{"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},
{"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
{"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
- {"trusted", OPT_TRUSTED, '<', "A file of additional trusted certificates"},
+ {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
{"CRLfile", OPT_CRLFILE, '<',
"File containing one or more CRL's (in PEM format) to load"},
{"crl_download", OPT_CRL_DOWNLOAD, '-',
}
argc = opt_num_rest();
argv = opt_rest();
+ if (trustfile && (CAfile || CApath)) {
+ BIO_printf(bio_err,
+ "%s: Cannot use -trusted with -CAfile or -CApath\n",
+ prog);
+ goto end;
+ }
if (!app_load_modules(NULL))
goto end;
if (crls)
X509_STORE_CTX_set0_crls(csc, crls);
i = X509_verify_cert(csc);
- if (i > 0 && show_chain) {
- chain = X509_STORE_CTX_get1_chain(csc);
- num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
- }
- X509_STORE_CTX_free(csc);
-
- ret = 0;
- end:
if (i > 0) {
printf("OK\n");
ret = 1;
- } else
- ERR_print_errors(bio_err);
- if (chain) {
- printf("Chain:\n");
- for (i = 0; i < sk_X509_num(chain); i++) {
- X509 *cert = sk_X509_value(chain, i);
- printf("depth=%d: ", i);
- X509_NAME_print_ex_fp(stdout,
- X509_get_subject_name(cert),
- 0, XN_FLAG_ONELINE);
- if (i < num_untrusted) {
- printf(" (untrusted)");
- }
- printf("\n");
- }
- sk_X509_pop_free(chain, X509_free);
+ if (show_chain) {
+ int j;
+
+ chain = X509_STORE_CTX_get1_chain(csc);
+ num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+ printf("Chain:\n");
+ for (j = 0; j < sk_X509_num(chain); j++) {
+ X509 *cert = sk_X509_value(chain, j);
+ printf("depth=%d: ", j);
+ X509_NAME_print_ex_fp(stdout,
+ X509_get_subject_name(cert),
+ 0, XN_FLAG_ONELINE);
+ if (j < num_untrusted)
+ printf(" (untrusted)");
+ printf("\n");
+ }
+ sk_X509_pop_free(chain, X509_free);
+ }
}
+ X509_STORE_CTX_free(csc);
+
+ end:
+ if (i <= 0)
+ ERR_print_errors(bio_err);
X509_free(x);
- return (ret);
+ return ret;
}
static int cb(int ok, X509_STORE_CTX *ctx)