From: Dr. Stephen Henson Date: Thu, 1 May 2008 23:30:06 +0000 (+0000) Subject: Use "cont" consistently in cms-examples.pl X-Git-Tag: OpenSSL_0_9_8k^2~412 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=4a954b56c9db99c7644b40630a02865a98123e9c;hp=d05a474556c627a8e87b32d7e97aa776308dc883 Use "cont" consistently in cms-examples.pl Add a -certsout option to output any certificates in a message. Add test for example 4.11 --- diff --git a/apps/cms.c b/apps/cms.c index b1ffb382ad..42bdb69eb2 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -107,6 +107,7 @@ int MAIN(int argc, char **argv) char *signerfile = NULL, *recipfile = NULL; STACK *sksigners = NULL, *skkeys = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; + char *certsoutfile = NULL; const EVP_CIPHER *cipher = NULL; CMS_ContentInfo *cms = NULL, *rcms = NULL; X509_STORE *store = NULL; @@ -397,6 +398,12 @@ int MAIN(int argc, char **argv) goto argerr; recipfile = *++args; } + else if (!strcmp (*args, "-certsout")) + { + if (!args[1]) + goto argerr; + certsoutfile = *++args; + } else if (!strcmp (*args, "-md")) { if (!args[1]) @@ -602,6 +609,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); BIO_printf (bio_err, "-binary don't translate message to text\n"); BIO_printf (bio_err, "-certfile file other certificates file\n"); + BIO_printf (bio_err, "-certsout file certificate output file\n"); BIO_printf (bio_err, "-signer file signer certificate file\n"); BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); BIO_printf (bio_err, "-skeyid use subject key identifier\n"); @@ -797,6 +805,20 @@ int MAIN(int argc, char **argv) goto end; } } + if (certsoutfile) + { + STACK_OF(X509) *allcerts; + allcerts = CMS_get1_certs(cms); + if (!save_certs(certsoutfile, allcerts)) + { + BIO_printf(bio_err, + "Error writing certs to %s\n", + certsoutfile); + ret = 5; + goto end; + } + sk_X509_pop_free(allcerts, X509_free); + } } if (rctfile) diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index b2505c6948..9690194f38 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -55,6 +55,7 @@ B B [B<-binary>] [B<-nodetach>] [B<-certfile file>] +[B<-certsout file>] [B<-signer file>] [B<-recip file>] [B<-keyid>] @@ -312,6 +313,10 @@ allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in PEM format. +=item B<-certsout file> + +any certificates contained in to the message are written to B. + =item B<-signer file> a signing certificate when signing or resigning a message, this option can be diff --git a/test/cms-examples.pl b/test/cms-examples.pl index 62290db275..2e95b48ba4 100644 --- a/test/cms-examples.pl +++ b/test/cms-examples.pl @@ -78,17 +78,17 @@ elsif (-f "..\\out32\\openssl.exe") my @test_list = ( [ "3.1.bin" => "dataout" ], [ "3.2.bin" => "encode, dataout" ], - [ "4.1.bin" => "encode, verifyder, content, dss" ], + [ "4.1.bin" => "encode, verifyder, cont, dss" ], [ "4.2.bin" => "encode, verifyder, cont, rsa" ], [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], [ "4.4.bin" => "encode, verifyder, cont, dss" ], - [ "4.5.bin" => "verifyder, content, rsa" ], + [ "4.5.bin" => "verifyder, cont, rsa" ], [ "4.6.bin" => "encode, verifyder, cont, dss" ], [ "4.7.bin" => "encode, verifyder, cont, dss" ], [ "4.8.eml" => "verifymime, dss" ], [ "4.9.eml" => "verifymime, dss" ], [ "4.10.bin" => "encode, verifyder, cont, dss" ], - [ "4.11.bin" => "encode" ], + [ "4.11.bin" => "encode, certsout" ], [ "5.1.bin" => "encode, envelopeder, cont" ], [ "5.2.bin" => "encode, envelopeder, cont" ], [ "5.3.eml" => "envelopemime, cont" ], @@ -151,6 +151,9 @@ foreach (@test_list) { if ( $tlist =~ /encode/ ) { run_reencode_test( $exdir, $file ); } + if ( $tlist =~ /certsout/ ) { + run_certsout_test( $exdir, $file ); + } if ( $tlist =~ /dataout/ ) { run_dataout_test( $exdir, $file ); } @@ -216,6 +219,23 @@ sub run_reencode_test { } } +sub run_certsout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + unlink "tmp.pem"; + + system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tCertificate output command FAILED!!\n"; + $badtest++; + } + else { + print "\tCertificate output passed\n" if $verbose; + } +} + sub run_dataout_test { my ( $cmsdir, $tfile ) = @_; unlink "tmp.txt";