if (inrand)
app_RAND_load_files(inrand);
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+ {
+ newkey=DEFAULT_KEY_LENGTH;
+ }
+
if (keyalg)
{
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
goto end;
}
- if (newkey <= 0)
- {
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- newkey=DEFAULT_KEY_LENGTH;
- }
-
if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
{
BIO_printf(bio_err,"private key length is too short,\n");
if (subj && x509)
{
- BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+ BIO_printf(bio_err, "Cannot modify certificate subject\n");
goto end;
}
/* setup version number */
if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
- if (no_prompt)
+ if (subj)
+ i = build_subject(req, subj, chtype, multirdn);
+ else if (no_prompt)
i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
- else
- {
- if (subj)
- i = build_subject(req, subj, chtype, multirdn);
- else
- i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
- }
+ else
+ i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
if(!i) goto err;
if (!X509_REQ_set_pubkey(req,pkey)) goto err;
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
+
if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
(unsigned char *) buf, -1,-1,mval)) goto err;
ret=1;
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
(unsigned char *)buf, -1)) {
keylen = atol(p + 1);
*pkeylen = keylen;
}
+ else
+ keylen = *pkeylen;
}
else if (p)
paramfile = p + 1;
if (p == 3) c='\n';
BIO_write(b,&c,1);
(void)BIO_flush(b);
-#ifdef LINT
- p=n;
-#endif
return 1;
}
}
+
+int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+ STACK_OF(OPENSSL_STRING) *sigopts)
+ {
+ int rv;
+ EVP_MD_CTX mctx;
+ EVP_MD_CTX_init(&mctx);
+ rv = do_sign_init(err, &mctx, pkey, md, sigopts);
+ if (rv > 0)
+ rv = X509_CRL_sign_ctx(x, &mctx);
+ EVP_MD_CTX_cleanup(&mctx);
+ return rv > 0 ? 1 : 0;
+ }
+
+