mark all block comments that need format preserving so that

[openssl.git] / apps / ca.c

diff --git a/apps/ca.c b/apps/ca.c
index 1cf50e00294d6355b99591c0b2ce6bdfdcf42df6..2c7bf276463ad71da9a401c24c5571ac41934c97 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -501,6 +501,12 @@ EF_ALIGNMENT=0;
                        infile= *(++argv);
                        dorevoke=1;
                        }
+               else if (strcmp(*argv,"-valid") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       infile= *(++argv);
+                       dorevoke=2;
+                       }
                else if (strcmp(*argv,"-extensions") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -703,7 +709,7 @@ bad:
                ERR_clear_error();
 #ifdef RL_DEBUG
        if (!p)
-               BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
+               BIO_printf(bio_err, "DEBUG: unique_subject undefined\n");
 #endif
 #ifdef RL_DEBUG
        BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
@@ -1523,6 +1529,8 @@ bad:
                                NULL, e, infile);
                        if (revcert == NULL)
                                goto err;
+                       if (dorevoke == 2)
+                               rev_type = -1;
                        j=do_revoke(revcert,db, rev_type, rev_arg);
                        if (j <= 0) goto err;
                        X509_free(revcert);
@@ -1620,12 +1628,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                {
                ok=0;
                BIO_printf(bio_err,"Signature verification problems....\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        if (i == 0)
                {
                ok=0;
                BIO_printf(bio_err,"Signature did not match the certificate request\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        else
@@ -2044,7 +2054,13 @@ again2:
 
        if (enddate == NULL)
                X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
-       else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
+       else
+               {
+               int tdays;
+               ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
+               ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
+               days = tdays;
+               }
 
        if (!X509_set_subject_name(ret,subject)) goto err;
 
@@ -2486,7 +2502,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                        }
 
                /* Revoke Certificate */
-               ok = do_revoke(x509,db, type, value);
+               if (type == -1)
+                       ok = 1;
+               else
+                       ok = do_revoke(x509,db, type, value);
 
                goto err;
 
@@ -2497,6 +2516,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                           row[DB_name]);
                goto err;
                }
+       else if (type == -1)
+               {
+               BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
+                          row[DB_serial]);
+               goto err;
+               }
        else if (rrow[DB_type][0]=='R')
                {
                BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
@@ -2777,6 +2802,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 
        revtm = X509_gmtime_adj(NULL, 0);
 
+       if (!revtm)
+               return NULL;
+
        i = revtm->length + 1;
 
        if (reason) i += strlen(reason) + 1;
@@ -2801,7 +2829,8 @@ char *make_revocation_str(int rev_type, char *rev_arg)
        return str;
        }
 
-/* Convert revocation field to X509_REVOKED entry 
+/*-
+ * Convert revocation field to X509_REVOKED entry 
  * return code:
  * 0 error
  * 1 OK