diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-04 19:35:36 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-04 19:35:36 +0100 |
| commit | 2e8cb108dc88d8b3276757bc95ffa34fdf97c055 (patch) | |
| tree | eaa106a4157d7b5033602dbefca31ff00d1f3784 /apps | |
| parent | make -subj always override config file (diff) | |
| download | openssl-2e8cb108dc88d8b3276757bc95ffa34fdf97c055.tar.xz openssl-2e8cb108dc88d8b3276757bc95ffa34fdf97c055.zip | |
initial support for delta CRL generations by diffing two full CRLs
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/crl.c | 55 |
1 files changed, 53 insertions, 2 deletions
diff --git a/apps/crl.c b/apps/crl.c index 8ee88af46c..745469d1b8 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -104,8 +104,8 @@ int MAIN(int argc, char **argv) char *CAfile = NULL, *CApath = NULL; int ret=1,i,num,badops=0,badsig=0; BIO *out=NULL; - int informat,outformat; - char *infile=NULL,*outfile=NULL; + int informat,outformat, keyformat; + char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int fingerprint = 0, crlnumber = 0; const char **pp; @@ -140,6 +140,7 @@ int MAIN(int argc, char **argv) informat=FORMAT_PEM; outformat=FORMAT_PEM; + keyformat=FORMAT_PEM; argc--; argv++; @@ -168,6 +169,21 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; infile= *(++argv); } + else if (strcmp(*argv,"-gendelta") == 0) + { + if (--argc < 1) goto bad; + crldiff= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + keyformat=str2fmt(*(++argv)); + } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; @@ -277,6 +293,39 @@ bad: else BIO_printf(bio_err, "verify OK\n"); } + if (crldiff) + { + X509_CRL *newcrl, *delta; + if (!keyfile) + { + BIO_puts(bio_err, "Missing CRL signing key\n"); + goto end; + } + newcrl = load_crl(crldiff,informat); + if (!newcrl) + goto end; + pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL, + "CRL signing key"); + if (!pkey) + { + X509_CRL_free(newcrl); + goto end; + } + delta = X509_CRL_diff(x, newcrl, pkey, digest, 0); + X509_CRL_free(newcrl); + EVP_PKEY_free(pkey); + if (delta) + { + X509_CRL_free(x); + x = delta; + } + else + { + BIO_puts(bio_err, "Error creating delta CRL\n"); + goto end; + } + } + if (num) { for (i=1; i<=num; i++) @@ -394,6 +443,8 @@ bad: if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } ret=0; end: + if (ret != 0) + ERR_print_errors(bio_err); BIO_free_all(out); BIO_free_all(bio_out); bio_out=NULL; |