Oops, use right function name...

[openssl.git] / apps / x509.c

diff --git a/apps/x509.c b/apps/x509.c
index e08fdac8b935c64f71e1b9e95e0a2dce80894dd9..f4198d97be0ba82a6d4f89ac16bc9468c3d78749 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -114,7 +114,7 @@ static const char *x509_usage[]={
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
 " -ocspid         - print OCSP hash values for the subject name and public key\n",
-" -ocspurl        - print OCSP Responder URL(s)\n",
+" -ocsp_uri       - print OCSP Responder URL(s)\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -626,7 +626,7 @@ bad:
                if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
 
                X509_gmtime_adj(X509_get_notBefore(x),0);
-               X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+               X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
 
                pkey = X509_REQ_get_pubkey(req);
                X509_set_pubkey(x,pkey);
@@ -1130,7 +1130,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
        /* NOTE: this certificate can/should be self signed, unless it was
         * a certificate request in which case it is not. */
        X509_STORE_CTX_set_cert(&xsc,x);
-       if (!reqfile && !X509_verify_cert(&xsc))
+       X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+       if (!reqfile && X509_verify_cert(&xsc) <= 0)
                goto end;
 
        if (!X509_check_private_key(xca,pkey))
@@ -1146,7 +1147,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
                goto end;
 
        /* hardwired expired */
-       if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+       if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL)
                goto end;
 
        if (clrext)