{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
+ {"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
- {"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
goto end;
}
+ conf = load_config_file(configfile);
+ if (!app_load_modules(conf))
+ goto end;
+
/*
* Check consistency of parameters and execute the appropriate function.
*/
ret = data != NULL && digest != NULL;
if (ret)
goto opthelp;
- /* Load the config file for possible policy OIDs. */
- conf = load_config_file(configfile);
ret = !query_command(data, digest, md, policy, no_nonce, cert,
in, out, text);
break;
case OPT_REPLY:
- conf = load_config_file(configfile);
if (in == NULL) {
ret = !(queryfile != NULL && conf != NULL && !token_in);
if (ret)
/* Build query object either from file or from scratch. */
if (in != NULL) {
- if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+ if ((in_bio = bio_open_default(in, 'r', FORMAT_ASN1)) == NULL)
goto end;
query = d2i_TS_REQ_bio(in_bio, NULL);
} else {
/* Open the file if no explicit digest bytes were specified. */
if (digest == NULL
- && (data_bio = bio_open_default(data, "rb")) == NULL)
+ && (data_bio = bio_open_default(data, 'r', FORMAT_ASN1)) == NULL)
goto end;
query = create_query(data_bio, digest, md, policy, no_nonce, cert);
}
goto end;
/* Write query either in ASN.1 or in text format. */
- if ((out_bio = bio_open_default(out, "wb")) == NULL)
- goto end;
if (text) {
/* Text output. */
+ if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
+ goto end;
if (!TS_REQ_print_bio(out_bio, query))
goto end;
} else {
/* ASN.1 output. */
+ if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
+ goto end;
if (!i2d_TS_REQ_bio(out_bio, query))
goto end;
}
goto end;
/* Write response either in ASN.1 or text format. */
- if ((out_bio = bio_open_default(out, "wb")) == NULL)
- goto end;
if (text) {
/* Text output. */
+ if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
+ goto end;
if (token_out) {
TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
if (!TS_TST_INFO_print_bio(out_bio, tst_info))
}
} else {
/* ASN.1 DER output. */
+ if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
+ goto end;
if (token_out) {
PKCS7 *token = TS_RESP_get_token(response);
if (!i2d_PKCS7_bio(out_bio, token))
/* Create granted status info. */
if ((si = TS_STATUS_INFO_new()) == NULL)
goto end;
- if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED)))
+ if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED))
goto end;
if (!TS_RESP_set_status_info(resp, si))
goto end;
BIO *input = NULL;
TS_REQ *request = NULL;
int ret = 0;
+ int f = 0;
if (data != NULL || digest != NULL) {
if ((ctx = TS_VERIFY_CTX_new()) == NULL)
goto err;
- ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER;
+ f = TS_VFY_VERSION | TS_VFY_SIGNER;
if (data != NULL) {
- ctx->flags |= TS_VFY_DATA;
- if ((ctx->data = BIO_new_file(data, "rb")) == NULL)
+ f |= TS_VFY_DATA;
+ if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL)
goto err;
} else if (digest != NULL) {
long imprint_len;
- ctx->flags |= TS_VFY_IMPRINT;
- if ((ctx->imprint = string_to_hex(digest, &imprint_len)) == NULL) {
+ unsigned char *hexstr = string_to_hex(digest, &imprint_len);
+ f |= TS_VFY_IMPRINT;
+ if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) {
BIO_printf(bio_err, "invalid digest string\n");
goto err;
}
- ctx->imprint_len = imprint_len;
}
} else if (queryfile != NULL) {
return NULL;
/* Add the signature verification flag and arguments. */
- ctx->flags |= TS_VFY_SIGNATURE;
+ TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);
/* Initialising the X509_STORE object. */
- if ((ctx->store = create_cert_store(CApath, CAfile)) == NULL)
+ if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile))
+ == NULL)
goto err;
/* Loading untrusted certificates. */
- if (untrusted && (ctx->certs = TS_CONF_load_certs(untrusted)) == NULL)
+ if (untrusted
+ && TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL)
goto err;
ret = 1;