Hi,
here a patch to openssl crl.c to display the crlNumber using option
-crlnumber
--
http://asyd.net/home/ - Home Page
http://guses.org/home/ - French Speaking (Open)Solaris User Group
diff -Nurp openssl-0.9.8g/apps/crl.c openssl-0.9.8g-crlpatch/apps/crl.c
--- openssl-0.9.8g/apps/crl.c 2005-04-05 21:11:18.000000000 +0200
+++ openssl-0.9.8g-crlpatch/apps/crl.c 2007-12-19 12:25:05.359591892 +0100
@@ -89,6 +89,7 @@ static const char *crl_usage[]={
" -CAfile name - verify CRL using certificates in file \"name\"\n",
" -CApath dir - verify CRL using certificates in \"dir\"\n",
" -nameopt arg - various certificate name options\n",
+" -crlnumber - print the crlNumber if exists\n",
NULL
};
@@ -106,7 +107,7 @@ int MAIN(int argc, char **argv)
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL;
- int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+ int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0,crlnumber=0;
int fingerprint = 0;
const char **pp;
X509_STORE *store = NULL;
@@ -211,6 +212,8 @@ int MAIN(int argc, char **argv)
/* ok */
digest=md_alg;
}
+ else if (strcmp(*argv, "-crlnumber") == 0)
+ crlnumber= ++num;
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -324,6 +327,19 @@ bad:
?'\n':':');
}
}
+ if (crlnumber == i)
+ {
+ int index;
+ STACK_OF(X509_EXTENSION) *extensions = x->crl->extensions;
+ for (index = 0; index < sk_X509_EXTENSION_num(extensions) ; index++) {
+ X509_EXTENSION *extension = sk_X509_EXTENSION_value(extensions, index);
+ if (OBJ_obj2nid(extension->object) == NID_crl_number) {
+ BIO_printf(bio_out,"crlNumber=");
+ X509V3_EXT_print(bio_out, extension, NULL, 0);
+ BIO_printf(bio_out, "\n");
+ }
+ }
+ }
}
}
