Change RAND_poll for Unix to try a number of devices and only read

[openssl.git] / apps / CA.pl.in

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 0e0b7fc0bc9c0a04f063fefeadae61ce415e3e48..f1ac7e772690c1b61509cc58732f6fba71e7a5a7 100644 (file)
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -36,6 +36,7 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";
 $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
@@ -66,7 +67,7 @@ foreach (@ARGV) {
            $RET=$?;
            print "Request (and private key) is in newreq.pem\n";
        } elsif (/^-newca$/) {
-               # if explictly asked for or it doesn't exist then setup the
+               # if explicitly asked for or it doesn't exist then setup the
                # directory structure that Eric likes to manage things 
            $NEW="1";
            if ( "$NEW" || ! -f "${CATOP}/serial" ) {
@@ -116,6 +117,11 @@ foreach (@ARGV) {
                                                        "-infiles newreq.pem");
            $RET=$?;
            print "Signed certificate is in newcert.pem\n";
+       } elsif (/^(-signCA)$/) {
+           system ("$CA -policy policy_anything -out newcert.pem " .
+                                       "-extensions v3_ca -infiles newreq.pem");
+           $RET=$?;
+           print "Signed CA certificate is in newcert.pem\n";
        } elsif (/^-signcert$/) {
            system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
                                                                "-out tmp.pem");