1024 is the export key bits limit according to current regulations, not 512.

[oweals/openssl.git] / apps / x509.c

diff --git a/apps/x509.c b/apps/x509.c
index 0f6e9ad907c7bff0d3908962e20d26b49d385c06..2020b51de0647f90dc64f59cd4954d04f5674468 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -131,7 +131,9 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
+#ifndef OPENSSL_NO_ENGINE
 " -engine e       - use engine e, possibly a hardware device.\n",
+#endif
 " -certopt arg    - various certificate text options\n",
 NULL
 };
@@ -183,7 +185,9 @@ int MAIN(int argc, char **argv)
        int need_rand = 0;
        int checkend=0,checkoffset=0;
        unsigned long nmflag = 0, certflag = 0;
+#ifndef OPENSSL_NO_ENGINE
        char *engine=NULL;
+#endif
 
        reqfile=0;
 
@@ -354,17 +358,13 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        if (!set_name_ex(&nmflag, *(++argv))) goto bad;
                        }
-               else if (strcmp(*argv,"-setalias") == 0)
-                       {
-                       if (--argc < 1) goto bad;
-                       alias= *(++argv);
-                       trustout = 1;
-                       }
+#ifndef OPENSSL_NO_ENGINE
                else if (strcmp(*argv,"-engine") == 0)
                        {
                        if (--argc < 1) goto bad;
                        engine= *(++argv);
                        }
+#endif
                else if (strcmp(*argv,"-C") == 0)
                        C= ++num;
                else if (strcmp(*argv,"-email") == 0)
@@ -450,7 +450,9 @@ bad:
                goto end;
                }
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
        if (need_rand)
                app_RAND_load_file(NULL, bio_err, 0);
@@ -870,10 +872,6 @@ bad:
                                if (Upkey->type == EVP_PKEY_DSA)
                                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-                               if (Upkey->type == EVP_PKEY_EC)
-                                       digest=EVP_ecdsa();
-#endif
 
                                assert(need_rand);
                                if (!sign(x,Upkey,days,clrext,digest,
@@ -894,10 +892,6 @@ bad:
                                if (CApkey->type == EVP_PKEY_DSA)
                                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-                               if (CApkey->type == EVP_PKEY_EC)
-                                       digest = EVP_ecdsa();
-#endif
                                
                                assert(need_rand);
                                if (!x509_certify(ctx,CAfile,digest,x,xca,
@@ -929,10 +923,6 @@ bad:
                                if (pk->type == EVP_PKEY_DSA)
                                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-                               if (pk->type == EVP_PKEY_EC)
-                                       digest=EVP_ecdsa();
-#endif
 
                                rq=X509_to_X509_REQ(x,pk,digest);
                                EVP_PKEY_free(pk);
@@ -1029,7 +1019,7 @@ end:
        sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
        if (passin) OPENSSL_free(passin);
        apps_shutdown();
-       EXIT(ret);
+       OPENSSL_EXIT(ret);
        }
 
 static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
@@ -1155,7 +1145,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
        else if (!(bs = load_serial(CAfile, serialfile, create)))
                goto end;
 
-       if (!X509_STORE_add_cert(ctx,x)) goto end;
+/*     if (!X509_STORE_add_cert(ctx,x)) goto end;*/
 
        /* NOTE: this certificate can/should be self signed, unless it was
         * a certificate request in which case it is not. */