Fix for 157996 - add support for SEC_NewCrl browser emulation mode in crlutil
authorjpierre%netscape.com
Wed, 17 Jul 2002 22:22:26 +0000
changeset 3330 c091c70e17d74ef476fada923c2b8af08b1e4315
parent 3329 76aa2ea14ad43936cde3d2ff946e06e33d3974cd
child 3331 b217d22169aa9bf3348d087521c2a20990306b30
push idunknown
push userunknown
push dateunknown
bugs157996
Fix for 157996 - add support for SEC_NewCrl browser emulation mode in crlutil
security/nss/cmd/crlutil/crlutil.c
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -168,34 +168,38 @@ static SECStatus DeleteCRL (CERTCertDBHa
 		(progName, "fail to delete the issuer %s's CRL from the perm dbase (reason: %s)",
 		 name, SECU_Strerror(PORT_GetError()));
 	return SECFailure;
     }
     return (rv);
 }
 
 SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, 
-                     PRFileDesc *inFile)
+                     PRFileDesc *inFile, PRBool bypassChecks)
 {
     CERTCertificate *cert = NULL;
     CERTSignedCrl *crl = NULL;
     SECItem crlDER;
     int rv;
 
     crlDER.data = NULL;
 
 
     /* Read in the entire file specified with the -f argument */
 	rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
     if (rv != SECSuccess) {
 	SECU_PrintError(progName, "unable to read input file");
 	return (SECFailure);
     }
     
-    crl = CERT_ImportCRL (certHandle, &crlDER, url, type, NULL);
+    if (PR_FALSE == bypassChecks) {
+        crl = CERT_ImportCRL (certHandle, &crlDER, url, type, NULL);
+    } else {
+        crl = SEC_NewCrl (certHandle, url, &crlDER, type);
+    }
     if (!crl) {
 	const char *errString;
 
 	errString = SECU_Strerror(PORT_GetError());
 	if ( errString && PORT_Strlen (errString) == 0)
 	    SECU_PrintError
 		    (progName, "CRL is not import (error: input CRL is not up to date.)");
 	else    
@@ -208,17 +212,17 @@ SECStatus ImportCRL (CERTCertDBHandle *c
 }
 	    
 
 static void Usage(char *progName)
 {
     fprintf(stderr,
 	    "Usage:  %s -L [-n nickname[ [-d keydir] [-t crlType]\n"
 	    "        %s -D -n nickname [-d keydir]\n"
-	    "        %s -I -i crl -t crlType [-u url] [-d keydir]\n",
+	    "        %s -I -i crl -t crlType [-u url] [-d keydir] [-B]\n",
 	    progName, progName, progName);
 
     fprintf (stderr, "%-15s List CRL\n", "-L");
     fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
 	    "-n nickname");
     fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
 	    "-d keydir");
    
@@ -231,16 +235,17 @@ static void Usage(char *progName)
     fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
 	    "-i crl");
     fprintf(stderr, "%-20s Specify the url.\n", "-u url");
     fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
 
     fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " ");
     fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
     fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");        
+    fprintf(stderr, "\n%-20s Bypass CA certificate checks (browser emulation).\n", "-B");
 
     exit(-1);
 }
 
 int main(int argc, char **argv)
 {
     SECItem privKeyDER;
     CERTCertDBHandle *certHandle;
@@ -252,38 +257,43 @@ int main(int argc, char **argv)
     int deleteCRL;
     int rv;
     char *nickName;
     char *url;
     int crlType;
     PLOptState *optstate;
     PLOptStatus status;
     SECStatus secstatus;
+    PRBool bypassChecks = PR_FALSE;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
 
     rv = 0;
     deleteCRL = importCRL = listCRL = 0;
     certFile = NULL;
     inFile = NULL;
     nickName = url = NULL;
     privKeyDER.data = NULL;
     certHandle = NULL;
     crlType = SEC_CRL_TYPE;
     /*
      * Parse command line arguments
      */
-    optstate = PL_CreateOptState(argc, argv, "IALd:i:Dn:Ct:u:");
+    optstate = PL_CreateOptState(argc, argv, "BIALd:i:Dn:Ct:u:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
 	    Usage(progName);
 	    break;
 
+	  case 'B':
+            bypassChecks = PR_TRUE;
+            break;
+
 	  case 'C':
 	      listCRL = 1;
 	      break;
 
 	  case 'D':
 	      deleteCRL = 1;
 	      break;
 
@@ -348,12 +358,12 @@ int main(int argc, char **argv)
     }
 
     /* Read in the private key info */
     if (deleteCRL) 
 	DeleteCRL (certHandle, nickName, crlType);
     else if (listCRL)
 	ListCRL (certHandle, nickName, crlType);
     else if (importCRL) 
-	rv = ImportCRL (certHandle, url, crlType, inFile);
+	rv = ImportCRL (certHandle, url, crlType, inFile, bypassChecks);
     
     return (rv);
 }