" -gencrl - Generate a new CRL\n",
" -crldays days - Days is when the next CRL is due\n",
" -crlhours hours - Hours is when the next CRL is due\n",
+" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
+" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
" -days arg - number of days to certify the certificate for\n",
" -md arg - md to use, one of md2, md5, sha or sha1\n",
" -policy arg - The CA 'policy' to support\n",
" -batch - Don't ask questions\n",
" -msie_hack - msie modifications to handle all those universal strings\n",
" -revoke file - Revoke a certificate (given in file)\n",
+" -extensions .. - Extension section (override value in config file)\n",
+" -crlexts .. - CRL extension section (override value in config file)\n",
NULL
};
X509_REQ *req, char *ext_sect, LHASH *conf);
static int do_revoke(X509 *x509, TXT_DB *db);
static int check_time_format(char *str);
-static LHASH *conf;
+static LHASH *conf=NULL;
static char *key=NULL;
static char *section=NULL;
#undef BSIZE
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
+ char *randfile;
#ifdef EFENCE
EF_PROTECT_FREE=1;
apps_startup();
+ conf = NULL;
+ key = NULL;
+ section = NULL;
+
X509V3_add_standard_extensions();
preserve=0;
+ msie_hack=0;
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
infile= *(++argv);
dorevoke=1;
}
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extensions= *(++argv);
+ }
+ else if (strcmp(*argv,"-crlexts") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crl_ext= *(++argv);
+ }
else
{
bad:
BIO_free(oid_bio);
}
}
- }
- if(!add_oid_section(conf)) {
+ if(!add_oid_section(conf))
+ {
ERR_print_errors(bio_err);
goto err;
+ }
}
+ randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ app_RAND_load_file(randfile, bio_err, 0);
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
Sout=BIO_new(BIO_s_file());
perror(outdir);
goto err;
}
+#ifdef S_IFDIR
if (!(sb.st_mode & S_IFDIR))
{
BIO_printf(bio_err,"%s need to be a directory\n",outdir);
perror(outdir);
goto err;
}
+#endif
}
/*****************************************************************/
lookup_fail(section,ENV_SERIAL);
goto err;
}
-
- extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
+ if(!extensions)
+ extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
if(extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
/*****************************************************************/
if (gencrl)
{
- crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+ if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
if(crl_ext) {
/* Check syntax of file */
X509V3_CTX ctx;
sk_pop_free(cert_sk,X509_free);
if (ret) ERR_print_errors(bio_err);
+ app_RAND_write_file(randfile, bio_err);
BN_free(serial);
TXT_DB_free(db);
EVP_PKEY_free(pkey);
if (push != NULL)
{
- if (!X509_NAME_add_entry(subject,push,
- X509_NAME_entry_count(subject),0))
+ if (!X509_NAME_add_entry(subject,push, -1, 0))
{
if (push != NULL)
X509_NAME_ENTRY_free(push);
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
+ if (tmptm != NULL)
+ ASN1_UTCTIME_free(tmptm);
if (ok <= 0)
{
if (ret != NULL) X509_free(ret);
X509_REQ *req=NULL;
CONF_VALUE *cv=NULL;
NETSCAPE_SPKI *spki = NULL;
- unsigned char *spki_der = NULL,*p;
X509_REQ_INFO *ri;
char *type,*buf;
EVP_PKEY *pktmp=NULL;
{
if (strcmp(type, "SPKAC") == 0)
{
- spki_der=(unsigned char *)Malloc(
- strlen(cv->value)+1);
- if (spki_der == NULL)
- {
- BIO_printf(bio_err,"Malloc failure\n");
- goto err;
- }
- j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value,
- strlen(cv->value));
- if (j <= 0)
- {
- BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n");
- goto err;
- }
-
- p=spki_der;
- spki = d2i_NETSCAPE_SPKI(&spki, &p, j);
- Free(spki_der);
- spki_der = NULL;
+ spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
if (spki == NULL)
{
BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
strlen(buf))) == NULL)
goto err;
- if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
- goto err;
+ if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
}
if (spki == NULL)
{
BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
- if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL)
+ if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)
{
BIO_printf(bio_err,"error unpacking SPKAC public key\n");
goto err;
err:
if (req != NULL) X509_REQ_free(req);
if (parms != NULL) CONF_free(parms);
- if (spki_der != NULL) Free(spki_der);
if (spki != NULL) NETSCAPE_SPKI_free(spki);
if (ne != NULL) X509_NAME_ENTRY_free(ne);