projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add -naccept <n> option to s_server to automatically exit after <n> connections
[openssl.git]
/
apps
/
ca.c
diff --git
a/apps/ca.c
b/apps/ca.c
index 346ffd264c6bdcd68a0f94b616e7f7b0140ef798..0cb498b9d967fd348ec83b7442e337ae2cbb07e0 100644
(file)
--- a/
apps/ca.c
+++ b/
apps/ca.c
@@
-501,6
+501,12
@@
EF_ALIGNMENT=0;
infile= *(++argv);
dorevoke=1;
}
infile= *(++argv);
dorevoke=1;
}
+ else if (strcmp(*argv,"-valid") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ dorevoke=2;
+ }
else if (strcmp(*argv,"-extensions") == 0)
{
if (--argc < 1) goto bad;
else if (strcmp(*argv,"-extensions") == 0)
{
if (--argc < 1) goto bad;
@@
-1523,6
+1529,8
@@
bad:
NULL, e, infile);
if (revcert == NULL)
goto err;
NULL, e, infile);
if (revcert == NULL)
goto err;
+ if (dorevoke == 2)
+ rev_type = -1;
j=do_revoke(revcert,db, rev_type, rev_arg);
if (j <= 0) goto err;
X509_free(revcert);
j=do_revoke(revcert,db, rev_type, rev_arg);
if (j <= 0) goto err;
X509_free(revcert);
@@
-1554,6
+1562,8
@@
err:
BN_free(serial);
BN_free(crlnumber);
free_index(db);
BN_free(serial);
BN_free(crlnumber);
free_index(db);
+ if (sigopts)
+ sk_OPENSSL_STRING_free(sigopts);
EVP_PKEY_free(pkey);
if (x509) X509_free(x509);
X509_CRL_free(crl);
EVP_PKEY_free(pkey);
if (x509) X509_free(x509);
X509_CRL_free(crl);
@@
-2484,7
+2494,10
@@
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
}
/* Revoke Certificate */
}
/* Revoke Certificate */
- ok = do_revoke(x509,db, type, value);
+ if (type == -1)
+ ok = 1;
+ else
+ ok = do_revoke(x509,db, type, value);
goto err;
goto err;
@@
-2495,6
+2508,12
@@
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
row[DB_name]);
goto err;
}
row[DB_name]);
goto err;
}
+ else if (type == -1)
+ {
+ BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
+ row[DB_serial]);
+ goto err;
+ }
else if (rrow[DB_type][0]=='R')
{
BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
else if (rrow[DB_type][0]=='R')
{
BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
@@
-2559,7
+2578,7
@@
static int get_certificate_status(const char *serial, CA_DB *db)
/* Make it Upper Case */
for (i=0; row[DB_serial][i] != '\0'; i++)
/* Make it Upper Case */
for (i=0; row[DB_serial][i] != '\0'; i++)
- row[DB_serial][i] = toupper(row[DB_serial][i]);
+ row[DB_serial][i] = toupper(
(unsigned char)
row[DB_serial][i]);
ok=1;
ok=1;