From ed7f60fbf91915df618bddff59ec86a3466e79ac Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 6 Aug 1999 21:47:09 +0000 Subject: [PATCH] Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file with some 0.9.4 changes. --- CHANGES | 4 +++ NEWS | 6 ++++ apps/ca.c | 102 +++++++++++++++++++++++++++++++----------------------- 3 files changed, 69 insertions(+), 43 deletions(-) diff --git a/CHANGES b/CHANGES index 07487ac2a4..6dd3eddee4 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.3a and 0.9.4 [xx Aug 1999] + *) Fix -startdate and -enddate (which was missing) arguments to 'ca' + program. + [Steve Henson] + *) New function DSA_dup_DH, which duplicates DSA parameters/keys as DH parameters/keys (q is lost during that conversion, but the resulting DH parameters contain its length). diff --git a/NEWS b/NEWS index 33c427d610..24c853b492 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,12 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: + + o Transparent support for PKCS#8 format private keys: these are used + by several software packages and are more secure than the standard form. + o PKCS#5 v2.0 implementation. + Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: o Lots of enhancements and cleanups to the Configuration mechanism o RSA OEAP related fixes diff --git a/apps/ca.c b/apps/ca.c index d387c46ab6..9ed100dd3c 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -114,6 +114,7 @@ #define ENV_RANDFILE "RANDFILE" #define ENV_DEFAULT_DAYS "default_days" #define ENV_DEFAULT_STARTDATE "default_startdate" +#define ENV_DEFAULT_ENDDATE "default_enddate" #define ENV_DEFAULT_CRL_DAYS "default_crl_days" #define ENV_DEFAULT_CRL_HOURS "default_crl_hours" #define ENV_DEFAULT_MD "default_md" @@ -183,22 +184,24 @@ static BIGNUM *load_serial(char *serialfile); static int save_serial(char *serialfile, BIGNUM *serial); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, - BIGNUM *serial, char *startdate,int days,int batch, - char *ext_sect, LHASH *conf,int verbose); + BIGNUM *serial, char *startdate,char *enddate, int days, + int batch, char *ext_sect, LHASH *conf,int verbose); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - TXT_DB *db, BIGNUM *serial,char *startdate,int days, - int batch, char *ext_sect, LHASH *conf,int verbose); + TXT_DB *db, BIGNUM *serial,char *startdate, + char *enddate, int days, int batch, char *ext_sect, + LHASH *conf,int verbose); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - TXT_DB *db, BIGNUM *serial,char *startdate,int days, - char *ext_sect,LHASH *conf,int verbose); + TXT_DB *db, BIGNUM *serial,char *startdate, + char *enddate, int days, char *ext_sect,LHASH *conf, + int verbose); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, - char *startdate, int days, int batch, int verbose, X509_REQ *req, - char *ext_sect, LHASH *conf); + char *startdate, char *enddate, int days, int batch, int verbose, + X509_REQ *req, char *ext_sect, LHASH *conf); static int do_revoke(X509 *x509, TXT_DB *db); static int check_time_format(char *str); static LHASH *conf; @@ -238,6 +241,7 @@ int MAIN(int argc, char **argv) char *crl_ext=NULL; BIGNUM *serial=NULL; char *startdate=NULL; + char *enddate=NULL; int days=0; int batch=0; X509 *x509=NULL; @@ -295,6 +299,11 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; startdate= *(++argv); } + else if (strcmp(*argv,"-enddate") == 0) + { + if (--argc < 1) goto bad; + enddate= *(++argv); + } else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; @@ -729,18 +738,25 @@ bad: if (startdate == NULL) { - startdate=(char *)CONF_get_string(conf,section, + startdate=CONF_get_string(conf,section, ENV_DEFAULT_STARTDATE); - if (startdate == NULL) - startdate="today"; - else - { - if (!ASN1_UTCTIME_set_string(NULL,startdate)) - { - BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSS\n"); - goto err; - } - } + } + if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) + { + BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n"); + goto err; + } + if (startdate == NULL) startdate="today"; + + if (enddate == NULL) + { + enddate=CONF_get_string(conf,section, + ENV_DEFAULT_ENDDATE); + } + if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) + { + BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n"); + goto err; } if (days == 0) @@ -748,7 +764,7 @@ bad: days=(int)CONF_get_number(conf,section, ENV_DEFAULT_DAYS); } - if (days == 0) + if (!enddate && (days == 0)) { BIO_printf(bio_err,"cannot lookup how many days to certify for\n"); goto err; @@ -781,7 +797,8 @@ bad: { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, - serial,startdate,days,extensions,conf,verbose); + serial,startdate,enddate, days,extensions,conf, + verbose); if (j < 0) goto err; if (j > 0) { @@ -804,7 +821,7 @@ bad: { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, - db,serial,startdate,days,batch, + db,serial,startdate,enddate,days,batch, extensions,conf,verbose); if (j < 0) goto err; if (j > 0) @@ -823,7 +840,7 @@ bad: { total++; j=certify(&x,infile,pkey,x509,dgst,attribs,db, - serial,startdate,days,batch, + serial,startdate,enddate,days,batch, extensions,conf,verbose); if (j < 0) goto err; if (j > 0) @@ -842,7 +859,7 @@ bad: { total++; j=certify(&x,argv[i],pkey,x509,dgst,attribs,db, - serial,startdate,days,batch, + serial,startdate,enddate,days,batch, extensions,conf,verbose); if (j < 0) goto err; if (j > 0) @@ -1325,8 +1342,8 @@ err: static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *startdate, int days, int batch, - char *ext_sect, LHASH *lconf, int verbose) + BIGNUM *serial, char *startdate, char *enddate, int days, + int batch, char *ext_sect, LHASH *lconf, int verbose) { X509_REQ *req=NULL; BIO *in=NULL; @@ -1373,7 +1390,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else BIO_printf(bio_err,"Signature ok\n"); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate, days,batch,verbose,req,ext_sect,lconf); err: @@ -1384,8 +1401,8 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *startdate, int days, int batch, - char *ext_sect, LHASH *lconf, int verbose) + BIGNUM *serial, char *startdate, char *enddate, int days, + int batch, char *ext_sect, LHASH *lconf, int verbose) { X509 *req=NULL; X509_REQ *rreq=NULL; @@ -1435,7 +1452,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days, batch,verbose,rreq,ext_sect,lconf); err: @@ -1447,8 +1464,8 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, - char *startdate, int days, int batch, int verbose, X509_REQ *req, - char *ext_sect, LHASH *lconf) + char *startdate, char *enddate, int days, int batch, int verbose, + X509_REQ *req, char *ext_sect, LHASH *lconf) { X509_NAME *name=NULL,*CAname=NULL,*subject=NULL; ASN1_UTCTIME *tm,*tmptm; @@ -1744,17 +1761,16 @@ again2: BIO_printf(bio_err,"Certificate is to be certified until "); if (strcmp(startdate,"today") == 0) - { X509_gmtime_adj(X509_get_notBefore(ret),0); + else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); + + if (enddate == NULL) X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days); - } - else - { - /*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX*/ - ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); - } + else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); + ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); - BIO_printf(bio_err," (%d days)\n",days); + if(days) BIO_printf(bio_err," (%d days)",days); + BIO_printf(bio_err, "\n"); if (!X509_set_subject_name(ret,subject)) goto err; @@ -1905,8 +1921,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *startdate, int days, char *ext_sect, - LHASH *lconf, int verbose) + BIGNUM *serial, char *startdate, char *enddate, int days, + char *ext_sect, LHASH *lconf, int verbose) { STACK_OF(CONF_VALUE) *sk=NULL; LHASH *parms=NULL; @@ -2050,7 +2066,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate, days,1,verbose,req,ext_sect,lconf); err: if (req != NULL) X509_REQ_free(req);