{"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
{"days", OPT_DAYS, 'n',
"How long till expiry of a signed certificate - def 30 days"},
- {"checkend", OPT_CHECKEND, 'p',
+ {"checkend", OPT_CHECKEND, 'M',
"Check whether the cert expires in the next arg seconds"},
{OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
{"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
"Output a certification request object"},
{"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
{"CA", OPT_CA, '<', "Set the CA certificate, must be PEM format"},
- {"CAkey", OPT_CAKEY, '<',
+ {"CAkey", OPT_CAKEY, 's',
"The CA key, must be PEM format; if not in CAfile"},
{"CAcreateserial", OPT_CACREATESERIAL, '-',
"Create serial number file if it does not exist"},
int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
- int checkoffset = 0, enddate = 0;
+ int enddate = 0;
+ time_t checkoffset = 0;
unsigned long nmflag = 0, certflag = 0;
char nmflag_set = 0;
OPTION_CHOICE o;
goto opthelp;
break;
case OPT_CAKEYFORM:
- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &CAkeyformat))
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat))
goto opthelp;
break;
case OPT_OUT:
enddate = ++num;
break;
case OPT_CHECKEND:
- checkoffset = atoi(opt_arg());
checkend = 1;
+ {
+ intmax_t temp = 0;
+ if (!opt_imax(opt_arg(), &temp))
+ goto opthelp;
+ checkoffset = (time_t)temp;
+ if ((intmax_t)checkoffset != temp) {
+ BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+ prog, opt_arg());
+ goto opthelp;
+ }
+ }
break;
case OPT_CHECKHOST:
checkhost = opt_arg();
}
BIO_printf(out, "Modulus=");
#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- BN_print(out, pkey->pkey.rsa->n);
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
+ BN_print(out, EVP_PKEY_get0_RSA(pkey)->n);
else
#endif
#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- BN_print(out, pkey->pkey.dsa->pub_key);
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA)
+ BN_print(out, EVP_PKEY_get0_DSA(pkey)->pub_key);
else
#endif
BIO_printf(out, "Wrong Algorithm type");
: (strlen(serialfile))) + 1;
buf = app_malloc(len, "serial# buffer");
if (serialfile == NULL) {
- BUF_strlcpy(buf, CAfile, len);
+ OPENSSL_strlcpy(buf, CAfile, len);
for (p = buf; *p; p++)
if (*p == '.') {
*p = '\0';
break;
}
- BUF_strlcat(buf, POSTFIX, len);
+ OPENSSL_strlcat(buf, POSTFIX, len);
} else
- BUF_strlcpy(buf, serialfile, len);
+ OPENSSL_strlcpy(buf, serialfile, len);
serial = load_serial(buf, create, NULL);
if (serial == NULL)
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto err;
- if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
- NULL)
+ if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
goto err;
if (!X509_set_pubkey(x, pkey))