implement -attime option as a verify parameter then it works with all relevant applic...

[openssl.git] / apps / apps.c

diff --git a/apps/apps.c b/apps/apps.c
index 5bd19c5d016ddd0db3b6777f882ca7b3efdf5046..b9df6f9e2d8022e513e6715a0b99599b399a58a1 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -257,6 +257,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 
 int str2fmt(char *s)
        {
+       if (s == NULL)
+               return FORMAT_UNDEF;
        if      ((*s == 'D') || (*s == 'd'))
                return(FORMAT_ASN1);
        else if ((*s == 'T') || (*s == 't'))
@@ -796,7 +798,9 @@ X509 *load_cert(BIO *err, const char *file, int format,
        if (file == NULL)
                {
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
                BIO_set_fp(cert,stdin,BIO_NOCLOSE);
                }
@@ -897,7 +901,9 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
        if (file == NULL && maybe_stdin)
                {
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
                BIO_set_fp(key,stdin,BIO_NOCLOSE);
                }
@@ -986,7 +992,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
        if (file == NULL && maybe_stdin)
                {
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
                BIO_set_fp(key,stdin,BIO_NOCLOSE);
                }
@@ -2249,6 +2257,7 @@ int args_verify(char ***pargs, int *pargc,
        char **oldargs = *pargs;
        char *arg = **pargs, *argn = (*pargs)[1];
        const X509_VERIFY_PARAM *vpm = NULL;
+       time_t at_time = 0;
        if (!strcmp(arg, "-policy"))
                {
                if (!argn)
@@ -2316,6 +2325,26 @@ int args_verify(char ***pargs, int *pargc,
                        }
                (*pargs)++;
                }
+       else if (strcmp(arg,"-attime") == 0)
+               {
+               if (!argn)
+                       *badarg = 1;
+               else
+                       {
+                       long timestamp;
+                       /* interpret argument as seconds since Epoch */
+                       if (sscanf(argn, "%li", &timestamp) != 1)
+                               {
+                               BIO_printf(bio_err,
+                                               "Error parsing timestamp %s\n",
+                                               argn);
+                               *badarg = 1;
+                               }
+                       /* on some platforms time_t may be a float */
+                       at_time = (time_t) timestamp;
+                       }
+               (*pargs)++;
+               }
        else if (!strcmp(arg, "-ignore_critical"))
                flags |= X509_V_FLAG_IGNORE_CRITICAL;
        else if (!strcmp(arg, "-issuer_checks"))
@@ -2375,6 +2404,9 @@ int args_verify(char ***pargs, int *pargc,
        if (depth >= 0)
                X509_VERIFY_PARAM_set_depth(*pm, depth);
 
+       if (at_time) 
+               X509_VERIFY_PARAM_set_time(*pm, at_time);
+
        end:
 
        (*pargs)++;
@@ -3032,7 +3064,7 @@ int raw_write_stdout(const void *buf,int siz)
        {       return write(fileno(stdout),buf,siz);   }
 #endif
 
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN)
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 /* next_protos_parse parses a comma separated list of strings into a string
  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
  *   outlen: (output) set to the length of the resulting buffer on success.
@@ -3047,7 +3079,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
        size_t i, start = 0;
 
        len = strlen(in);
-       if (len > 65535)
+       if (len >= 65535)
                return NULL;
 
        out = OPENSSL_malloc(strlen(in) + 1);
@@ -3073,4 +3105,4 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
        *outlen = len + 1;
        return out;
        }
-#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NPN */
+#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */