X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fca.c;h=2d71104745159c49667d35c023cf98f4a5a422d5;hb=c29dbb9562f275485c1266af523cd5d59311d583;hp=5e12c0216a55a82d6d911b6e29e080504f0d6379;hpb=dfebac32c0a1611a42f1629b3dc50d31f8113396;p=oweals%2Fopenssl.git diff --git a/apps/ca.c b/apps/ca.c index 5e12c0216a..2d71104745 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -61,7 +61,6 @@ #include #include #include -#include #include #include #include "apps.h" @@ -75,7 +74,6 @@ #include #include #include -#include #ifndef W_OK # ifdef VMS @@ -154,8 +152,7 @@ static char *ca_usage[]={ " -days arg - number of days to certify the certificate for\n", " -md arg - md to use, one of md2, md5, sha or sha1\n", " -policy arg - The CA 'policy' to support\n", -" -keyfile arg - private key file\n", -" -keyform arg - private key file format (PEM or ENGINE)\n", +" -keyfile arg - PEM private key file\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", " -in file - The input PEM encoded certificate request(s)\n", @@ -169,11 +166,7 @@ static char *ca_usage[]={ " -msie_hack - msie modifications to handle all those universal strings\n", " -revoke file - Revoke a certificate (given in file)\n", " -extensions .. - Extension section (override value in config file)\n", -" -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", -" -engine e - use engine e, possibly a hardware device.\n", -" -status serial - Shows certificate status given the serial number\n", -" -updatedb - Updates db for expired certificates\n", NULL }; @@ -184,11 +177,11 @@ extern int EF_ALIGNMENT; #endif static void lookup_fail(char *name,char *tag); -static unsigned long index_serial_hash(const char **a); -static int index_serial_cmp(const char **a, const char **b); -static unsigned long index_name_hash(const char **a); +static unsigned long index_serial_hash(char **a); +static int index_serial_cmp(char **a, char **b); +static unsigned long index_name_hash(char **a); static int index_name_qual(char **a); -static int index_name_cmp(const char **a,const char **b); +static int index_name_cmp(char **a,char **b); static BIGNUM *load_serial(char *serialfile); static int save_serial(char *serialfile, BIGNUM *serial); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, @@ -212,27 +205,17 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, char *startdate, char *enddate, int days, int batch, int verbose, X509_REQ *req, char *ext_sect, LHASH *conf); static int do_revoke(X509 *x509, TXT_DB *db); -static int get_certificate_status(const char *ser_status, TXT_DB *db); -static int do_updatedb(TXT_DB *db); static int check_time_format(char *str); static LHASH *conf=NULL; -static LHASH *extconf=NULL; static char *section=NULL; static int preserve=0; static int msie_hack=0; -static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) -static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) -static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) -static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) - - int MAIN(int, char **); int MAIN(int argc, char **argv) { - ENGINE *e = NULL; char *key=NULL,*passargin=NULL; int total=0; int total_done=0; @@ -242,7 +225,6 @@ int MAIN(int argc, char **argv) int verbose=0; int gencrl=0; int dorevoke=0; - int doupdatedb=0; long crldays=0; long crlhours=0; long errorline= -1; @@ -251,18 +233,15 @@ int MAIN(int argc, char **argv) char *policy=NULL; char *keyfile=NULL; char *certfile=NULL; - int keyform=FORMAT_PEM; char *infile=NULL; char *spkac_file=NULL; char *ss_cert_file=NULL; - char *ser_status=NULL; EVP_PKEY *pkey=NULL; int output_der = 0; char *outfile=NULL; char *outdir=NULL; char *serialfile=NULL; char *extensions=NULL; - char *extfile=NULL; char *crl_ext=NULL; BIGNUM *serial=NULL; char *startdate=NULL; @@ -289,7 +268,6 @@ int MAIN(int argc, char **argv) #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; - char *engine = NULL; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -355,11 +333,6 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; keyfile= *(++argv); } - else if (strcmp(*argv,"-keyform") == 0) - { - if (--argc < 1) goto bad; - keyform=str2fmt(*(++argv)); - } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; @@ -441,30 +414,11 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; extensions= *(++argv); } - else if (strcmp(*argv,"-extfile") == 0) - { - if (--argc < 1) goto bad; - extfile= *(++argv); - } - else if (strcmp(*argv,"-status") == 0) - { - if (--argc < 1) goto bad; - ser_status= *(++argv); - } - else if (strcmp(*argv,"-updatedb") == 0) - { - doupdatedb=1; - } else if (strcmp(*argv,"-crlexts") == 0) { if (--argc < 1) goto bad; crl_ext= *(++argv); } - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine= *(++argv); - } else { bad: @@ -485,24 +439,6 @@ bad: ERR_load_crypto_strings(); - if (engine != NULL) - { - if ((e = ENGINE_by_id(engine)) == NULL) - { - BIO_printf(bio_err,"invalid engine \"%s\"\n", - engine); - goto err; - } - if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) - { - BIO_printf(bio_err,"can't use that engine\n"); - goto err; - } - BIO_printf(bio_err,"engine \"%s\" set.\n", engine); - /* Free our "structural" reference. */ - ENGINE_free(e); - } - /*****************************************************************/ if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); @@ -547,8 +483,6 @@ bad: if (conf != NULL) { p=CONF_get_string(conf,NULL,"oid_file"); - if (p == NULL) - ERR_clear_error(); if (p != NULL) { BIO *oid_bio; @@ -568,7 +502,7 @@ bad: BIO_free(oid_bio); } } - if (!add_oid_section(bio_err,conf)) + if(!add_oid_section(bio_err,conf)) { ERR_print_errors(bio_err); goto err; @@ -576,8 +510,6 @@ bad: } randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE"); - if (randfile == NULL) - ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); in=BIO_new(BIO_s_file()); @@ -591,41 +523,7 @@ bad: } /*****************************************************************/ - /* report status of cert with serial number given on command line */ - if (ser_status) - { - if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) - { - lookup_fail(section,ENV_DATABASE); - goto err; - } - if (BIO_read_filename(in,dbfile) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - db=TXT_DB_read(in,DB_NUMBER); - if (db == NULL) goto err; - - if (!TXT_DB_create_index(db, DB_serial, NULL, - LHASH_HASH_FN(index_serial_hash), - LHASH_COMP_FN(index_serial_cmp))) - { - BIO_printf(bio_err, - "error creating serial number index:(%ld,%ld,%ld)\n", - db->error,db->arg1,db->arg2); - goto err; - } - - if (get_certificate_status(ser_status,db) != 1) - BIO_printf(bio_err,"Error verifying serial %s!\n", - ser_status); - goto err; - } - - /*****************************************************************/ - /* we definitely need a public key, so let's get it */ + /* we definitely need an public key, so lets get it */ if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, section,ENV_PRIVATE_KEY)) == NULL)) @@ -633,36 +531,19 @@ bad: lookup_fail(section,ENV_PRIVATE_KEY); goto err; } - if (!key && !app_passwd(bio_err, passargin, NULL, &key, NULL)) + if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL)) { BIO_printf(bio_err,"Error getting password\n"); goto err; } - if (keyform == FORMAT_ENGINE) + if (BIO_read_filename(in,keyfile) <= 0) { - if (!e) - { - BIO_printf(bio_err,"no engine specified\n"); - goto err; - } - pkey = ENGINE_load_private_key(e, keyfile, key); - } - else if (keyform == FORMAT_PEM) - { - if (BIO_read_filename(in,keyfile) <= 0) - { - perror(keyfile); - BIO_printf(bio_err,"trying to load CA private key\n"); - goto err; - } - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); - } - else - { - BIO_printf(bio_err,"bad input format specified for key file\n"); + perror(keyfile); + BIO_printf(bio_err,"trying to load CA private key\n"); goto err; } - if (key) memset(key,0,strlen(key)); + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); + if(key) memset(key,0,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); @@ -697,13 +578,9 @@ bad: } f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); - if (f == NULL) - ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) preserve=1; f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); - if (f == NULL) - ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) msie_hack=1; @@ -825,129 +702,27 @@ bad: BIO_printf(bio_err,"generating index\n"); } - if (!TXT_DB_create_index(db, DB_serial, NULL, - LHASH_HASH_FN(index_serial_hash), - LHASH_COMP_FN(index_serial_cmp))) + if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, + index_serial_cmp)) { BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2); goto err; } - if (!TXT_DB_create_index(db, DB_name, index_name_qual, - LHASH_HASH_FN(index_name_hash), - LHASH_COMP_FN(index_name_cmp))) + if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash, + index_name_cmp)) { BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", db->error,db->arg1,db->arg2); goto err; } - /*****************************************************************/ - /* Update the db file for expired certificates */ - if (doupdatedb) - { - if (verbose) - BIO_printf(bio_err, "Updating %s ...\n", - dbfile); - - i = do_updatedb(db); - if (i == -1) - { - BIO_printf(bio_err,"Malloc failure\n"); - goto err; - } - else if (i == 0) - { - if (verbose) BIO_printf(bio_err, - "No entries found to mark expired\n"); - } - else - { - out = BIO_new(BIO_s_file()); - if (out == NULL) - { - ERR_print_errors(bio_err); - goto err; - } - - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile); - if (j < 0 || j >= sizeof buf[0]) - { - BIO_printf(bio_err, "file name too long\n"); - goto err; - } - if (BIO_write_filename(out,buf[0]) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n", - dbfile); - goto err; - } - j=TXT_DB_write(out,db); - if (j <= 0) goto err; - - BIO_free(out); - out = NULL; - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile); - if (j < 0 || j >= sizeof buf[1]) - { - BIO_printf(bio_err, "file name too long\n"); - goto err; - } - if (rename(dbfile,buf[1]) < 0) - { - BIO_printf(bio_err, - "unable to rename %s to %s\n", - dbfile, buf[1]); - perror("reason"); - goto err; - } - if (rename(buf[0],dbfile) < 0) - { - BIO_printf(bio_err, - "unable to rename %s to %s\n", - buf[0],dbfile); - perror("reason"); - rename(buf[1],dbfile); - goto err; - } - - if (verbose) BIO_printf(bio_err, - "Done. %d entries marked as expired\n",i); - } - goto err; - } - - /*****************************************************************/ - /* Read extentions config file */ - if (extfile) - { - long errorline; - if (!(extconf=CONF_load(NULL,extfile,&errorline))) - { - if (errorline <= 0) - BIO_printf(bio_err, "ERROR: loading the config file '%s'\n", - extfile); - else - BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n", - errorline,extfile); - ret = 1; - goto err; - } - - if (verbose) - BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile); - - /* We can have sections in the ext file */ - if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions"))) - extensions = "default"; - } - /*****************************************************************/ if (req || gencrl) { if (outfile != NULL) { + if (BIO_write_filename(Sout,outfile) <= 0) { perror(outfile); @@ -997,42 +772,26 @@ bad: lookup_fail(section,ENV_SERIAL); goto err; } - - if (!extconf) - { - /* no '-extfile' option, so we look for extensions - * in the main configuration file */ - if (!extensions) - { - extensions=CONF_get_string(conf,section, - ENV_EXTENSIONS); - if (!extensions) - ERR_clear_error(); - } - if (extensions) - { - /* Check syntax of file */ - X509V3_CTX ctx; - X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, extensions, - NULL)) - { - BIO_printf(bio_err, - "Error Loading extension section %s\n", + if(!extensions) + extensions=CONF_get_string(conf,section,ENV_EXTENSIONS); + if(extensions) { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) { + BIO_printf(bio_err, + "Error Loading extension section %s\n", extensions); - ret = 1; - goto err; - } - } + ret = 1; + goto err; } + } if (startdate == NULL) { startdate=CONF_get_string(conf,section, ENV_DEFAULT_STARTDATE); - if (startdate == NULL) - ERR_clear_error(); } if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) { @@ -1045,8 +804,6 @@ bad: { enddate=CONF_get_string(conf,section, ENV_DEFAULT_ENDDATE); - if (enddate == NULL) - ERR_clear_error(); } if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) { @@ -1326,27 +1083,20 @@ bad: /*****************************************************************/ if (gencrl) { - if (!crl_ext) - { - crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); - if (!crl_ext) - ERR_clear_error(); - } - if (crl_ext) - { + if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); + if(crl_ext) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) - { + if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) { BIO_printf(bio_err, "Error Loading CRL extension section %s\n", crl_ext); ret = 1; goto err; - } } + } if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err; if (!crldays && !crlhours) @@ -1392,7 +1142,7 @@ bad: if (!a2i_ASN1_INTEGER(hex,r->serialNumber, buf[0],BSIZE)) goto err; - X509_CRL_add0_revoked(crl,r); + sk_X509_REVOKED_push(ci->revoked,r); } } /* sort the data so it will be written in serial @@ -1415,29 +1165,28 @@ bad: } } else - { + { #ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) - dgst=EVP_dss1(); - else + if (pkey->type == EVP_PKEY_DSA) + dgst=EVP_dss1(); + else #endif - dgst=EVP_md5(); - } + dgst=EVP_md5(); + } /* Add any extensions asked for */ - if (crl_ext) - { - X509V3_CTX crlctx; - if (ci->version == NULL) - if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; - ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */ - X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); - X509V3_set_conf_lhash(&crlctx, conf); + if(crl_ext) { + X509V3_CTX crlctx; + if (ci->version == NULL) + if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; + ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */ + X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); + X509V3_set_conf_lhash(&crlctx, conf); - if (!X509V3_EXT_CRL_add_conf(conf, &crlctx, - crl_ext, crl)) goto err; - } + if(!X509V3_EXT_CRL_add_conf(conf, &crlctx, + crl_ext, crl)) goto err; + } if (!X509_CRL_sign(crl,pkey,dgst)) goto err; @@ -1526,31 +1275,31 @@ static void lookup_fail(char *name, char *tag) BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); } -static unsigned long index_serial_hash(const char **a) +static unsigned long index_serial_hash(char **a) { - const char *n; + char *n; n=a[DB_serial]; while (*n == '0') n++; return(lh_strhash(n)); } -static int index_serial_cmp(const char **a, const char **b) +static int index_serial_cmp(char **a, char **b) { - const char *aa,*bb; + char *aa,*bb; for (aa=a[DB_serial]; *aa == '0'; aa++); for (bb=b[DB_serial]; *bb == '0'; bb++); return(strcmp(aa,bb)); } -static unsigned long index_name_hash(const char **a) +static unsigned long index_name_hash(char **a) { return(lh_strhash(a[DB_name])); } static int index_name_qual(char **a) { return(a[0][0] == 'V'); } -static int index_name_cmp(const char **a, const char **b) +static int index_name_cmp(char **a, char **b) { return(strcmp(a[DB_name], b[DB_name])); } @@ -2052,7 +1801,7 @@ again2: else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); - if (days) BIO_printf(bio_err," (%d days)",days); + if(days) BIO_printf(bio_err," (%d days)",days); BIO_printf(bio_err, "\n"); if (!X509_set_subject_name(ret,subject)) goto err; @@ -2079,47 +1828,11 @@ again2: ci->extensions = NULL; - /* Initialize the context structure */ X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); + X509V3_set_conf_lhash(&ctx, lconf); - if (extconf) - { - if (verbose) - BIO_printf(bio_err, "Extra configuration file found\n"); - - /* Use the extconf configuration db LHASH */ - X509V3_set_conf_lhash(&ctx, extconf); - - /* Test the structure (needed?) */ - /* X509V3_set_ctx_test(&ctx); */ - - /* Adds exts contained in the configuration file */ - if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret)) - { - BIO_printf(bio_err, - "ERROR: adding extensions in section %s\n", - ext_sect); - ERR_print_errors(bio_err); - goto err; - } - if (verbose) - BIO_printf(bio_err, "Successfully added extensions from file.\n"); - } - else if (ext_sect) - { - /* We found extensions to be set from config file */ - X509V3_set_conf_lhash(&ctx, lconf); - - if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) - { - BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect); - ERR_print_errors(bio_err); - goto err; - } + if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err; - if (verbose) - BIO_printf(bio_err, "Successfully added extensions from config\n"); - } } @@ -2234,7 +1947,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber); BIO_puts(bp,"\n\n"); #endif - if (!notext)X509_print(bp,x); + if(!notext)X509_print(bp,x); PEM_write_bio_X509(bp,x); } @@ -2307,13 +2020,12 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, /* Skip past any leading X. X: X, etc to allow for * multiple instances */ - for (buf = cv->name; *buf ; buf++) - if ((*buf == ':') || (*buf == ',') || (*buf == '.')) - { - buf++; - if (*buf) type = buf; - break; - } + for(buf = cv->name; *buf ; buf++) + if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { + buf++; + if(*buf) type = buf; + break; + } buf=cv->value; if ((nid=OBJ_txt2nid(type)) == NID_undef) @@ -2412,7 +2124,7 @@ static int check_time_format(char *str) } static int do_revoke(X509 *x509, TXT_DB *db) - { +{ ASN1_UTCTIME *tm=NULL, *revtm=NULL; char *row[DB_NUMBER],**rrow,**irow; BIGNUM *bn = NULL; @@ -2488,7 +2200,7 @@ static int do_revoke(X509 *x509, TXT_DB *db) goto err; } - else if (index_name_cmp((const char **)row,(const char **)rrow)) + else if (index_name_cmp(row,rrow)) { BIO_printf(bio_err,"ERROR:name does not match %s\n", row[DB_name]); @@ -2520,164 +2232,5 @@ err: OPENSSL_free(row[i]); } return(ok); - } - -static int get_certificate_status(const char *serial, TXT_DB *db) - { - char *row[DB_NUMBER],**rrow; - int ok=-1,i; - - /* Free Resources */ - for (i=0; i= 2000 */ - char **rrow, *a_tm_s; - - a_tm = ASN1_UTCTIME_new(); - - /* get actual time and make a string */ - a_tm = X509_gmtime_adj(a_tm, 0); - a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1); - if (a_tm_s == NULL) - { - cnt = -1; - goto err; - } - - memcpy(a_tm_s, a_tm->data, a_tm->length); - a_tm_s[a_tm->length] = '\0'; - - if (strncmp(a_tm_s, "49", 2) <= 0) - a_y2k = 1; - else - a_y2k = 0; - - for (i = 0; i < sk_num(db->data); i++) - { - rrow = (char **) sk_value(db->data, i); - - if (rrow[DB_type][0] == 'V') - { - /* ignore entries that are not valid */ - if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) - db_y2k = 1; - else - db_y2k = 0; - - if (db_y2k == a_y2k) - { - /* all on the same y2k side */ - if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) - { - rrow[DB_type][0] = 'E'; - rrow[DB_type][1] = '\0'; - cnt++; - - BIO_printf(bio_err, "%s=Expired\n", - rrow[DB_serial]); - } - } - else if (db_y2k < a_y2k) - { - rrow[DB_type][0] = 'E'; - rrow[DB_type][1] = '\0'; - cnt++; - - BIO_printf(bio_err, "%s=Expired\n", - rrow[DB_serial]); - } - - } - } - -err: - - ASN1_UTCTIME_free(a_tm); - OPENSSL_free(a_tm_s); - - return (cnt); - }