OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_V_ENUM,
- OPT_CAPATH, OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTFORM, OPT_CONTENT
+ OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
+ OPT_OUTFORM, OPT_CONTENT
} OPTION_CHOICE;
OPTIONS smime_options[] = {
{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+ {"no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file"},
+ {"no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory"},
{"resign", OPT_RESIGN, '-'},
{"nochain", OPT_NOCHAIN, '-'},
{"nosmimecap", OPT_NOSMIMECAP, '-'},
NULL;
char *passinarg = NULL, *passin = NULL, *to = NULL, *from =
NULL, *subject = NULL;
- const char *inmode = "r", *outmode = "w";
OPTION_CHOICE o;
+ int noCApath = 0, noCAfile = 0;
int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef =
0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
case OPT_CAPATH:
CApath = opt_arg();
break;
+ case OPT_NOCAFILE:
+ noCAfile = 1;
+ break;
+ case OPT_NOCAPATH:
+ noCApath = 1;
+ break;
case OPT_CONTENT:
contfile = opt_arg();
break;
goto end;
}
- if (!app_load_modules(NULL))
- goto end;
-
if (need_rand) {
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
if (!(operation & SMIME_SIGNERS))
flags &= ~PKCS7_DETACHED;
- if (operation & SMIME_OP) {
- if (outformat == FORMAT_ASN1)
- outmode = "wb";
- } else {
+ if (!(operation & SMIME_OP)) {
if (flags & PKCS7_BINARY)
- outmode = "wb";
+ outformat = FORMAT_BINARY;
}
- if (operation & SMIME_IP) {
- if (informat == FORMAT_ASN1)
- inmode = "rb";
- } else {
+ if (!(operation & SMIME_IP)) {
if (flags & PKCS7_BINARY)
- inmode = "rb";
+ informat = FORMAT_BINARY;
}
if (operation == SMIME_ENCRYPT) {
goto end;
while (*argv) {
cert = load_cert(*argv, FORMAT_PEM,
- NULL, e, "recipient certificate file");
+ "recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
}
if (certfile) {
- if ((other = load_certs(certfile, FORMAT_PEM, NULL,
- e, "certificate file")) == NULL) {
+ if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
+ "certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
}
if (recipfile && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile, FORMAT_PEM, NULL,
- e, "recipient certificate file")) == NULL) {
+ if ((recip = load_cert(recipfile, FORMAT_PEM,
+ "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
goto end;
}
- in = bio_open_default(infile, inmode);
+ in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
}
}
- out = bio_open_default(outfile, outmode);
+ out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (operation == SMIME_VERIFY) {
- if ((store = setup_verify(CAfile, CApath)) == NULL)
+ if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
goto end;
X509_STORE_set_verify_cb(store, smime_cb);
if (vpmtouched)
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, FORMAT_PEM, NULL,
- e, "signer certificate");
+ signer = load_cert(signerfile, FORMAT_PEM,
+ "signer certificate");
if (!signer)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");