generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New -valid option to add a certificate to the ca index.txt that is valid and not revoked

Browse Source
This commit is contained in:
Dr. Stephen Henson 2012-09-09 12:58:49 +00:00
parent 33a8de69dc
commit 648f551a4a
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apps/ca.c
View File

@ -501,6 +501,12 @@ EF_ALIGNMENT=0;
infile= *(++argv); infile= *(++argv);
dorevoke=1; dorevoke=1;
} }
else if (strcmp(*argv,"-valid") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
dorevoke=2;
}
else if (strcmp(*argv,"-extensions") == 0) else if (strcmp(*argv,"-extensions") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
@ -1523,6 +1529,8 @@ bad:
NULL, e, infile); NULL, e, infile);
if (revcert == NULL) if (revcert == NULL)
goto err; goto err;
if (dorevoke == 2)
rev_type = -1;
j=do_revoke(revcert,db, rev_type, rev_arg); j=do_revoke(revcert,db, rev_type, rev_arg);
if (j <= 0) goto err; if (j <= 0) goto err;
X509_free(revcert); X509_free(revcert);
@ -2486,7 +2494,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
} }
/* Revoke Certificate */ /* Revoke Certificate */
ok = do_revoke(x509,db, type, value); if (type == -1)
ok = 1;
else
ok = do_revoke(x509,db, type, value);
goto err; goto err;
@ -2497,6 +2508,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
row[DB_name]); row[DB_name]);
goto err; goto err;
} }
else if (type == -1)
{
BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",
row[DB_serial]);
goto err;
}
else if (rrow[DB_type][0]=='R') else if (rrow[DB_type][0]=='R')
{ {
BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",