提交 21a85f19 编写于 作者: D Dr. Stephen Henson

Add -pubkey option to req command.

上级 322de0c8
...@@ -12,6 +12,9 @@ ...@@ -12,6 +12,9 @@
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only +) applies to 0.9.7 only
+) Add option to output public keys in req command.
[Massimiliano Pala madwolf@openca.org]
*) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
returns early because it has nothing to do. returns early because it has nothing to do.
[Andy Schneider <andy.schneider@bjss.co.uk>] [Andy Schneider <andy.schneider@bjss.co.uk>]
......
...@@ -106,6 +106,7 @@ ...@@ -106,6 +106,7 @@
* -rand file(s) - load the file(s) into the PRNG. * -rand file(s) - load the file(s) into the PRNG.
* -newkey - make a key and a request. * -newkey - make a key and a request.
* -modulus - print RSA modulus. * -modulus - print RSA modulus.
* -pubkey - output Public Key.
* -x509 - output a self signed X509 structure instead. * -x509 - output a self signed X509 structure instead.
* -asn1-kludge - output new certificate request in a format that some CA's * -asn1-kludge - output new certificate request in a format that some CA's
* require. This format is wrong * require. This format is wrong
...@@ -159,7 +160,7 @@ int MAIN(int argc, char **argv) ...@@ -159,7 +160,7 @@ int MAIN(int argc, char **argv)
long newkey = -1; long newkey = -1;
BIO *in=NULL,*out=NULL; BIO *in=NULL,*out=NULL;
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0; int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
char *engine=NULL; char *engine=NULL;
char *extensions = NULL; char *extensions = NULL;
...@@ -218,6 +219,10 @@ int MAIN(int argc, char **argv) ...@@ -218,6 +219,10 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
keyfile= *(++argv); keyfile= *(++argv);
} }
else if (strcmp(*argv,"-pubkey") == 0)
{
pubkey=1;
}
else if (strcmp(*argv,"-new") == 0) else if (strcmp(*argv,"-new") == 0)
{ {
newreq=1; newreq=1;
...@@ -412,6 +417,7 @@ bad: ...@@ -412,6 +417,7 @@ bad:
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text text form of request\n"); BIO_printf(bio_err," -text text form of request\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -noout do not output REQ\n"); BIO_printf(bio_err," -noout do not output REQ\n");
BIO_printf(bio_err," -verify verify signature on REQ\n"); BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n"); BIO_printf(bio_err," -modulus RSA modulus\n");
...@@ -473,7 +479,8 @@ bad: ...@@ -473,7 +479,8 @@ bad:
{ {
long errline; long errline;
BIO_printf(bio_err,"Using configuration from %s\n",template); if( verbose )
BIO_printf(bio_err,"Using configuration from %s\n",template);
req_conf=NCONF_new(NULL); req_conf=NCONF_new(NULL);
i=NCONF_load(req_conf,template,&errline); i=NCONF_load(req_conf,template,&errline);
if (i == 0) if (i == 0)
...@@ -485,7 +492,8 @@ bad: ...@@ -485,7 +492,8 @@ bad:
else else
{ {
req_conf=config; req_conf=config;
BIO_printf(bio_err,"Using configuration from %s\n", if( verbose )
BIO_printf(bio_err,"Using configuration from %s\n",
default_config_file); default_config_file);
if (req_conf == NULL) if (req_conf == NULL)
{ {
...@@ -922,7 +930,7 @@ loop: ...@@ -922,7 +930,7 @@ loop:
BIO_printf(bio_err,"verify OK\n"); BIO_printf(bio_err,"verify OK\n");
} }
if (noout && !text && !modulus && !subject) if (noout && !text && !modulus && !subject && !pubkey)
{ {
ex=0; ex=0;
goto end; goto end;
...@@ -951,6 +959,20 @@ loop: ...@@ -951,6 +959,20 @@ loop:
} }
} }
if (pubkey)
{
EVP_PKEY *tpubkey;
tpubkey=X509_REQ_get_pubkey(req);
if (tpubkey == NULL)
{
BIO_printf(bio_err,"Error getting public key\n");
ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_PUBKEY(out, tpubkey);
EVP_PKEY_free(tpubkey);
}
if (text) if (text)
{ {
if (x509) if (x509)
...@@ -969,24 +991,25 @@ loop: ...@@ -969,24 +991,25 @@ loop:
if (modulus) if (modulus)
{ {
EVP_PKEY *pubkey; EVP_PKEY *tpubkey;
if (x509) if (x509)
pubkey=X509_get_pubkey(x509ss); tpubkey=X509_get_pubkey(x509ss);
else else
pubkey=X509_REQ_get_pubkey(req); tpubkey=X509_REQ_get_pubkey(req);
if (pubkey == NULL) if (tpubkey == NULL)
{ {
fprintf(stdout,"Modulus=unavailable\n"); fprintf(stdout,"Modulus=unavailable\n");
goto end; goto end;
} }
fprintf(stdout,"Modulus="); fprintf(stdout,"Modulus=");
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
if (pubkey->type == EVP_PKEY_RSA) if (tpubkey->type == EVP_PKEY_RSA)
BN_print(out,pubkey->pkey.rsa->n); BN_print(out,tpubkey->pkey.rsa->n);
else else
#endif #endif
fprintf(stdout,"Wrong Algorithm type"); fprintf(stdout,"Wrong Algorithm type");
EVP_PKEY_free(tpubkey);
fprintf(stdout,"\n"); fprintf(stdout,"\n");
} }
......
...@@ -15,6 +15,7 @@ B<openssl> B<req> ...@@ -15,6 +15,7 @@ B<openssl> B<req>
[B<-out filename>] [B<-out filename>]
[B<-passout arg>] [B<-passout arg>]
[B<-text>] [B<-text>]
[B<-pubkey>]
[B<-noout>] [B<-noout>]
[B<-verify>] [B<-verify>]
[B<-modulus>] [B<-modulus>]
...@@ -87,6 +88,10 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. ...@@ -87,6 +88,10 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
prints out the certificate request in text form. prints out the certificate request in text form.
=item B<-pubkey>
outputs the public key.
=item B<-noout> =item B<-noout>
this option prevents output of the encoded version of the request. this option prevents output of the encoded version of the request.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册