X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fcms.c;h=bcfcd5446a5b78650a8ebd5aabfad6650d40242c;hb=e09621ff57f6965d30cc2d6b5045f93906d656a0;hp=ae47341532e2064e216ec52572757f4032587012;hpb=df2ee0e27d2db02660c1d15fe6a3e38be9df0a60;p=oweals%2Fopenssl.git diff --git a/apps/cms.c b/apps/cms.c index ae47341532..bcfcd5446a 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -118,9 +118,9 @@ typedef enum OPTION_choice { OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF, OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, - OPT_CAPATH, OPT_CONTENT, OPT_PRINT, OPT_SECRETKEY, - OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, OPT_RAND, - OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, + OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT, + OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, + OPT_RAND, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM, OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP, OPT_3DES_WRAP, OPT_ENGINE, @@ -185,6 +185,10 @@ OPTIONS cms_options[] = { {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, {"CApath", OPT_CAPATH, '/', "trusted certificates directory"}, + {"no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file"}, + {"no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, {"print", OPT_PRINT, '-'}, @@ -242,6 +246,7 @@ int cms_main(int argc, char **argv) X509_VERIFY_PARAM *vpm = NULL; char *certfile = NULL, *keyfile = NULL, *contfile = NULL; char *CAfile = NULL, *CApath = NULL, *certsoutfile = NULL; + int noCAfile = 0, noCApath = 0; char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL; char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL; @@ -422,6 +427,12 @@ int cms_main(int argc, char **argv) case OPT_CAPATH: CApath = opt_arg(); break; + case OPT_NOCAFILE: + noCAfile = 1; + break; + case OPT_NOCAPATH: + noCApath = 1; + break; case OPT_IN: infile = opt_arg(); break; @@ -673,9 +684,6 @@ int cms_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) @@ -727,8 +735,8 @@ int cms_main(int argc, char **argv) } if (certfile) { - if ((other = load_certs(certfile, FORMAT_PEM, NULL, e, - "certificate file")) == NULL) { + if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e, + "certificate file")) { ERR_print_errors(bio_err); goto end; } @@ -834,7 +842,7 @@ int cms_main(int argc, char **argv) goto end; if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) { - if ((store = setup_verify(CAfile, CApath)) == NULL) + if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cms_cb); if (vpmtouched) @@ -894,7 +902,7 @@ int cms_main(int argc, char **argv) secret_keyid = NULL; } if (pwri_pass) { - pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass); + pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass); if (!pwri_tmp) goto end; if (!CMS_add0_recipient_password(cms, @@ -1261,7 +1269,7 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) if (!gen) goto err; gens = GENERAL_NAMES_new(); - if (!gens) + if (gens == NULL) goto err; if (!sk_GENERAL_NAME_push(gens, gen)) goto err;