"The CA key, must be PEM format; if not in CAfile"},
{"CAcreateserial", OPT_CACREATESERIAL, '-',
"Create serial number file if it does not exist"},
- {"CAserial", OPT_CASERIAL, '<', "Serial file"},
+ {"CAserial", OPT_CASERIAL, 's', "Serial file"},
{"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
{"text", OPT_TEXT, '-', "Print the certificate in text form"},
{"C", OPT_C, '-', "Print out C code forms"},
char *checkhost = NULL, *checkemail = NULL, *checkip = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL;
char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
- char buf[256];
- char *engine = NULL, *prog;
- int C = 0, x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint =
- 0;
- int CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
- int fingerprint = 0, reqfile = 0, need_rand = 0, checkend =
- 0, checkoffset = 0;
+ char buf[256], *prog;
+ int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
+ int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
+ int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
- int text = 0, serial = 0, subject = 0, issuer = 0, startdate =
- 0, enddate = 0;
+ int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
+ int checkoffset = 0, enddate = 0;
unsigned long nmflag = 0, certflag = 0;
OPTION_CHOICE o;
-#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
-#endif
#ifndef OPENSSL_NO_MD5
int subject_hash_old = 0, issuer_hash_old = 0;
#endif
goto opthelp;
break;
case OPT_ENGINE:
- engine = opt_arg();
+ e = setup_engine(opt_arg(), 0);
break;
case OPT_C:
C = ++num;
if (out == NULL)
goto end;
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(engine, 0);
-#endif
-
if (need_rand)
app_RAND_load_file(NULL, 0);
" */\n", buf);
len = i2d_X509(x, NULL);
- m = OPENSSL_malloc(len);
- if (!m) {
- BIO_printf(bio_err, "Out of memory\n");
- goto end;
- }
-
+ m = app_malloc(len, "x509 name buffer");
d = (unsigned char *)m;
len = i2d_X509_NAME(X509_get_subject_name(x), &d);
print_array(out, "the_subject_name", len, (unsigned char *)m);
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
EVP_PKEY_free(fkey);
- if (sigopts)
- sk_OPENSSL_STRING_free(sigopts);
+ sk_OPENSSL_STRING_free(sigopts);
X509_REQ_free(rq);
ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
- if (passin)
- OPENSSL_free(passin);
+ OPENSSL_free(passin);
return (ret);
}
len = ((serialfile == NULL)
? (strlen(CAfile) + strlen(POSTFIX) + 1)
: (strlen(serialfile))) + 1;
- buf = OPENSSL_malloc(len);
- if (buf == NULL) {
- BIO_printf(bio_err, "out of mem\n");
- goto end;
- }
+ buf = app_malloc(len, "serial# buffer");
if (serialfile == NULL) {
BUF_strlcpy(buf, CAfile, len);
for (p = buf; *p; p++)
goto end;
end:
- if (buf)
- OPENSSL_free(buf);
+ OPENSSL_free(buf);
BN_free(serial);
return bs;
}
}
if (sno)
bs = sno;
- else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
+ else if ((bs = x509_load_serial(CAfile, serialfile, create)) == NULL)
goto end;
-/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
-
/*
* NOTE: this certificate can/should be self signed, unless it was a
* certificate request in which case it is not.