diff options
Diffstat (limited to 'apps/apps.c')
| -rw-r--r-- | apps/apps.c | 79 |
1 files changed, 76 insertions, 3 deletions
diff --git a/apps/apps.c b/apps/apps.c index 6bc3562cdb..4121e47e9d 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2141,10 +2141,14 @@ int WIN32_rename(char *from, char *to) } #endif -int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm) +int args_verify(char ***pargs, int *pargc, + int *badarg, BIO *err, X509_VERIFY_PARAM **pm) { ASN1_OBJECT *otmp = NULL; unsigned long flags = 0; + int i; + int purpose = 0; + char **oldargs = *pargs; char *arg = **pargs, *argn = (*pargs)[1]; if (!strcmp(arg, "-policy")) { @@ -2162,6 +2166,27 @@ int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm) } (*pargs)++; } + else if (strcmp(arg,"-purpose") == 0) + { + X509_PURPOSE *xptmp; + if (!argn) + *badarg = 1; + else + { + i = X509_PURPOSE_get_by_sname(argn); + if(i < 0) + { + BIO_printf(err, "unrecognized purpose\n"); + *badarg = 1; + } + else + { + xptmp = X509_PURPOSE_get0(i); + purpose = X509_PURPOSE_get_id(xptmp); + } + } + (*pargs)++; + } else if (!strcmp(arg, "-ignore_critical")) flags |= X509_V_FLAG_IGNORE_CRITICAL; else if (!strcmp(arg, "-issuer_checks")) @@ -2186,13 +2211,13 @@ int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm) if (*pm) X509_VERIFY_PARAM_free(*pm); *pm = NULL; - return 1; + goto end; } if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) { *badarg = 1; - return 1; + goto end; } if (otmp) @@ -2200,8 +2225,56 @@ int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm) if (flags) X509_VERIFY_PARAM_set_flags(*pm, flags); + if (purpose) + X509_VERIFY_PARAM_set_purpose(*pm, purpose); + + end: + (*pargs)++; + if (pargc) + *pargc -= *pargs - oldargs; + return 1; } + +static void nodes_print(BIO *out, char *name, STACK_OF(X509_POLICY_NODE) *nodes) + { + X509_POLICY_NODE *node; + int i; + BIO_printf(out, "%s Policies:", name); + if (nodes) + { + BIO_puts(out, "\n"); + for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) + { + node = sk_X509_POLICY_NODE_value(nodes, i); + X509_POLICY_NODE_print(out, node, 2); + } + } + else + BIO_puts(out, " <empty>\n"); + } + +void policies_print(BIO *out, X509_STORE_CTX *ctx) + { + X509_POLICY_TREE *tree; + int explicit_policy; + int free_out = 0; + if (out == NULL) + { + out = BIO_new_fp(stderr, BIO_NOCLOSE); + free_out = 1; + } + tree = X509_STORE_CTX_get0_policy_tree(ctx); + explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); + + BIO_printf(out, "Require explicit Policy: %s\n", + explicit_policy ? "True" : "False"); + + nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree)); + nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree)); + if (free_out) + BIO_free(out); + } |