Ignore auto-generated programs.
[openssl.git] / apps / ca.c
index a584836..1ea90aa 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -82,7 +82,7 @@
 #define PROG ca_main
 
 #define BASE_SECTION   "ca"
-#define CONFIG_FILE "lib/ssleay.cnf"
+#define CONFIG_FILE "lib/openssl.cnf"
 
 #define ENV_DEFAULT_CA         "default_ca"
 
@@ -431,6 +431,29 @@ bad:
                        }
                }
 
+       if (conf != NULL)
+               {
+               p=CONF_get_string(conf,NULL,"oid_file");
+               if (p != NULL)
+                       {
+                       BIO *oid_bio;
+
+                       oid_bio=BIO_new_file(p,"r");
+                       if (oid_bio == NULL) 
+                               {
+                               /*
+                               BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+                               ERR_print_errors(bio_err);
+                               */
+                               }
+                       else
+                               {
+                               OBJ_create_objects(oid_bio);
+                               BIO_free(oid_bio);
+                               }
+                       }
+               }
+
        in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
        Sout=BIO_new(BIO_s_file());
@@ -490,6 +513,12 @@ bad:
                goto err;
                }
 
+       if (!X509_check_private_key(x509,pkey))
+               {
+               BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+               goto err;
+               }
+
        f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
        if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
                preserve=1;
@@ -700,7 +729,7 @@ bad:
                        }
                if (verbose)
                        {
-                       if ((f=BN_bn2ascii(serial)) == NULL) goto err;
+                       if ((f=BN_bn2hex(serial)) == NULL) goto err;
                        BIO_printf(bio_err,"next serial number is %s\n",f);
                        Free(f);
                        }
@@ -983,7 +1012,7 @@ bad:
                        r->sequence=i;
                        }
 
-               /* we how have a CRL */
+               /* we now have a CRL */
                if (verbose) BIO_printf(bio_err,"signing CRL\n");
                if (md != NULL)
                        {
@@ -994,7 +1023,15 @@ bad:
                                }
                        }
                else
+                   {
+#ifndef NO_DSA
+                   if (pkey->type == EVP_PKEY_DSA) 
+                       dgst=EVP_dss1();
+                   else
+#endif
                        dgst=EVP_md5();
+                   }
+
                if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
                PEM_write_bio_X509_CRL(Sout,crl);
@@ -1195,6 +1232,7 @@ int verbose;
                goto err;
                }
        i=X509_REQ_verify(req,pktmp);
+       EVP_PKEY_free(pktmp);
        if (i < 0)
                {
                ok=0;
@@ -1264,6 +1302,7 @@ int verbose;
                goto err;
                }
        i=X509_verify(req,pktmp);
+       EVP_PKEY_free(pktmp);
        if (i < 0)
                {
                ok=0;
@@ -1273,7 +1312,7 @@ int verbose;
        if (i == 0)
                {
                ok=0;
-               BIO_printf(bio_err,"Signature did not match the certificate request\n");
+               BIO_printf(bio_err,"Signature did not match the certificate\n");
                goto err;
                }
        else
@@ -1530,7 +1569,7 @@ again2:
                BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
 
        row[DB_name]=X509_NAME_oneline(subject,NULL,0);
-       row[DB_serial]=BN_bn2ascii(serial);
+       row[DB_serial]=BN_bn2hex(serial);
        if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
                {
                BIO_printf(bio_err,"Malloc failure\n");
@@ -1618,7 +1657,9 @@ again2:
        if (!X509_set_subject_name(ret,subject)) goto err;
 
        pktmp=X509_REQ_get_pubkey(req);
-       if (!X509_set_pubkey(ret,pktmp)) goto err;
+       i = X509_set_pubkey(ret,pktmp);
+       EVP_PKEY_free(pktmp);
+       if (!i) goto err;
 
        /* Lets add the extensions, if there are any */
        if ((extensions != NULL) && (sk_num(extensions) > 0))
@@ -1661,11 +1702,14 @@ again2:
                        }
                }
 
+
 #ifndef NO_DSA
+       if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
         pktmp=X509_get_pubkey(ret);
         if (EVP_PKEY_missing_parameters(pktmp) &&
                !EVP_PKEY_missing_parameters(pkey))
                EVP_PKEY_copy_parameters(pktmp,pkey);
+       EVP_PKEY_free(pktmp);
 #endif
 
        if (!X509_sign(ret,pkey,dgst))
@@ -1918,6 +1962,7 @@ int verbose;
        BIO_printf(bio_err,"Signature ok\n");
 
        X509_REQ_set_pubkey(req,pktmp);
+       EVP_PKEY_free(pktmp);
        ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
                days,1,verbose,req,extensions);
 err:
@@ -2022,7 +2067,7 @@ char *sec;
                default:
                        BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name);
                        goto err;
-                       break;
+                       /* break; */
                        }
 
                if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL)