From de2d97cd799f38024d70847bab37d91aa5a2536e Mon Sep 17 00:00:00 2001 From: Tim Hudson Date: Thu, 3 Apr 2014 13:23:51 +0100 Subject: [PATCH] Add option to generate old hash format. New -hash_old to generate CRL hashes using old (before OpenSSL 1.0.0) algorithm. --- apps/crl.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/apps/crl.c b/apps/crl.c index 745469d1b8..f1c49f3d64 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -81,6 +81,9 @@ static const char *crl_usage[]={ " -in arg - input file - default stdin\n", " -out arg - output file - default stdout\n", " -hash - print hash value\n", +#ifndef OPENSSL_NO_MD5 +" -hash_old - print old-style (MD5) hash value\n", +#endif " -fingerprint - print the crl fingerprint\n", " -issuer - print issuer DN\n", " -lastupdate - lastUpdate field\n", @@ -107,6 +110,9 @@ int MAIN(int argc, char **argv) int informat,outformat, keyformat; char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; +#ifndef OPENSSL_NO_MD5 + int hash_old=0; +#endif int fingerprint = 0, crlnumber = 0; const char **pp; X509_STORE *store = NULL; @@ -207,6 +213,10 @@ int MAIN(int argc, char **argv) text = 1; else if (strcmp(*argv,"-hash") == 0) hash= ++num; +#ifndef OPENSSL_NO_MD5 + else if (strcmp(*argv,"-hash_old") == 0) + hash_old= ++num; +#endif else if (strcmp(*argv,"-nameopt") == 0) { if (--argc < 1) goto bad; @@ -354,6 +364,14 @@ bad: BIO_printf(bio_out,"%08lx\n", X509_NAME_hash(X509_CRL_get_issuer(x))); } +#ifndef OPENSSL_NO_MD5 + if (hash_old == i) + { + BIO_printf(bio_out,"%08lx\n", + X509_NAME_hash_old( + X509_CRL_get_issuer(x))); + } +#endif if (lastupdate == i) { BIO_printf(bio_out,"lastUpdate="); -- GitLab