From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 29 Jun 2009 16:09:37 +0000 (+0000)
Subject: Allow setting of verify depth in verify parameters (as opposed to the depth
X-Git-Tag: OpenSSL-fips-2_0-rc1~1621
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9a5faeaa428b164b2327314efe9c26a141a129fa;p=oweals%2Fopenssl.git

Allow setting of verify depth in verify parameters (as opposed to the depth
implemented using the verify callback).
---

diff --git a/apps/apps.c b/apps/apps.c
index 08ce00822e..88a479dfa4 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2192,7 +2192,7 @@ int args_verify(char ***pargs, int *pargc,
 	ASN1_OBJECT *otmp = NULL;
 	unsigned long flags = 0;
 	int i;
-	int purpose = 0;
+	int purpose = 0, depth = -1;
 	char **oldargs = *pargs;
 	char *arg = **pargs, *argn = (*pargs)[1];
 	if (!strcmp(arg, "-policy"))
@@ -2232,6 +2232,21 @@ int args_verify(char ***pargs, int *pargc,
 			}
 		(*pargs)++;
 		}
+	else if (strcmp(arg,"-verify_depth") == 0)
+		{
+		if (!argn)
+			*badarg = 1;
+		else
+			{
+			depth = atoi(argn);
+			if(depth < 0)
+				{
+				BIO_printf(err, "invalid depth\n");
+				*badarg = 1;
+				}
+			}
+		(*pargs)++;
+		}
 	else if (!strcmp(arg, "-ignore_critical"))
 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
 	else if (!strcmp(arg, "-issuer_checks"))
@@ -2283,6 +2298,9 @@ int args_verify(char ***pargs, int *pargc,
 	if (purpose)
 		X509_VERIFY_PARAM_set_purpose(*pm, purpose);
 
+	if (depth >= 0)
+		X509_VERIFY_PARAM_set_depth(*pm, depth);
+
 	end:
 
 	(*pargs)++;