* [including the GNU Public Licence.]
*/
-#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
-#ifndef OPENSSL_NO_MD5
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
-#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
OPT_FORCE_VERSION,
-#endif
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
} OPTION_CHOICE;
{"serial", OPT_SERIAL, '-', "Print serial number value"},
{"subject_hash", OPT_HASH, '-', "Print subject hash value"},
{"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
-#ifndef OPENSSL_NO_MD5
- {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
- "Print old-style (MD5) issuer hash value"},
- {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
- "Print old-style (MD5) subject hash value"},
-#endif
{"hash", OPT_HASH, '-', "Synonym for -subject_hash"},
{"subject", OPT_SUBJECT, '-', "Print subject DN"},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
{"clrreject", OPT_CLRREJECT, '-'},
{"badsig", OPT_BADSIG, '-'},
{"", OPT_MD, '-', "Any supported digest"},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#ifndef OPENSSL_NO_MD5
+ {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
+ "Print old-style (MD5) issuer hash value"},
+ {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
+ "Print old-style (MD5) subject hash value"},
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
{"force_version", OPT_FORCE_VERSION, 'p'},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
int checkoffset = 0, enddate = 0;
unsigned long nmflag = 0, certflag = 0;
+ char nmflag_set = 0;
OPTION_CHOICE o;
ENGINE *e = NULL;
#ifndef OPENSSL_NO_MD5
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
case OPT_FORCE_VERSION:
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
force_version = atoi(opt_arg()) - 1;
- break;
#endif
+ break;
case OPT_DAYS:
days = atoi(opt_arg());
break;
goto opthelp;
break;
case OPT_NAMEOPT:
+ nmflag_set = 1;
if (!set_name_ex(&nmflag, opt_arg()))
goto opthelp;
break;
case OPT_ISSUER_HASH_OLD:
issuer_hash_old = ++num;
break;
+#else
+ case OPT_SUBJECT_HASH_OLD:
+ case OPT_ISSUER_HASH_OLD:
+ break;
#endif
case OPT_DATES:
startdate = ++num;
goto opthelp;
}
- out = bio_open_default(outfile, "w");
+ if (!nmflag_set)
+ nmflag = XN_FLAG_ONELINE;
+
+ out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
}
if (extfile) {
- long errorline = -1;
X509V3_CTX ctx2;
- extconf = NCONF_new(NULL);
- if (!NCONF_load(extconf, extfile, &errorline)) {
- if (errorline <= 0)
- BIO_printf(bio_err,
- "error loading the config file '%s'\n", extfile);
- else
- BIO_printf(bio_err,
- "error on line %ld of config file '%s'\n",
- errorline, extfile);
+ if ((extconf = app_load_config(extfile)) == NULL)
goto end;
- }
if (!extsect) {
extsect = NCONF_get_string(extconf, "default", "extensions");
if (!extsect) {
BIO_printf(bio_err, "We need a private key to sign with\n");
goto end;
}
- in = bio_open_default(infile, "r");
+ in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
goto end;
}
- if ((req->req_info == NULL) ||
- (req->req_info->pubkey == NULL) ||
- (req->req_info->pubkey->public_key == NULL) ||
- (req->req_info->pubkey->public_key->data == NULL)) {
- BIO_printf(bio_err,
- "The certificate request appears to corrupted\n");
- BIO_printf(bio_err, "It does not contain a public key\n");
- goto end;
- }
if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
goto end;
} else if (!X509_set_serialNumber(x, sno))
goto end;
- if (!X509_set_issuer_name(x, req->req_info->subject))
+ if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
goto end;
- if (!X509_set_subject_name(x, req->req_info->subject))
+ if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
goto end;
X509_gmtime_adj(X509_get_notBefore(x), 0);
goto end;
}
- if (badsig)
- x->signature->data[x->signature->length - 1] ^= 0x1;
+ if (badsig) {
+ ASN1_BIT_STRING *signature;
+ unsigned char *s;
+ X509_get0_signature(&signature, NULL, x);
+ s = ASN1_STRING_data(signature);
+ s[ASN1_STRING_length(signature) - 1] ^= 0x1;
+ }
if (outformat == FORMAT_ASN1)
i = i2d_X509_bio(out, x);
i = PEM_write_bio_X509_AUX(out, x);
else
i = PEM_write_bio_X509(out, x);
- } else if (outformat == FORMAT_NETSCAPE) {
- NETSCAPE_X509 nx;
- ASN1_OCTET_STRING hdr;
-
- hdr.data = (unsigned char *)NETSCAPE_CERT_HDR;
- hdr.length = strlen(NETSCAPE_CERT_HDR);
- nx.header = &hdr;
- nx.cert = x;
-
- i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (sno)
bs = sno;
- else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
+ else if ((bs = x509_load_serial(CAfile, serialfile, create)) == NULL)
goto end;
-/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
-
/*
* NOTE: this certificate can/should be self signed, unless it was a
* certificate request in which case it is not.