" -fingerprint - print the certificate fingerprint\n",
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
+" -ocspid - print OCSP hash values for the subject name and public key\n",
" -trustout - output a \"trusted\" certificate\n",
" -clrtrust - clear all trusted purposes\n",
" -clrreject - clear all rejected purposes\n",
char *CAkeyfile=NULL,*CAserial=NULL;
char *alias=NULL;
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+ int ocspid=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
int C=0;
clrext = 1;
}
#endif
+ else if (strcmp(*argv,"-ocspid") == 0)
+ ocspid= ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
,errorline,extfile);
goto end;
}
- if (!extsect && !(extsect = CONF_get_string(extconf, "default",
- "extensions"))) extsect = "default";
+ if (!extsect)
+ {
+ extsect = CONF_get_string(extconf, "default", "extensions");
+ if (!extsect)
+ {
+ ERR_clear_error();
+ extsect = "default";
+ }
+ }
X509V3_set_ctx_test(&ctx2);
X509V3_set_conf_lhash(&ctx2, extconf);
if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
if (Upkey == NULL)
{
Upkey=load_key(bio_err,
- keyfile,keyformat, passin);
+ keyfile,keyformat, passin, e);
if (Upkey == NULL) goto end;
}
#ifndef NO_DSA
if (CAkeyfile != NULL)
{
CApkey=load_key(bio_err,
- CAkeyfile,CAkeyformat, passin);
+ CAkeyfile,CAkeyformat, passin,
+ e);
if (CApkey == NULL) goto end;
}
#ifndef NO_DSA
else
{
pk=load_key(bio_err,
- keyfile,FORMAT_PEM, passin);
+ keyfile,FORMAT_PEM, passin, e);
if (pk == NULL) goto end;
}
}
noout=1;
}
+ else if (ocspid == i)
+ {
+ X509_ocspid_print(out, x);
+ }
}
}