Don't compile heartbeat test code on Windows (for now).

[openssl.git] / apps / CA.pl.in

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index b09820755dca1056e613ff34f9e930330813f0c9..c783a6e6a541599f81b6055837514cc718496876 100644 (file)
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -36,14 +36,22 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
+my $openssl;
+if(defined $ENV{OPENSSL}) {
+       $openssl = $ENV{OPENSSL};
+} else {
+       $openssl = "openssl";
+       $ENV{OPENSSL} = $openssl;
+}
+
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";     # 1 year
 $CADAYS="-days 1095";  # 3 years
-$REQ="openssl req $SSLEAY_CONFIG";
-$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="openssl verify";
-$X509="openssl x509";
-$PKCS12="openssl pkcs12";
+$REQ="$openssl req $SSLEAY_CONFIG";
+$CA="$openssl ca $SSLEAY_CONFIG";
+$VERIFY="$openssl verify";
+$X509="$openssl x509";
+$PKCS12="$openssl pkcs12";
 
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
@@ -60,19 +68,19 @@ foreach (@ARGV) {
            exit 0;
        } elsif (/^-newcert$/) {
            # create a certificate
-           system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+           system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
            $RET=$?;
-           print "Certificate (and private key) is in newreq.pem\n"
+           print "Certificate is in newcert.pem, private key is in newkey.pem\n"
        } elsif (/^-newreq$/) {
            # create a certificate request
-           system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+           system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
            $RET=$?;
-           print "Request (and private key) is in newreq.pem\n";
+           print "Request is in newreq.pem, private key is in newkey.pem\n";
        } elsif (/^-newreq-nodes$/) {
            # create a certificate request
-           system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+           system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
            $RET=$?;
-           print "Request (and private key) is in newreq.pem\n";
+           print "Request is in newreq.pem, private key is in newkey.pem\n";
        } elsif (/^-newca$/) {
                # if explicitly asked for or it doesn't exist then setup the
                # directory structure that Eric likes to manage things 
@@ -86,6 +94,9 @@ foreach (@ARGV) {
                mkdir "${CATOP}/private", $DIRMODE;
                open OUT, ">${CATOP}/index.txt";
                close OUT;
+               open OUT, ">${CATOP}/crlnumber";
+               print OUT "01\n";
+               close OUT;
            }
            if ( ! -f "${CATOP}/private/$CAKEY" ) {
                print "CA certificate filename (or enter to create)\n";
@@ -105,6 +116,7 @@ foreach (@ARGV) {
                    system ("$CA -create_serial " .
                        "-out ${CATOP}/$CACERT $CADAYS -batch " . 
                        "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+                       "-extensions v3_ca " .
                        "-infiles ${CATOP}/$CAREQ ");
                    $RET=$?;
                }
@@ -112,10 +124,11 @@ foreach (@ARGV) {
        } elsif (/^-pkcs12$/) {
            my $cname = $ARGV[1];
            $cname = "My Certificate" unless defined $cname;
-           system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+           system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
                        "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
                        "-export -name \"$cname\"");
            $RET=$?;
+           print "PKCS #12 file is in newcert.p12\n";
            exit $RET;
        } elsif (/^-xsign$/) {
            system ("$CA -policy policy_anything -infiles newreq.pem");