Commit 5a8fe267 authored by Richard Levitte's avatar Richard Levitte
Browse files

Recent changes from 0.9.7-stable.

parent 3f7067e3

apps/ca.c

+32 −4
Original line number Diff line number Diff line
@@ -112,6 +112,7 @@ 
#define ENV_NEW_CERTS_DIR	"new_certs_dir"

#define ENV_CERTIFICATE 	"certificate"

#define ENV_SERIAL		"serial"

#define ENV_CRLNUMBER		"crlnumber"

#define ENV_CRL			"crl"

#define ENV_PRIVATE_KEY		"private_key"

#define ENV_RANDFILE		"RANDFILE"
@@ -266,6 +267,7 @@ int MAIN(int argc, char **argv) 
	char *outfile=NULL;

	char *outdir=NULL;

	char *serialfile=NULL;

	char *crlnumberfile=NULL;

	char *extensions=NULL;

	char *extfile=NULL;

	char *subj=NULL;
@@ -274,6 +276,7 @@ int MAIN(int argc, char **argv) 
	int rev_type = REV_NONE;

	char *rev_arg = NULL;

	BIGNUM *serial=NULL;

	BIGNUM *crlnumber=NULL;

	char *startdate=NULL;

	char *enddate=NULL;

	long days=0;
@@ -1325,6 +1328,14 @@ bad: 
				}

			}



		if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))

			!= NULL)

			if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)

				{

				BIO_printf(bio_err,"error while loading CRL number\n");

				goto err;

				}



		if (!crldays && !crlhours)

			{

			if (!NCONF_get_number(conf,section,
@@ -1401,14 +1412,24 @@ bad: 


		/* Add any extensions asked for */



		if (crl_ext)

		if (crl_ext || crlnumberfile != NULL)

			{

			X509V3_CTX crlctx;

			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);

			X509V3_set_nconf(&crlctx, conf);



			if (crl_ext)

				if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,

					crl_ext, crl)) goto err;

			if (crlnumberfile != NULL)

				{

				tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);

				if (!tmpser) goto err;

				X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);

				ASN1_INTEGER_free(tmpser);

				crl_v2 = 1;

				if (!BN_add_word(crlnumber,1)) goto err;

				}

			}

		if (crl_ext || crl_v2)

			{
@@ -1416,9 +1437,17 @@ bad: 
				goto err; /* version 2 CRL */

			}



		

		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */

			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;



		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;



		PEM_write_bio_X509_CRL(Sout,crl);



		if (crlnumberfile != NULL)	/* Rename the crlnumber file */

			if (!rotate_serial(crlnumberfile,"new","old")) goto err;



		}

	/*****************************************************************/

	if (dorevoke)
@@ -3039,4 +3068,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G 


	return ret;

	}

apps/openssl.cnf

+3 −0
Original line number Diff line number Diff line
@@ -44,6 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. 


certificate	= $dir/cacert.pem 	# The CA certificate

serial		= $dir/serial 		# The current serial number

#crlnumber	= $dir/crlnumber	# the current crl number

					# must be commented out to leave a V1 CRL

crl		= $dir/crl.pem 		# The current CRL

private_key	= $dir/private/cakey.pem# The private key

RANDFILE	= $dir/private/.rand	# private random number file
@@ -60,6 +62,7 @@ cert_opt = ca_default # Certificate field options 


# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs

# so this is commented out by default to leave a V1 CRL.

# crlnumber must also be commented out to leave a V1 CRL.

# crl_extensions	= crl_ext



default_days	= 365			# how long to certify for