The dir is named util/ and better to explicitly call the

[openssl.git] / apps / ca.c

diff --git a/apps/ca.c b/apps/ca.c
index a5848366cfe6649987b8c7099b0c39ab29ffb2ac..a66c872443abb82e8eed186340f01e43a7fa6c37 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -82,7 +82,7 @@
 #define PROG ca_main
 
 #define BASE_SECTION   "ca"
-#define CONFIG_FILE "lib/ssleay.cnf"
+#define CONFIG_FILE "lib/openssl.cnf"
 
 #define ENV_DEFAULT_CA         "default_ca"
 
@@ -431,6 +431,29 @@ bad:
                        }
                }
 
+       if (conf != NULL)
+               {
+               p=CONF_get_string(conf,NULL,"oid_file");
+               if (p != NULL)
+                       {
+                       BIO *oid_bio;
+
+                       oid_bio=BIO_new_file(p,"r");
+                       if (oid_bio == NULL) 
+                               {
+                               /*
+                               BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+                               ERR_print_errors(bio_err);
+                               */
+                               }
+                       else
+                               {
+                               OBJ_create_objects(oid_bio);
+                               BIO_free(oid_bio);
+                               }
+                       }
+               }
+
        in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
        Sout=BIO_new(BIO_s_file());
@@ -490,6 +513,12 @@ bad:
                goto err;
                }
 
+       if (!X509_check_private_key(x509,pkey))
+               {
+               BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+               goto err;
+               }
+
        f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
        if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
                preserve=1;
@@ -700,7 +729,7 @@ bad:
                        }
                if (verbose)
                        {
-                       if ((f=BN_bn2ascii(serial)) == NULL) goto err;
+                       if ((f=BN_bn2hex(serial)) == NULL) goto err;
                        BIO_printf(bio_err,"next serial number is %s\n",f);
                        Free(f);
                        }
@@ -983,7 +1012,7 @@ bad:
                        r->sequence=i;
                        }
 
-               /* we how have a CRL */
+               /* we now have a CRL */
                if (verbose) BIO_printf(bio_err,"signing CRL\n");
                if (md != NULL)
                        {
@@ -995,6 +1024,10 @@ bad:
                        }
                else
                        dgst=EVP_md5();
+#ifndef NO_DSA
+               if (pkey->type == EVP_PKEY_DSA) 
+                   dgst = EVP_dss1() ;
+#endif
                if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
                PEM_write_bio_X509_CRL(Sout,crl);
@@ -1273,7 +1306,7 @@ int verbose;
        if (i == 0)
                {
                ok=0;
-               BIO_printf(bio_err,"Signature did not match the certificate request\n");
+               BIO_printf(bio_err,"Signature did not match the certificate\n");
                goto err;
                }
        else
@@ -1530,7 +1563,7 @@ again2:
                BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
 
        row[DB_name]=X509_NAME_oneline(subject,NULL,0);
-       row[DB_serial]=BN_bn2ascii(serial);
+       row[DB_serial]=BN_bn2hex(serial);
        if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
                {
                BIO_printf(bio_err,"Malloc failure\n");
@@ -1661,7 +1694,9 @@ again2:
                        }
                }
 
+
 #ifndef NO_DSA
+       if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
         pktmp=X509_get_pubkey(ret);
         if (EVP_PKEY_missing_parameters(pktmp) &&
                !EVP_PKEY_missing_parameters(pkey))
@@ -2022,7 +2057,7 @@ char *sec;
                default:
                        BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name);
                        goto err;
-                       break;
+                       /* break; */
                        }
 
                if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL)