diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-10-07 15:18:09 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-10-07 15:18:09 +0000 |
| commit | 43206a2d7cc87c959535c0f69e2aa3b364eafd6e (patch) | |
| tree | 6bfa182326269c2ea1be1721fd490b0232650d65 /apps | |
| parent | 6dd547398acfd022cd0f7354b9ab6a83bea3176a (diff) | |
New -force_pubkey option to x509 utility to supply a different public
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/x509.c | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/apps/x509.c b/apps/x509.c index 3863ab968d..e9f1163088 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -174,7 +174,7 @@ int MAIN(int argc, char **argv) X509 *x=NULL,*xca=NULL; ASN1_OBJECT *objtmp; STACK_OF(OPENSSL_STRING) *sigopts = NULL; - EVP_PKEY *Upkey=NULL,*CApkey=NULL; + EVP_PKEY *Upkey=NULL,*CApkey=NULL, *fkey = NULL; ASN1_INTEGER *sno = NULL; int i,num,badops=0; BIO *out=NULL; @@ -183,6 +183,7 @@ int MAIN(int argc, char **argv) int informat,outformat,keyformat,CAformat,CAkeyformat; char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; + char *fkeyfile=NULL; char *alias=NULL; int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; int next_serial=0; @@ -347,6 +348,11 @@ int MAIN(int argc, char **argv) if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv)))) goto bad; } + else if (strcmp(*argv,"-force_pubkey") == 0) + { + if (--argc < 1) goto bad; + fkeyfile= *(++argv); + } else if (strcmp(*argv,"-addtrust") == 0) { if (--argc < 1) goto bad; @@ -517,6 +523,13 @@ bad: goto end; } + if (fkeyfile) + { + fkey = load_pubkey(bio_err, fkeyfile, keyformat, 0, + NULL, e, "Forced key"); + if (fkey == NULL) goto end; + } + if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) { CAkeyfile=CAfile; } else if ((CA_flag) && (CAkeyfile == NULL)) @@ -653,10 +666,14 @@ bad: X509_gmtime_adj(X509_get_notBefore(x),0); X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL); - - pkey = X509_REQ_get_pubkey(req); - X509_set_pubkey(x,pkey); - EVP_PKEY_free(pkey); + if (fkey) + X509_set_pubkey(x, fkey); + else + { + pkey = X509_REQ_get_pubkey(req); + X509_set_pubkey(x,pkey); + EVP_PKEY_free(pkey); + } } else x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); @@ -1093,6 +1110,7 @@ end: X509_free(xca); EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); + EVP_PKEY_free(fkey); if (sigopts) sk_OPENSSL_STRING_free(sigopts); X509_REQ_free(rq); |