-#!/usr/bin/perl
+#!{- $config{perl} -}
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
#
-# Wrapper around the ca to make it easier to use
-# Edit CA.pl.in not CA.pl!
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# Wrapper around the ca to make it easier to use
+#
+# {- join("\n# ", @autowarntext) -}
use strict;
use warnings;
my $verbose = 1;
-my $SSLEAY_CONFIG = $ENV{"SSLEAY_CONFIG"};
+my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
-my $REQ = "$openssl req $SSLEAY_CONFIG";
-my $CA = "$openssl ca $SSLEAY_CONFIG";
+my $REQ = "$openssl req $OPENSSL_CONFIG";
+my $CA = "$openssl ca $OPENSSL_CONFIG";
my $VERIFY = "$openssl verify";
my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
my $RET = 0;
-my $WHAT = shift @ARGV;
+my $WHAT = shift @ARGV || "";
my $FILE;
# See if reason for a CRL entry is valid; exit if not.
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
print STDERR " CA -pkcs12 [certname]\n";
print STDERR " CA -crl|-revoke cert-filename [reason]\n";
exit 0;
close OUT;
# ask user for existing CA certificate
print "CA certificate filename (or enter to create)\n";
- $FILE = <STDIN>;
- chop $FILE;
- if ($FILE) {
+ $FILE = "" unless defined($FILE = <STDIN>);
+ $FILE =~ s{\R$}{};
+ if ($FILE ne "") {
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
my $file;
foreach $file (@files) {
- my $status = run("$VERIFY -CAfile ${CATOP}/$CACERT $file");
+ my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file");
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {