Security framework.

[openssl.git] / apps / ca.c

diff --git a/apps/ca.c b/apps/ca.c
index 346ffd264c6bdcd68a0f94b616e7f7b0140ef798..934970d9e45e9742972e8ff263c5c317cd25bdb1 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -148,7 +148,7 @@
 static const char *ca_usage[]={
 "usage: ca args\n",
 "\n",
-" -verbose        - Talk alot while doing things\n",
+" -verbose        - Talk a lot while doing things\n",
 " -config file    - A config file\n",
 " -name arg       - The particular CA definition to use\n",
 " -gencrl         - Generate a new CRL\n",
@@ -179,7 +179,7 @@ static const char *ca_usage[]={
 " -utf8           - input characters are UTF8 (default ASCII)\n",
 " -multivalue-rdn - enable support for multivalued RDNs\n",
 " -extensions ..  - Extension section (override value in config file)\n",
-" -extfile file   - Configuration file with X509v3 extentions to add\n",
+" -extfile file   - Configuration file with X509v3 extensions to add\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
 #ifndef OPENSSL_NO_ENGINE
 " -engine e       - use engine e, possibly a hardware device.\n",
@@ -501,6 +501,12 @@ EF_ALIGNMENT=0;
                        infile= *(++argv);
                        dorevoke=1;
                        }
+               else if (strcmp(*argv,"-valid") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       infile= *(++argv);
+                       dorevoke=2;
+                       }
                else if (strcmp(*argv,"-extensions") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -988,7 +994,7 @@ bad:
                }
 
        /*****************************************************************/
-       /* Read extentions config file                                   */
+       /* Read extensions config file                                   */
        if (extfile)
                {
                extconf = NCONF_new(NULL);
@@ -1523,6 +1529,8 @@ bad:
                                NULL, e, infile);
                        if (revcert == NULL)
                                goto err;
+                       if (dorevoke == 2)
+                               rev_type = -1;
                        j=do_revoke(revcert,db, rev_type, rev_arg);
                        if (j <= 0) goto err;
                        X509_free(revcert);
@@ -1554,6 +1562,8 @@ err:
        BN_free(serial);
        BN_free(crlnumber);
        free_index(db);
+       if (sigopts)
+               sk_OPENSSL_STRING_free(sigopts);
        EVP_PKEY_free(pkey);
        if (x509) X509_free(x509);
        X509_CRL_free(crl);
@@ -2042,7 +2052,13 @@ again2:
 
        if (enddate == NULL)
                X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
-       else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
+       else
+               {
+               int tdays;
+               ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
+               ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
+               days = tdays;
+               }
 
        if (!X509_set_subject_name(ret,subject)) goto err;
 
@@ -2484,7 +2500,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                        }
 
                /* Revoke Certificate */
-               ok = do_revoke(x509,db, type, value);
+               if (type == -1)
+                       ok = 1;
+               else
+                       ok = do_revoke(x509,db, type, value);
 
                goto err;
 
@@ -2495,6 +2514,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                           row[DB_name]);
                goto err;
                }
+       else if (type == -1)
+               {
+               BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
+                          row[DB_serial]);
+               goto err;
+               }
        else if (rrow[DB_type][0]=='R')
                {
                BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
@@ -2559,7 +2584,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
                        
        /* Make it Upper Case */
        for (i=0; row[DB_serial][i] != '\0'; i++)
-               row[DB_serial][i] = toupper(row[DB_serial][i]);
+               row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
        
 
        ok=1;