" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -hash - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old - print old-style (MD5) hash value\n",
+#endif
" -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
char *CAfile = NULL, *CApath = NULL;
int ret=1,i,num,badops=0,badsig=0;
BIO *out=NULL;
- int informat,outformat;
- char *infile=NULL,*outfile=NULL;
+ int informat,outformat, keyformat;
+ char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+ int hash_old=0;
+#endif
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
+ keyformat=FORMAT_PEM;
argc--;
argv++;
if (--argc < 1) goto bad;
infile= *(++argv);
}
+ else if (strcmp(*argv,"-gendelta") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crldiff= *(++argv);
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyformat=str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
+#ifndef OPENSSL_NO_MD5
+ else if (strcmp(*argv,"-hash_old") == 0)
+ hash_old= ++num;
+#endif
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
else BIO_printf(bio_err, "verify OK\n");
}
+ if (crldiff)
+ {
+ X509_CRL *newcrl, *delta;
+ if (!keyfile)
+ {
+ BIO_puts(bio_err, "Missing CRL signing key\n");
+ goto end;
+ }
+ newcrl = load_crl(crldiff,informat);
+ if (!newcrl)
+ goto end;
+ pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
+ "CRL signing key");
+ if (!pkey)
+ {
+ X509_CRL_free(newcrl);
+ goto end;
+ }
+ delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
+ X509_CRL_free(newcrl);
+ EVP_PKEY_free(pkey);
+ if (delta)
+ {
+ X509_CRL_free(x);
+ x = delta;
+ }
+ else
+ {
+ BIO_puts(bio_err, "Error creating delta CRL\n");
+ goto end;
+ }
+ }
+
if (num)
{
for (i=1; i<=num; i++)
BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
+#ifndef OPENSSL_NO_MD5
+ if (hash_old == i)
+ {
+ BIO_printf(bio_out,"%08lx\n",
+ X509_NAME_hash_old(
+ X509_CRL_get_issuer(x)));
+ }
+#endif
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
ret=0;
end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
BIO_free_all(out);
BIO_free_all(bio_out);
bio_out=NULL;