diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2000-01-09 14:21:40 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2000-01-09 14:21:40 +0000 |
| commit | 25f923ddd18d42a44081dff1ce45ed79ba5fd11f (patch) | |
| tree | 55927dbaa731b0761e6f5a713875a36f23faffb0 | |
| parent | 150a4320d8005c6a97b36a6fabb38f723afba720 (diff) | |
New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
Remove references to 'TXT' in -inform and -outform switches.
| -rw-r--r-- | CHANGES | 10 | ||||
| -rw-r--r-- | apps/crl.c | 2 | ||||
| -rw-r--r-- | apps/crl2p7.c | 6 | ||||
| -rw-r--r-- | apps/dh.c | 2 | ||||
| -rw-r--r-- | apps/dsaparam.c | 2 | ||||
| -rw-r--r-- | apps/pkcs12.c | 6 | ||||
| -rw-r--r-- | apps/pkcs7.c | 6 | ||||
| -rw-r--r-- | apps/req.c | 6 | ||||
| -rw-r--r-- | apps/sess_id.c | 2 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 13 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.h | 1 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_txt.c | 7 |
13 files changed, 45 insertions, 20 deletions
@@ -4,6 +4,16 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) New function X509_CTX_rget_chain(), this returns the chain + from an X509_CTX structure with a dup of the stack and all + the X509 reference counts upped: so the stack will exist + after X509_CTX_cleanup() has been called. Modify pkcs12.c + to use this. + + Also make SSL_SESSION_print() print out the verify return + code. + [Steve Henson] + *) Add manpage for the pkcs12 command. Also change the default behaviour so MAC iteration counts are used unless the new -nomaciter option is used. This improves file security and diff --git a/apps/crl.c b/apps/crl.c index c73b35db74..d91eb7fd80 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -75,7 +75,7 @@ static char *crl_usage[]={ "usage: crl args\n", "\n", -" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n", +" -inform arg - input format - default PEM (DER or PEM)\n", " -outform arg - output format - default PEM\n", " -text - print out a text format version\n", " -in arg - input file - default stdin\n", diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 8634e3a1ec..8514be2a4f 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -76,7 +76,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); #undef PROG #define PROG crl2pkcs7_main -/* -inform arg - input format - default PEM (one of DER, TXT or PEM) +/* -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout @@ -157,8 +157,8 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); - BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); + BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); @@ -72,7 +72,7 @@ #undef PROG #define PROG dh_main -/* -inform arg - input format - default PEM (one of DER, TXT or PEM) +/* -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 1b5380662d..7d4a12f562 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -73,7 +73,7 @@ #undef PROG #define PROG dsaparam_main -/* -inform arg - input format - default PEM (one of DER, TXT or PEM) +/* -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 800e2a8406..a48f8c2d8b 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -607,11 +607,7 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain) i = X509_STORE_CTX_get_error (&store_ctx); goto err; } - chn = sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx)); - for (i = 0; i < sk_X509_num(chn); i++) { - x = sk_X509_value(chn, i); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - } + chn = X509_STORE_CTX_rget_chain(&store_ctx); i = 0; *chain = chn; err: diff --git a/apps/pkcs7.c b/apps/pkcs7.c index c1973646cd..d7feafd2f5 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -71,7 +71,7 @@ #undef PROG #define PROG pkcs7_main -/* -inform arg - input format - default PEM (one of DER, TXT or PEM) +/* -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout @@ -145,8 +145,8 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); - BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); + BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); diff --git a/apps/req.c b/apps/req.c index 78e3edcaea..5d4092507b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -91,7 +91,7 @@ #undef PROG #define PROG req_main -/* -inform arg - input format - default PEM (one of DER, TXT or PEM) +/* -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout @@ -377,8 +377,8 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); - BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); + BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -text text form of request\n"); diff --git a/apps/sess_id.c b/apps/sess_id.c index 8ac118d4a1..3d363d13eb 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -72,7 +72,7 @@ static char *sess_id_usage[]={ "usage: sess_id args\n", "\n", -" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n", +" -inform arg - input format - default PEM (DER or PEM)\n", " -outform arg - output format - default PEM\n", " -in arg - input file - default stdin\n", " -out arg - output file - default stdout\n", diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 2668bd1959..e45c0324a0 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -717,6 +717,19 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) return(ctx->chain); } +STACK_OF(X509) *X509_STORE_CTX_rget_chain(X509_STORE_CTX *ctx) + { + int i; + X509 *x; + STACK_OF(X509) *chain; + if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; + for(i = 0; i < sk_X509_num(chain); i++) { + x = sk_X509_value(chain, i); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } + return(chain); + } + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->cert=x; diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 3e97df14ee..7c7a9c2b80 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -347,6 +347,7 @@ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_rget_chain(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 02f8d11256..3770bdf0f5 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -910,7 +910,7 @@ const char *SSL_get_cipher_list(SSL *s,int n) return(c->name); } -/** specify the ciphers to be used by defaut by the SSL_CTX */ +/** specify the ciphers to be used by default by the SSL_CTX */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str) { STACK_OF(SSL_CIPHER) *sk; diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index ca67a98d89..7e27857bcf 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -112,7 +112,7 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x) sprintf(str,"%02X",x->session_id[i]); if (BIO_puts(bp,str) <= 0) goto err; } - if (BIO_puts(bp,"\nSession-ID-ctx: ") <= 0) goto err; + if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; for (i=0; i<x->sid_ctx_length; i++) { sprintf(str,"%02X",x->sid_ctx[i]); @@ -163,6 +163,11 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x) if (BIO_puts(bp,str) <= 0) goto err; } if (BIO_puts(bp,"\n") <= 0) goto err; + + if (BIO_puts(bp, " Verify return code ") <= 0) goto err; + sprintf(str, "%ld (%s)\n", x->verify_result, + X509_verify_cert_error_string(x->verify_result)); + if (BIO_puts(bp,str) <= 0) goto err; return(1); err: |