diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-29 01:09:25 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-29 01:09:25 +0000 |
commit | 13938acecae8f1b455812d0388e2891abd1c096d (patch) | |
tree | a0c899c89f6126f075ca6b88f15f3134bfe21ebe /apps/verify.c | |
parent | 51630a37069a0792f2d6ad6ce33e9c5cca27b69c (diff) |
Add part of chain verify SSL support code: not complete or doing anything
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
Diffstat (limited to 'apps/verify.c')
-rw-r--r-- | apps/verify.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/apps/verify.c b/apps/verify.c index 8a03e0f290..f9281a65cf 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -84,9 +84,7 @@ int MAIN(int argc, char **argv) X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; - X509_PURPOSE_add_standard(); - X509_TRUST_add_standard(); - X509V3_add_standard_extensions(); + X509_init(); cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; X509_STORE_set_verify_cb_func(cert_ctx,cb); @@ -198,9 +196,7 @@ end: } if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); - X509V3_EXT_cleanup(); - X509_PURPOSE_cleanup(); - X509_TRUST_cleanup(); + X509_cleanup(); EXIT(ret); } @@ -246,7 +242,7 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, int purpos goto end; } X509_STORE_CTX_init(csc,ctx,x,uchain); - if(purpose >= 0) X509_STORE_CTX_chain_purpose(csc, purpose); + if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose); i=X509_verify_cert(csc); X509_STORE_CTX_free(csc); |