diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-02-19 13:38:32 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-02-19 13:38:32 +0000 |
commit | acba75c59dc6c42b39caab6168d1284ae0f09e8f (patch) | |
tree | fdb146bd39e5837c19488c3512861fec2fbb9179 /apps/req.c | |
parent | 267a1927eb7207620069418efac833335d5b9ffd (diff) | |
download | openssl-acba75c59dc6c42b39caab6168d1284ae0f09e8f.tar.gz |
New -set_serial options to 'req' and 'x509'.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.
Fix typo in uid.c
Diffstat (limited to 'apps/req.c')
-rw-r--r-- | apps/req.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/apps/req.c b/apps/req.c index b518e47370..c6e88ba4e1 100644 --- a/apps/req.c +++ b/apps/req.c @@ -159,6 +159,7 @@ int MAIN(int argc, char **argv) char *extensions = NULL; char *req_exts = NULL; EVP_CIPHER *cipher=NULL; + ASN1_INTEGER *serial = NULL; int modulus=0; char *inrand=NULL; char *passargin = NULL, *passargout = NULL; @@ -351,6 +352,12 @@ int MAIN(int argc, char **argv) days= atoi(*(++argv)); if (days == 0) days=30; } + else if (strcmp(*argv,"-set_serial") == 0) + { + if (--argc < 1) goto bad; + serial = s2i_ASN1_INTEGER(NULL, *(++argv)); + if (!serial) goto bad; + } else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) { /* ok */ @@ -404,7 +411,8 @@ bad: BIO_printf(bio_err," -config file request template file.\n"); BIO_printf(bio_err," -new new request.\n"); BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); - BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); + BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n"); + BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n"); BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n"); BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); BIO_printf(bio_err," have been reported as requiring\n"); @@ -807,7 +815,10 @@ loop: /* Set version to V3 */ if(!X509_set_version(x509ss, 2)) goto end; - ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L); + if (serial) + X509_set_serialNumber(x509ss, serial); + else + ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L); X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)); @@ -1003,6 +1014,7 @@ end: EVP_PKEY_free(pkey); X509_REQ_free(req); X509_free(x509ss); + ASN1_INTEGER_free(serial); if(passargin && passin) OPENSSL_free(passin); if(passargout && passout) OPENSSL_free(passout); OBJ_cleanup(); |