{^\d+$} {
## A numeric literal. If it's within bounds then set it; otherwise
## we'll have to start from the beginning.
- if {$p < $n || $p > $max} { return step }
+ if {$p < $nn || $p > $max} { return step }
set nn $p
}
UPDATE profile SET
extensions = $d(extensions),
issue_time = $d(issue-time),
- start_skew = $(start-skew),
+ start_skew = $d(start-skew),
expire_interval = $d(expire-interval),
tombstone = 0
WHERE label = $p;
proc req-key-hash {file} {
## Return the key hash from the certificate request in FILE.
- return [exec \
+ return [lindex [exec \
openssl req -in $file -noout -pubkey | \
openssl rsa 2>/dev/null -pubin -outform der | \
- openssl dgst -sha256 -hex]
+ openssl dgst -sha256 -hex] end]
+}
+
+proc hack-openssl-dn {out} {
+ ## Convert OpenSSL's hopeless output into a DN.
+
+ if {[regexp {^subject=\s*(/.*)$} $out -> dn]} { return $dn }
+ if {[regexp {^subject=(.*)$} $out -> t]} {
+ set t [regsub {^(\w+) = } $t {/\1=}]
+ set t [regsub -all {, (\w+) = } $t {/\1=}]
+ return $t
+ }
}
proc req-dn {file} {
## Return the distinguished name from the certificate request in FILE.
- regexp {^subject=\s*(/.*)$} \
- [exec openssl req -in $file -noout -subject] \
- -> dn
- return $dn
+ return [hack-openssl-dn [exec openssl req -in $file -noout -subject]]
}
proc cert-key-hash {file} {
## Return the key hash from the certificate in FILE.
- return [exec \
+ return [lindex [exec \
openssl x509 -in $file -noout -pubkey | \
openssl rsa 2>/dev/null -pubin -outform der | \
- openssl dgst -sha256 -hex]
+ openssl dgst -sha256 -hex] end]
}
proc cert-dn {file} {
## Return the distinguished name from the certificate in FILE.
- regexp {^subject=\s*(/.*)$} \
- [exec openssl x509 -in $file -noout -subject] \
- -> dn
- return $dn
+ return [hack-openssl-dn [exec openssl x509 -in $file -noout -subject]]
}
proc cert-seq {file} {