Add -no_alt_chains option to apps to implement the new X509_V_FLAG_NO_ALT_CHAINS...

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Conflicts:
	apps/cms.c
	apps/ocsp.c
	apps/s_client.c
	apps/s_server.c
	apps/smime.c
	apps/verify.c

diff --git a/apps/apps.c b/apps/apps.c
index 5b7aedccde0004e1780f405704f84d4dc2f615f0..6801238348315c448f11b1a35870d07c83f3c7f5 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2238,6 +2238,8 @@ int args_verify(char ***pargs, int *pargc,
         flags |= X509_V_FLAG_NOTIFY_POLICY;
     else if (!strcmp(arg, "-check_ss_sig"))
         flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+    else if (!strcmp(arg, "-no_alt_chains"))
+        flags |= X509_V_FLAG_NO_ALT_CHAINS;
     else
         return 0;
 

diff --git a/apps/cms.c b/apps/cms.c
index 0cc4b46d8e2825591925a8a17c6cd8c83d2cc272..d7645c0d62b102591f6171036557c6c397ff2fa1 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -580,6 +580,8 @@ int MAIN(int argc, char **argv)
         BIO_printf(bio_err,
                    "-CApath dir    trusted certificates directory\n");
         BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
+        BIO_printf(bio_err,
+                   "-no_alt_chains only ever use the first certificate chain found\n");
         BIO_printf(bio_err,
                    "-crl_check     check revocation status of signer's certificate using CRLs\n");
         BIO_printf(bio_err,

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 71def2611af962ada3ddb214ecb6720869a05da1..572f0643e13c7a4cb40aa0deee4e6597ae590d97 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -518,6 +518,8 @@ int MAIN(int argc, char **argv)
                    "-CApath dir          trusted certificates directory\n");
         BIO_printf(bio_err,
                    "-CAfile file         trusted certificates file\n");
+        BIO_printf(bio_err,
+                   "-no_alt_chains       only ever use the first certificate chain found\n");
         BIO_printf(bio_err,
                    "-VAfile file         validator certificates file\n");
         BIO_printf(bio_err,

diff --git a/apps/s_client.c b/apps/s_client.c
index b9b79756a3388c122d79f4fd237605c57b656d8a..28737b6d1e6b7fd79317bc0f9fbfebeb6c2c19e1 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -322,6 +322,8 @@ static void sc_usage(void)
                " -pass arg     - private key file pass phrase source\n");
     BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
     BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
+    BIO_printf(bio_err,
+               " -no_alt_chains - only ever use the first certificate chain found\n");
     BIO_printf(bio_err,
                " -reconnect    - Drop and re-make the connection with the same Session-ID\n");
     BIO_printf(bio_err,

diff --git a/apps/s_server.c b/apps/s_server.c
index 7e501d21b92aeb86207e7b40ae860a0a19fbd2c6..b58e5e07c41c1c6c642be90c26f121b2ce1a73c4 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -540,6 +540,8 @@ static void sv_usage(void)
     BIO_printf(bio_err, " -state        - Print the SSL states\n");
     BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
     BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
+    BIO_printf(bio_err,
+               " -no_alt_chains - only ever use the first certificate chain found\n");
     BIO_printf(bio_err,
                " -nocert       - Don't use any certificates (Anon-DH)\n");
     BIO_printf(bio_err,

diff --git a/apps/smime.c b/apps/smime.c
index 7b351f601cbb55b518c922a9ac1014dd15e660b6..53e43c5e732234236797d36c2017c03f7df733b3 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -441,6 +441,8 @@ int MAIN(int argc, char **argv)
         BIO_printf(bio_err,
                    "-CApath dir    trusted certificates directory\n");
         BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
+        BIO_printf(bio_err,
+                   "-no_alt_chains only ever use the first certificate chain found\n");
         BIO_printf(bio_err,
                    "-crl_check     check revocation status of signer's certificate using CRLs\n");
         BIO_printf(bio_err,

diff --git a/apps/verify.c b/apps/verify.c
index 7295c769f304daf283bafc614b51a376e1f09611..e29f9bb7e09c651821215a42eb8ccb0055e0188c 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
     if (ret == 1) {
         BIO_printf(bio_err,
                    "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-        BIO_printf(bio_err, " [-attime timestamp]");
+        BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
 #ifndef OPENSSL_NO_ENGINE
         BIO_printf(bio_err, " [-engine e]");
 #endif