New -valid option to add a certificate to the ca index.txt that is valid and not...
authorDr. Stephen Henson <steve@openssl.org>
Sun, 9 Sep 2012 12:58:49 +0000 (12:58 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 9 Sep 2012 12:58:49 +0000 (12:58 +0000)
apps/ca.c

index 1cf50e00294d6355b99591c0b2ce6bdfdcf42df6..0cb498b9d967fd348ec83b7442e337ae2cbb07e0 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -501,6 +501,12 @@ EF_ALIGNMENT=0;
                        infile= *(++argv);
                        dorevoke=1;
                        }
+               else if (strcmp(*argv,"-valid") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       infile= *(++argv);
+                       dorevoke=2;
+                       }
                else if (strcmp(*argv,"-extensions") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -1523,6 +1529,8 @@ bad:
                                NULL, e, infile);
                        if (revcert == NULL)
                                goto err;
+                       if (dorevoke == 2)
+                               rev_type = -1;
                        j=do_revoke(revcert,db, rev_type, rev_arg);
                        if (j <= 0) goto err;
                        X509_free(revcert);
@@ -2486,7 +2494,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                        }
 
                /* Revoke Certificate */
-               ok = do_revoke(x509,db, type, value);
+               if (type == -1)
+                       ok = 1;
+               else
+                       ok = do_revoke(x509,db, type, value);
 
                goto err;
 
@@ -2497,6 +2508,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                           row[DB_name]);
                goto err;
                }
+       else if (type == -1)
+               {
+               BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
+                          row[DB_serial]);
+               goto err;
+               }
        else if (rrow[DB_type][0]=='R')
                {
                BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",