Allow the extension section specified in config files to be overridden

[openssl.git] / apps / x509.c

diff --git a/apps/x509.c b/apps/x509.c
index 2e2d18bea4d93b323a8f4cfa365f3e1581bcdff4..aa6e0573d60dc7eb04ff0bf804500785f09272a0 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -115,6 +115,7 @@ static char *x509_usage[]={
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
 " -extfile        - configuration file with X509V3 extensions to add\n",
+" -extensions     - section from config file with X509V3 extensions to add\n",
 NULL
 };
 
@@ -218,6 +219,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        extfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-extensions") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       extsect= *(++argv);
+                       }
                else if (strcmp(*argv,"-in") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -335,7 +341,7 @@ bad:
                                                        ,errorline,extfile);
                        goto end;
                }
-               if(!(extsect = CONF_get_string(extconf, "default",
+               if(!extsect && !(extsect = CONF_get_string(extconf, "default",
                                         "extensions"))) extsect = "default";
                X509V3_set_ctx_test(&ctx2);
                X509V3_set_conf_lhash(&ctx2, extconf);