{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
{"keyfile", OPT_KEYFILE, 's', "Private key"},
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
- {"passin", OPT_PASSIN, 's'},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
{"cert", OPT_CERT, '<', "The CA cert"},
{"selfsign", OPT_SELFSIGN, '-',
{"in", OPT_IN, '<', "The input PEM encoded cert request(s)"},
{"out", OPT_OUT, '>', "Where to put the output file(s)"},
{"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
- {"sigopt", OPT_SIGOPT, 's'},
- {"notext", OPT_NOTEXT, '-'},
+ {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+ {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"},
{"batch", OPT_BATCH, '-', "Don't ask questions"},
{"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"},
{"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
{"gencrl", OPT_GENCRL, '-', "Generate a new CRL"},
{"msie_hack", OPT_MSIE_HACK, '-',
"msie modifications to handle all those universal strings"},
- {"crldays", OPT_CRLDAYS, 'p', "Days is when the next CRL is due"},
- {"crlhours", OPT_CRLHOURS, 'p', "Hours is when the next CRL is due"},
- {"crlsec", OPT_CRLSEC, 'p'},
+ {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"},
+ {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"},
+ {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"},
{"infiles", OPT_INFILES, '-', "The last argument, requests to process"},
{"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
{"spkac", OPT_SPKAC, '<',
X509_REVOKED *r = NULL;
OPTION_CHOICE o;
- conf = NULL;
- section = NULL;
- preserve = 0;
- msie_hack = 0;
-
prog = opt_init(argc, argv, ca_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
argv = opt_rest();
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
- /* We already loaded the default config file */
- if (configfile != default_config_file) {
- if ((conf = app_load_config(configfile)) == NULL)
- goto end;
- if (!app_load_modules(conf))
- goto end;
- }
+
+ if ((conf = app_load_config(configfile)) == NULL)
+ goto end;
+ if (!app_load_modules(conf))
+ goto end;
/* Lets get the config section we are using */
if (section == NULL) {
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
- OBJ_cleanup();
return (ret);
}
ok = 0;
goto end;
}
- if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
+ if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
goto end;
}
i = X509_REQ_verify(req, pktmp);
- EVP_PKEY_free(pktmp);
+ pktmp = NULL;
if (i < 0) {
ok = 0;
BIO_printf(bio_err, "Signature verification problems....\n");
if (!X509_set_subject_name(ret, subject))
goto end;
- pktmp = X509_REQ_get_pubkey(req);
+ pktmp = X509_REQ_get0_pubkey(req);
i = X509_set_pubkey(ret, pktmp);
- EVP_PKEY_free(pktmp);
if (!i)
goto end;
j = NETSCAPE_SPKI_verify(spki, pktmp);
if (j <= 0) {
+ EVP_PKEY_free(pktmp);
BIO_printf(bio_err,
"signature verification failed on SPKAC public key\n");
goto end;
projects / openssl.git / blobdiff