Continued multibyte character support.

[openssl.git] / apps / ca.c

diff --git a/apps/ca.c b/apps/ca.c
index 1450c0cfd208164c7c60f0fd8e6f1b11b0a365b8..36c314e1c1c7af36681e3cfe5c781cd9f0df433d 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -147,6 +147,8 @@ static char *ca_usage[]={
 " -gencrl         - Generate a new CRL\n",
 " -crldays days   - Days is when the next CRL is due\n",
 " -crlhours hours - Hours is when the next CRL is due\n",
+" -startdate YYMMDDHHMMSSZ  - certificate validity notBefore\n",
+" -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)\n",
 " -days arg       - number of days to certify the certificate for\n",
 " -md arg         - md to use, one of md2, md5, sha or sha1\n",
 " -policy arg     - The CA 'policy' to support\n",
@@ -206,7 +208,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        X509_REQ *req, char *ext_sect, LHASH *conf);
 static int do_revoke(X509 *x509, TXT_DB *db);
 static int check_time_format(char *str);
-static LHASH *conf;
+static LHASH *conf=NULL;
 static char *key=NULL;
 static char *section=NULL;
 
@@ -264,6 +266,7 @@ int MAIN(int argc, char **argv)
 #undef BSIZE
 #define BSIZE 256
        MS_STATIC char buf[3][BSIZE];
+       char *randfile;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -273,6 +276,7 @@ EF_ALIGNMENT=0;
 
        apps_startup();
 
+       conf = NULL;
        key = NULL;
        section = NULL;
 
@@ -492,12 +496,16 @@ bad:
                                BIO_free(oid_bio);
                                }
                        }
-               }
-               if(!add_oid_section(conf)) {
+               if(!add_oid_section(conf)) 
+                       {
                        ERR_print_errors(bio_err);
                        goto err;
+                       }
                }
 
+       randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+       app_RAND_load_file(randfile, bio_err, 0);
+       
        in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
        Sout=BIO_new(BIO_s_file());
@@ -600,12 +608,14 @@ bad:
                        perror(outdir);
                        goto err;
                        }
+#ifdef S_IFDIR
                if (!(sb.st_mode & S_IFDIR))
                        {
                        BIO_printf(bio_err,"%s need to be a directory\n",outdir);
                        perror(outdir);
                        goto err;
                        }
+#endif
                }
 
        /*****************************************************************/
@@ -1231,6 +1241,7 @@ err:
        sk_pop_free(cert_sk,X509_free);
 
        if (ret) ERR_print_errors(bio_err);
+       app_RAND_write_file(randfile, bio_err);
        BN_free(serial);
        TXT_DB_free(db);
        EVP_PKEY_free(pkey);
@@ -1680,8 +1691,7 @@ again2:
 
                        if (push != NULL)
                                {
-                               if (!X509_NAME_add_entry(subject,push,
-                                       X509_NAME_entry_count(subject),0))
+                               if (!X509_NAME_add_entry(subject,push, -1, 0))
                                        {
                                        if (push != NULL)
                                                X509_NAME_ENTRY_free(push);
@@ -1899,6 +1909,8 @@ err:
                X509_NAME_free(CAname);
        if (subject != NULL)
                X509_NAME_free(subject);
+       if (tmptm != NULL)
+               ASN1_UTCTIME_free(tmptm);
        if (ok <= 0)
                {
                if (ret != NULL) X509_free(ret);
@@ -2040,8 +2052,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                        strlen(buf))) == NULL)
                        goto err;
 
-               if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
-                       goto err;
+               if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
                }
        if (spki == NULL)
                {