openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Reformat smime utility. 

Add support for policy checking in verify utility.
This commit is contained in:
Dr. Stephen Henson 2004-09-07 18:38:46 +00:00
parent fb80794568
commit c431798e82
4 changed files with 103 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
apps/apps.c
View File

@ -2141,10 +2141,14 @@ int WIN32_rename(char *from, char *to)
}
#endif
int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
{
ASN1_OBJECT *otmp = NULL;
unsigned long flags = 0;
int i;
int purpose = 0;
char **oldargs = *pargs;
char *arg = **pargs, *argn = (*pargs)[1];
if (!strcmp(arg, "-policy"))
{
@ -2162,6 +2166,27 @@ int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
}
(*pargs)++;
}
else if (strcmp(arg,"-purpose") == 0)
{
X509_PURPOSE *xptmp;
if (!argn)
*badarg = 1;
else
{
i = X509_PURPOSE_get_by_sname(argn);
if(i < 0)
{
BIO_printf(err, "unrecognized purpose\n");
*badarg = 1;
}
else
{
xptmp = X509_PURPOSE_get0(i);
purpose = X509_PURPOSE_get_id(xptmp);
}
}
(*pargs)++;
}
else if (!strcmp(arg, "-ignore_critical"))
flags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (!strcmp(arg, "-issuer_checks"))
@ -2186,13 +2211,13 @@ int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
if (*pm)
X509_VERIFY_PARAM_free(*pm);
*pm = NULL;
return 1;
goto end;
}
if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
{
*badarg = 1;
return 1;
goto end;
}
if (otmp)
@ -2200,8 +2225,56 @@ int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
if (flags)
X509_VERIFY_PARAM_set_flags(*pm, flags);
if (purpose)
X509_VERIFY_PARAM_set_purpose(*pm, purpose);
end:
(*pargs)++;
if (pargc)
*pargc -= *pargs - oldargs;
return 1;
}
static void nodes_print(BIO *out, char *name, STACK_OF(X509_POLICY_NODE) *nodes)
{
X509_POLICY_NODE *node;
int i;
BIO_printf(out, "%s Policies:", name);
if (nodes)
{
BIO_puts(out, "\n");
for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
{
node = sk_X509_POLICY_NODE_value(nodes, i);
X509_POLICY_NODE_print(out, node, 2);
}
}
else
BIO_puts(out, " <empty>\n");
}
void policies_print(BIO *out, X509_STORE_CTX *ctx)
{
X509_POLICY_TREE *tree;
int explicit_policy;
int free_out = 0;
if (out == NULL)
{
out = BIO_new_fp(stderr, BIO_NOCLOSE);
free_out = 1;
}
tree = X509_STORE_CTX_get0_policy_tree(ctx);
explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
BIO_printf(out, "Require explicit Policy: %s\n",
explicit_policy ? "True" : "False");
nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
if (free_out)
BIO_free(out);
}

4
apps/apps.h
View File

@ -317,7 +317,9 @@ int index_name_cmp(const char **a, const char **b);
int parse_yesno(char *str, int def);
X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1

41
apps/smime.c
View File

@ -365,7 +365,7 @@ int MAIN(int argc, char **argv)
else
badarg = 1;
}
else if (args_verify(&args, &badarg, bio_err, &vpm))
else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
continue;
else
badarg = 1;
@ -769,43 +769,10 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers)
}
static void nodes_print(BIO *out, char *name, STACK_OF(X509_POLICY_NODE) *nodes)
{
X509_POLICY_NODE *node;
int i;
BIO_printf(out, "%s Policies:", name);
if (nodes)
{
BIO_puts(out, "\n");
for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
{
node = sk_X509_POLICY_NODE_value(nodes, i);
X509_POLICY_NODE_print(out, node, 2);
}
}
else
BIO_puts(out, " <empty>\n");
}
static void policies_print(BIO *out, X509_STORE_CTX *ctx)
{
X509_POLICY_TREE *tree;
int explicit_policy;
tree = X509_STORE_CTX_get0_policy_tree(ctx);
explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
BIO_printf(out, "Require explicit Policy: %s\n",
explicit_policy ? "True" : "False");
nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
}
/* Minimal callback just to output policy info (if any) */
static int smime_cb(int ok, X509_STORE_CTX *ctx)
{
BIO *out;
int error;
error = X509_STORE_CTX_get_error(ctx);
@ -814,11 +781,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx)
&& ((error != X509_V_OK) || (ok != 2)))
return ok;
out = BIO_new_fp(stderr, BIO_NOCLOSE);
policies_print(out, ctx);
BIO_free(out);
policies_print(NULL, ctx);
return ok;

43
apps/verify.c
View File

@ -79,13 +79,14 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,ret=1;
int i,ret=1, badarg = 0;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
char *untfile = NULL, *trustfile = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
X509_VERIFY_PARAM *vpm = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
@ -121,18 +122,12 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
CAfile= *(++argv);
}
else if (strcmp(*argv,"-purpose") == 0)
else if (args_verify(&argv, &argc, &badarg, bio_err,
&vpm))
{
X509_PURPOSE *xptmp;
if (argc-- < 1) goto end;
i = X509_PURPOSE_get_by_sname(*(++argv));
if(i < 0)
{
BIO_printf(bio_err, "unrecognized purpose\n");
if (badarg)
goto end;
}
xptmp = X509_PURPOSE_get0(i);
purpose = X509_PURPOSE_get_id(xptmp);
continue;
}
else if (strcmp(*argv,"-untrusted") == 0)
{
@ -153,14 +148,6 @@ int MAIN(int argc, char **argv)
#endif
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-ignore_critical") == 0)
vflags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (strcmp(*argv,"-issuer_checks") == 0)
vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
else if (strcmp(*argv,"-crl_check") == 0)
vflags |= X509_V_FLAG_CRL_CHECK;
else if (strcmp(*argv,"-crl_check_all") == 0)
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (strcmp(*argv,"-verbose") == 0)
v_verbose=1;
else if (argv[0][0] == '-')
@ -178,6 +165,9 @@ int MAIN(int argc, char **argv)
e = setup_engine(bio_err, engine, 0);
#endif
if (vpm)
X509_STORE_set1_param(cert_ctx, vpm);
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
if (CAfile) {
@ -238,6 +228,7 @@ end:
X509_PURPOSE_get0_name(ptmp));
}
}
if (vpm) X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
@ -339,10 +330,13 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
if (!ok)
{
X509_NAME_oneline(
if (ctx->current_cert)
{
X509_NAME_oneline(
X509_get_subject_name(ctx->current_cert),buf,
sizeof buf);
printf("%s\n",buf);
printf("%s\n",buf);
}
printf("error %d at %d depth lookup:%s\n",ctx->error,
ctx->error_depth,
X509_verify_cert_error_string(ctx->error));
@ -360,7 +354,14 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
policies_print(NULL, ctx);
return ok;
}
if ((ctx->error == X509_V_OK) && (ok == 2))
policies_print(NULL, ctx);
if (!v_verbose)
ERR_clear_error();
return(ok);