X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fca.c;h=0cb498b9d967fd348ec83b7442e337ae2cbb07e0;hp=346ffd264c6bdcd68a0f94b616e7f7b0140ef798;hb=b5cadfb564a604c0ba1c49984ac796cfd8310731;hpb=510777f2fccf2783d85a5d145dee5e897ad6d3fc;ds=sidebyside

diff --git a/apps/ca.c b/apps/ca.c
index 346ffd264c..0cb498b9d9 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -501,6 +501,12 @@ EF_ALIGNMENT=0;
 			infile= *(++argv);
 			dorevoke=1;
 			}
+		else if (strcmp(*argv,"-valid") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			dorevoke=2;
+			}
 		else if (strcmp(*argv,"-extensions") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -1523,6 +1529,8 @@ bad:
 				NULL, e, infile);
 			if (revcert == NULL)
 				goto err;
+			if (dorevoke == 2)
+				rev_type = -1;
 			j=do_revoke(revcert,db, rev_type, rev_arg);
 			if (j <= 0) goto err;
 			X509_free(revcert);
@@ -1554,6 +1562,8 @@ err:
 	BN_free(serial);
 	BN_free(crlnumber);
 	free_index(db);
+	if (sigopts)
+		sk_OPENSSL_STRING_free(sigopts);
 	EVP_PKEY_free(pkey);
 	if (x509) X509_free(x509);
 	X509_CRL_free(crl);
@@ -2484,7 +2494,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 			}
 
 		/* Revoke Certificate */
-		ok = do_revoke(x509,db, type, value);
+		if (type == -1)
+			ok = 1;
+		else
+			ok = do_revoke(x509,db, type, value);
 
 		goto err;
 
@@ -2495,6 +2508,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 			   row[DB_name]);
 		goto err;
 		}
+	else if (type == -1)
+		{
+		BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
+			   row[DB_serial]);
+		goto err;
+		}
 	else if (rrow[DB_type][0]=='R')
 		{
 		BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
@@ -2559,7 +2578,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
 			
 	/* Make it Upper Case */
 	for (i=0; row[DB_serial][i] != '\0'; i++)
-		row[DB_serial][i] = toupper(row[DB_serial][i]);
+		row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
 	
 
 	ok=1;