#define PROG ca_main
#define BASE_SECTION "ca"
-#define CONFIG_FILE "lib/ssleay.cnf"
+#define CONFIG_FILE "lib/openssl.cnf"
#define ENV_DEFAULT_CA "default_ca"
r->sequence=i;
}
- /* we how have a CRL */
+ /* we now have a CRL */
if (verbose) BIO_printf(bio_err,"signing CRL\n");
if (md != NULL)
{
}
}
else
+ {
+#ifndef NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ dgst=EVP_dss1();
+ else
+#endif
dgst=EVP_md5();
+ }
+
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
PEM_write_bio_X509_CRL(Sout,crl);
goto err;
}
i=X509_REQ_verify(req,pktmp);
+ EVP_PKEY_free(pktmp);
if (i < 0)
{
ok=0;
goto err;
}
i=X509_verify(req,pktmp);
+ EVP_PKEY_free(pktmp);
if (i < 0)
{
ok=0;
if (!X509_set_subject_name(ret,subject)) goto err;
pktmp=X509_REQ_get_pubkey(req);
- if (!X509_set_pubkey(ret,pktmp)) goto err;
+ i = X509_set_pubkey(ret,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (!i) goto err;
/* Lets add the extensions, if there are any */
if ((extensions != NULL) && (sk_num(extensions) > 0))
}
}
- if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
#ifndef NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
pktmp=X509_get_pubkey(ret);
if (EVP_PKEY_missing_parameters(pktmp) &&
!EVP_PKEY_missing_parameters(pkey))
EVP_PKEY_copy_parameters(pktmp,pkey);
+ EVP_PKEY_free(pktmp);
#endif
if (!X509_sign(ret,pkey,dgst))
BIO_printf(bio_err,"Signature ok\n");
X509_REQ_set_pubkey(req,pktmp);
+ EVP_PKEY_free(pktmp);
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
days,1,verbose,req,extensions);
err: