From 87054c4f0e6a2cadcf50ce8aed9748b65e796bb5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 26 Dec 2012 15:32:13 +0000 Subject: [PATCH] New -valid option to add a certificate to the ca index.txt that is valid and not revoked (backport from HEAD) --- apps/ca.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c index 1cf50e0029..0cb498b9d9 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -501,6 +501,12 @@ EF_ALIGNMENT=0; infile= *(++argv); dorevoke=1; } + else if (strcmp(*argv,"-valid") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + dorevoke=2; + } else if (strcmp(*argv,"-extensions") == 0) { if (--argc < 1) goto bad; @@ -1523,6 +1529,8 @@ bad: NULL, e, infile); if (revcert == NULL) goto err; + if (dorevoke == 2) + rev_type = -1; j=do_revoke(revcert,db, rev_type, rev_arg); if (j <= 0) goto err; X509_free(revcert); @@ -2486,7 +2494,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) } /* Revoke Certificate */ - ok = do_revoke(x509,db, type, value); + if (type == -1) + ok = 1; + else + ok = do_revoke(x509,db, type, value); goto err; @@ -2497,6 +2508,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) row[DB_name]); goto err; } + else if (type == -1) + { + BIO_printf(bio_err,"ERROR:Already present, serial number %s\n", + row[DB_serial]); + goto err; + } else if (rrow[DB_type][0]=='R') { BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", -- 2.25.1