char *section, ASN1_INTEGER *sno, int reqfile);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-static int force_version = 2;
-#endif
-
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
- OPT_FORCE_VERSION,
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
} OPTION_CHOICE;
{"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
{"days", OPT_DAYS, 'n',
"How long till expiry of a signed certificate - def 30 days"},
- {"checkend", OPT_CHECKEND, 'p',
+ {"checkend", OPT_CHECKEND, 'M',
"Check whether the cert expires in the next arg seconds"},
{OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
{"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
"Output a certification request object"},
{"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
{"CA", OPT_CA, '<', "Set the CA certificate, must be PEM format"},
- {"CAkey", OPT_CAKEY, '<',
+ {"CAkey", OPT_CAKEY, 's',
"The CA key, must be PEM format; if not in CAfile"},
{"CAcreateserial", OPT_CACREATESERIAL, '-',
"Create serial number file if it does not exist"},
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"},
#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- {"force_version", OPT_FORCE_VERSION, 'p'},
-#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
- int checkoffset = 0, enddate = 0;
+ int enddate = 0;
+ time_t checkoffset = 0;
unsigned long nmflag = 0, certflag = 0;
char nmflag_set = 0;
OPTION_CHOICE o;
goto opthelp;
break;
case OPT_CAKEYFORM:
- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &CAkeyformat))
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat))
goto opthelp;
break;
case OPT_OUT:
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
- case OPT_FORCE_VERSION:
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- force_version = atoi(opt_arg()) - 1;
-#endif
- break;
case OPT_DAYS:
days = atoi(opt_arg());
break;
enddate = ++num;
break;
case OPT_CHECKEND:
- checkoffset = atoi(opt_arg());
checkend = 1;
+ {
+ intmax_t temp = 0;
+ if (!opt_imax(opt_arg(), &temp))
+ goto opthelp;
+ checkoffset = (time_t)temp;
+ if ((intmax_t)checkoffset != temp) {
+ BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+ prog, opt_arg());
+ goto opthelp;
+ }
+ }
break;
case OPT_CHECKHOST:
checkhost = opt_arg();
goto end;
}
- if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
+ if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
goto end;
}
i = X509_REQ_verify(req, pkey);
- EVP_PKEY_free(pkey);
if (i < 0) {
BIO_printf(bio_err, "Signature verification error\n");
ERR_print_errors(bio_err);
if (fkey)
X509_set_pubkey(x, fkey);
else {
- pkey = X509_REQ_get_pubkey(req);
+ pkey = X509_REQ_get0_pubkey(req);
X509_set_pubkey(x, pkey);
- EVP_PKEY_free(pkey);
}
} else
- x = load_cert(infile, informat, NULL, e, "Certificate");
+ x = load_cert(infile, informat, "Certificate");
if (x == NULL)
goto end;
if (CA_flag) {
- xca = load_cert(CAfile, CAformat, NULL, e, "CA Certificate");
+ xca = load_cert(CAfile, CAformat, "CA Certificate");
if (xca == NULL)
goto end;
}
}
BIO_printf(out, "Modulus=");
#ifndef OPENSSL_NO_RSA
- if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
- BN_print(out, EVP_PKEY_get0_RSA(pkey)->n);
- else
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+ BIGNUM *n;
+ RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL);
+ BN_print(out, n);
+ } else
#endif
#ifndef OPENSSL_NO_DSA
- if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA)
- BN_print(out, EVP_PKEY_get0_DSA(pkey)->pub_key);
- else
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
+ BIGNUM *dsapub = NULL;
+ DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL);
+ BN_print(out, dsapub);
+ } else
#endif
+ {
BIO_printf(out, "Wrong Algorithm type");
+ }
BIO_printf(out, "\n");
} else if (pubkey == i) {
EVP_PKEY *pkey;
if (conf) {
X509V3_CTX ctx2;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- X509_set_version(x, force_version);
-#else
X509_set_version(x, 2); /* version 3 certificate */
-#endif
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
}
if (conf) {
X509V3_CTX ctx;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- X509_set_version(x, force_version);
-#else
X509_set_version(x, 2); /* version 3 certificate */
-#endif
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
projects / openssl.git / blobdiff