Hi openssl's people,
I'm currently writing a script to check a PKI. For this purpose, I
wrote a small patch to display the crlNumber directly from the crl's
app:
# openssl crl -in ca.crl -crlnumber -noout
crlNumber=42
I'll happy if the patch can be include in upstream.
Best regards
--
http://asyd.net/home/ - Home Page
http://guses.org/home/ - French Speaking (Open)Solaris User Group
91a92
> " -crlnumber - print CRLnumber if exists\n",
109c110
< int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
---
> int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0,crlnumber=0;
213a215,216
> else if (strcmp(*argv, "-crlnumber") == 0)
> crlnumber= ++num;
329a333,344
> if (crlnumber) {
> int index;
> STACK_OF(X509_EXTENSION) *extensions = x->crl->extensions;
> for (index = 0; index < sk_X509_EXTENSION_num(extensions) ; index++) {
> X509_EXTENSION *extension = sk_X509_EXTENSION_value(extensions, index);
> if (OBJ_obj2nid(extension->object) == NID_crl_number) {
> BIO_printf(bio_out,"crlNumber=");
> X509V3_EXT_print(bio_out, extension, NULL, 0);
> BIO_printf(bio_out, "\n");
> }
> }
> }
