diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-03-06 19:33:29 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-03-06 19:33:29 +0000 |
commit | 1756d405cc0d5bf8fd0a40b8d103ee9314522171 (patch) | |
tree | fb862f3f0c53144b518ebf0eec245a10a355fa90 /apps/ca.c | |
parent | 116e315303d87c1974500a89dc3ff2fe7f88e59d (diff) |
Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
Diffstat (limited to 'apps/ca.c')
-rw-r--r-- | apps/ca.c | 30 |
1 files changed, 30 insertions, 0 deletions
@@ -105,6 +105,7 @@ #define ENV_PRESERVE "preserve" #define ENV_POLICY "policy" #define ENV_EXTENSIONS "x509_extensions" +#define ENV_CRLEXT "crl_extensions" #define ENV_MSIE_HACK "msie_hack" #define ENV_DATABASE "database" @@ -236,6 +237,7 @@ char **argv; char *outdir=NULL; char *serialfile=NULL; char *extensions=NULL; + char *crl_ext=NULL; BIGNUM *serial=NULL; char *startdate=NULL; int days=0; @@ -966,6 +968,17 @@ bad: /*****************************************************************/ if (gencrl) { + crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); + if(crl_ext) { + /* Check syntax of file */ + if(!X509V3_EXT_check_conf(conf, crl_ext)) { + BIO_printf(bio_err, + "Error Loading CRL extension section %s\n", + crl_ext); + ret = 1; + goto err; + } + } if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err; if (!crldays && !crlhours) @@ -1043,6 +1056,23 @@ bad: dgst=EVP_md5(); } + /* Add any extensions asked for */ + + if(crl_ext) { + X509V3_CTX crlctx; + if (ci->version == NULL) + if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; + ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */ + crlctx.crl = crl; + crlctx.issuer_cert = x509; + crlctx.subject_cert = NULL; + crlctx.subject_req = NULL; + crlctx.flags = 0; + + if(!X509V3_EXT_CRL_add_conf(conf, &crlctx, + crl_ext, crl)) goto err; + } + if (!X509_CRL_sign(crl,pkey,dgst)) goto err; PEM_write_bio_X509_CRL(Sout,crl); |