X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fsmime.c;h=94c2884fed744f6265b10fe1dba0dfc6200a633f;hb=5ad4fdce41bb1ce7762b70fb50f732f70e3772cf;hp=3aa8b70d5b2dfbb0f694a1e8149f4e51ae57d691;hpb=5ce278a77bd7d23bcf965cfa37afb7b937c1a17d;p=oweals%2Fopenssl.git diff --git a/apps/smime.c b/apps/smime.c index 3aa8b70d5b..94c2884fed 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -1,5 +1,5 @@ /* smime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -93,7 +93,7 @@ int MAIN(int argc, char **argv) const char *inmode = "r", *outmode = "w"; char *infile = NULL, *outfile = NULL; char *signerfile = NULL, *recipfile = NULL; - STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL; + STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; const EVP_CIPHER *cipher = NULL; PKCS7 *p7 = NULL; @@ -260,13 +260,13 @@ int MAIN(int argc, char **argv) if (signerfile) { if (!sksigners) - sksigners = sk_STRING_new_null(); - sk_STRING_push(sksigners, signerfile); + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); if (!keyfile) keyfile = signerfile; if (!skkeys) - skkeys = sk_STRING_new_null(); - sk_STRING_push(skkeys, keyfile); + skkeys = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(skkeys, keyfile); keyfile = NULL; } signerfile = *++args; @@ -302,12 +302,12 @@ int MAIN(int argc, char **argv) goto argerr; } if (!sksigners) - sksigners = sk_STRING_new_null(); - sk_STRING_push(sksigners, signerfile); + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); signerfile = NULL; if (!skkeys) - skkeys = sk_STRING_new_null(); - sk_STRING_push(skkeys, keyfile); + skkeys = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(skkeys, keyfile); } keyfile = *++args; } @@ -389,13 +389,13 @@ int MAIN(int argc, char **argv) if (signerfile) { if (!sksigners) - sksigners = sk_STRING_new_null(); - sk_STRING_push(sksigners, signerfile); + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); if (!skkeys) - skkeys = sk_STRING_new_null(); + skkeys = sk_OPENSSL_STRING_new_null(); if (!keyfile) keyfile = signerfile; - sk_STRING_push(skkeys, keyfile); + sk_OPENSSL_STRING_push(skkeys, keyfile); } if (!sksigners) { @@ -479,6 +479,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-trusted_first use locally trusted CA's first when building trust chain\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); #ifndef OPENSSL_NO_ENGINE @@ -541,8 +542,8 @@ int MAIN(int argc, char **argv) { if (!cipher) { -#ifndef OPENSSL_NO_RC2 - cipher = EVP_rc2_40_cbc(); +#ifndef OPENSSL_NO_DES + cipher = EVP_des_ede3_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; @@ -671,7 +672,7 @@ int MAIN(int argc, char **argv) { if (!(store = setup_verify(bio_err, CAfile, CApath))) goto end; - X509_STORE_set_verify_cb_func(store, smime_cb); + X509_STORE_set_verify_cb(store, smime_cb); if (vpm) X509_STORE_set1_param(store, vpm); } @@ -704,13 +705,21 @@ int MAIN(int argc, char **argv) p7 = PKCS7_sign(NULL, NULL, other, in, flags); if (!p7) goto end; + if (flags & PKCS7_NOCERTS) + { + for (i = 0; i < sk_X509_num(other); i++) + { + X509 *x = sk_X509_value(other, i); + PKCS7_add_certificate(p7, x); + } + } } else flags |= PKCS7_REUSE_DIGEST; - for (i = 0; i < sk_STRING_num(sksigners); i++) + for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { - signerfile = sk_STRING_value(sksigners, i); - keyfile = sk_STRING_value(skkeys, i); + signerfile = sk_OPENSSL_STRING_value(sksigners, i); + keyfile = sk_OPENSSL_STRING_value(skkeys, i); signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, e, "signer certificate"); if (!signer) @@ -807,9 +816,9 @@ end: if (vpm) X509_VERIFY_PARAM_free(vpm); if (sksigners) - sk_STRING_free(sksigners); + sk_OPENSSL_STRING_free(sksigners); if (skkeys) - sk_STRING_free(skkeys); + sk_OPENSSL_STRING_free(skkeys); X509_STORE_free(store); X509_free(cert); X509_free(recip);