Use "cont" consistently in cms-examples.pl

Add a -certsout option to output any certificates in a message.

Add test for example 4.11

diff --git a/apps/cms.c b/apps/cms.c
index b1ffb382ad1b37874a4b718091249eb905b824a1..42bdb69eb2fd538168bd2e09c1c0e37971062527 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -107,6 +107,7 @@ int MAIN(int argc, char **argv)
        char *signerfile = NULL, *recipfile = NULL;
        STACK *sksigners = NULL, *skkeys = NULL;
        char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+       char *certsoutfile = NULL;
        const EVP_CIPHER *cipher = NULL;
        CMS_ContentInfo *cms = NULL, *rcms = NULL;
        X509_STORE *store = NULL;
@@ -397,6 +398,12 @@ int MAIN(int argc, char **argv)
                                goto argerr;
                        recipfile = *++args;
                        }
+               else if (!strcmp (*args, "-certsout"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       certsoutfile = *++args;
+                       }
                else if (!strcmp (*args, "-md"))
                        {
                        if (!args[1])
@@ -602,6 +609,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
                BIO_printf (bio_err, "-binary        don't translate message to text\n");
                BIO_printf (bio_err, "-certfile file other certificates file\n");
+               BIO_printf (bio_err, "-certsout file certificate output file\n");
                BIO_printf (bio_err, "-signer file   signer certificate file\n");
                BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
                BIO_printf (bio_err, "-skeyid        use subject key identifier\n");
@@ -797,6 +805,20 @@ int MAIN(int argc, char **argv)
                                goto end;
                                }
                        }
+               if (certsoutfile)
+                       {
+                       STACK_OF(X509) *allcerts;
+                       allcerts = CMS_get1_certs(cms);
+                       if (!save_certs(certsoutfile, allcerts))
+                               {
+                               BIO_printf(bio_err,
+                                               "Error writing certs to %s\n",
+                                                               certsoutfile);
+                               ret = 5;
+                               goto end;
+                               }
+                       sk_X509_pop_free(allcerts, X509_free);
+                       }
                }
 
        if (rctfile)

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index b2505c694838b7a122768d47b80f5c6bb3c53f7d..9690194f38e6c715276bb5a5f934a73fbcb59262 100644 (file)
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -55,6 +55,7 @@ B<openssl> B<cms>
 [B<-binary>]
 [B<-nodetach>]
 [B<-certfile file>]
+[B<-certsout file>]
 [B<-signer file>]
 [B<-recip file>]
 [B<-keyid>]
@@ -312,6 +313,10 @@ allows additional certificates to be specified. When signing these will
 be included with the message. When verifying these will be searched for
 the signers certificates. The certificates should be in PEM format.
 
+=item B<-certsout file>
+
+any certificates contained in to the message are written to B<file>.
+
 =item B<-signer file>
 
 a signing certificate when signing or resigning a message, this option can be

diff --git a/test/cms-examples.pl b/test/cms-examples.pl
index 62290db275edf26a53aaaeae5e39412d45393cc5..2e95b48ba45fc0b1f23bcbe726f4d67cd098bdde 100644 (file)
--- a/test/cms-examples.pl
+++ b/test/cms-examples.pl
@@ -78,17 +78,17 @@ elsif (-f "..\\out32\\openssl.exe")
 my @test_list = (
     [ "3.1.bin"  => "dataout" ],
     [ "3.2.bin"  => "encode, dataout" ],
-    [ "4.1.bin"  => "encode, verifyder, content, dss" ],
+    [ "4.1.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.2.bin"  => "encode, verifyder, cont, rsa" ],
     [ "4.3.bin"  => "encode, verifyder, cont_extern, dss" ],
     [ "4.4.bin"  => "encode, verifyder, cont, dss" ],
-    [ "4.5.bin"  => "verifyder, content, rsa" ],
+    [ "4.5.bin"  => "verifyder, cont, rsa" ],
     [ "4.6.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.7.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.8.eml"  => "verifymime, dss" ],
     [ "4.9.eml"  => "verifymime, dss" ],
     [ "4.10.bin" => "encode, verifyder, cont, dss" ],
-    [ "4.11.bin" => "encode" ],
+    [ "4.11.bin" => "encode, certsout" ],
     [ "5.1.bin"  => "encode, envelopeder, cont" ],
     [ "5.2.bin"  => "encode, envelopeder, cont" ],
     [ "5.3.eml"  => "envelopemime, cont" ],
@@ -151,6 +151,9 @@ foreach (@test_list) {
     if ( $tlist =~ /encode/ ) {
         run_reencode_test( $exdir, $file );
     }
+    if ( $tlist =~ /certsout/ ) {
+        run_certsout_test( $exdir, $file );
+    }
     if ( $tlist =~ /dataout/ ) {
         run_dataout_test( $exdir, $file );
     }
@@ -216,6 +219,23 @@ sub run_reencode_test {
     }
 }
 
+sub run_certsout_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.der";
+    unlink "tmp.pem";
+
+    system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
+          . " -in $cmsdir/$tfile -out tmp.der" );
+
+    if ($?) {
+        print "\tCertificate output command FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tCertificate output passed\n" if $verbose;
+    }
+}
+
 sub run_dataout_test {
     my ( $cmsdir, $tfile ) = @_;
     unlink "tmp.txt";