/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/pem.h>
typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_COMMON,
OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
- OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_TEXT, OPT_HASH,
+ OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_DATEOPT, OPT_TEXT, OPT_HASH,
OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD, OPT_PROV_ENUM
} OPTION_CHOICE;
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "output file - default stdout"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+ {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
#ifndef OPENSSL_NO_MD5
X509_LOOKUP *lookup = NULL;
X509_OBJECT *xobj = NULL;
EVP_PKEY *pkey;
- const EVP_MD *digest = EVP_sha1();
+ EVP_MD *digest = (EVP_MD *)EVP_sha1();
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
+ char *digestname = NULL;
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0;
+ unsigned long dateopt = ASN1_DTFLGS_RFC822;
int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_VERIFY:
do_ver = 1;
break;
+ case OPT_DATEOPT:
+ if (!set_dateopt(&dateopt, opt_arg()))
+ goto opthelp;
+ break;
case OPT_TEXT:
text = 1;
break;
nextupdate = ++num;
break;
case OPT_NOOUT:
- noout = ++num;
+ noout = 1;
break;
case OPT_FINGERPRINT:
fingerprint = ++num;
goto opthelp;
break;
case OPT_MD:
- if (!opt_md(opt_unknown(), &digest))
- goto opthelp;
+ digestname = opt_unknown();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
}
/* No remaining args. */
- argc = opt_num_rest();
- if (argc != 0)
+ if (!opt_check_rest_arg(NULL))
goto opthelp;
- x = load_crl(infile, "CRL");
+ if (!opt_md(digestname, &digest))
+ goto opthelp;
+ x = load_crl(infile, informat, 1, "CRL");
if (x == NULL)
goto end;
EVP_PKEY_free(pkey);
if (i < 0)
goto end;
- if (i == 0)
+ if (i == 0) {
BIO_printf(bio_err, "verify failure\n");
- else
+ goto end;
+ } else
BIO_printf(bio_err, "verify OK\n");
}
- if (crldiff) {
+ if (crldiff != NULL) {
X509_CRL *newcrl, *delta;
if (!keyfile) {
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
- newcrl = load_crl(crldiff, "other CRL");
+ newcrl = load_crl(crldiff, informat, 0, "other CRL");
if (!newcrl)
goto end;
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
- print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
- get_nameopt());
+ print_name(bio_out, "issuer=", X509_CRL_get_issuer(x));
}
if (crlnumber == i) {
ASN1_INTEGER *crlnum;
+
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
BIO_printf(bio_out, "crlNumber=");
if (crlnum) {
BIO_puts(bio_out, "0x");
i2a_ASN1_INTEGER(bio_out, crlnum);
ASN1_INTEGER_free(crlnum);
- } else
+ } else {
BIO_puts(bio_out, "<NONE>");
+ }
BIO_printf(bio_out, "\n");
}
if (hash == i) {
- BIO_printf(bio_out, "%08lx\n",
- X509_NAME_hash(X509_CRL_get_issuer(x)));
+ int ok;
+ unsigned long hash_value =
+ X509_NAME_hash_ex(X509_CRL_get_issuer(x), app_get0_libctx(),
+ app_get0_propq(), &ok);
+
+ if (num > 1)
+ BIO_printf(bio_out, "issuer name hash=");
+ if (ok) {
+ BIO_printf(bio_out, "%08lx\n", hash_value);
+ } else {
+ BIO_puts(bio_out, "<ERROR>");
+ goto end;
+ }
}
#ifndef OPENSSL_NO_MD5
if (hash_old == i) {
+ if (num > 1)
+ BIO_printf(bio_out, "issuer name old hash=");
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash_old(X509_CRL_get_issuer(x)));
}
#endif
if (lastupdate == i) {
BIO_printf(bio_out, "lastUpdate=");
- ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
+ ASN1_TIME_print_ex(bio_out, X509_CRL_get0_lastUpdate(x), dateopt);
BIO_printf(bio_out, "\n");
}
if (nextupdate == i) {
BIO_printf(bio_out, "nextUpdate=");
if (X509_CRL_get0_nextUpdate(x))
- ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
+ ASN1_TIME_print_ex(bio_out, X509_CRL_get0_nextUpdate(x), dateopt);
else
BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n");
goto end;
}
BIO_printf(bio_out, "%s Fingerprint=",
- OBJ_nid2sn(EVP_MD_type(digest)));
+ EVP_MD_get0_name(digest));
for (j = 0; j < (int)n; j++) {
BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
? '\n' : ':');
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
+ EVP_MD_free(digest);
X509_CRL_free(x);
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);