static char *crl_usage[]={
"usage: crl args\n",
"\n",
-" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM\n",
" -text - print out a text format version\n",
" -in arg - input file - default stdin\n",
" -noout - no CRL output\n",
" -CAfile name - verify CRL using certificates in file \"name\"\n",
" -CApath dir - verify CRL using certificates in \"dir\"\n",
+" -nameopt arg - various certificate name options\n",
NULL
};
static X509_CRL *load_crl(char *file, int format);
static BIO *bio_out=NULL;
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
+ unsigned long nmflag = 0;
X509_CRL *x=NULL;
char *CAfile = NULL, *CApath = NULL;
int ret=1,i,num,badops=0;
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
- char **pp,buf[256];
+ int fingerprint = 0;
+ char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL;
X509_OBJECT xobj;
EVP_PKEY *pkey;
int do_ver = 0;
+ const EVP_MD *md_alg,*digest=EVP_md5();
apps_startup();
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
if (bio_out == NULL)
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+ {
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_out = BIO_push(tmpbio, bio_out);
+ }
+#endif
+ }
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+ }
else if (strcmp(*argv,"-issuer") == 0)
issuer= ++num;
else if (strcmp(*argv,"-lastupdate") == 0)
nextupdate= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
+ else if (strcmp(*argv,"-fingerprint") == 0)
+ fingerprint= ++num;
+ else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
+ {
+ /* ok */
+ digest=md_alg;
+ }
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
{
bad:
for (pp=crl_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,*pp);
+ BIO_printf(bio_err,"%s",*pp);
goto end;
}
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
ERR_clear_error();
- X509_STORE_CTX_init(&ctx, store, NULL, NULL);
+ if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+ BIO_printf(bio_err,
+ "Error initialising X509 store\n");
+ goto end;
+ }
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj);
{
if (issuer == i)
{
- X509_NAME_oneline(X509_CRL_get_issuer(x),
- buf,256);
- BIO_printf(bio_out,"issuer= %s\n",buf);
+ print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
}
if (hash == i)
BIO_printf(bio_out,"NONE");
BIO_printf(bio_out,"\n");
}
+ if (fingerprint == i)
+ {
+ int j;
+ unsigned int n;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+ if (!X509_CRL_digest(x,digest,md,&n))
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+ BIO_printf(bio_out,"%s Fingerprint=",
+ OBJ_nid2sn(EVP_MD_type(digest)));
+ for (j=0; j<(int)n; j++)
+ {
+ BIO_printf(bio_out,"%02X%c",md[j],
+ (j+1 == (int)n)
+ ?'\n':':');
+ }
+ }
}
}
}
if (outfile == NULL)
+ {
BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
else
{
if (BIO_write_filename(out,outfile) <= 0)
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
ret=0;
end:
- BIO_free(out);
- BIO_free(bio_out);
+ BIO_free_all(out);
+ BIO_free_all(bio_out);
bio_out=NULL;
X509_CRL_free(x);
if(store) {
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)