diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-05-09 00:30:39 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-05-09 00:30:39 +0000 |
commit | bdee69f7186e1d0b94baa5179d068fc9c611faf5 (patch) | |
tree | 87ecf24c97dca8a8a92f10a70b6028282e8e060a /apps | |
parent | ff43e2e1557962794f773dd9243d6ffdbf4db1aa (diff) |
Allow various X509_STORE_CTX properties to be
inherited from X509_STORE.
Add CRL checking options to other applications.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_client.c | 9 | ||||
-rw-r--r-- | apps/s_server.c | 12 | ||||
-rw-r--r-- | apps/smime.c | 10 | ||||
-rw-r--r-- | apps/verify.c | 2 |
4 files changed, 30 insertions, 3 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 7c1f1338e4..bad59f6468 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -166,6 +166,7 @@ int MAIN(int argc, char **argv) { int off=0; SSL *con=NULL,*con2=NULL; + X509_STORE *store = NULL; int s,k,width,state=0; char *cbuf=NULL,*sbuf=NULL; int cbuf_len,cbuf_off; @@ -181,7 +182,7 @@ int MAIN(int argc, char **argv) int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; - int prexit = 0; + int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; BIO *sbio; char *inrand=NULL; @@ -255,6 +256,10 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_file= *(++argv); } + else if (strcmp(*argv,"-crl_check") == 0) + vflags |= X509_V_FLAG_CRL_CHECK; + else if (strcmp(*argv,"-crl_check_all") == 0) + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-prexit") == 0) prexit=1; else if (strcmp(*argv,"-crlf") == 0) @@ -436,6 +441,8 @@ bad: /* goto end; */ } + store = SSL_CTX_get_cert_store(ctx); + X509_STORE_set_flags(store, vflags); con=SSL_new(ctx); #ifndef OPENSSL_NO_KRB5 diff --git a/apps/s_server.c b/apps/s_server.c index cd1aa17b26..8d76c8f3fa 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -414,6 +414,8 @@ int MAIN(int, char **); int MAIN(int argc, char *argv[]) { + X509_STORE *store = NULL; + int vflags = 0; short port=PORT; char *CApath=NULL,*CAfile=NULL; char *context = NULL; @@ -518,6 +520,14 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } + else if (strcmp(*argv,"-crl_check") == 0) + { + vflags |= X509_V_FLAG_CRL_CHECK; + } + else if (strcmp(*argv,"-crl_check") == 0) + { + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + } else if (strcmp(*argv,"-serverpref") == 0) { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } else if (strcmp(*argv,"-cipher") == 0) @@ -721,6 +731,8 @@ bad: ERR_print_errors(bio_err); /* goto end; */ } + store = SSL_CTX_get_cert_store(ctx); + X509_STORE_set_flags(store, vflags); #ifndef OPENSSL_NO_DH if (!no_dhe) diff --git a/apps/smime.c b/apps/smime.c index edc854e53b..ede9531c55 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -97,7 +97,7 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *encerts = NULL, *other = NULL; BIO *in = NULL, *out = NULL, *indata = NULL; int badarg = 0; - int flags = PKCS7_DETACHED; + int flags = PKCS7_DETACHED, store_flags = 0; char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL; char *passargin = NULL, *passin = NULL; @@ -150,6 +150,10 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; + else if (!strcmp (*args, "-crl_check")) + store_flags |= X509_V_FLAG_CRL_CHECK; + else if (!strcmp (*args, "-crl_check_all")) + store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (!strcmp(*args,"-rand")) { if (args[1]) { args++; @@ -304,6 +308,8 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); + BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); @@ -447,8 +453,10 @@ int MAIN(int argc, char **argv) if(operation == SMIME_VERIFY) { if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end; + X509_STORE_set_flags(store, store_flags); } + ret = 3; if(operation == SMIME_ENCRYPT) { diff --git a/apps/verify.c b/apps/verify.c index 08027288dc..5b9d719d9f 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -287,10 +287,10 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X ERR_print_errors(bio_err); goto end; } + X509_STORE_set_flags(ctx, vflags); X509_STORE_CTX_init(csc,ctx,x,uchain); if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain); if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose); - X509_STORE_CTX_set_flags(csc, vflags); i=X509_verify_cert(csc); X509_STORE_CTX_free(csc); |