infile= *(++argv);
dorevoke=1;
}
+ else if (strcmp(*argv,"-valid") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ dorevoke=2;
+ }
else if (strcmp(*argv,"-extensions") == 0)
{
if (--argc < 1) goto bad;
if (!NCONF_get_number(conf,section,
ENV_DEFAULT_CRL_HOURS, &crlhours))
crlhours = 0;
+ ERR_clear_error();
}
if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
{
NULL, e, infile);
if (revcert == NULL)
goto err;
+ if (dorevoke == 2)
+ rev_type = -1;
j=do_revoke(revcert,db, rev_type, rev_arg);
if (j <= 0) goto err;
X509_free(revcert);
{
ok=0;
BIO_printf(bio_err,"Signature verification problems....\n");
+ ERR_print_errors(bio_err);
goto err;
}
if (i == 0)
{
ok=0;
BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ ERR_print_errors(bio_err);
goto err;
}
else
if (enddate == NULL)
X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
- else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
+ else
+ {
+ int tdays;
+ ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
+ ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
+ days = tdays;
+ }
if (!X509_set_subject_name(ret,subject)) goto err;
}
/* Revoke Certificate */
- ok = do_revoke(x509,db, type, value);
+ if (type == -1)
+ ok = 1;
+ else
+ ok = do_revoke(x509,db, type, value);
goto err;
row[DB_name]);
goto err;
}
+ else if (type == -1)
+ {
+ BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
+ row[DB_serial]);
+ goto err;
+ }
else if (rrow[DB_type][0]=='R')
{
BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
revtm = X509_gmtime_adj(NULL, 0);
+ if (!revtm)
+ return NULL;
+
i = revtm->length + 1;
if (reason) i += strlen(reason) + 1;