diff options
| author | Matt Caswell <matt@openssl.org> | 2015-09-22 16:00:52 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-09-25 14:49:59 +0100 |
| commit | 2b6bcb702d237171ec5217956a42c8dce031ea51 (patch) | |
| tree | 28ae33107e186389f048d4e7f0aa9a9a12ed79a2 /apps/pkcs12.c | |
| parent | 631fb6af5f404e4f8b4ae33f3ffdcec81b9df19a (diff) | |
Add support for -no-CApath and -no-CAfile options
For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'apps/pkcs12.c')
| -rw-r--r-- | apps/pkcs12.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 2e74cd4bae..e1f663a058 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -98,7 +98,7 @@ typedef enum OPTION_choice { OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE, OPT_RAND, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME, OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, - OPT_CAFILE, OPT_ENGINE + OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE } OPTION_CHOICE; OPTIONS pkcs12_options[] = { @@ -149,6 +149,10 @@ OPTIONS pkcs12_options[] = { {"password", OPT_PASSWORD, 's', "Set import/export password source"}, {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"}, + {"no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file"}, + {"no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -174,6 +178,7 @@ int pkcs12_main(int argc, char **argv) char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL; char *cpass = NULL, *mpass = NULL, *CApath = NULL, *CAfile = NULL; char *prog; + int noCApath = 0, noCAfile = 0; ENGINE *e = NULL; BIO *in = NULL, *out = NULL; PKCS12 *p12 = NULL; @@ -307,6 +312,12 @@ int pkcs12_main(int argc, char **argv) case OPT_CAFILE: CAfile = opt_arg(); break; + case OPT_NOCAPATH: + noCApath = 1; + break; + case OPT_NOCAFILE: + noCAfile = 1; + break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; @@ -430,7 +441,8 @@ int pkcs12_main(int argc, char **argv) int vret; STACK_OF(X509) *chain2; X509_STORE *store; - if ((store = setup_verify(CAfile, CApath)) == NULL) + if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) + == NULL) goto export_end; vret = get_cert_chain(ucert, store, &chain2); |