Added support for adding extensions to CRLs, also fix a memory leak and

 Changes between 0.9.1c and 0.9.2

  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.

     Currently only issuerAltName and AuthorityKeyIdentifier make any sense

     in CRLs.

  *) Add a useful kludge to allow package maintainers to specify compiler and

     other platforms details on the command line without having to patch the

     Configure script everytime: One now can use ``perl Configure

#define ENV_PRESERVE		"preserve"

#define ENV_POLICY      	"policy"

#define ENV_EXTENSIONS      	"x509_extensions"

#define ENV_CRLEXT      	"crl_extensions"

#define ENV_MSIE_HACK		"msie_hack"

#define ENV_DATABASE		"database"

	char *outdir=NULL;

	char *serialfile=NULL;

	char *extensions=NULL;

	char *crl_ext=NULL;

	BIGNUM *serial=NULL;

	char *startdate=NULL;

	int days=0;

	/*****************************************************************/

	if (gencrl)

		{

		crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);

		if(crl_ext) {

			/* Check syntax of file */

			if(!X509V3_EXT_check_conf(conf, crl_ext)) {

				BIO_printf(bio_err,

				 "Error Loading CRL extension section %s\n",

								 crl_ext);

				ret = 1;

				goto err;

			}

		}

		if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;

		if (!crldays && !crlhours)

			dgst=EVP_md5();

		    }

		/* Add any extensions asked for */

		if(crl_ext) {

		    X509V3_CTX crlctx;

		    if (ci->version == NULL)

		    if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;

		    ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */

		    crlctx.crl = crl;

		    crlctx.issuer_cert = x509;

		    crlctx.subject_cert = NULL;

		    crlctx.subject_req = NULL;

		    crlctx.flags = 0;

		    if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,

						 crl_ext, crl)) goto err;

		}

		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;

		PEM_write_bio_X509_CRL(Sout,crl);

RANDFILE	= $dir/private/.rand	# private random number file

x509_extensions	= usr_cert		# The extentions to add to the cert

crl_extensions	= crl_ext		# Extensions to add to CRL

default_days	= 365			# how long to certify for

default_crl_days= 30			# how long before next CRL

default_md	= md5			# which md to use.

# 1.2.3.5=RAW:02:03

# You can even override a supported extension:

# basicConstraints= critical, RAW:30:03:01:01:FF

[ crl_ext ]

# CRL extensions.

# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.

issuerAltName=issuer:copy

authorityKeyIdentifier=keyid:always,issuer:always

						goto end;

						}

					/* This will 'disapear'

					 * when we free xtmp */

					dtmp=X509_get_pubkey(xtmp);

					if (dtmp->type == EVP_PKEY_DSA)

						dsa_params=DSAparams_dup(dtmp->pkey.dsa);

					EVP_PKEY_free(dtmp);

					X509_free(xtmp);

					if (dsa_params == NULL)

						{

		}

	extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);

	if(extensions) {

		/* Check syntax of file */

		if(!X509V3_EXT_check_conf(req_conf, extensions)) {

			BIO_printf(bio_err,

			 "Error Loading extension section %s\n", extensions);

			goto end;

		}

	}

	in=BIO_new(BIO_s_file());

	out=BIO_new(BIO_s_file());

	/* Add some extra attributes */

	if (!add_signed_time(si)) goto err;

#if 0

	/* Since these are made up attributes lets leave them out */

	if (!add_signed_string(si,"SIGNED STRING")) goto err;

	if (!add_signed_seq2string(si,"STRING1","STRING2")) goto err;

#endif

	/* we may want to add more */

	PKCS7_add_certificate(p7,x509);