openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

apps: Add maybe_stdin argument to load_certs and set it in pkcs12 

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14449)
This commit is contained in:
Tomas Mraz 2021-03-05 21:05:35 +01:00
parent 8287a4c3b2
commit ea51096e51
10 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/cms.c
View File

@ -826,7 +826,7 @@ int cms_main(int argc, char **argv)
}
if (certfile != NULL) {
if (!load_certs(certfile, &other, NULL, "certificate file")) {
if (!load_certs(certfile, 0, &other, NULL, "certificate file")) {
ERR_print_errors(bio_err);
goto end;
}

2
apps/include/apps.h
View File

@ -129,7 +129,7 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
const char *desc, X509_VERIFY_PARAM *vpm);
X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
X509_VERIFY_PARAM *vpm);
int load_certs(const char *uri, STACK_OF(X509) **certs,
int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
const char *pass, const char *desc);
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
const char *pass, const char *desc);

6
apps/lib/apps.c
View File

@ -800,12 +800,12 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
* Initialize or extend, if *certs != NULL, a certificate stack.
* The caller is responsible for freeing *certs if its value is left not NULL.
*/
int load_certs(const char *uri, STACK_OF(X509) **certs,
int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
const char *pass, const char *desc)
{
int was_NULL = *certs == NULL;
int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
NULL, certs, NULL, NULL);
int ret = load_key_certs_crls(uri, maybe_stdin, pass, desc, NULL, NULL,
NULL, NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
sk_X509_pop_free(*certs, X509_free);

2
apps/lib/s_cb.c
View File

@ -1032,7 +1032,7 @@ int load_excert(SSL_EXCERT **pexc)
if (exc->key == NULL)
return 0;
if (exc->chainfile != NULL) {
if (!load_certs(exc->chainfile, &exc->chain, NULL, "server chain"))
if (!load_certs(exc->chainfile, 0, &exc->chain, NULL, "server chain"))
return 0;
}
}

8
apps/ocsp.c
View File

@ -574,10 +574,10 @@ int ocsp_main(int argc, char **argv)
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
}
if (!load_certs(rca_filename, &rca_cert, NULL, "CA certificates"))
if (!load_certs(rca_filename, 0, &rca_cert, NULL, "CA certificates"))
goto end;
if (rcertfile != NULL) {
if (!load_certs(rcertfile, &rother, NULL,
if (!load_certs(rcertfile, 0, &rother, NULL,
"responder other certificates"))
goto end;
}
@ -671,7 +671,7 @@ redo_accept:
goto end;
}
if (sign_certfile != NULL) {
if (!load_certs(sign_certfile, &sign_other, NULL,
if (!load_certs(sign_certfile, 0, &sign_other, NULL,
"signer certificates"))
goto end;
}
@ -780,7 +780,7 @@ redo_accept:
if (vpmtouched)
X509_STORE_set1_param(store, vpm);
if (verify_certfile != NULL) {
if (!load_certs(verify_certfile, &verify_other, NULL,
if (!load_certs(verify_certfile, 0, &verify_other, NULL,
"validator certificates"))
goto end;
}

6
apps/pkcs12.c
View File

@ -525,7 +525,7 @@ int pkcs12_main(int argc, char **argv)
/* Load all certs in input file */
if (!(options & NOCERTS)) {
if (!load_certs(infile, &certs, passin,
if (!load_certs(infile, 1, &certs, passin,
"certificates from -in file"))
goto export_end;
if (sk_X509_num(certs) < 1) {
@ -560,7 +560,7 @@ int pkcs12_main(int argc, char **argv)
/* Load any untrusted certificates for chain building */
if (untrusted != NULL) {
if (!load_certs(untrusted, &untrusted_certs, passcerts,
if (!load_certs(untrusted, 0, &untrusted_certs, passcerts,
"untrusted certificates"))
goto export_end;
}
@ -605,7 +605,7 @@ int pkcs12_main(int argc, char **argv)
/* Add any extra certificates asked for */
if (certfile != NULL) {
if (!load_certs(certfile, &certs, passcerts,
if (!load_certs(certfile, 0, &certs, passcerts,
"extra certificates from -certfile"))
goto export_end;
}

2
apps/s_client.c
View File

@ -1625,7 +1625,7 @@ int s_client_main(int argc, char **argv)
}
if (chain_file != NULL) {
if (!load_certs(chain_file, &chain, pass, "client certificate chain"))
if (!load_certs(chain_file, 0, &chain, pass, "client certificate chain"))
goto end;
}

4
apps/s_server.c
View File

@ -1690,7 +1690,7 @@ int s_server_main(int argc, char *argv[])
if (s_cert == NULL)
goto end;
if (s_chain_file != NULL) {
if (!load_certs(s_chain_file, &s_chain, NULL,
if (!load_certs(s_chain_file, 0, &s_chain, NULL,
"server certificate chain"))
goto end;
}
@ -1754,7 +1754,7 @@ int s_server_main(int argc, char *argv[])
goto end;
}
if (s_dchain_file != NULL) {
if (!load_certs(s_dchain_file, &s_dchain, NULL,
if (!load_certs(s_dchain_file, 0, &s_dchain, NULL,
"second server certificate chain"))
goto end;
}

2
apps/smime.c
View File

@ -457,7 +457,7 @@ int smime_main(int argc, char **argv)
}
if (certfile != NULL) {
if (!load_certs(certfile, &other, NULL, "certificates")) {
if (!load_certs(certfile, 0, &other, NULL, "certificates")) {
ERR_print_errors(bio_err);
goto end;
}

4
apps/verify.c
View File

@ -145,7 +145,7 @@ int verify_main(int argc, char **argv)
break;
case OPT_UNTRUSTED:
/* Zero or more times */
if (!load_certs(opt_arg(), &untrusted, NULL,
if (!load_certs(opt_arg(), 0, &untrusted, NULL,
"untrusted certificates"))
goto end;
break;
@ -154,7 +154,7 @@ int verify_main(int argc, char **argv)
noCAfile = 1;
noCApath = 1;
noCAstore = 1;
if (!load_certs(opt_arg(), &trusted, NULL, "trusted certificates"))
if (!load_certs(opt_arg(), 0, &trusted, NULL, "trusted certificates"))
goto end;
break;
case OPT_CRLFILE: