if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
argc--;
argv++;
for (;;)
}
else if (strcmp(*argv,"-help") == 0)
goto end;
+ else if (strcmp(*argv,"-ignore_critical") == 0)
+ vflags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (strcmp(*argv,"-issuer_checks") == 0)
vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
else if (strcmp(*argv,"-crl_check") == 0)
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
apps_shutdown();
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
if (!ok)
{
X509_NAME_oneline(
- X509_get_subject_name(ctx->current_cert),buf,256);
+ X509_get_subject_name(ctx->current_cert),buf,
+ sizeof buf);
printf("%s\n",buf);
printf("error %d at %d depth lookup:%s\n",ctx->error,
ctx->error_depth,
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
+ if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
}
if (!v_verbose)
ERR_clear_error();