Add option to generate old hash format.
authorTim Hudson <tjh@cryptsoft.com>
Thu, 3 Apr 2014 12:23:51 +0000 (13:23 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 3 Apr 2014 12:35:22 +0000 (13:35 +0100)
New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
(cherry picked from commit de2d97cd799f38024d70847bab37d91aa5a2536e)

apps/crl.c

index 745469d1b8084544b1e4d26f68545dd7da0cfde7..f1c49f3d641787d6c33912188862bab42424d617 100644 (file)
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old       - print old-style (MD5) hash value\n",
+#endif
 " -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
@@ -107,6 +110,9 @@ int MAIN(int argc, char **argv)
        int informat,outformat, keyformat;
        char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL;
        int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+       int hash_old=0;
+#endif
        int fingerprint = 0, crlnumber = 0;
        const char **pp;
        X509_STORE *store = NULL;
@@ -207,6 +213,10 @@ int MAIN(int argc, char **argv)
                        text = 1;
                else if (strcmp(*argv,"-hash") == 0)
                        hash= ++num;
+#ifndef OPENSSL_NO_MD5
+               else if (strcmp(*argv,"-hash_old") == 0)
+                       hash_old= ++num;
+#endif
                else if (strcmp(*argv,"-nameopt") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -354,6 +364,14 @@ bad:
                                BIO_printf(bio_out,"%08lx\n",
                                        X509_NAME_hash(X509_CRL_get_issuer(x)));
                                }
+#ifndef OPENSSL_NO_MD5
+                       if (hash_old == i)
+                               {
+                               BIO_printf(bio_out,"%08lx\n",
+                                       X509_NAME_hash_old(
+                                               X509_CRL_get_issuer(x)));
+                               }
+#endif
                        if (lastupdate == i)
                                {
                                BIO_printf(bio_out,"lastUpdate=");