static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
int attribs, unsigned long chtype);
-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
+static int build_subject(X509_REQ *req, const char *subj, unsigned long chtype,
int multirdn);
static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect,
+ STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
int attribs, unsigned long chtype);
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
STACK_OF(CONF_VALUE) *attr, int attribs,
{"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
"Enable support for multivalued RDNs"},
{"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
- {"set_serial", OPT_SET_SERIAL, 'p', "Serial number to use"},
+ {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
{"extensions", OPT_EXTENSIONS, 's',
"Cert extension section (override value in config file)"},
{"reqexts", OPT_REQEXTS, 's',
days = atoi(opt_arg());
break;
case OPT_SET_SERIAL:
+ if (serial != NULL) {
+ BIO_printf(bio_err, "Serial number supplied twice\n");
+ goto opthelp;
+ }
serial = s2i_ASN1_INTEGER(NULL, opt_arg());
if (serial == NULL)
goto opthelp;
if (argc != 0)
goto opthelp;
+ if (x509 && infile == NULL)
+ newreq = 1;
+
if (!nmflag_set)
nmflag = XN_FLAG_ONELINE;
if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
goto end;
- if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
- goto end;
- if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL))
+ if (!set_cert_times(x509ss, NULL, NULL, days))
goto end;
if (!X509_set_subject_name
(x509ss, X509_REQ_get_subject_name(req)))
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
+ release_engine(e);
if (passin != nofree_passin)
OPENSSL_free(passin);
if (passout != nofree_passout)
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype,
+static int build_subject(X509_REQ *req, const char *subject, unsigned long chtype,
int multirdn)
{
X509_NAME *n;
}
static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect,
+ STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
int attribs, unsigned long chtype)
{
int i;
/* If OBJ not recognised ignore it */
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start;
- if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name)
+ if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
def = "";
}
- BIO_snprintf(buf, sizeof buf, "%s_value", v->name);
+ BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error();
value = NULL;
}
- BIO_snprintf(buf, sizeof buf, "%s_min", v->name);
+ BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
- BIO_snprintf(buf, sizeof buf, "%s_max", v->name);
+ BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2;
- if (BIO_snprintf(buf, sizeof buf, "%s_default", type)
+ if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
def = "";
}
- BIO_snprintf(buf, sizeof buf, "%s_value", type);
+ BIO_snprintf(buf, sizeof(buf), "%s_value", type);
if ((value = NCONF_get_string(req_conf, attr_sect, buf))
== NULL) {
ERR_clear_error();
value = NULL;
}
- BIO_snprintf(buf, sizeof buf, "%s_min", type);
+ BIO_snprintf(buf, sizeof(buf), "%s_min", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
- BIO_snprintf(buf, sizeof buf, "%s_max", type);
+ BIO_snprintf(buf, sizeof(buf), "%s_max", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
- OPENSSL_strlcpy(buf, value, sizeof buf);
- OPENSSL_strlcat(buf, "\n", sizeof buf);
+ OPENSSL_strlcpy(buf, value, sizeof(buf));
+ OPENSSL_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
- if (!fgets(buf, sizeof buf, stdin))
+ if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
- OPENSSL_strlcpy(buf, def, sizeof buf);
- OPENSSL_strlcat(buf, "\n", sizeof buf);
+ OPENSSL_strlcpy(buf, def, sizeof(buf));
+ OPENSSL_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
- OPENSSL_strlcpy(buf, value, sizeof buf);
- OPENSSL_strlcat(buf, "\n", sizeof buf);
+ OPENSSL_strlcpy(buf, value, sizeof(buf));
+ OPENSSL_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
- if (!fgets(buf, sizeof buf, stdin))
+ if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
- OPENSSL_strlcpy(buf, def, sizeof buf);
- OPENSSL_strlcat(buf, "\n", sizeof buf);
+ OPENSSL_strlcpy(buf, def, sizeof(buf));
+ OPENSSL_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);
}
if ((n_max >= 0) && (len > n_max)) {
BIO_printf(bio_err,
- "string is too long, it needs to be less than %d bytes long\n",
+ "string is too long, it needs to be no more than %d bytes long\n",
n_max);
return (0);
}