Hello, I am using OpenSSL command line tool (openssl) to create my own certificate authority (CA), that is able to issue and revoke certificates.
Recently I have found out that "openssl ca" can perform multiple actions at a time, e.g. revoke a certificate and generate a CRL at one call. This seems very useful, as my CA private key is protected with a passphrase and I don't want to enter it twice - one time for each operation. Unfortunately, "openssl ca" would always do "-gencrl" first and "revoke" after that, thus generating a CRL before a certificate was revoked. So, as the certificate I intend to revoke does not get into the CRL, I have to split the operation in two parts and type the pass phrase twice, which is unconvenient. I investigated the code of /openssl/apps/ca.c and found that inside the code "gencrl" precedes "dorevoke". The sections do not seem to overlap in parameters, so I think it is safe to make "dorevoke" precede "gencrl" I have created a patch to resolve this issue. Please let me know if the patch was useful. Regards, Alexey
bin3LLjaYF2h8.bin
Description:
