fix printout of expiry days if -enddate is used in ca

[openssl.git] / apps / ca.c

diff --git a/apps/ca.c b/apps/ca.c
index de3122b7ec2e2e9604f5e6a1b0721a1c92a30a96..5d488e2fac1478ff934807a18d95c48402140a67 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -501,6 +501,12 @@ EF_ALIGNMENT=0;
                        infile= *(++argv);
                        dorevoke=1;
                        }
+               else if (strcmp(*argv,"-valid") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       infile= *(++argv);
+                       dorevoke=2;
+                       }
                else if (strcmp(*argv,"-extensions") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -1523,6 +1529,8 @@ bad:
                                NULL, e, infile);
                        if (revcert == NULL)
                                goto err;
+                       if (dorevoke == 2)
+                               rev_type = -1;
                        j=do_revoke(revcert,db, rev_type, rev_arg);
                        if (j <= 0) goto err;
                        X509_free(revcert);
@@ -2044,7 +2052,13 @@ again2:
 
        if (enddate == NULL)
                X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
-       else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
+       else
+               {
+               int tdays;
+               ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
+               ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
+               days = tdays;
+               }
 
        if (!X509_set_subject_name(ret,subject)) goto err;
 
@@ -2486,7 +2500,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                        }
 
                /* Revoke Certificate */
-               ok = do_revoke(x509,db, type, value);
+               if (type == -1)
+                       ok = 1;
+               else
+                       ok = do_revoke(x509,db, type, value);
 
                goto err;
 
@@ -2497,6 +2514,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                           row[DB_name]);
                goto err;
                }
+       else if (type == -1)
+               {
+               BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
+                          row[DB_serial]);
+               goto err;
+               }
        else if (rrow[DB_type][0]=='R')
                {
                BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
@@ -2561,7 +2584,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
                        
        /* Make it Upper Case */
        for (i=0; row[DB_serial][i] != '\0'; i++)
-               row[DB_serial][i] = toupper(row[DB_serial][i]);
+               row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
        
 
        ok=1;