1 files changed, 314 insertions, 0 deletions
diff --git a/src/usr.bin/openssl/crl2p7.c b/src/usr.bin/openssl/crl2p7.c
new file mode 100644
index 0000000000..7fdb6ccfd4
--- /dev/null
+++ b/src/usr.bin/openssl/crl2p7.c
@@ -0,0 +1,314 @@
+/* $OpenBSD: crl2p7.c,v 1.1 2014/08/26 17:47:24 jsing Exp $ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
+ * and donated 'to the cause' along with lots and lots of other fixes to
+ * the library. */
+#include <sys/types.h>
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+static int add_certs_from_file(STACK_OF(X509) * stack, char *certfile);
+/* -inform arg  - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ */
+int crl2pkcs7_main(int, char **);
+int
+crl2pkcs7_main(int argc, char **argv)
+{
+        int i, badops = 0;
+        BIO *in = NULL, *out = NULL;
+        int informat, outformat;
+        char *infile, *outfile, *prog, *certfile;
+        PKCS7 *p7 = NULL;
+        PKCS7_SIGNED *p7s = NULL;
+        X509_CRL *crl = NULL;
+        STACK_OF(OPENSSL_STRING) * certflst = NULL;
+        STACK_OF(X509_CRL) * crl_stack = NULL;
+        STACK_OF(X509) * cert_stack = NULL;
+        int ret = 1, nocrl = 0;
+        infile = NULL;
+        outfile = NULL;
+        informat = FORMAT_PEM;
+        outformat = FORMAT_PEM;
+        prog = argv[0];
+        argc--;
+        argv++;
+        while (argc >= 1) {
+                if (strcmp(*argv, "-inform") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        informat = str2fmt(*(++argv));
+                } else if (strcmp(*argv, "-outform") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        outformat = str2fmt(*(++argv));
+                } else if (strcmp(*argv, "-in") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        infile = *(++argv);
+                } else if (strcmp(*argv, "-nocrl") == 0) {
+                        nocrl = 1;
+                } else if (strcmp(*argv, "-out") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        outfile = *(++argv);
+                } else if (strcmp(*argv, "-certfile") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        if (!certflst)
+                                certflst = sk_OPENSSL_STRING_new_null();
+                        sk_OPENSSL_STRING_push(certflst, *(++argv));
+                } else {
+                        BIO_printf(bio_err, "unknown option %s\n", *argv);
+                        badops = 1;
+                        break;
+                }
+                argc--;
+                argv++;
+        }
+        if (badops) {
+bad:
+                BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+                BIO_printf(bio_err, "where options are\n");
+                BIO_printf(bio_err, " -inform arg    input format - DER or PEM\n");
+                BIO_printf(bio_err, " -outform arg   output format - DER or PEM\n");
+                BIO_printf(bio_err, " -in arg        input file\n");
+                BIO_printf(bio_err, " -out arg       output file\n");
+                BIO_printf(bio_err, " -certfile arg  certificates file of chain to a trusted CA\n");
+                BIO_printf(bio_err, "                (can be used more than once)\n");
+                BIO_printf(bio_err, " -nocrl         no crl to load, just certs from '-certfile'\n");
+                ret = 1;
+                goto end;
+        }
+        ERR_load_crypto_strings();
+        in = BIO_new(BIO_s_file());
+        out = BIO_new(BIO_s_file());
+        if ((in == NULL) || (out == NULL)) {
+                ERR_print_errors(bio_err);
+                goto end;
+        }
+        if (!nocrl) {
+                if (infile == NULL)
+                        BIO_set_fp(in, stdin, BIO_NOCLOSE);
+                else {
+                        if (BIO_read_filename(in, infile) <= 0) {
+                                perror(infile);
+                                goto end;
+                        }
+                }
+                if (informat == FORMAT_ASN1)
+                        crl = d2i_X509_CRL_bio(in, NULL);
+                else if (informat == FORMAT_PEM)
+                        crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+                else {
+                        BIO_printf(bio_err,
+                            "bad input format specified for input crl\n");
+                        goto end;
+                }
+                if (crl == NULL) {
+                        BIO_printf(bio_err, "unable to load CRL\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                }
+        }
+        if ((p7 = PKCS7_new()) == NULL)
+                goto end;
+        if ((p7s = PKCS7_SIGNED_new()) == NULL)
+                goto end;
+        p7->type = OBJ_nid2obj(NID_pkcs7_signed);
+        p7->d.sign = p7s;
+        p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
+        if (!ASN1_INTEGER_set(p7s->version, 1))
+                goto end;
+        if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
+                goto end;
+        p7s->crl = crl_stack;
+        if (crl != NULL) {
+                sk_X509_CRL_push(crl_stack, crl);
+                crl = NULL;     /* now part of p7 for freeing */
+        }
+        if ((cert_stack = sk_X509_new_null()) == NULL)
+                goto end;
+        p7s->cert = cert_stack;
+        if (certflst)
+                for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
+                        certfile = sk_OPENSSL_STRING_value(certflst, i);
+                        if (add_certs_from_file(cert_stack, certfile) < 0) {
+                                BIO_printf(bio_err,
+                                    "error loading certificates\n");
+                                ERR_print_errors(bio_err);
+                                goto end;
+                        }
+                }
+        sk_OPENSSL_STRING_free(certflst);
+        if (outfile == NULL) {
+                BIO_set_fp(out, stdout, BIO_NOCLOSE);
+        } else {
+                if (BIO_write_filename(out, outfile) <= 0) {
+                        perror(outfile);
+                        goto end;
+                }
+        }
+        if (outformat == FORMAT_ASN1)
+                i = i2d_PKCS7_bio(out, p7);
+        else if (outformat == FORMAT_PEM)
+                i = PEM_write_bio_PKCS7(out, p7);
+        else {
+                BIO_printf(bio_err,
+                    "bad output format specified for outfile\n");
+                goto end;
+        }
+        if (!i) {
+                BIO_printf(bio_err, "unable to write pkcs7 object\n");
+                ERR_print_errors(bio_err);
+                goto end;
+        }
+        ret = 0;
+end:
+        if (in != NULL)
+                BIO_free(in);
+        if (out != NULL)
+                BIO_free_all(out);
+        if (p7 != NULL)
+                PKCS7_free(p7);
+        if (crl != NULL)
+                X509_CRL_free(crl);
+        return (ret);
+}
+/*
+ *----------------------------------------------------------------------
+ * int add_certs_from_file
+ *
+ *      Read a list of certificates to be checked from a file.
+ *
+ * Results:
+ *      number of certs added if successful, -1 if not.
+ *----------------------------------------------------------------------
+ */
+static int
+add_certs_from_file(STACK_OF(X509) * stack, char *certfile)
+{
+        BIO *in = NULL;
+        int count = 0;
+        int ret = -1;
+        STACK_OF(X509_INFO) * sk = NULL;
+        X509_INFO *xi;
+        in = BIO_new(BIO_s_file());
+        if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
+                BIO_printf(bio_err, "error opening the file, %s\n", certfile);
+                goto end;
+        }
+        /* This loads from a file, a stack of x509/crl/pkey sets */
+        sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+        if (sk == NULL) {
+                BIO_printf(bio_err, "error reading the file, %s\n", certfile);
+                goto end;
+        }
+        /* scan over it and pull out the CRL's */
+        while (sk_X509_INFO_num(sk)) {
+                xi = sk_X509_INFO_shift(sk);
+                if (xi->x509 != NULL) {
+                        sk_X509_push(stack, xi->x509);
+                        xi->x509 = NULL;
+                        count++;
+                }
+                X509_INFO_free(xi);
+        }
+        ret = count;
+end:
+        /* never need to free x */
+        if (in != NULL)
+                BIO_free(in);
+        if (sk != NULL)
+                sk_X509_INFO_free(sk);
+        return (ret);
+}

diff --git a/src/usr.bin/openssl/crl2p7.c b/src/usr.bin/openssl/crl2p7.c new file mode 100644 index 0000000000..7fdb6ccfd4 --- /dev/null +++ b/src/usr.bin/openssl/crl2p7.c
@@ -0,0 +1,314 @@
	1	/* $OpenBSD: crl2p7.c,v 1.1 2014/08/26 17:47:24 jsing Exp $ */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
	60	* and donated 'to the cause' along with lots and lots of other fixes to
	61	* the library. */
	62
	63	#include <sys/types.h>
	64
	65	#include <stdio.h>
	66	#include <string.h>
	67
	68	#include "apps.h"
	69
	70	#include <openssl/err.h>
	71	#include <openssl/evp.h>
	72	#include <openssl/objects.h>
	73	#include <openssl/pem.h>
	74	#include <openssl/pkcs7.h>
	75	#include <openssl/x509.h>
	76
	77	static int add_certs_from_file(STACK_OF(X509) * stack, char *certfile);
	78
	79	/* -inform arg - input format - default PEM (DER or PEM)
	80	* -outform arg - output format - default PEM
	81	* -in arg - input file - default stdin
	82	* -out arg - output file - default stdout
	83	*/
	84
	85	int crl2pkcs7_main(int, char **);
	86
	87	int
	88	crl2pkcs7_main(int argc, char **argv)
	89	{
	90	int i, badops = 0;
	91	BIO in = NULL, out = NULL;
	92	int informat, outformat;
	93	char infile, outfile, prog, certfile;
	94	PKCS7 *p7 = NULL;
	95	PKCS7_SIGNED *p7s = NULL;
	96	X509_CRL *crl = NULL;
	97	STACK_OF(OPENSSL_STRING) * certflst = NULL;
	98	STACK_OF(X509_CRL) * crl_stack = NULL;
	99	STACK_OF(X509) * cert_stack = NULL;
	100	int ret = 1, nocrl = 0;
	101
	102	infile = NULL;
	103	outfile = NULL;
	104	informat = FORMAT_PEM;
	105	outformat = FORMAT_PEM;
	106
	107	prog = argv[0];
	108	argc--;
	109	argv++;
	110	while (argc >= 1) {
	111	if (strcmp(*argv, "-inform") == 0) {
	112	if (--argc < 1)
	113	goto bad;
	114	informat = str2fmt(*(++argv));
	115	} else if (strcmp(*argv, "-outform") == 0) {
	116	if (--argc < 1)
	117	goto bad;
	118	outformat = str2fmt(*(++argv));
	119	} else if (strcmp(*argv, "-in") == 0) {
	120	if (--argc < 1)
	121	goto bad;
	122	infile = *(++argv);
	123	} else if (strcmp(*argv, "-nocrl") == 0) {
	124	nocrl = 1;
	125	} else if (strcmp(*argv, "-out") == 0) {
	126	if (--argc < 1)
	127	goto bad;
	128	outfile = *(++argv);
	129	} else if (strcmp(*argv, "-certfile") == 0) {
	130	if (--argc < 1)
	131	goto bad;
	132	if (!certflst)
	133	certflst = sk_OPENSSL_STRING_new_null();
	134	sk_OPENSSL_STRING_push(certflst, *(++argv));
	135	} else {
	136	BIO_printf(bio_err, "unknown option %s\n", *argv);
	137	badops = 1;
	138	break;
	139	}
	140	argc--;
	141	argv++;
	142	}
	143
	144	if (badops) {
	145	bad:
	146	BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
	147	BIO_printf(bio_err, "where options are\n");
	148	BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
	149	BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
	150	BIO_printf(bio_err, " -in arg input file\n");
	151	BIO_printf(bio_err, " -out arg output file\n");
	152	BIO_printf(bio_err, " -certfile arg certificates file of chain to a trusted CA\n");
	153	BIO_printf(bio_err, " (can be used more than once)\n");
	154	BIO_printf(bio_err, " -nocrl no crl to load, just certs from '-certfile'\n");
	155	ret = 1;
	156	goto end;
	157	}
	158	ERR_load_crypto_strings();
	159
	160	in = BIO_new(BIO_s_file());
	161	out = BIO_new(BIO_s_file());
	162	if ((in == NULL) \|\| (out == NULL)) {
	163	ERR_print_errors(bio_err);
	164	goto end;
	165	}
	166	if (!nocrl) {
	167	if (infile == NULL)
	168	BIO_set_fp(in, stdin, BIO_NOCLOSE);
	169	else {
	170	if (BIO_read_filename(in, infile) <= 0) {
	171	perror(infile);
	172	goto end;
	173	}
	174	}
	175
	176	if (informat == FORMAT_ASN1)
	177	crl = d2i_X509_CRL_bio(in, NULL);
	178	else if (informat == FORMAT_PEM)
	179	crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
	180	else {
	181	BIO_printf(bio_err,
	182	"bad input format specified for input crl\n");
	183	goto end;
	184	}
	185	if (crl == NULL) {
	186	BIO_printf(bio_err, "unable to load CRL\n");
	187	ERR_print_errors(bio_err);
	188	goto end;
	189	}
	190	}
	191	if ((p7 = PKCS7_new()) == NULL)
	192	goto end;
	193	if ((p7s = PKCS7_SIGNED_new()) == NULL)
	194	goto end;
	195	p7->type = OBJ_nid2obj(NID_pkcs7_signed);
	196	p7->d.sign = p7s;
	197	p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
	198
	199	if (!ASN1_INTEGER_set(p7s->version, 1))
	200	goto end;
	201	if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
	202	goto end;
	203	p7s->crl = crl_stack;
	204	if (crl != NULL) {
	205	sk_X509_CRL_push(crl_stack, crl);
	206	crl = NULL; /* now part of p7 for freeing */
	207	}
	208	if ((cert_stack = sk_X509_new_null()) == NULL)
	209	goto end;
	210	p7s->cert = cert_stack;
	211
	212	if (certflst)
	213	for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
	214	certfile = sk_OPENSSL_STRING_value(certflst, i);
	215	if (add_certs_from_file(cert_stack, certfile) < 0) {
	216	BIO_printf(bio_err,
	217	"error loading certificates\n");
	218	ERR_print_errors(bio_err);
	219	goto end;
	220	}
	221	}
	222
	223	sk_OPENSSL_STRING_free(certflst);
	224
	225	if (outfile == NULL) {
	226	BIO_set_fp(out, stdout, BIO_NOCLOSE);
	227	} else {
	228	if (BIO_write_filename(out, outfile) <= 0) {
	229	perror(outfile);
	230	goto end;
	231	}
	232	}
	233
	234	if (outformat == FORMAT_ASN1)
	235	i = i2d_PKCS7_bio(out, p7);
	236	else if (outformat == FORMAT_PEM)
	237	i = PEM_write_bio_PKCS7(out, p7);
	238	else {
	239	BIO_printf(bio_err,
	240	"bad output format specified for outfile\n");
	241	goto end;
	242	}
	243	if (!i) {
	244	BIO_printf(bio_err, "unable to write pkcs7 object\n");
	245	ERR_print_errors(bio_err);
	246	goto end;
	247	}
	248	ret = 0;
	249
	250	end:
	251	if (in != NULL)
	252	BIO_free(in);
	253	if (out != NULL)
	254	BIO_free_all(out);
	255	if (p7 != NULL)
	256	PKCS7_free(p7);
	257	if (crl != NULL)
	258	X509_CRL_free(crl);
	259
	260
	261	return (ret);
	262	}
	263
	264	/*
	265	*----------------------------------------------------------------------
	266	* int add_certs_from_file
	267	*
	268	* Read a list of certificates to be checked from a file.
	269	*
	270	* Results:
	271	* number of certs added if successful, -1 if not.
	272	*----------------------------------------------------------------------
	273	*/
	274	static int
	275	add_certs_from_file(STACK_OF(X509) * stack, char *certfile)
	276	{
	277	BIO *in = NULL;
	278	int count = 0;
	279	int ret = -1;
	280	STACK_OF(X509_INFO) * sk = NULL;
	281	X509_INFO *xi;
	282
	283	in = BIO_new(BIO_s_file());
	284	if ((in == NULL) \|\| (BIO_read_filename(in, certfile) <= 0)) {
	285	BIO_printf(bio_err, "error opening the file, %s\n", certfile);
	286	goto end;
	287	}
	288	/* This loads from a file, a stack of x509/crl/pkey sets */
	289	sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
	290	if (sk == NULL) {
	291	BIO_printf(bio_err, "error reading the file, %s\n", certfile);
	292	goto end;
	293	}
	294	/* scan over it and pull out the CRL's */
	295	while (sk_X509_INFO_num(sk)) {
	296	xi = sk_X509_INFO_shift(sk);
	297	if (xi->x509 != NULL) {
	298	sk_X509_push(stack, xi->x509);
	299	xi->x509 = NULL;
	300	count++;
	301	}
	302	X509_INFO_free(xi);
	303	}
	304
	305	ret = count;
	306
	307	end:
	308	/* never need to free x */
	309	if (in != NULL)
	310	BIO_free(in);
	311	if (sk != NULL)
	312	sk_X509_INFO_free(sk);
	313	return (ret);
	314	}