Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file

with some 0.9.4 changes.
This commit is contained in:
Dr. Stephen Henson 1999-08-06 21:47:09 +00:00
parent a12258fcd2
commit ed7f60fbf9
3 changed files with 69 additions and 43 deletions

View file

@ -4,6 +4,10 @@
Changes between 0.9.3a and 0.9.4 [xx Aug 1999]
*) Fix -startdate and -enddate (which was missing) arguments to 'ca'
program.
[Steve Henson]
*) New function DSA_dup_DH, which duplicates DSA parameters/keys as
DH parameters/keys (q is lost during that conversion, but the resulting
DH parameters contain its length).

6
NEWS
View file

@ -5,6 +5,12 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
o Transparent support for PKCS#8 format private keys: these are used
by several software packages and are more secure than the standard form.
o PKCS#5 v2.0 implementation.
Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
o Lots of enhancements and cleanups to the Configuration mechanism
o RSA OEAP related fixes

View file

@ -114,6 +114,7 @@
#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
#define ENV_DEFAULT_MD "default_md"
@ -183,22 +184,24 @@ static BIGNUM *load_serial(char *serialfile);
static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
BIGNUM *serial, char *startdate,int days,int batch,
char *ext_sect, LHASH *conf,int verbose);
BIGNUM *serial, char *startdate,char *enddate, int days,
int batch, char *ext_sect, LHASH *conf,int verbose);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial,char *startdate,int days,
int batch, char *ext_sect, LHASH *conf,int verbose);
TXT_DB *db, BIGNUM *serial,char *startdate,
char *enddate, int days, int batch, char *ext_sect,
LHASH *conf,int verbose);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial,char *startdate,int days,
char *ext_sect,LHASH *conf,int verbose);
TXT_DB *db, BIGNUM *serial,char *startdate,
char *enddate, int days, char *ext_sect,LHASH *conf,
int verbose);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
char *startdate, int days, int batch, int verbose, X509_REQ *req,
char *ext_sect, LHASH *conf);
char *startdate, char *enddate, int days, int batch, int verbose,
X509_REQ *req, char *ext_sect, LHASH *conf);
static int do_revoke(X509 *x509, TXT_DB *db);
static int check_time_format(char *str);
static LHASH *conf;
@ -238,6 +241,7 @@ int MAIN(int argc, char **argv)
char *crl_ext=NULL;
BIGNUM *serial=NULL;
char *startdate=NULL;
char *enddate=NULL;
int days=0;
int batch=0;
X509 *x509=NULL;
@ -295,6 +299,11 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
startdate= *(++argv);
}
else if (strcmp(*argv,"-enddate") == 0)
{
if (--argc < 1) goto bad;
enddate= *(++argv);
}
else if (strcmp(*argv,"-days") == 0)
{
if (--argc < 1) goto bad;
@ -729,18 +738,25 @@ bad:
if (startdate == NULL)
{
startdate=(char *)CONF_get_string(conf,section,
startdate=CONF_get_string(conf,section,
ENV_DEFAULT_STARTDATE);
if (startdate == NULL)
startdate="today";
else
}
if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
{
if (!ASN1_UTCTIME_set_string(NULL,startdate))
{
BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSS\n");
BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
goto err;
}
if (startdate == NULL) startdate="today";
if (enddate == NULL)
{
enddate=CONF_get_string(conf,section,
ENV_DEFAULT_ENDDATE);
}
if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
{
BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
goto err;
}
if (days == 0)
@ -748,7 +764,7 @@ bad:
days=(int)CONF_get_number(conf,section,
ENV_DEFAULT_DAYS);
}
if (days == 0)
if (!enddate && (days == 0))
{
BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
goto err;
@ -781,7 +797,8 @@ bad:
{
total++;
j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
serial,startdate,days,extensions,conf,verbose);
serial,startdate,enddate, days,extensions,conf,
verbose);
if (j < 0) goto err;
if (j > 0)
{
@ -804,7 +821,7 @@ bad:
{
total++;
j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
db,serial,startdate,days,batch,
db,serial,startdate,enddate,days,batch,
extensions,conf,verbose);
if (j < 0) goto err;
if (j > 0)
@ -823,7 +840,7 @@ bad:
{
total++;
j=certify(&x,infile,pkey,x509,dgst,attribs,db,
serial,startdate,days,batch,
serial,startdate,enddate,days,batch,
extensions,conf,verbose);
if (j < 0) goto err;
if (j > 0)
@ -842,7 +859,7 @@ bad:
{
total++;
j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
serial,startdate,days,batch,
serial,startdate,enddate,days,batch,
extensions,conf,verbose);
if (j < 0) goto err;
if (j > 0)
@ -1325,8 +1342,8 @@ err:
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *startdate, int days, int batch,
char *ext_sect, LHASH *lconf, int verbose)
BIGNUM *serial, char *startdate, char *enddate, int days,
int batch, char *ext_sect, LHASH *lconf, int verbose)
{
X509_REQ *req=NULL;
BIO *in=NULL;
@ -1373,7 +1390,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
else
BIO_printf(bio_err,"Signature ok\n");
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate,
days,batch,verbose,req,ext_sect,lconf);
err:
@ -1384,8 +1401,8 @@ err:
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *startdate, int days, int batch,
char *ext_sect, LHASH *lconf, int verbose)
BIGNUM *serial, char *startdate, char *enddate, int days,
int batch, char *ext_sect, LHASH *lconf, int verbose)
{
X509 *req=NULL;
X509_REQ *rreq=NULL;
@ -1435,7 +1452,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
goto err;
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days,
batch,verbose,rreq,ext_sect,lconf);
err:
@ -1447,8 +1464,8 @@ err:
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
char *startdate, int days, int batch, int verbose, X509_REQ *req,
char *ext_sect, LHASH *lconf)
char *startdate, char *enddate, int days, int batch, int verbose,
X509_REQ *req, char *ext_sect, LHASH *lconf)
{
X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
ASN1_UTCTIME *tm,*tmptm;
@ -1744,17 +1761,16 @@ again2:
BIO_printf(bio_err,"Certificate is to be certified until ");
if (strcmp(startdate,"today") == 0)
{
X509_gmtime_adj(X509_get_notBefore(ret),0);
else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
if (enddate == NULL)
X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
}
else
{
/*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX*/
ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
}
else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
BIO_printf(bio_err," (%d days)\n",days);
if(days) BIO_printf(bio_err," (%d days)",days);
BIO_printf(bio_err, "\n");
if (!X509_set_subject_name(ret,subject)) goto err;
@ -1905,8 +1921,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der)
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *startdate, int days, char *ext_sect,
LHASH *lconf, int verbose)
BIGNUM *serial, char *startdate, char *enddate, int days,
char *ext_sect, LHASH *lconf, int verbose)
{
STACK_OF(CONF_VALUE) *sk=NULL;
LHASH *parms=NULL;
@ -2050,7 +2066,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
X509_REQ_set_pubkey(req,pktmp);
EVP_PKEY_free(pktmp);
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,
days,1,verbose,req,ext_sect,lconf);
err:
if (req != NULL) X509_REQ_free(req);