Add -brief option to s_client and s_server to summarise connection details.

[openssl.git] / apps / ca.c
diff --git a/apps/ca.c b/apps/ca.c

index e287d2a6c6cc236fa127d33fe2e6f94752c61e99..0cb498b9d967fd348ec83b7442e337ae2cbb07e0 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -501,6 +501,12 @@ EF_ALIGNMENT=0;
                         infile= *(++argv);
                         dorevoke=1;
                         }
+               else if (strcmp(*argv,"-valid") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       infile= *(++argv);
+                       dorevoke=2;
+                       }
                 else if (strcmp(*argv,"-extensions") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -1408,6 +1414,7 @@ bad:
                         if (!NCONF_get_number(conf,section,
                                 ENV_DEFAULT_CRL_HOURS, &crlhours))
                                 crlhours = 0;
+                       ERR_clear_error();
                         }
                 if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
                         {
@@ -1522,6 +1529,8 @@ bad:
                                 NULL, e, infile);
                         if (revcert == NULL)
                                 goto err;
+                       if (dorevoke == 2)
+                               rev_type = -1;
                         j=do_revoke(revcert,db, rev_type, rev_arg);
                         if (j <= 0) goto err;
                         X509_free(revcert);
@@ -1553,6 +1562,8 @@ err:
         BN_free(serial);
         BN_free(crlnumber);
         free_index(db);
+       if (sigopts)
+               sk_OPENSSL_STRING_free(sigopts);
         EVP_PKEY_free(pkey);
         if (x509) X509_free(x509);
         X509_CRL_free(crl);
@@ -2483,7 +2494,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                         }
  
                 /* Revoke Certificate */
-               ok = do_revoke(x509,db, type, value);
+               if (type == -1)
+                       ok = 1;
+               else
+                       ok = do_revoke(x509,db, type, value);
  
                 goto err;
  
@@ -2494,6 +2508,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                            row[DB_name]);
                 goto err;
                 }
+       else if (type == -1)
+               {
+               BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
+                          row[DB_serial]);
+               goto err;
+               }
         else if (rrow[DB_type][0]=='R')
                 {
                 BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
@@ -2558,7 +2578,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
                         
         /* Make it Upper Case */
         for (i=0; row[DB_serial][i] != '\0'; i++)
-               row[DB_serial][i] = toupper(row[DB_serial][i]);
+               row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
         
  
         ok=1;