diff options
| author | Matt Caswell <matt@openssl.org> | 2015-09-22 16:00:52 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-09-25 14:49:59 +0100 |
| commit | 2b6bcb702d237171ec5217956a42c8dce031ea51 (patch) | |
| tree | 28ae33107e186389f048d4e7f0aa9a9a12ed79a2 /apps/smime.c | |
| parent | 631fb6af5f404e4f8b4ae33f3ffdcec81b9df19a (diff) | |
Add support for -no-CApath and -no-CAfile options
For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'apps/smime.c')
| -rw-r--r-- | apps/smime.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/apps/smime.c b/apps/smime.c index 4da56cdf08..db645d0e16 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -90,7 +90,8 @@ typedef enum OPTION_choice { OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD, OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE, OPT_V_ENUM, - OPT_CAPATH, OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTFORM, OPT_CONTENT + OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT, + OPT_OUTFORM, OPT_CONTENT } OPTION_CHOICE; OPTIONS smime_options[] = { @@ -132,6 +133,10 @@ OPTIONS smime_options[] = { {"text", OPT_TEXT, '-', "Include or delete text MIME headers"}, {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"}, {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, + {"no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file"}, + {"no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory"}, {"resign", OPT_RESIGN, '-'}, {"nochain", OPT_NOCHAIN, '-'}, {"nosmimecap", OPT_NOSMIMECAP, '-'}, @@ -171,6 +176,7 @@ int smime_main(int argc, char **argv) char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL, *subject = NULL; OPTION_CHOICE o; + int noCApath = 0, noCAfile = 0; int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform = @@ -348,6 +354,12 @@ int smime_main(int argc, char **argv) case OPT_CAPATH: CApath = opt_arg(); break; + case OPT_NOCAFILE: + noCAfile = 1; + break; + case OPT_NOCAPATH: + noCApath = 1; + break; case OPT_CONTENT: contfile = opt_arg(); break; @@ -523,7 +535,7 @@ int smime_main(int argc, char **argv) goto end; if (operation == SMIME_VERIFY) { - if ((store = setup_verify(CAfile, CApath)) == NULL) + if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, smime_cb); if (vpmtouched) |