Fix CRL printing to correctly show when there are no revoked certificates.

Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.

diff --git a/CHANGES b/CHANGES
index 227de87b1eb8d5c64c1438db67f2c2d7b1da0b61..0325df3e82e9051335a3e5db1e487ef14c93b97b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+     set string type: to handle setting ASN1_TIME structures. Fix ca
+     utility to correctly initialize revocation date of CRLs.
+     [Steve Henson]
+
   *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
      the clients preferred ciphersuites and rather use its own preferences.
      Should help to work around M$ SGC (Server Gated Cryptography) bug in

diff --git a/apps/ca.c b/apps/ca.c
index 567ef4777cb169dab457ffd1c19334f16809bd64..b84e842bc0c6db8dc226cc15ce20619d2425fd8c 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1379,10 +1379,9 @@ bad:
                        if (pp[DB_type][0] == DB_TYPE_REV)
                                {
                                if ((r=X509_REVOKED_new()) == NULL) goto err;
-                               ASN1_STRING_set((ASN1_STRING *)
-                                       r->revocationDate,
-                                       (unsigned char *)pp[DB_rev_date],
-                                       strlen(pp[DB_rev_date]));
+                               if (!ASN1_UTCTIME_set_string(r->revocationDate,
+                                       pp[DB_rev_date]))
+                                               goto err;
                                /* strcpy(r->revocationDate,pp[DB_rev_date]);*/
 
                                (void)BIO_reset(hex);

diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index d71c190c776e8beff3d35ba984db493b71979a91..f884b25f968da52f0d0d3965e0f8e9ecb6a41012 100644 (file)
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -180,6 +180,7 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
                        {
                        ASN1_STRING_set((ASN1_STRING *)s,
                                (unsigned char *)str,t.length);
+                       s->type=V_ASN1_GENERALIZEDTIME;
                        }
                return(1);
                }

diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index 6ddeaff0ec4c615cb90225e4bdde6e1d4a09b2ca..7cb646429a02bd690ceeaf95a30ce7ca83c69d00 100644 (file)
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -179,6 +179,7 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
                        {
                        ASN1_STRING_set((ASN1_STRING *)s,
                                (unsigned char *)str,t.length);
+                       s->type = V_ASN1_UTCTIME;
                        }
                return(1);
                }

diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
index f7b938bde2ec011174f0d53ca6a1607618214946..ab9cd8fcffa5d5bde934a8b889067caf974bfc3d 100644 (file)
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@@ -112,7 +112,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 
        rev = X509_CRL_get_REVOKED(x);
 
-       if(sk_X509_REVOKED_num(rev))
+       if(sk_X509_REVOKED_num(rev) > 0)
            BIO_printf(out, "Revoked Certificates:\n");
        else BIO_printf(out, "No Revoked Certificates.\n");