New functions to check a hostname email or IP address against a

certificate. Add options to s_client, s_server and x509 utilities to print results of checks.
author: Dr. Stephen Henson <steve@openssl.org> 2012-10-08 15:10:07 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-10-08 15:10:07 +0000
commit: a70da5b3ecc3160368529677006801c58cb369db (patch)
tree: 1d6ddfa96a05ff50c05aca002ab884e428a45e8e /apps/x509.c
parent: c5f6da54fc64fb544028a547c9f6835f3f392428 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/apps/x509.c b/apps/x509.c
index e9f1163088..788eb7b3d0 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -208,6 +208,8 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0, certflag = 0;
+	unsigned char *checkhost = NULL, *checkemail = NULL;
+	char *checkip = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
@@ -456,6 +458,21 @@ int MAIN(int argc, char **argv)
 			checkoffset=atoi(*(++argv));
 			checkend=1;
 			}
+		else if (strcmp(*argv,"-checkhost") == 0)
+			{
+			if (--argc < 1) goto bad;
+			checkhost=(unsigned char *)*(++argv);
+			}
+		else if (strcmp(*argv,"-checkemail") == 0)
+			{
+			if (--argc < 1) goto bad;
+			checkemail=(unsigned char *)*(++argv);
+			}
+		else if (strcmp(*argv,"-checkip") == 0)
+			{
+			if (--argc < 1) goto bad;
+			checkip=*(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
 		else if (strcmp(*argv,"-trustout") == 0)
@@ -1061,6 +1078,8 @@ bad:
 		goto end;
 		}
 
+	print_cert_checks(STDout, x, checkhost, checkemail, checkip);
+
 	if (noout)
 		{
 		ret=0;
author	Dr. Stephen Henson <steve@openssl.org>	2012-10-08 15:10:07 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-10-08 15:10:07 +0000
commit	a70da5b3ecc3160368529677006801c58cb369db (patch)
tree	1d6ddfa96a05ff50c05aca002ab884e428a45e8e /apps/x509.c
parent	c5f6da54fc64fb544028a547c9f6835f3f392428 (diff)