int OCSPD_load_crl ( CA_LIST_ENTRY *ca, OCSPD_CONFIG *conf ) { int ret = 0; if( !ca ) return PKI_ERR; if( !ca->crl_url ) { PKI_log_err ("CRL URL is empty (%s)!", ca->ca_id ); return PKI_ERR; } if ( ca->crl ) PKI_X509_CRL_free ( ca->crl ); if (( ca->crl = PKI_X509_CRL_get_url ( ca->crl_url, NULL, NULL )) == NULL ) { PKI_log_err ("Failed loading CRL for %s", ca->ca_id ); return PKI_ERR; } /* Let's check the CRL against the CA certificate */ if( (ret = check_crl( ca->crl, ca->ca_cert, conf )) < 1 ) { PKI_log_err( "CRL/CA check error [ %s:%d ]", ca->ca_id, ret ); return PKI_ERR; } /* Now we copy the lastUpdate and nextUpdate fields */ if( ca->crl ) { ca->lastUpdate = PKI_TIME_dup( PKI_X509_CRL_get_data (ca->crl, PKI_X509_DATA_LASTUPDATE)); ca->nextUpdate = PKI_TIME_dup ( PKI_X509_CRL_get_data (ca->crl, PKI_X509_DATA_NEXTUPDATE )); } if((ca->crl_status = check_crl_validity(ca, conf )) == CRL_OK ) { if(conf->verbose) PKI_log( PKI_LOG_INFO, "CRL for %s is Valid", ca->ca_id ); } else { PKI_log_err ( "CRL for %s has ERRORS (%d)", ca->ca_id, ca->crl_status ); } /* Let's get the CRLs entries, if any */ if( ocspd_build_crl_entries_list ( ca, ca->crl ) == NULL ) { PKI_log(PKI_LOG_ALWAYS, "No CRL Entries for %s", ca->ca_id ); }; if(conf->verbose) PKI_log( PKI_LOG_ALWAYS, "CRL loaded for %s", ca->ca_id ); return PKI_OK; }
int PKI_X509_PKCS7_VALUE_print_bio ( PKI_IO *bio, PKI_X509_PKCS7_VALUE *p7val ) { int type; int i,j; int cert_num = -1; int crl_num = -1; int signers_num = -1; char *tmp_str = NULL; PKI_X509_PKCS7 *msg = NULL; PKCS7_SIGNER_INFO *si = NULL; PKI_X509_CERT *cert = NULL; PKI_DIGEST *digest = NULL; PKI_MEM *mem = NULL; if (!bio || !p7val ) return PKI_ERR; if (( msg = PKI_X509_new_dup_value ( PKI_DATATYPE_X509_PKCS7, p7val, NULL )) == NULL ) { return PKI_ERR; } type = PKI_X509_PKCS7_get_type ( msg ); BIO_printf( bio, "PKCS#7 Message:\r\n" ); BIO_printf( bio, " Message Type:\r\n " ); switch ( type ) { case PKI_X509_PKCS7_TYPE_ENCRYPTED: BIO_printf( bio, "Encrypted\r\n" ); break; case PKI_X509_PKCS7_TYPE_SIGNED: BIO_printf( bio, "Signed\r\n" ); break; case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: BIO_printf( bio, "Signed and Encrypted\r\n" ); break; default: BIO_printf( bio, "Unknown (%d)\r\n", type ); break; } BIO_printf( bio, " Message Data:\r\n"); if (( mem = PKI_X509_PKCS7_get_raw_data ( msg )) == NULL ) { BIO_printf( bio, " None.\r\n"); } else { int msg_type = 0; BIO_printf( bio, " Size=%u bytes\r\n", (unsigned int) mem->size ); msg_type = PKI_X509_PKCS7_get_type ( msg ); if ( msg_type == PKI_X509_PKCS7_TYPE_ENCRYPTED || msg_type == PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED){ BIO_printf( bio, " Encrypted=yes\r\n"); BIO_printf( bio, " Algorithm=%s\r\n", PKI_ALGOR_get_parsed ( PKI_X509_PKCS7_get_encode_alg ( msg ))); } else { BIO_printf( bio, " Encrypted=no\r\n"); } PKI_MEM_free ( mem ); } i = 0; if (( si = PKI_X509_PKCS7_get_signer_info ( msg, i )) == NULL ) { BIO_printf(bio, " Signature Info:\r\n" ); BIO_printf(bio, " No Signature found.\r\n" ); } // Print the Signer Info BIO_printf( bio, " Signer Info:\r\n"); signers_num = PKI_X509_PKCS7_get_signers_num ( msg ); for ( i = 0; i < signers_num; i++ ) { PKCS7_ISSUER_AND_SERIAL *ias = NULL; BIO_printf ( bio, " [%d of %d] Signer Details:\r\n", i+1, signers_num ); if (( si = PKI_X509_PKCS7_get_signer_info ( msg, i )) == NULL ) break; if((ias = si->issuer_and_serial) == NULL ) { BIO_printf ( bio, " " "ERROR::Missing Info!\r\n"); } else { tmp_str = PKI_INTEGER_get_parsed ( ias->serial ); BIO_printf ( bio, " Serial=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_NAME_get_parsed ( ias->issuer ); BIO_printf ( bio, " Issuer=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); } if ( si->digest_enc_alg ) { BIO_printf( bio, " " "Encryption Algoritm=%s\r\n", PKI_ALGOR_get_parsed ( si->digest_enc_alg )); } if ( si->digest_alg ) { BIO_printf( bio, " Digest Algorithm=%s\r\n", PKI_ALGOR_get_parsed ( si->digest_alg )); } BIO_printf( bio, " Signed Attributes:\r\n"); if ( si->auth_attr ) { PKI_X509_ATTRIBUTE *a = NULL; int attr_num = 0; char * tmp_str = NULL; for ( attr_num = 0; attr_num < PKI_STACK_X509_ATTRIBUTE_elements ( si->auth_attr ); attr_num++ ) { a = PKI_STACK_X509_ATTRIBUTE_get_num ( si->auth_attr, attr_num ); if ( PKI_OID_get_id ( a->object ) == NID_pkcs9_messageDigest ) { tmp_str = PKI_X509_ATTRIBUTE_get_parsed ( a ); BIO_printf( bio, " " "Message Digest:"); for ( j=0; j < strlen(tmp_str); j++ ) { if ( ( j % 60 ) == 0 ) { BIO_printf (bio, "\r\n "); } BIO_printf(bio,"%c",tmp_str[j]); } BIO_printf( bio, "\r\n"); // PKI_Free ( tmp_str ); } else { BIO_printf( bio, " %s=", PKI_X509_ATTRIBUTE_get_descr ( a ) ); tmp_str= PKI_X509_ATTRIBUTE_get_parsed(a); BIO_printf( bio, "%s\r\n", tmp_str ); PKI_Free ( tmp_str ); } } } else { BIO_printf( bio, " None.\r\n"); } BIO_printf( bio," Non Signed Attributes:\r\n"); if ( si->unauth_attr ) { PKI_X509_ATTRIBUTE *a = NULL; int attr_num = 0; char * tmp_str = NULL; for ( attr_num = 0; attr_num < PKI_STACK_X509_ATTRIBUTE_elements ( si->auth_attr ); attr_num++ ) { a = PKI_STACK_X509_ATTRIBUTE_get_num ( si->auth_attr, attr_num ); BIO_printf( bio, " %s=", PKI_X509_ATTRIBUTE_get_descr ( a ) ); tmp_str = PKI_X509_ATTRIBUTE_get_parsed ( a ); BIO_printf( bio, "%s\r\n", tmp_str ); PKI_Free ( tmp_str ); } BIO_printf( bio, "\r\n"); } else { BIO_printf( bio, " None.\r\n"); } } BIO_printf( bio, "\r\n Recipients Info:\r\n"); if( PKI_X509_PKCS7_has_recipients ( msg ) == PKI_ERR ) { BIO_printf( bio, " No Recipients\r\n"); } else { int rec_num = 0; PKI_X509_CERT *rec = NULL; rec_num = PKI_X509_PKCS7_get_recipients_num ( msg ); for ( i=0; i < rec_num; i++ ) { rec = PKI_X509_PKCS7_get_recipient_cert ( msg, i ); if ( !rec ) { PKCS7_RECIP_INFO *ri = NULL; PKCS7_ISSUER_AND_SERIAL *ias = NULL; BIO_printf( bio, " " "[%d of %d] Recipient Details:\r\n", i+1, rec_num ); ri = PKI_X509_PKCS7_get_recipient_info ( msg,i); if (!ri) { BIO_printf(bio," <ERROR>"); continue; } if((ias = ri->issuer_and_serial) != NULL ) { tmp_str = PKI_INTEGER_get_parsed ( ias->serial ); BIO_printf( bio, " " "Serial=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_NAME_get_parsed ( ias->issuer ); BIO_printf( bio, " " "Issuer=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); BIO_printf( bio, " " "Key Encoding Algorithm=%s\r\n", PKI_ALGOR_get_parsed ( ri->key_enc_algor )); } } else { BIO_printf( bio, " " "[%d] Recipient Certificate:\r\n", i ); tmp_str = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_SUBJECT ); BIO_printf( bio, " " "Subject=%s\r\n", tmp_str); PKI_Free ( tmp_str ); } } } /* Now Let's Check the CRLs */ BIO_printf(bio, "\r\n Certificates:\r\n"); if ((cert_num = PKI_X509_PKCS7_get_certs_num ( msg )) > 0 ) { PKI_X509_CERT * cert = NULL; for (i = 0; i < cert_num; i++ ) { BIO_printf( bio, " [%d of %d] Certificate:\r\n", i+1, cert_num); if((cert = PKI_X509_PKCS7_get_cert ( msg, i )) == NULL ) { BIO_printf( bio, " Error.\r\n"); continue; }; tmp_str = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_SERIAL ); BIO_printf( bio, " Serial=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_ISSUER ); BIO_printf( bio, " Issuer=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_SUBJECT ); BIO_printf( bio, " Subject=%s\r\n", tmp_str); PKI_Free ( tmp_str ); digest = PKI_X509_CERT_fingerprint( cert, PKI_DIGEST_ALG_DEFAULT ); tmp_str = PKI_DIGEST_get_parsed ( digest ); BIO_printf( bio, " Fingerprint [%s]:", PKI_DIGEST_ALG_get_parsed ( PKI_DIGEST_ALG_DEFAULT )); for ( j=0; j < strlen(tmp_str); j++ ) { if ( ( j % 60 ) == 0 ) { BIO_printf (bio,"\r\n "); } BIO_printf( bio, "%c", tmp_str[j] ); } BIO_printf( bio, "\r\n"); PKI_DIGEST_free ( digest ); PKI_Free ( tmp_str ); PKI_X509_CERT_free ( cert ); // X509_signature_print(bp, // br->signatureAlgorithm, br->signature); } } else { BIO_printf( bio, " None.\r\n"); } BIO_printf(bio, "\r\n Certificate Revocation Lists:\r\n"); if((crl_num = PKI_X509_PKCS7_get_crls_num ( msg )) > 0 ) { PKI_X509_CRL * crl = NULL; for ( i = 0; i < crl_num; i++ ) { BIO_printf( bio, " [%d of %d] CRL Details:\r\n", i+1, crl_num ); if(( crl = PKI_X509_PKCS7_get_crl ( msg, i )) == NULL ) { BIO_printf(bio," ERROR::Missing Data\r\n"); continue; } tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_VERSION); BIO_printf( bio, " Version=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); // tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_SERIAL); // BIO_printf( bio, " Serial=%s\r\n", tmp_str ); // PKI_Free ( tmp_str ); tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_ISSUER); BIO_printf( bio, " Issuer=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CRL_get_parsed(crl, PKI_X509_DATA_ALGORITHM); BIO_printf( bio, " Algorithm=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CRL_get_parsed(crl, PKI_X509_DATA_NOTBEFORE); BIO_printf( bio, " Not Before=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CRL_get_parsed(crl, PKI_X509_DATA_NOTAFTER); BIO_printf( bio, " Not After=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); PKI_X509_CRL_free ( crl ); } } else { BIO_printf( bio, " None.\r\n"); } BIO_printf(bio, "\r\n"); return PKI_OK; }
int main (int argc, char *argv[] ) { PKI_TOKEN *tk = NULL; PKI_X509_PROFILE *prof = NULL; // PKI_OID *oid = NULL; PKI_X509_CRL *crl = NULL; PKI_X509_CRL_ENTRY *entry = NULL; PKI_X509_CRL_ENTRY_STACK *sk = NULL; printf("\n\nlibpki Test - Massimiliano Pala <*****@*****.**>\n"); printf("(c) 2006 by Massimiliano Pala and OpenCA Project\n"); printf("OpenCA Licensed Software\n\n"); if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_NOTICE, NULL, PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) { exit(1); } if((tk = PKI_TOKEN_new_null()) == NULL ) { printf("ERROR, can not allocate token!\n\n"); exit(1); } if(( PKI_TOKEN_init( tk, "etc" , "Default" )) == PKI_ERR) { printf("ERROR, can not configure token!\n\n"); exit(1); } if((PKI_TOKEN_set_algor ( tk, PKI_ALGOR_RSA_SHA256 )) == PKI_ERR ) { printf("ERROR, can not set the RSA crypto scheme!\n"); return (0); } if((PKI_TOKEN_new_keypair ( tk, 1024, NULL )) == PKI_ERR) { printf("ERROR, can not generate new keypair!\n"); return (0); } printf("* Self Signing certificate .... "); if((PKI_TOKEN_self_sign( tk, NULL, "23429", 24*3600, "User" )) == PKI_ERR ) { printf("ERROR, can not self sign certificate!\n"); return(0); } printf("Generating a new CRL ENTRY ... "); if((entry = PKI_X509_CRL_ENTRY_new_serial ( "12345678", CRL_REASON_KEY_COMPROMISE, NULL, NULL )) == NULL ) { printf("ERROR!\n"); exit(1); } printf("Ok\n"); sk = PKI_STACK_X509_CRL_ENTRY_new(); PKI_STACK_X509_CRL_ENTRY_push( sk, entry ); printf("Generating new CRL ... "); if((crl = PKI_TOKEN_issue_crl (tk, "3", PKI_VALIDITY_ONE_WEEK, sk, "crl")) == NULL ) { printf("ERROR, can not generate new CRL!\n"); exit(1); } printf("Ok\n"); if( tk ) PKI_TOKEN_free ( tk ); if( prof ) PKI_X509_PROFILE_free ( prof ); if( crl ) PKI_X509_CRL_free ( crl ); PKI_log_end(); printf("\n\n[ Test Ended Succesfully ]\n\n"); return (0); }
PKI_X509_CRL *PKI_X509_CRL_new(const PKI_X509_KEYPAIR *k, const PKI_X509_CERT *cert, const char * crlNumber_s, unsigned long validity, const PKI_X509_CRL_ENTRY_STACK *sk, const PKI_X509_PROFILE *profile, const PKI_CONFIG *oids, HSM *hsm) { PKI_X509_CRL *ret = NULL; PKI_X509_CRL_VALUE *val = NULL; ASN1_INTEGER *crlNumber = NULL; ASN1_TIME *time = NULL; int rv = PKI_OK; int i = 0; char * tmp_s = NULL; PKI_X509_CRL_ENTRY *entry = NULL; PKI_DIGEST_ALG *dgst = NULL; long long lastUpdateVal = 0; long long nextUpdateVal = 0; /* Checks for the Key and its internal value */ if( !k || !k->value ) return NULL; /* checks for the certificate and its internal value */ if( !cert || !cert->value ) return ( NULL ); if(( ret = PKI_X509_CRL_new_null()) == NULL ) { PKI_ERROR(PKI_ERR_OBJECT_CREATE, NULL); goto err; } /* Alloc memory structure for the Certificate */ if((ret->value = ret->cb->create()) == NULL ) { PKI_ERROR(PKI_ERR_OBJECT_CREATE, NULL); goto err; } val = ret->value; if ( !crlNumber_s && profile ) { if(( tmp_s = PKI_CONFIG_get_value( profile, "/profile/crlNumber")) != NULL ) { crlNumber = PKI_INTEGER_new_char ( tmp_s ); PKI_Free ( tmp_s ); }; } else if ( crlNumber_s ) { crlNumber = PKI_INTEGER_new_char( crlNumber_s ); // Let's add the CRLSerial extension X509_CRL_add1_ext_i2d(val, NID_crl_number, crlNumber, 0, 0); }; /* Set the start date (notBefore) */ if (profile) { int years = 0; int days = 0; int hours = 0; int mins = 0; int secs = 0; if(( tmp_s = PKI_CONFIG_get_value( profile, "/profile/notBefore/years")) != NULL ) { years = atoi( tmp_s ); PKI_Free ( tmp_s ); }; if(( tmp_s = PKI_CONFIG_get_value( profile, "/profile/notBefore/days")) != NULL ) { days = atoi( tmp_s ); PKI_Free ( tmp_s ); }; if(( tmp_s = PKI_CONFIG_get_value( profile, "/profile/notBefore/hours")) != NULL ) { hours = atoi( tmp_s ); PKI_Free ( tmp_s ); }; if(( tmp_s = PKI_CONFIG_get_value( profile, "/profile/notBefore/minutes")) != NULL ) { mins = atoi( tmp_s ); PKI_Free ( tmp_s ); }; if(( tmp_s = PKI_CONFIG_get_value( profile, "/profile/notBefore/minutes")) != NULL ) { secs = atoi( tmp_s ); PKI_Free ( tmp_s ); }; lastUpdateVal = secs + ( mins * 60 ) + ( hours * 3600 ) + ( days * 3600 * 24 ) + ( years * 3600 * 24 * 365 ); } else { // Sets lastUpdate to current time lastUpdateVal = 0; }; if ( profile && validity <= 0 ) { long long years = 0; long long days = 0; long long hours = 0; long long mins = 0; long long secs = 0; if((tmp_s = PKI_CONFIG_get_value ( profile, "/profile/validity/years")) != NULL ) { years = atoll( tmp_s ); PKI_Free(tmp_s); } if((tmp_s = PKI_CONFIG_get_value ( profile, "/profile/validity/days")) != NULL ) { days = atoll( tmp_s ); PKI_Free( tmp_s ); } if((tmp_s = PKI_CONFIG_get_value ( profile, "/profile/validity/hours")) != NULL ) { hours = atoll( tmp_s ); PKI_Free( tmp_s ); } if((tmp_s = PKI_CONFIG_get_value ( profile, "/profile/validity/mins")) != NULL ) { mins = atoll( tmp_s ); PKI_Free ( tmp_s ); } if((tmp_s = PKI_CONFIG_get_value ( profile, "/profile/validity/secs")) != NULL ) { secs = atoll( tmp_s ); PKI_Free ( tmp_s ); } nextUpdateVal = secs + 60 * ( mins + 60 * (hours + 24 * ( days + 365 * years ) ) ); } else { nextUpdateVal = (long long) validity; }; /* Generates a new time for lastUpdate field */ if((time = PKI_TIME_new( lastUpdateVal )) == NULL ) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); goto err; }; /* Set the Last Update field */ if(X509_CRL_set_lastUpdate( val, time ) == 0 ) { PKI_log_err ( "ERROR, can not set lastUpdate field in CRL"); goto err; } PKI_TIME_free ( time ); time = NULL; // Memory /* Generates a new time for lastUpdate field */ if((time = PKI_TIME_new( nextUpdateVal )) == NULL ) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); goto err; }; /* Set the nextUpdate field */ if(X509_CRL_set_nextUpdate( val, time ) == 0 ) { PKI_log_err ( "ERROR, can not set lastUpdate field in CRL"); goto err; } PKI_TIME_free ( time ); time = NULL; // Memory /* Now we need to add the CRL issuer name and details */ if (X509_CRL_set_issuer_name( val, X509_get_subject_name(cert->value)) == 0) { PKI_log_debug( "Can not set CRL issuer name"); goto err; } if ( sk ) { /* Adds the list of revoked certificates */ for(i=0; i < PKI_STACK_X509_CRL_ENTRY_elements(sk); i++ ) { PKI_log_debug("CRL::ADDING ENTRY %d\n", i ); entry = PKI_STACK_X509_CRL_ENTRY_get_num(sk, i); if(!entry) break; X509_CRL_add0_revoked(val, entry); }; } /* Sorts the CRL entries */ X509_CRL_sort ( val ); /* if((ret = PKI_X509_new_value( PKI_DATATYPE_X509_CRL, val, hsm)) == NULL ) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); X509_CRL_free ( val ); return ( NULL ); } */ /* Get the extensions from the profile */ if( profile ) { PKI_TOKEN * tk; if((tk = PKI_TOKEN_new_null()) == NULL ) { PKI_log_err ( "Memory allocation failure"); PKI_X509_CRL_free ( ret ); return NULL; } PKI_TOKEN_set_cert(tk, (PKI_X509_CERT *)cert); PKI_TOKEN_set_keypair(tk, (PKI_X509_KEYPAIR *)k); if(PKI_X509_EXTENSIONS_crl_add_profile( profile, oids, ret, tk) == 0 ) { PKI_log_debug( "ERROR, can not set extensions!"); PKI_X509_CRL_free ( ret ); tk->cert = NULL; tk->keypair = NULL; PKI_TOKEN_free ( tk ); return ( NULL ); } tk->cert = NULL; tk->keypair = NULL; PKI_TOKEN_free ( tk ); } /* Get the Digest Algorithm */ if( (dgst = PKI_DIGEST_ALG_get_by_key( k )) == NULL ) { PKI_log_err("Can not get digest algor from keypair!"); goto err; } rv = PKI_X509_sign ( ret, dgst, k ); if ( rv == PKI_ERR ) { PKI_log_debug ("ERROR, can not sign CRL!"); goto err; } return( ret ); err: if ( time ) PKI_TIME_free ( time ); if ( ret ) PKI_X509_CRL_free ( ret ); return NULL; }
int ocspd_load_ca_crl ( CA_LIST_ENTRY *a, OCSPD_CONFIG *conf ) { if(!a) return(-1); if( conf->debug ) PKI_log_debug( "ACQUIRING WRITE LOCK -- BEGIN CRL RELOAD"); PKI_RWLOCK_write_lock ( &conf->crl_lock ); // pthread_rwlock_wrlock( &crl_lock ); if( conf->debug ) PKI_log_debug( "INFO::LOCK ACQUIRED (CRL RELOAD)"); if( a->crl ) PKI_X509_CRL_free ( a->crl ); a->crl = NULL; a->crl_list = NULL; if( a->crl_url == NULL ) { PKI_log_err ( "Missing CRL URL for CA %s", a->ca_id ); return(-1); } /* We now re-load the CRL */ if( (a->crl = PKI_X509_CRL_get_url( a->crl_url, NULL, NULL)) == NULL ) { PKI_log_err ("Can not reload CRL [ %s ] for CA [%s]", a->crl_url->addr, a->ca_id); PKI_RWLOCK_release_write ( &conf->crl_lock ); return(-1); } if( conf->verbose ) PKI_log( PKI_LOG_INFO, "INFO::CRL successfully reloaded [ %s ]", a->ca_id ); /* Let's get the CRLs entries, if any */ if( ocspd_build_crl_entries_list ( a, a->crl ) == NULL ) { if( conf->verbose ) PKI_log(PKI_LOG_INFO, "INFO::No Entries for CRL [ %s ]", a->ca_id ); }; if(conf->verbose) PKI_log( PKI_LOG_INFO, "INFO::CRL loaded successfully [ %s ]", a->ca_id ); /* If previous values are there, then we clear them up */ if ( a->lastUpdate ) ASN1_TIME_free(a->lastUpdate); if ( a->nextUpdate ) ASN1_TIME_free(a->nextUpdate); /* Get new values from the recently loaded CRL */ a->lastUpdate = M_ASN1_TIME_dup ( PKI_X509_CRL_get_data ( a->crl, PKI_X509_DATA_LASTUPDATE )); a->nextUpdate = M_ASN1_TIME_dup ( PKI_X509_CRL_get_data ( a->crl, PKI_X509_DATA_NEXTUPDATE )); if(conf->debug) PKI_log_debug("RELEASING LOCK (CRL RELOAD)"); PKI_RWLOCK_release_write ( &conf->crl_lock ); // pthread_rwlock_unlock ( &crl_lock ); if(conf->debug) PKI_log_debug ( "LOCK RELEASED --END--"); /* Now check the CRL validity */ a->crl_status = check_crl_validity( a, conf ); if( a->crl_status == CRL_OK ) { PKI_log(PKI_LOG_ALWAYS, "%s's CRL reloaded (OK)", a->ca_id); } return(0); }