Continued patches so certificates and CRLs now can support and use

[openssl.git] / apps / x509.c

diff --git a/apps/x509.c b/apps/x509.c
index 94d57bb3d23441964a1c3881f18d3239597c8379..fa8537e078f10c05e6bd3d23af23e12b8fd26641 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -110,7 +110,7 @@ static char *x509_usage[]={
 "                   missing, it is asssumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
-" -text           - print the certitificate in text form\n",
+" -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
 NULL
@@ -305,6 +305,7 @@ bad:
                }
 
        ERR_load_crypto_strings();
+       X509v3_add_netscape_extensions();
 
        if (!X509_STORE_set_default_paths(ctx))
                {
@@ -368,6 +369,7 @@ bad:
                        goto end;
                        }
                i=X509_REQ_verify(req,pkey);
+               EVP_PKEY_free(pkey);
                if (i < 0)
                        {
                        BIO_printf(bio_err,"Signature verification error\n");
@@ -400,7 +402,9 @@ bad:
                ci->key=req->req_info->pubkey;
                req->req_info->pubkey=NULL;
 #else
-               X509_set_pubkey(x,X509_REQ_get_pubkey(req));
+               pkey = X509_REQ_get_pubkey(req);
+               X509_set_pubkey(x,pkey);
+               EVP_PKEY_free(pkey);
 #endif
                }
        else
@@ -481,6 +485,7 @@ bad:
                                else
                                        BIO_printf(STDout,"Wrong Algorithm type");
                                BIO_printf(STDout,"\n");
+                               EVP_PKEY_free(pkey);
                                }
                        else
 #endif
@@ -545,13 +550,13 @@ bad:
                        else if (startdate == i)
                                {
                                BIO_puts(STDout,"notBefore=");
-                               ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
+                               ASN1_TIME_print(STDout,X509_get_notBefore(x));
                                BIO_puts(STDout,"\n");
                                }
                        else if (enddate == i)
                                {
                                BIO_puts(STDout,"notAfter=");
-                               ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
+                               ASN1_TIME_print(STDout,X509_get_notAfter(x));
                                BIO_puts(STDout,"\n");
                                }
                        else if (fingerprint == i)
@@ -688,6 +693,7 @@ end:
        if (Upkey != NULL) EVP_PKEY_free(Upkey);
        if (CApkey != NULL) EVP_PKEY_free(CApkey);
        if (rq != NULL) X509_REQ_free(rq);
+       X509v3_cleanup_extensions();
        EXIT(ret);
        }
 
@@ -711,7 +717,9 @@ int days;
        X509_STORE_CTX xsc;
        EVP_PKEY *upkey;
 
-       EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey);
+       upkey = X509_get_pubkey(xca);
+       EVP_PKEY_copy_parameters(upkey,pkey);
+       EVP_PKEY_free(upkey);
 
        X509_STORE_CTX_init(&xsc,ctx,x,NULL);
        buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
@@ -829,6 +837,7 @@ int days;
                /* Force a re-write */
                X509_set_pubkey(x,upkey);
                }
+       EVP_PKEY_free(upkey);
 
        if (!X509_sign(x,pkey,digest)) goto end;
        ret=1;
@@ -1029,8 +1038,12 @@ int days;
 EVP_MD *digest;
        {
 
-       EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey);
-       EVP_PKEY_save_parameters(X509_get_pubkey(x),1);
+       EVP_PKEY *pktmp;
+
+       pktmp = X509_get_pubkey(x);
+       EVP_PKEY_copy_parameters(pktmp,pkey);
+       EVP_PKEY_save_parameters(pktmp,1);
+       EVP_PKEY_free(pktmp);
 
        if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
        if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;