diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-03-07 15:26:34 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-11-03 18:38:23 +0100 |
| commit | fd3397fc47bfd92e7e33d88aa566cb0c8bd29330 (patch) | |
| tree | 463778bc2ded727930631bec442d7ec7b7509488 /apps/crl.c | |
| parent | X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI (diff) | |
| download | openssl-fd3397fc47bfd92e7e33d88aa566cb0c8bd29330.tar.xz openssl-fd3397fc47bfd92e7e33d88aa566cb0c8bd29330.zip | |
Add -CAstore and similar to all openssl commands that have -CApath
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Diffstat (limited to 'apps/crl.c')
| -rw-r--r-- | apps/crl.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/apps/crl.c b/apps/crl.c index d36b93ba64..f7f4fb7150 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -22,9 +22,9 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY, OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT, - OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD, - OPT_NOOUT, OPT_NAMEOPT, OPT_MD + OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, + OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_TEXT, OPT_HASH, + OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD } OPTION_CHOICE; const OPTIONS crl_options[] = { @@ -45,10 +45,13 @@ const OPTIONS crl_options[] = { {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"}, {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"}, {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"}, + {"CAstore", OPT_CASTORE, ':', "Verify CRL using certificates in store URI"}, {"no-CAfile", OPT_NOCAFILE, '-', "Do not load the default certificates file"}, {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, + {"no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store"}, {"verify", OPT_VERIFY, '-', "Verify CRL signature"}, {"text", OPT_TEXT, '-', "Print out a text format version"}, {"hash", OPT_HASH, '-', "Print hash value"}, @@ -71,12 +74,12 @@ int crl_main(int argc, char **argv) EVP_PKEY *pkey; const EVP_MD *digest = EVP_sha1(); char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; - const char *CAfile = NULL, *CApath = NULL, *prog; + const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog; OPTION_CHOICE o; int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0; - int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0; + int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0; int i; #ifndef OPENSSL_NO_MD5 int hash_old = 0; @@ -126,12 +129,19 @@ int crl_main(int argc, char **argv) CAfile = opt_arg(); do_ver = 1; break; + case OPT_CASTORE: + CAstore = opt_arg(); + do_ver = 1; + break; case OPT_NOCAPATH: noCApath = 1; break; case OPT_NOCAFILE: noCAfile = 1; break; + case OPT_NOCASTORE: + noCAstore = 1; + break; case OPT_HASH_OLD: #ifndef OPENSSL_NO_MD5 hash_old = ++num; @@ -185,7 +195,8 @@ int crl_main(int argc, char **argv) goto end; if (do_ver) { - if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL) + if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, + CAstore, noCAstore)) == NULL) goto end; lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) |