#include <string.h>
#include <ctype.h>
#include <sys/types.h>
-#include <sys/stat.h>
#include <openssl/conf.h>
#include <openssl/bio.h>
#include <openssl/err.h>
int doupdatedb=0;
long crldays=0;
long crlhours=0;
+ long crlsec=0;
long errorline= -1;
char *configfile=NULL;
char *md=NULL;
if (--argc < 1) goto bad;
crlhours= atol(*(++argv));
}
+ else if (strcmp(*argv,"-crlsec") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crlsec = atol(*(++argv));
+ }
else if (strcmp(*argv,"-infiles") == 0)
{
argc--;
/* lookup where to write new certificates */
if ((outdir == NULL) && (req))
{
- struct stat sb;
if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
== NULL)
goto err;
}
- if (stat(outdir,&sb) != 0)
- {
- BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
- perror(outdir);
- goto err;
- }
-#ifdef S_IFDIR
- if (!(sb.st_mode & S_IFDIR))
+ if (app_isdir(outdir)<=0)
{
BIO_printf(bio_err,"%s need to be a directory\n",outdir);
perror(outdir);
goto err;
}
-#endif
#endif
}
goto err;
}
+ if (!strcmp(md, "default"))
+ {
+ int def_nid;
+ if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+ {
+ BIO_puts(bio_err,"no default digest\n");
+ goto err;
+ }
+ md = (char *)OBJ_nid2sn(def_nid);
+ }
+
if ((dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
goto err;
}
- if (!crldays && !crlhours)
+ if (!crldays && !crlhours && !crlsec)
{
if (!NCONF_get_number(conf,section,
ENV_DEFAULT_CRL_DAYS, &crldays))
ENV_DEFAULT_CRL_HOURS, &crlhours))
crlhours = 0;
}
- if ((crldays == 0) && (crlhours == 0))
+ if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
{
BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
goto err;
if (!tmptm) goto err;
X509_gmtime_adj(tmptm,0);
X509_CRL_set_lastUpdate(crl, tmptm);
- X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
+ X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60 + crlsec);
X509_CRL_set_nextUpdate(crl, tmptm);
ASN1_TIME_free(tmptm);
/* we now have a CRL */
if (verbose) BIO_printf(bio_err,"signing CRL\n");
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- dgst=EVP_dss1();
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- dgst=EVP_ecdsa();
-#endif
/* Add any extensions asked for */
if (crlnumberfile != NULL) /* we have a CRL number that need updating */
if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
+ if (crlnumber)
+ {
+ BN_free(crlnumber);
+ crlnumber = NULL;
+ }
+
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
PEM_write_bio_X509_CRL(Sout,crl);
if (free_key && key)
OPENSSL_free(key);
BN_free(serial);
+ BN_free(crlnumber);
free_index(db);
EVP_PKEY_free(pkey);
if (x509) X509_free(x509);
}
}
-
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
pktmp=X509_get_pubkey(ret);
if (EVP_PKEY_missing_parameters(pktmp) &&
!EVP_PKEY_missing_parameters(pkey))
EVP_PKEY_copy_parameters(pktmp,pkey);
EVP_PKEY_free(pktmp);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- dgst = EVP_ecdsa();
- pktmp = X509_get_pubkey(ret);
- if (EVP_PKEY_missing_parameters(pktmp) &&
- !EVP_PKEY_missing_parameters(pkey))
- EVP_PKEY_copy_parameters(pktmp, pkey);
- EVP_PKEY_free(pktmp);
-#endif
-
if (!X509_sign(ret,pkey,dgst))
goto err;