--- crypto$res:[ossl.src.openssl-0_9_7d.apps]apps.c	Sun Mar  7 21:53:45 2004
+++ crypto$res:[ossl.build_0216_alpha_32.apps]apps.c	Tue Jun  1 13:31:58 2004
@@ -1721,23 +1721,11 @@
 		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
 		if (p)
 			{
+#ifdef RL_DEBUG
 			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-			switch(*p)
-				{
-			case 'f': /* false */
-			case 'F': /* FALSE */
-			case 'n': /* no */
-			case 'N': /* NO */
-				retdb->attributes.unique_subject = 0;
-				break;
-			case 't': /* true */
-			case 'T': /* TRUE */
-			case 'y': /* yes */
-			case 'Y': /* YES */
-			default:
-				retdb->attributes.unique_subject = 1;
-				break;
-				}
+#endif			
+			retdb->attributes.unique_subject = parse_yesno(p,1);
+
 			}
 		}
 
@@ -1970,6 +1958,39 @@
 
 void free_index(CA_DB *db)
 	{
-	TXT_DB_free(db->db);
-	OPENSSL_free(db);
+	if (db)
+	    {
+	    if (db->db) TXT_DB_free(db->db);
+	    OPENSSL_free(db);
+	    }
 	}
+
+int parse_yesno(char *str, int def)
+{
+int ret = def;
+	if (str)
+    	{
+    	 	switch (*str)
+     		{
+    		case 'f': /* false */
+    		case 'F': /* FALSE */
+    		case 'n': /* no */
+    		case 'N': /* NO */
+    		case '0': /* 0 */
+     		ret = 0;
+     		break;
+    		case 't': /* true */
+    		case 'T': /* TRUE */
+    		case 'y': /* yes */
+    		case 'Y': /* YES */
+    		case '1': /* 1 */
+     		ret = 1;
+     		break;
+    		default:
+     		ret = def;
+     		break;
+     		}
+   	}
+return ret;
+} /* End - Routine parse_yesno */
+
 
USERE:[GREANEY]APPS_H.DIFF;1
 
--- crypto$res:[ossl.src.openssl-0_9_7d.apps]apps.h	Sun Mar  7 21:53:46 2004
+++ crypto$res:[ossl.build_0216_alpha_32.apps]apps.h	Tue Jun  1 13:31:58 2004
@@ -319,7 +319,7 @@
 int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
 void free_index(CA_DB *db);
 int index_name_cmp(const char **a, const char **b);
-
+int parse_yesno(char *str, int def);
 X509_NAME *do_subject(char *str, long chtype);
 
 #define FORMAT_UNDEF    0
 
USERE:[GREANEY]CA_C.DIFF;1
 
--- crypto$res:[ossl.src.openssl-0_9_7d.apps]ca.c	Mon Mar  8 08:07:07 2004
+++ crypto$res:[ossl.build_0216_alpha_32.apps]ca.c	Tue Jun  1 13:31:58 2004
@@ -234,6 +234,7 @@
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, char *str);
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
+
 static CONF *conf=NULL;
 static CONF *extconf=NULL;
 static char *section=NULL;
@@ -243,7 +244,7 @@
 
 
 int MAIN(int, char **);
-
+
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
@@ -325,6 +326,10 @@
 EF_ALIGNMENT=0;
 #endif
 
+#ifdef OPENSSL_SYS_VMS
+	stat_t fileStats;	/* For .CRT file stat of bytes */
+#endif
+
 	apps_startup();
 
 	conf = NULL;
@@ -649,27 +654,21 @@
 #ifdef RL_DEBUG
 		BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
 #endif
-		switch(*p)
-			{
-		case 'f': /* false */
-		case 'F': /* FALSE */
-		case 'n': /* no */
-		case 'N': /* NO */
-			db_attr.unique_subject = 0;
-			break;
-		case 't': /* true */
-		case 'T': /* TRUE */
-		case 'y': /* yes */
-		case 'Y': /* YES */
-		default:
-			db_attr.unique_subject = 1;
-			break;
-			}
+		db_attr.unique_subject = parse_yesno(p,1);
 		}
-#ifdef RL_DEBUG
 	else
-		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
-#endif
+		ERR_clear_error();
+
+	if ( verbose ) 
+	{
+		if (!p)
+			BIO_printf(bio_err, "Note: check configuration file for changes, unique_subject undefined, default = %d\n", db_attr.unique_subject );
+		else
+			{
+			BIO_printf(bio_err, "unique_subject = %s\n", p);
+			BIO_printf(bio_err, "db_attr.unique_subject = %d\n", db_attr.unique_subject );
+			}
+	}
 #ifdef RL_DEBUG
 	BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
 		db_attr.unique_subject);
@@ -1495,6 +1494,31 @@
 	BIO_free_all(out);
 	BIO_free_all(in);
 
+#ifdef OPENSSL_SYS_VMS
+	if ( req && outfile != 0 && ( stat( outfile , &fileStats ) == 0) )
+		{
+                if ( fileStats.st_size == 0 )    /* off_t File size, in bytes */
+         	        {
+			if ( verbose )
+				{
+				BIO_printf( bio_err ,"Removing File %s \n", outfile );
+				}
+
+			/* 
+			**	Then remove the unwanted, empty file 
+			*/
+
+			if (remove( outfile ) == 0 )
+				{
+				if ( verbose )
+					{
+		    			BIO_printf( bio_err ,"File %s Removed \n", outfile );
+					}
+			    	}
+			}
+        	}
+#endif /* End - OPENSSL_SYS_VMS */
+
 	if (cert_sk)
 		sk_X509_pop_free(cert_sk,X509_free);
 
@@ -1633,7 +1657,7 @@
 	if (req != NULL) X509_free(req);
 	return(ok);
 	}
-
+
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	     STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
 	     int email_dn, char *startdate, char *enddate, long days, int batch,
@@ -1852,9 +1876,6 @@
 		if (subject == NULL) goto err;
 		}
 
-	if (verbose)
-		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
-
 	/* Build the correct Subject if no e-mail is wanted in the subject */
 	/* and add it later on because of the method extensions are added (altName) */
 	 
@@ -1879,6 +1900,11 @@
 			X509_NAME_ENTRY_free(tmpne);
 			}
 		}
+
+/* ++ Paul M. ++ */
+
+	if (verbose)
+		BIO_printf(bio_err,"The subject name appears to be ok, creating X509 certificate data\n");
 
 	if (BN_is_zero(serial))
 		row[DB_serial]=BUF_strdup("00");
@@ -1889,61 +1915,8 @@
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
 		}
-
-	if (db->attributes.unique_subject)
-		{
-		rrow=TXT_DB_get_by_index(db->db,DB_name,row);
-		if (rrow != NULL)
-			{
-			BIO_printf(bio_err,
-				"ERROR:There is already a certificate for %s\n",
-				row[DB_name]);
-			}
-		}
-	if (rrow == NULL)
-		{
-		rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
-		if (rrow != NULL)
-			{
-			BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
-				row[DB_serial]);
-			BIO_printf(bio_err,"      check the database/serial_file for corruption\n");
-			}
-		}
-
-	if (rrow != NULL)
-		{
-		BIO_printf(bio_err,
-			"The matching entry has the following details\n");
-		if (rrow[DB_type][0] == 'E')
-			p="Expired";
-		else if (rrow[DB_type][0] == 'R')
-			p="Revoked";
-		else if (rrow[DB_type][0] == 'V')
-			p="Valid";
-		else
-			p="\ninvalid type, Data base error\n";
-		BIO_printf(bio_err,"Type	  :%s\n",p);;
-		if (rrow[DB_type][0] == 'R')
-			{
-			p=rrow[DB_exp_date]; if (p == NULL) p="undef";
-			BIO_printf(bio_err,"Was revoked on:%s\n",p);
-			}
-		p=rrow[DB_exp_date]; if (p == NULL) p="undef";
-		BIO_printf(bio_err,"Expires on    :%s\n",p);
-		p=rrow[DB_serial]; if (p == NULL) p="undef";
-		BIO_printf(bio_err,"Serial Number :%s\n",p);
-		p=rrow[DB_file]; if (p == NULL) p="undef";
-		BIO_printf(bio_err,"File name     :%s\n",p);
-		p=rrow[DB_name]; if (p == NULL) p="undef";
-		BIO_printf(bio_err,"Subject Name  :%s\n",p);
-		ok= -1; /* This is now a 'bad' error. */
-		goto err;
-		}
-
-	/* We are now totally happy, lets make and sign the certificate */
-	if (verbose)
-		BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
+
+/* End -- Paul M. -- */
 
 	if ((ret=X509_new()) == NULL) goto err;
 	ci=ret->cert_info;
@@ -2113,6 +2086,71 @@
 	row[DB_type][0]='V';
 	row[DB_type][1]='\0';
 
+
+/* ++ Paul M. ++ */
+
+	if (verbose)
+		BIO_printf(bio_err,"X509 certificate fields seem ok, checking data base for unique subject clashes\n");
+
+	if (db->attributes.unique_subject)	/* Search Db for name */
+		{
+		rrow=TXT_DB_get_by_index(db->db,DB_name,row);
+		if (rrow != NULL)
+			{
+			BIO_printf(bio_err,
+				"ERROR:There is already a certificate for %s\n",
+				row[DB_name]);
+			}
+		}
+	if (rrow == NULL)			/* Search Db for serial number */
+		{
+		rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+		if (rrow != NULL)
+			{
+			BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
+				row[DB_serial]);
+			BIO_printf(bio_err,"      check the database/serial_file for corruption\n");
+			}
+		}
+
+	if (rrow != NULL)
+		{
+		BIO_printf(bio_err,
+			"The matching entry has the following details\n");
+		if (rrow[DB_type][0] == 'E')
+			p="Expired";
+		else if (rrow[DB_type][0] == 'R')
+			p="Revoked";
+		else if (rrow[DB_type][0] == 'V')
+			p="Valid";
+		else
+			p="\ninvalid type, Data base error\n";
+		BIO_printf(bio_err,"Type	  :%s\n",p);;
+		if (rrow[DB_type][0] == 'R')
+			{
+			p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+			BIO_printf(bio_err,"Was revoked on:%s\n",p);
+			}
+		p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+		BIO_printf(bio_err,"Expires on    :%s\n",p);
+		p=rrow[DB_serial]; if (p == NULL) p="undef";
+		BIO_printf(bio_err,"Serial Number :%s\n",p);
+		p=rrow[DB_file]; if (p == NULL) p="undef";
+		BIO_printf(bio_err,"File name     :%s\n",p);
+		p=rrow[DB_name]; if (p == NULL) p="undef";
+		BIO_printf(bio_err,"Subject Name  :%s\n",p);
+		ok= -1; /* This is now a 'bad' error. */
+		goto err;
+		}
+
+	/* We are now totally happy, lets make and sign the certificate */
+	if (verbose)
+		BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
+
+/* End -- Paul M. -- */
+
+
+
 	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
@@ -3078,3 +3116,4 @@
 
 	return ret;
 	}
+