-" -crlext - delete extensions before signing and input certificate\n",
+" -clrext - delete extensions before signing and input certificate\n",
NULL
};
LHASH *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
+ int checkend=0,checkoffset=0;
reqfile=0;
startdate= ++num;
else if (strcmp(*argv,"-enddate") == 0)
enddate= ++num;
+ else if (strcmp(*argv,"-checkend") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkoffset=atoi(*(++argv));
+ checkend=1;
+ }
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-trustout") == 0)
aliasout= ++num;
else if (strcmp(*argv,"-CAcreateserial") == 0)
CA_createserial= ++num;
+ else if (strcmp(*argv,"-clrext") == 0)
+ clrext = 1;
+#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
else if (strcmp(*argv,"-crlext") == 0)
+ {
+ BIO_printf(bio_err,"use -clrext instead of -crlext\n");
clrext = 1;
+ }
+#endif
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
+ BIO_free(in);
goto end;
}
}
req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
BIO_free(in);
- if (req == NULL) { perror(infile); goto end; }
+ if (req == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if ( (req->req_info == NULL) ||
(req->req_info->pubkey == NULL) ||
}
}
- if(alias) X509_alias_rset(x, (unsigned char *)alias, -1);
+ if(alias) X509_alias_set1(x, (unsigned char *)alias, -1);
if(clrtrust) X509_trust_clear(x);
if(clrreject) X509_reject_clear(x);
else if (aliasout == i)
{
unsigned char *alstr;
- alstr = X509_alias_iget(x, NULL);
+ alstr = X509_alias_get0(x, NULL);
if(alstr) BIO_printf(STDout,"%s\n", alstr);
else BIO_puts(STDout,"<No Alias>\n");
}
BIO_printf(STDout, "Certificate purposes:\n");
for(j = 0; j < X509_PURPOSE_get_count(); j++)
{
- ptmp = X509_PURPOSE_iget(j);
+ ptmp = X509_PURPOSE_get0(j);
purpose_print(STDout, x, ptmp);
}
}
BIO_printf(STDout,"/* issuer :%s */\n",buf);
z=i2d_X509(x,NULL);
- m=Malloc(z);
+ m=OPENSSL_malloc(z);
d=(unsigned char *)m;
z=i2d_X509_NAME(X509_get_subject_name(x),&d);
if (y%16 != 0) BIO_printf(STDout,"\n");
BIO_printf(STDout,"};\n");
- Free(m);
+ OPENSSL_free(m);
}
else if (text == i)
{
}
}
+ if(checkend)
+ {
+ time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x));
+ time_t tnow=time(NULL);
+
+ if(tnow+checkoffset > t)
+ {
+ BIO_printf(out,"Certificate will expire\n");
+ ret=1;
+ }
+ else
+ {
+ BIO_printf(out,"Certificate will not expire\n");
+ ret=0;
+ }
+ goto end;
+ }
+
if (noout)
{
ret=0;
X509_REQ_free(rq);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
- if(passin) Free(passin);
+ if(passin) OPENSSL_free(passin);
EXIT(ret);
}
EVP_PKEY_free(upkey);
X509_STORE_CTX_init(&xsc,ctx,x,NULL);
- buf=Malloc(EVP_PKEY_size(pkey)*2+
+ buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
((serialfile == NULL)
?(strlen(CAfile)+strlen(POSTFIX)+1)
:(strlen(serialfile)))+1);
X509_STORE_CTX_cleanup(&xsc);
if (!ret)
ERR_print_errors(bio_err);
- if (buf != NULL) Free(buf);
+ if (buf != NULL) OPENSSL_free(buf);
if (bs != NULL) ASN1_INTEGER_free(bs);
if (io != NULL) BIO_free(io);
if (serial != NULL) BN_free(serial);