" -addreject arg - reject certificate for a given purpose\n",
" -setalias arg - set certificate alias\n",
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
+" -checkend arg - check whether the cert expires in the next arg seconds\n",
+" exit 1 if so, 0 if not\n",
" -signkey arg - self sign cert with arg\n",
" -x509toreq - output a certification request object\n",
" -req - input is a certificate request, sign and output.\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
-" -crlext - delete extensions before signing and input certificate\n",
+" -clrext - delete extensions before signing and input certificate\n",
NULL
};
LHASH *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
+ int checkend=0,checkoffset=0;
reqfile=0;
startdate= ++num;
else if (strcmp(*argv,"-enddate") == 0)
enddate= ++num;
+ else if (strcmp(*argv,"-checkend") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkoffset=atoi(*(++argv));
+ checkend=1;
+ }
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-trustout") == 0)
aliasout= ++num;
else if (strcmp(*argv,"-CAcreateserial") == 0)
CA_createserial= ++num;
+ else if (strcmp(*argv,"-clrext") == 0)
+ clrext = 1;
+#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
else if (strcmp(*argv,"-crlext") == 0)
+ {
+ BIO_printf(bio_err,"use -clrext instead of -crlext\n");
clrext = 1;
+ }
+#endif
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
+ BIO_free(in);
goto end;
}
}
req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
BIO_free(in);
- if (req == NULL) { perror(infile); goto end; }
+ if (req == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if ( (req->req_info == NULL) ||
(req->req_info->pubkey == NULL) ||
}
}
- if(alias) X509_alias_rset(x, (unsigned char *)alias, -1);
+ if(alias) X509_alias_set1(x, (unsigned char *)alias, -1);
if(clrtrust) X509_trust_clear(x);
if(clrreject) X509_reject_clear(x);
if(trust) {
for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
objtmp = sk_ASN1_OBJECT_value(trust, i);
- X509_radd_trust_object(x, objtmp);
+ X509_add1_trust_object(x, objtmp);
}
}
if(reject) {
for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
objtmp = sk_ASN1_OBJECT_value(reject, i);
- X509_radd_reject_object(x, objtmp);
+ X509_add1_reject_object(x, objtmp);
}
}
else if (aliasout == i)
{
unsigned char *alstr;
- alstr = X509_alias_iget(x, NULL);
+ alstr = X509_alias_get0(x, NULL);
if(alstr) BIO_printf(STDout,"%s\n", alstr);
else BIO_puts(STDout,"<No Alias>\n");
}
BIO_printf(STDout, "Certificate purposes:\n");
for(j = 0; j < X509_PURPOSE_get_count(); j++)
{
- ptmp = X509_PURPOSE_iget(j);
+ ptmp = X509_PURPOSE_get0(j);
purpose_print(STDout, x, ptmp);
}
}
}
}
+ if(checkend)
+ {
+ time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x));
+ time_t tnow=time(NULL);
+
+ if(tnow+checkoffset > t)
+ {
+ BIO_printf(out,"Certificate will expire\n");
+ ret=1;
+ }
+ else
+ {
+ BIO_printf(out,"Certificate will not expire\n");
+ ret=0;
+ }
+ goto end;
+ }
+
if (noout)
{
ret=0;
int id, i, idret;
char *pname;
id = X509_PURPOSE_get_id(pt);
- pname = X509_PURPOSE_iget_name(pt);
+ pname = X509_PURPOSE_get0_name(pt);
for(i = 0; i < 2; i++) {
idret = X509_check_purpose(cert, id, i);
BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");