" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
+#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
+#endif
" -certopt arg - various certificate text options\n",
NULL
};
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
reqfile=0;
if (--argc < 1) goto bad;
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
}
- else if (strcmp(*argv,"-setalias") == 0)
- {
- if (--argc < 1) goto bad;
- alias= *(++argv);
- trustout = 1;
- }
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
if (Upkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
-#ifndef OPENSSL_NO_ECDSA
- if (Upkey->type == EVP_PKEY_EC)
- digest=EVP_ecdsa();
-#endif
assert(need_rand);
if (!sign(x,Upkey,days,clrext,digest,
if (CApkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
-#ifndef OPENSSL_NO_ECDSA
- if (CApkey->type == EVP_PKEY_EC)
- digest = EVP_ecdsa();
-#endif
assert(need_rand);
if (!x509_certify(ctx,CAfile,digest,x,xca,
if (pk->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pk->type == EVP_PKEY_EC)
- digest=EVP_ecdsa();
-#endif
rq=X509_to_X509_REQ(x,pk,digest);
EVP_PKEY_free(pk);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
if (passin) OPENSSL_free(passin);
apps_shutdown();
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
else if (!(bs = load_serial(CAfile, serialfile, create)))
goto end;
- if (!X509_STORE_add_cert(ctx,x)) goto end;
+/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
/* NOTE: this certificate can/should be self signed, unless it was
* a certificate request in which case it is not. */