X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fcrl.c;h=888cf7ff8d35bf59fdfe648f0903da1eaa59f133;hp=5ea59d0169aabbdd047b366474d774eceb1c9618;hb=95ea53186413c293d981ec1b042954a5fa47d8b7;hpb=79aa04ef27f69a1149d4d0e72d2d2953b6241ef0 diff --git a/apps/crl.c b/apps/crl.c index 5ea59d0169..888cf7ff8d 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -72,7 +72,7 @@ #undef POSTFIX #define POSTFIX ".rvk" -static char *crl_usage[]={ +static const char *crl_usage[]={ "usage: crl args\n", "\n", " -inform arg - input format - default PEM (DER or PEM)\n", @@ -81,12 +81,15 @@ static char *crl_usage[]={ " -in arg - input file - default stdin\n", " -out arg - output file - default stdout\n", " -hash - print hash value\n", +" -fingerprint - print the crl fingerprint\n", " -issuer - print issuer DN\n", " -lastupdate - lastUpdate field\n", " -nextupdate - nextUpdate field\n", +" -crlnumber - print CRL number\n", " -noout - no CRL output\n", " -CAfile name - verify CRL using certificates in file \"name\"\n", " -CApath dir - verify CRL using certificates in \"dir\"\n", +" -nameopt arg - various certificate name options\n", NULL }; @@ -97,6 +100,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + unsigned long nmflag = 0; X509_CRL *x=NULL; char *CAfile = NULL, *CApath = NULL; int ret=1,i,num,badops=0; @@ -104,15 +108,15 @@ int MAIN(int argc, char **argv) int informat,outformat; char *infile=NULL,*outfile=NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; - int fingerprint = 0; - char **pp,buf[256]; + int fingerprint = 0, crlnumber = 0; + const char **pp; X509_STORE *store = NULL; X509_STORE_CTX ctx; X509_LOOKUP *lookup = NULL; X509_OBJECT xobj; EVP_PKEY *pkey; int do_ver = 0; - const EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_sha1(); apps_startup(); @@ -120,6 +124,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + if (bio_out == NULL) if ((bio_out=BIO_new(BIO_s_file())) != NULL) { @@ -185,6 +192,11 @@ int MAIN(int argc, char **argv) text = 1; else if (strcmp(*argv,"-hash") == 0) hash= ++num; + else if (strcmp(*argv,"-nameopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_name_ex(&nmflag, *(++argv))) goto bad; + } else if (strcmp(*argv,"-issuer") == 0) issuer= ++num; else if (strcmp(*argv,"-lastupdate") == 0) @@ -195,6 +207,8 @@ int MAIN(int argc, char **argv) noout= ++num; else if (strcmp(*argv,"-fingerprint") == 0) fingerprint= ++num; + else if (strcmp(*argv,"-crlnumber") == 0) + crlnumber= ++num; else if ((md_alg=EVP_get_digestbyname(*argv + 1))) { /* ok */ @@ -268,11 +282,23 @@ bad: { if (issuer == i) { - X509_NAME_oneline(X509_CRL_get_issuer(x), - buf,256); - BIO_printf(bio_out,"issuer= %s\n",buf); + print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); + } + if (crlnumber == i) + { + ASN1_INTEGER *crlnum; + crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, + NULL, NULL); + BIO_printf(bio_out,"crlNumber="); + if (crlnum) + { + i2a_ASN1_INTEGER(bio_out, crlnum); + ASN1_INTEGER_free(crlnum); + } + else + BIO_puts(bio_out, ""); + BIO_printf(bio_out,"\n"); } - if (hash == i) { BIO_printf(bio_out,"%08lx\n", @@ -346,7 +372,11 @@ bad: if (text) X509_CRL_print(out, x); - if (noout) goto end; + if (noout) + { + ret = 0; + goto end; + } if (outformat == FORMAT_ASN1) i=(int)i2d_X509_CRL_bio(out,x); @@ -369,7 +399,7 @@ end: X509_STORE_free(store); } apps_shutdown(); - EXIT(ret); + OPENSSL_EXIT(ret); } static X509_CRL *load_crl(char *infile, int format) @@ -377,6 +407,12 @@ static X509_CRL *load_crl(char *infile, int format) X509_CRL *x=NULL; BIO *in=NULL; + if (format == FORMAT_HTTP) + { + load_cert_crl_http(infile, bio_err, NULL, &x); + return x; + } + in=BIO_new(BIO_s_file()); if (in == NULL) {