- int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
- {
- ASN1_OBJECT *otmp = NULL;
- unsigned long flags = 0;
- int i;
- int purpose = 0, depth = -1;
- char **oldargs = *pargs;
- char *arg = **pargs, *argn = (*pargs)[1];
- const X509_VERIFY_PARAM *vpm = NULL;
- time_t at_time = 0;
- const unsigned char *hostname = NULL, *email = NULL;
- char *ipasc = NULL;
- if (!strcmp(arg, "-policy"))
- {
- if (!argn)
- *badarg = 1;
- else
- {
- otmp = OBJ_txt2obj(argn, 0);
- if (!otmp)
- {
- BIO_printf(err, "Invalid Policy \"%s\"\n",
- argn);
- *badarg = 1;
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-purpose") == 0)
- {
- X509_PURPOSE *xptmp;
- if (!argn)
- *badarg = 1;
- else
- {
- i = X509_PURPOSE_get_by_sname(argn);
- if(i < 0)
- {
- BIO_printf(err, "unrecognized purpose\n");
- *badarg = 1;
- }
- else
- {
- xptmp = X509_PURPOSE_get0(i);
- purpose = X509_PURPOSE_get_id(xptmp);
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-verify_name") == 0)
- {
- if (!argn)
- *badarg = 1;
- else
- {
- vpm = X509_VERIFY_PARAM_lookup(argn);
- if(!vpm)
- {
- BIO_printf(err, "unrecognized verify name\n");
- *badarg = 1;
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-verify_depth") == 0)
- {
- if (!argn)
- *badarg = 1;
- else
- {
- depth = atoi(argn);
- if(depth < 0)
- {
- BIO_printf(err, "invalid depth\n");
- *badarg = 1;
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-attime") == 0)
- {
- if (!argn)
- *badarg = 1;
- else
- {
- long timestamp;
- /* interpret the -attime argument as seconds since
- * Epoch */
- if (sscanf(argn, "%li", ×tamp) != 1)
- {
- BIO_printf(bio_err,
- "Error parsing timestamp %s\n",
- argn);
- *badarg = 1;
- }
- /* on some platforms time_t may be a float */
- at_time = (time_t) timestamp;
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-verify_hostname") == 0)
- {
- if (!argn)
- *badarg = 1;
- hostname = (unsigned char *)argn;
- (*pargs)++;
- }
- else if (strcmp(arg,"-verify_email") == 0)
- {
- if (!argn)
- *badarg = 1;
- email = (unsigned char *)argn;
- (*pargs)++;
- }
- else if (strcmp(arg,"-verify_ip") == 0)
- {
- if (!argn)
- *badarg = 1;
- ipasc = argn;
- (*pargs)++;
- }
- else if (!strcmp(arg, "-ignore_critical"))
- flags |= X509_V_FLAG_IGNORE_CRITICAL;
- else if (!strcmp(arg, "-issuer_checks"))
- flags |= X509_V_FLAG_CB_ISSUER_CHECK;
- else if (!strcmp(arg, "-crl_check"))
- flags |= X509_V_FLAG_CRL_CHECK;
- else if (!strcmp(arg, "-crl_check_all"))
- flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
- else if (!strcmp(arg, "-policy_check"))
- flags |= X509_V_FLAG_POLICY_CHECK;
- else if (!strcmp(arg, "-explicit_policy"))
- flags |= X509_V_FLAG_EXPLICIT_POLICY;
- else if (!strcmp(arg, "-inhibit_any"))
- flags |= X509_V_FLAG_INHIBIT_ANY;
- else if (!strcmp(arg, "-inhibit_map"))
- flags |= X509_V_FLAG_INHIBIT_MAP;
- else if (!strcmp(arg, "-x509_strict"))
- flags |= X509_V_FLAG_X509_STRICT;
- else if (!strcmp(arg, "-extended_crl"))
- flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
- else if (!strcmp(arg, "-use_deltas"))
- flags |= X509_V_FLAG_USE_DELTAS;
- else if (!strcmp(arg, "-policy_print"))
- flags |= X509_V_FLAG_NOTIFY_POLICY;
- else if (!strcmp(arg, "-check_ss_sig"))
- flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
- else if (!strcmp(arg, "-trusted_first"))
- flags |= X509_V_FLAG_TRUSTED_FIRST;
- else if (!strcmp(arg, "-suiteB_128_only"))
- flags |= X509_V_FLAG_SUITEB_128_LOS_ONLY;
- else if (!strcmp(arg, "-suiteB_128"))
- flags |= X509_V_FLAG_SUITEB_128_LOS;
- else if (!strcmp(arg, "-suiteB_192"))
- flags |= X509_V_FLAG_SUITEB_192_LOS;
- else if (!strcmp(arg, "-partial_chain"))
- flags |= X509_V_FLAG_PARTIAL_CHAIN;
- else
- return 0;
-
- if (*badarg)
- {
- if (*pm)
- X509_VERIFY_PARAM_free(*pm);
- *pm = NULL;
- goto end;
- }
-
- if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
- {
- *badarg = 1;
- goto end;
- }
-
- if (vpm)
- X509_VERIFY_PARAM_set1(*pm, vpm);
-
- if (otmp)
- X509_VERIFY_PARAM_add0_policy(*pm, otmp);
- if (flags)
- X509_VERIFY_PARAM_set_flags(*pm, flags);
-
- if (purpose)
- X509_VERIFY_PARAM_set_purpose(*pm, purpose);
-
- if (depth >= 0)
- X509_VERIFY_PARAM_set_depth(*pm, depth);
-
- if (at_time)
- X509_VERIFY_PARAM_set_time(*pm, at_time);
-
- if (hostname && !X509_VERIFY_PARAM_set1_host(*pm, hostname, 0))
- *badarg = 1;
-
- if (email && !X509_VERIFY_PARAM_set1_email(*pm, email, 0))
- *badarg = 1;
-
- if (ipasc && !X509_VERIFY_PARAM_set1_ip_asc(*pm, ipasc))
- *badarg = 1;
-
- end:
-
- (*pargs)++;
-
- if (pargc)
- *pargc -= *pargs - oldargs;
-
- return 1;
-
- }
-
-/* Read whole contents of a BIO into an allocated memory buffer and
- * return it.
+ int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
+{
+ ASN1_OBJECT *otmp = NULL;
+ unsigned long flags = 0;
+ int i;
+ int purpose = 0, depth = -1;
+ char **oldargs = *pargs;
+ char *arg = **pargs, *argn = (*pargs)[1];
+ const X509_VERIFY_PARAM *vpm = NULL;
+ time_t at_time = 0;
+ char *hostname = NULL;
+ char *email = NULL;
+ char *ipasc = NULL;
+ if (!strcmp(arg, "-policy")) {
+ if (!argn)
+ *badarg = 1;
+ else {
+ otmp = OBJ_txt2obj(argn, 0);
+ if (!otmp) {
+ BIO_printf(err, "Invalid Policy \"%s\"\n", argn);
+ *badarg = 1;
+ }
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-purpose") == 0) {
+ X509_PURPOSE *xptmp;
+ if (!argn)
+ *badarg = 1;
+ else {
+ i = X509_PURPOSE_get_by_sname(argn);
+ if (i < 0) {
+ BIO_printf(err, "unrecognized purpose\n");
+ *badarg = 1;
+ } else {
+ xptmp = X509_PURPOSE_get0(i);
+ purpose = X509_PURPOSE_get_id(xptmp);
+ }
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-verify_name") == 0) {
+ if (!argn)
+ *badarg = 1;
+ else {
+ vpm = X509_VERIFY_PARAM_lookup(argn);
+ if (!vpm) {
+ BIO_printf(err, "unrecognized verify name\n");
+ *badarg = 1;
+ }
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-verify_depth") == 0) {
+ if (!argn)
+ *badarg = 1;
+ else {
+ depth = atoi(argn);
+ if (depth < 0) {
+ BIO_printf(err, "invalid depth\n");
+ *badarg = 1;
+ }
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-attime") == 0) {
+ if (!argn)
+ *badarg = 1;
+ else {
+ long timestamp;
+ /*
+ * interpret the -attime argument as seconds since Epoch
+ */
+ if (sscanf(argn, "%li", ×tamp) != 1) {
+ BIO_printf(bio_err, "Error parsing timestamp %s\n", argn);
+ *badarg = 1;
+ }
+ /* on some platforms time_t may be a float */
+ at_time = (time_t)timestamp;
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-verify_hostname") == 0) {
+ if (!argn)
+ *badarg = 1;
+ hostname = argn;
+ (*pargs)++;
+ } else if (strcmp(arg, "-verify_email") == 0) {
+ if (!argn)
+ *badarg = 1;
+ email = argn;
+ (*pargs)++;
+ } else if (strcmp(arg, "-verify_ip") == 0) {
+ if (!argn)
+ *badarg = 1;
+ ipasc = argn;
+ (*pargs)++;
+ } else if (!strcmp(arg, "-ignore_critical"))
+ flags |= X509_V_FLAG_IGNORE_CRITICAL;
+ else if (!strcmp(arg, "-issuer_checks"))
+ flags |= X509_V_FLAG_CB_ISSUER_CHECK;
+ else if (!strcmp(arg, "-crl_check"))
+ flags |= X509_V_FLAG_CRL_CHECK;
+ else if (!strcmp(arg, "-crl_check_all"))
+ flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+ else if (!strcmp(arg, "-policy_check"))
+ flags |= X509_V_FLAG_POLICY_CHECK;
+ else if (!strcmp(arg, "-explicit_policy"))
+ flags |= X509_V_FLAG_EXPLICIT_POLICY;
+ else if (!strcmp(arg, "-inhibit_any"))
+ flags |= X509_V_FLAG_INHIBIT_ANY;
+ else if (!strcmp(arg, "-inhibit_map"))
+ flags |= X509_V_FLAG_INHIBIT_MAP;
+ else if (!strcmp(arg, "-x509_strict"))
+ flags |= X509_V_FLAG_X509_STRICT;
+ else if (!strcmp(arg, "-extended_crl"))
+ flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
+ else if (!strcmp(arg, "-use_deltas"))
+ flags |= X509_V_FLAG_USE_DELTAS;
+ else if (!strcmp(arg, "-policy_print"))
+ flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-trusted_first"))
+ flags |= X509_V_FLAG_TRUSTED_FIRST;
+ else if (!strcmp(arg, "-suiteB_128_only"))
+ flags |= X509_V_FLAG_SUITEB_128_LOS_ONLY;
+ else if (!strcmp(arg, "-suiteB_128"))
+ flags |= X509_V_FLAG_SUITEB_128_LOS;
+ else if (!strcmp(arg, "-suiteB_192"))
+ flags |= X509_V_FLAG_SUITEB_192_LOS;
+ else if (!strcmp(arg, "-partial_chain"))
+ flags |= X509_V_FLAG_PARTIAL_CHAIN;
+ else
+ return 0;
+
+ if (*badarg) {
+ if (*pm)
+ X509_VERIFY_PARAM_free(*pm);
+ *pm = NULL;
+ goto end;
+ }
+
+ if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) {
+ *badarg = 1;
+ goto end;
+ }
+
+ if (vpm)
+ X509_VERIFY_PARAM_set1(*pm, vpm);
+
+ if (otmp)
+ X509_VERIFY_PARAM_add0_policy(*pm, otmp);
+ if (flags)
+ X509_VERIFY_PARAM_set_flags(*pm, flags);
+
+ if (purpose)
+ X509_VERIFY_PARAM_set_purpose(*pm, purpose);
+
+ if (depth >= 0)
+ X509_VERIFY_PARAM_set_depth(*pm, depth);
+
+ if (at_time)
+ X509_VERIFY_PARAM_set_time(*pm, at_time);
+
+ if (hostname && !X509_VERIFY_PARAM_set1_host(*pm, hostname, 0))
+ *badarg = 1;
+
+ if (email && !X509_VERIFY_PARAM_set1_email(*pm, email, 0))
+ *badarg = 1;
+
+ if (ipasc && !X509_VERIFY_PARAM_set1_ip_asc(*pm, ipasc))
+ *badarg = 1;
+
+ end:
+
+ (*pargs)++;
+
+ if (pargc)
+ *pargc -= *pargs - oldargs;
+
+ return 1;
+
+}
+
+/*
+ * Read whole contents of a BIO into an allocated memory buffer and return
+ * it.