Initial code to support distinct certificate and CRL signing keys where the

[openssl.git] / apps / ca.c

diff --git a/apps/ca.c b/apps/ca.c
index 7666e35d54a69c2536137d546509f60a40eea08e..0967b34a213d6812ecc6e298fe5827136decd835 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -226,7 +226,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
 static int get_certificate_status(const char *ser_status, CA_DB *db);
 static int do_updatedb(CA_DB *db);
-static int check_time_format(char *str);
+static int check_time_format(const char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, const char *str);
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
@@ -306,7 +306,8 @@ int MAIN(int argc, char **argv)
        ASN1_TIME *tmptm;
        ASN1_INTEGER *tmpser;
        char *f;
-       const char *p, **pp;
+       const char *p;
+       char * const *pp;
        int i,j;
        const EVP_MD *dgst=NULL;
        STACK_OF(CONF_VALUE) *attribs=NULL;
@@ -555,8 +556,10 @@ bad:
 
        if (badops)
                {
-               for (pp=ca_usage; (*pp != NULL); pp++)
-                       BIO_printf(bio_err,"%s",*pp);
+               const char **pp2;
+
+               for (pp2=ca_usage; (*pp2 != NULL); pp2++)
+                       BIO_printf(bio_err,"%s",*pp2);
                goto err;
                }
 
@@ -876,9 +879,9 @@ bad:
        if (db == NULL) goto err;
 
        /* Lets check some fields */
-       for (i=0; i<sk_num(db->db->data); i++)
+       for (i=0; i<sk_PSTRING_num(db->db->data); i++)
                {
-               pp=(const char **)sk_value(db->db->data,i);
+               pp=sk_PSTRING_value(db->db->data,i);
                if ((pp[DB_type][0] != DB_TYPE_REV) &&
                        (pp[DB_rev_date][0] != '\0'))
                        {
@@ -931,7 +934,7 @@ bad:
 #endif
                TXT_DB_write(out,db->db);
                BIO_printf(bio_err,"%d entries loaded from the database\n",
-                       db->db->data->num);
+                          sk_PSTRING_num(db->db->data));
                BIO_printf(bio_err,"generating index\n");
                }
        
@@ -1401,9 +1404,9 @@ bad:
 
                ASN1_TIME_free(tmptm);
 
-               for (i=0; i<sk_num(db->db->data); i++)
+               for (i=0; i<sk_PSTRING_num(db->db->data); i++)
                        {
-                       pp=(const char **)sk_value(db->db->data,i);
+                       pp=sk_PSTRING_value(db->db->data,i);
                        if (pp[DB_type][0] == DB_TYPE_REV)
                                {
                                if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1678,7 +1681,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        int ok= -1,i,j,last,nid;
        const char *p;
        CONF_VALUE *cv;
-       char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
+       STRING row[DB_NUMBER];
+       STRING *irow=NULL;
+       STRING *rrow=NULL;
        char buf[25];
 
        tmptm=ASN1_UTCTIME_new();
@@ -1920,7 +1925,9 @@ again2:
 
        if (db->attributes.unique_subject)
                {
-               rrow=TXT_DB_get_by_index(db->db,DB_name,row);
+               STRING *crow=row;
+
+               rrow=TXT_DB_get_by_index(db->db,DB_name,crow);
                if (rrow != NULL)
                        {
                        BIO_printf(bio_err,
@@ -2221,7 +2228,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
             unsigned long nameopt, int default_op, int ext_copy)
        {
        STACK_OF(CONF_VALUE) *sk=NULL;
-       LHASH *parms=NULL;
+       LHASH_OF(CONF_VALUE) *parms=NULL;
        X509_REQ *req=NULL;
        CONF_VALUE *cv=NULL;
        NETSCAPE_SPKI *spki = NULL;
@@ -2384,7 +2391,7 @@ static int fix_data(int nid, int *type)
        return(1);
        }
 
-static int check_time_format(char *str)
+static int check_time_format(const char *str)
        {
        ASN1_UTCTIME tm;
 
@@ -2406,6 +2413,8 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                row[i]=NULL;
        row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
        bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+       if (!bn)
+               goto err;
        if (BN_is_zero(bn))
                row[DB_serial]=BUF_strdup("00");
        else
@@ -2475,7 +2484,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                goto err;
 
                }
-       else if (index_name_cmp((const char **)row,(const char **)rrow))
+       else if (index_name_cmp_noconst(row, rrow))
                {
                BIO_printf(bio_err,"ERROR:name does not match %s\n",
                           row[DB_name]);
@@ -2624,9 +2633,9 @@ static int do_updatedb (CA_DB *db)
        else
                a_y2k = 0;
 
-       for (i = 0; i < sk_num(db->db->data); i++)
+       for (i = 0; i < sk_PSTRING_num(db->db->data); i++)
                {
-               rrow = (char **) sk_value(db->db->data, i);
+               rrow = sk_PSTRING_value(db->db->data, i);
 
                if (rrow[DB_type][0] == 'V')
                        {