X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fx509.c;h=5f61eb5c467a54d125ba42a65ae0cd7d78bc0f4e;hb=761f3b403b45d3260b5c7cdfce45a57691c27c60;hp=4869b14025d467c38eca805b8faba4eaa95d1cad;hpb=90fac840669f02e75078052a58638ead9ed27a78;p=oweals%2Fopenssl.git diff --git a/apps/x509.c b/apps/x509.c index 4869b14025..5f61eb5c46 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -73,8 +73,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif #undef PROG #define PROG x509_main @@ -83,7 +87,7 @@ #define POSTFIX ".srl" #define DEF_DAYS 30 -static char *x509_usage[]={ +static const char *x509_usage[]={ "usage: x509 args\n", " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", @@ -172,18 +176,19 @@ int MAIN(int argc, char **argv) char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; + int next_serial=0; int subject_hash=0,issuer_hash=0,ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; int pprint = 0; - char **pp; + const char **pp; X509_STORE *ctx=NULL; X509_REQ *rq=NULL; int fingerprint=0; char buf[256]; - const EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_sha1(); CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; @@ -375,6 +380,8 @@ int MAIN(int argc, char **argv) email= ++num; else if (strcmp(*argv,"-serial") == 0) serial= ++num; + else if (strcmp(*argv,"-next_serial") == 0) + next_serial= ++num; else if (strcmp(*argv,"-modulus") == 0) modulus= ++num; else if (strcmp(*argv,"-pubkey") == 0) @@ -598,12 +605,19 @@ bad: if ((x=X509_new()) == NULL) goto end; ci=x->cert_info; - if (sno) + if (sno == NULL) { - if (!X509_set_serialNumber(x, sno)) + sno = ASN1_INTEGER_new(); + if (!sno || !rand_serial(NULL, sno)) + goto end; + if (!X509_set_serialNumber(x, sno)) goto end; + ASN1_INTEGER_free(sno); + sno = NULL; } - else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end; + else if (!X509_set_serialNumber(x, sno)) + goto end; + if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; if (!X509_set_subject_name(x,req->req_info->subject)) goto end; @@ -624,7 +638,7 @@ bad: if (xca == NULL) goto end; } - if (!noout || text) + if (!noout || text || next_serial) { OBJ_create("2.99999.3", "SET.ex3","SET x509v3 extension 3"); @@ -699,6 +713,24 @@ bad: X509_get_serialNumber(x)); BIO_printf(STDout,"\n"); } + else if (next_serial == i) + { + BIGNUM *bnser; + ASN1_INTEGER *ser; + ser = X509_get_serialNumber(x); + bnser = ASN1_INTEGER_to_BN(ser, NULL); + if (!bnser) + goto end; + if (!BN_add_word(bnser, 1)) + goto end; + ser = BN_to_ASN1_INTEGER(bnser, NULL); + if (!ser) + goto end; + BN_free(bnser); + i2a_ASN1_INTEGER(out, ser); + ASN1_INTEGER_free(ser); + BIO_puts(out, "\n"); + } else if (email == i) { int j; @@ -971,9 +1003,9 @@ bad: if (checkend) { - time_t tnow=time(NULL); + time_t tcheck=time(NULL) + checkoffset; - if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1) + if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) { BIO_printf(out,"Certificate will expire\n"); ret=1; @@ -1010,8 +1042,7 @@ bad: ah.data=(char *)x; ah.meth=X509_asn1_meth(); - /* no macro for this one yet */ - i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah); + i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah); } else { BIO_printf(bio_err,"bad output format specified for outfile\n");