static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
int attribs, unsigned long chtype);
-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
+static int build_subject(X509_REQ *req, const char *subj, unsigned long chtype,
int multirdn);
static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect,
+ STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
int attribs, unsigned long chtype);
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
STACK_OF(CONF_VALUE) *attr, int attribs,
{"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
"Enable support for multivalued RDNs"},
{"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
- {"set_serial", OPT_SET_SERIAL, 'p', "Serial number to use"},
+ {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
{"extensions", OPT_EXTENSIONS, 's',
"Cert extension section (override value in config file)"},
{"reqexts", OPT_REQEXTS, 's',
days = atoi(opt_arg());
break;
case OPT_SET_SERIAL:
+ if (serial != NULL) {
+ BIO_printf(bio_err, "Serial number supplied twice\n");
+ goto opthelp;
+ }
serial = s2i_ASN1_INTEGER(NULL, opt_arg());
if (serial == NULL)
goto opthelp;
if (argc != 0)
goto opthelp;
+ if (x509 && infile == NULL)
+ newreq = 1;
+
if (!nmflag_set)
nmflag = XN_FLAG_ONELINE;
- /* TODO: simplify this as pkey is still always NULL here */
+ /* TODO: simplify this as pkey is still always NULL here */
private = newreq && (pkey == NULL) ? 1 : 0;
if (!app_passwd(passargin, passargout, &passin, &passout)) {
if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
goto end;
- if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
- goto end;
- if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL))
+ if (!set_cert_times(x509ss, NULL, NULL, days))
goto end;
if (!X509_set_subject_name
(x509ss, X509_REQ_get_subject_name(req)))
goto end;
if (pubkey) {
- EVP_PKEY *tpubkey;
- tpubkey = X509_REQ_get_pubkey(req);
+ EVP_PKEY *tpubkey = X509_REQ_get0_pubkey(req);
+
if (tpubkey == NULL) {
BIO_printf(bio_err, "Error getting public key\n");
ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_PUBKEY(out, tpubkey);
- EVP_PKEY_free(tpubkey);
}
if (text) {
EVP_PKEY *tpubkey;
if (x509)
- tpubkey = X509_get_pubkey(x509ss);
+ tpubkey = X509_get0_pubkey(x509ss);
else
- tpubkey = X509_REQ_get_pubkey(req);
+ tpubkey = X509_REQ_get0_pubkey(req);
if (tpubkey == NULL) {
fprintf(stdout, "Modulus=unavailable\n");
goto end;
} else
#endif
fprintf(stdout, "Wrong Algorithm type");
- EVP_PKEY_free(tpubkey);
fprintf(stdout, "\n");
}
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
+ release_engine(e);
if (passin != nofree_passin)
OPENSSL_free(passin);
if (passout != nofree_passout)
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype,
+static int build_subject(X509_REQ *req, const char *subject, unsigned long chtype,
int multirdn)
{
X509_NAME *n;
}
static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect,
+ STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
int attribs, unsigned long chtype)
{
int i;
}
if ((n_max >= 0) && (len > n_max)) {
BIO_printf(bio_err,
- "string is too long, it needs to be less than %d bytes long\n",
+ "string is too long, it needs to be no more than %d bytes long\n",
n_max);
return (0);
}