Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
fd4ef699
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
fd4ef699
编写于
6月 19, 2003
作者:
R
Richard Levitte
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Implement CRL numbers.
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644
上级
834ac33a
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
35 addition
and
4 deletion
+35
-4
apps/ca.c
apps/ca.c
+32
-4
apps/openssl.cnf
apps/openssl.cnf
+3
-0
未找到文件。
apps/ca.c
浏览文件 @
fd4ef699
...
...
@@ -122,6 +122,7 @@
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
#define ENV_RANDFILE "RANDFILE"
...
...
@@ -277,6 +278,7 @@ int MAIN(int argc, char **argv)
char
*
outfile
=
NULL
;
char
*
outdir
=
NULL
;
char
*
serialfile
=
NULL
;
char
*
crlnumberfile
=
NULL
;
char
*
extensions
=
NULL
;
char
*
extfile
=
NULL
;
char
*
subj
=
NULL
;
...
...
@@ -285,6 +287,7 @@ int MAIN(int argc, char **argv)
int
rev_type
=
REV_NONE
;
char
*
rev_arg
=
NULL
;
BIGNUM
*
serial
=
NULL
;
BIGNUM
*
crlnumber
=
NULL
;
char
*
startdate
=
NULL
;
char
*
enddate
=
NULL
;
long
days
=
0
;
...
...
@@ -1337,6 +1340,14 @@ bad:
}
}
if
((
crlnumberfile
=
NCONF_get_string
(
conf
,
section
,
ENV_CRLNUMBER
))
!=
NULL
)
if
((
crlnumber
=
load_serial
(
crlnumberfile
,
0
,
NULL
))
==
NULL
)
{
BIO_printf
(
bio_err
,
"error while loading CRL number
\n
"
);
goto
err
;
}
if
(
!
crldays
&&
!
crlhours
)
{
if
(
!
NCONF_get_number
(
conf
,
section
,
...
...
@@ -1418,14 +1429,24 @@ bad:
/* Add any extensions asked for */
if
(
crl_ext
)
if
(
crl_ext
||
crlnumberfile
!=
NULL
)
{
X509V3_CTX
crlctx
;
X509V3_set_ctx
(
&
crlctx
,
x509
,
NULL
,
NULL
,
crl
,
0
);
X509V3_set_nconf
(
&
crlctx
,
conf
);
if
(
!
X509V3_EXT_CRL_add_nconf
(
conf
,
&
crlctx
,
crl_ext
,
crl
))
goto
err
;
if
(
crl_ext
)
if
(
!
X509V3_EXT_CRL_add_nconf
(
conf
,
&
crlctx
,
crl_ext
,
crl
))
goto
err
;
if
(
crlnumberfile
!=
NULL
)
{
tmpser
=
BN_to_ASN1_INTEGER
(
crlnumber
,
NULL
);
if
(
!
tmpser
)
goto
err
;
X509_CRL_add1_ext_i2d
(
crl
,
NID_crl_number
,
tmpser
,
0
,
0
);
ASN1_INTEGER_free
(
tmpser
);
crl_v2
=
1
;
if
(
!
BN_add_word
(
crlnumber
,
1
))
goto
err
;
}
}
if
(
crl_ext
||
crl_v2
)
{
...
...
@@ -1433,9 +1454,17 @@ bad:
goto
err
;
/* version 2 CRL */
}
if
(
crlnumberfile
!=
NULL
)
/* we have a CRL number that need updating */
if
(
!
save_serial
(
crlnumberfile
,
"new"
,
crlnumber
,
NULL
))
goto
err
;
if
(
!
X509_CRL_sign
(
crl
,
pkey
,
dgst
))
goto
err
;
PEM_write_bio_X509_CRL
(
Sout
,
crl
);
if
(
crlnumberfile
!=
NULL
)
/* Rename the crlnumber file */
if
(
!
rotate_serial
(
crlnumberfile
,
"new"
,
"old"
))
goto
err
;
}
/*****************************************************************/
if
(
dorevoke
)
...
...
@@ -3086,4 +3115,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
return
ret
;
}
apps/openssl.cnf
浏览文件 @
fd4ef699
...
...
@@ -44,6 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
...
...
@@ -60,6 +62,7 @@ cert_opt = ca_default # Certificate field options
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录