src/usr.bin/openssl/ca.c - diff

Return to ca.c CVS log

Up to [local] / src / usr.bin / openssl

Diff for /src/usr.bin/openssl/ca.c between version 1.11 and 1.12

version 1.11, 2015/09/10 16:01:06

version 1.12, 2015/09/11 14:30:23

Line 135

" -md arg - md to use, one of md2, md5, sha or sha1\n",

" -policy arg - The CA 'policy' to support\n",

" -keyfile arg - private key file\n",

" -keyform arg - private key file format (PEM or ENGINE)\n",

" -keyform arg - private key file format (PEM)\n",

" -key arg - key to decode the private key if it is encrypted\n",

" -cert file - The CA certificate\n",

" -selfsign - sign a certificate with the key associated with it\n",

Line 156

" -extensions .. - Extension section (override value in config file)\n",

" -extfile file - Configuration file with X509v3 extentions to add\n",

" -crlexts .. - CRL extension section (override value in config file)\n",

#ifndef OPENSSL_NO_ENGINE

" -engine e - use engine e, possibly a hardware device.\n",

#endif

" -status serial - Shows certificate status given the serial number\n",

" -updatedb - Updates db for expired certificates\n",

NULL

Line 178

Line 175

unsigned long chtype, int multirdn, int email_dn, char *startdate,

char *enddate, long days, int batch, char *ext_sect, CONF * conf,

int verbose, unsigned long certopt, unsigned long nameopt, int default_op,

int ext_copy, ENGINE * e);

int ext_copy);

static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey,

X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,

STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,

Line 213

Line 210

int

ca_main(int argc, char **argv)

{

ENGINE *e = NULL;

char *key = NULL, *passargin = NULL;

int create_ser = 0;

int free_key = 0;

Line 286

Line 282

STACK_OF(OPENSSL_STRING) * sigopts = NULL;

#define BUFLEN 256

char buf[3][BUFLEN];

#ifndef OPENSSL_NO_ENGINE

char *engine = NULL;

#endif

char *tofree = NULL;

const char *errstr = NULL;

DB_ATTR db_attr;

Line 478

Line 471

rev_arg = *(++argv);

rev_type = REV_CA_COMPROMISE;

}

#ifndef OPENSSL_NO_ENGINE

else if (strcmp(*argv, "-engine") == 0) {

if (--argc < 1)

goto bad;

engine = *(++argv);

}

#endif

else {

bad:

if (errstr)

Line 536

Line 522

free(tofree);

tofree = NULL;

#ifndef OPENSSL_NO_ENGINE

e = setup_engine(bio_err, engine, 0);

#endif

/* Lets get the config section we are using */

if (section == NULL) {

section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);

Line 639

Line 621

goto err;

}

pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key");

pkey = load_key(bio_err, keyfile, keyform, 0, key, "CA private key");

if (key)

explicit_bzero(key, strlen(key));

if (pkey == NULL) {

Line 655

Line 637

lookup_fail(section, ENV_CERTIFICATE);

goto err;

}

x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,

x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL,

"CA certificate");

if (x509 == NULL)

goto err;

Line 1028

Line 1010

sigopts, attribs, db, serial, subj, chtype,

multirdn, email_dn, startdate, enddate, days, batch,

extensions, conf, verbose, certopt, nameopt,

default_op, ext_copy, e);

default_op, ext_copy);

if (j < 0)

goto err;

if (j > 0) {

Line 1314

Line 1296

} else {

X509 *revcert;

revcert = load_cert(bio_err, infile, FORMAT_PEM,

NULL, e, infile);

NULL, infile);

if (revcert == NULL)

goto err;

j = do_revoke(revcert, db, rev_type, rev_arg);

Line 1446

Line 1428

unsigned long chtype, int multirdn, int email_dn, char *startdate,

char *enddate, long days, int batch, char *ext_sect, CONF * lconf,

int verbose, unsigned long certopt, unsigned long nameopt, int default_op,

int ext_copy, ENGINE * e)

int ext_copy)

{

X509 *req = NULL;

X509_REQ *rreq = NULL;

EVP_PKEY *pktmp = NULL;

int ok = -1, i;

if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL, e,

if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL,

infile)) == NULL)

goto err;

if (verbose)