Remove references to o_time.h

[openssl.git] / apps / x509.c
diff --git a/apps/x509.c b/apps/x509.c

index 51c86b4139c029a5aaaab996a28737d176680e4f..db0ab1a6e93c6789bb9c7dfa53c9e9c1cfd93eca 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,6 +73,7 @@
  #include <openssl/x509v3.h>
  #include <openssl/objects.h>
  #include <openssl/pem.h>
+#include <openssl/ssl.h>
  #ifndef OPENSSL_NO_RSA
  #include <openssl/rsa.h>
  #endif
@@ -166,6 +167,9 @@ static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
                          CONF *conf, char *section, ASN1_INTEGER *sno);
  static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
  static int reqfile=0;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+static int force_version=2;
+#endif
  
  int MAIN(int, char **);
  
@@ -221,6 +225,8 @@ int MAIN(int argc, char **argv)
  
         apps_startup();
  
+       X509V3_EXT_add_rfc6962();
+
         if (bio_err == NULL)
                 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
  
@@ -288,6 +294,13 @@ int MAIN(int argc, char **argv)
                         if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
                                 goto bad;
                         }
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+               else if (strcmp(*argv,"-force_version") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       force_version=atoi(*(++argv)) - 1;
+                       }
+#endif
                 else if (strcmp(*argv,"-days") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -1145,6 +1158,7 @@ end:
         sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
         sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
         if (passin) OPENSSL_free(passin);
+       X509V3_EXT_cleanup();
         apps_shutdown();
         OPENSSL_EXIT(ret);
         }
@@ -1247,7 +1261,11 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
         if (conf)
                 {
                 X509V3_CTX ctx2;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+               X509_set_version(x, force_version);
+#else
                 X509_set_version(x,2); /* version 3 certificate */
+#endif
                  X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
                  X509V3_set_nconf(&ctx2, conf);
                  if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
@@ -1325,7 +1343,11 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
         if (conf)
                 {
                 X509V3_CTX ctx;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+               X509_set_version(x, force_version);
+#else
                 X509_set_version(x,2); /* version 3 certificate */
+#endif
                  X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
                  X509V3_set_nconf(&ctx, conf);
                  if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;