Due to the changes in CA.pl in 0.9.8 (use of -self_sign) a slightly different
technique is used to ensure that 'ca' uses the next serial number. It
now initializes the serial number using 'openssl x509 -next_serial'.
2003-04-04 17:10 levitte
* apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82):
Convert save_serial() to work like save_index(), and add a
rotate_serial() that works like rotate_index().
2003-04-03 20:07 levitte
* apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug
strings.
2003-04-03 18:33 levitte
* apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129),
apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80),
CHANGES (1.1139): Make it possible to have multiple active
certificates with the same subject.
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
apps.h. For those, it's better to include apps.h after the system
headers where those symbols may be defined, since there's otherwise a
chance that the C compiler will barf when it sees something that looks
like this after expansion:
int VMS_strcasecmp((str1),(str2))(const char *, const char *);
use the new X509_CRL_set_issuer_name() function:
The CRL issuer should be X509_get_subject_name(x509), not
X509_get_issuer_name(x509).
Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de>
typo
returns an error code. Use the same code in Win9X
and NT.
Fix some ca.c options so they work under Win32:
unlink/rename wont work under Win32 unless the file
is closed.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
the e-mail address in the DN (i.e., it will go into a certificate
extension only). The new configuration file option 'email_in_dn = no'
has the same effect.
Submitted by: Massimiliano Pala madwolf@openca.org
Add new extension functions which work with NCONF.
Tidy up extension config routines and remove redundant code.
Fix NCONF_get_number().
Todo: more testing of apps to see they still work...
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.
Also, have our own password callback that we can send both a password
and some prompt info to. The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...
Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves... That's changed too.
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
sets the subject name for a new request or supersedes the
subject name in a given request.
Add options '-batch' and '-verbose' to 'openssl req'.
Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
