diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 15:32:13 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 15:32:13 +0000 |
commit | 87054c4f0e6a2cadcf50ce8aed9748b65e796bb5 (patch) | |
tree | 6ae0686906c577ee2834deb6470096f6e4a32a51 /apps/ca.c | |
parent | 6660baee66e474058229911950e26e56f31fb0bf (diff) | |
download | openssl-87054c4f0e6a2cadcf50ce8aed9748b65e796bb5.tar.gz |
New -valid option to add a certificate to the ca index.txt that is valid and not revoked
(backport from HEAD)
Diffstat (limited to 'apps/ca.c')
-rw-r--r-- | apps/ca.c | 19 |
1 files changed, 18 insertions, 1 deletions
@@ -501,6 +501,12 @@ EF_ALIGNMENT=0; infile= *(++argv); dorevoke=1; } + else if (strcmp(*argv,"-valid") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + dorevoke=2; + } else if (strcmp(*argv,"-extensions") == 0) { if (--argc < 1) goto bad; @@ -1523,6 +1529,8 @@ bad: NULL, e, infile); if (revcert == NULL) goto err; + if (dorevoke == 2) + rev_type = -1; j=do_revoke(revcert,db, rev_type, rev_arg); if (j <= 0) goto err; X509_free(revcert); @@ -2486,7 +2494,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) } /* Revoke Certificate */ - ok = do_revoke(x509,db, type, value); + if (type == -1) + ok = 1; + else + ok = do_revoke(x509,db, type, value); goto err; @@ -2497,6 +2508,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) row[DB_name]); goto err; } + else if (type == -1) + { + BIO_printf(bio_err,"ERROR:Already present, serial number %s\n", + row[DB_serial]); + goto err; + } else if (rrow[DB_type][0]=='R') { BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", |