X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fverify.c;h=215ef84fc75f5347e3ee530328f3fc9fedec8bf8;hb=778252741eaa58acc0b8ba647937cc17260ce1c9;hp=a69c5d88f841fe4637138fc80c5dc038e77a6235;hpb=657e60fa00ddde3618600d6306be913214d30457;p=oweals%2Fopenssl.git diff --git a/apps/verify.c b/apps/verify.c index a69c5d88f8..215ef84fc7 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -70,19 +70,23 @@ #define PROG verify_main static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx); -static int check(X509_STORE *ctx,char *file, STACK_OF(X509)*other, int purpose); +static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e); static STACK_OF(X509) *load_untrusted(char *file); -static int v_verbose=0; +static int v_verbose=0, vflags = 0; + +int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int i,ret=1; int purpose = -1; char *CApath=NULL,*CAfile=NULL; - char *untfile = NULL; - STACK_OF(X509) *untrusted = NULL; + char *untfile = NULL, *trustfile = NULL; + STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; + char *engine=NULL; cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; @@ -96,6 +100,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + argc--; argv++; for (;;) @@ -122,7 +129,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "unrecognized purpose\n"); goto end; } - xptmp = X509_PURPOSE_iget(i); + xptmp = X509_PURPOSE_get0(i); purpose = X509_PURPOSE_get_id(xptmp); } else if (strcmp(*argv,"-untrusted") == 0) @@ -130,8 +137,26 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; untfile= *(++argv); } + else if (strcmp(*argv,"-trusted") == 0) + { + if (argc-- < 1) goto end; + trustfile= *(++argv); + } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto end; + engine= *(++argv); + } else if (strcmp(*argv,"-help") == 0) goto end; + else if (strcmp(*argv,"-ignore_critical") == 0) + vflags |= X509_V_FLAG_IGNORE_CRITICAL; + else if (strcmp(*argv,"-issuer_checks") == 0) + vflags |= X509_V_FLAG_CB_ISSUER_CHECK; + else if (strcmp(*argv,"-crl_check") == 0) + vflags |= X509_V_FLAG_CRL_CHECK; + else if (strcmp(*argv,"-crl_check_all") == 0) + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-verbose") == 0) v_verbose=1; else if (argv[0][0] == '-') @@ -145,6 +170,8 @@ int MAIN(int argc, char **argv) break; } + e = setup_engine(bio_err, engine, 0); + lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); if (CAfile) { @@ -177,60 +204,46 @@ int MAIN(int argc, char **argv) } } - if (argc < 1) check(cert_ctx, NULL, untrusted, purpose); + if(trustfile) { + if(!(trusted = load_untrusted(trustfile))) { + BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile); + ERR_print_errors(bio_err); + goto end; + } + } + + if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e); else for (i=0; i= 0) X509_STORE_CTX_set_purpose(csc, purpose); i=X509_verify_cert(csc); X509_STORE_CTX_free(csc); @@ -254,7 +273,6 @@ end: else ERR_print_errors(bio_err); if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); return(ret); } @@ -328,6 +346,9 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1; if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1; if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; + if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; + if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; + if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; } if (!v_verbose) ERR_clear_error();