*
*/
-#ifndef _POSIX_C_SOURCE
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
the declaration of fileno(). The value
2 is to make sure no function defined
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509) *certs;
- load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
+ if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
+ return NULL;
return certs;
}
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509_CRL) *crls;
- load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
+ if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
+ return NULL;
return crls;
}
X509_NAME *n = NULL;
int nid;
- if (!buf || !ne_types || !ne_values)
+ if (!buf || !ne_types || !ne_values || !mval)
{
BIO_printf(bio_err, "malloc error\n");
goto error;
OPENSSL_free(ne_values);
OPENSSL_free(ne_types);
OPENSSL_free(buf);
+ OPENSSL_free(mval);
return n;
error:
OPENSSL_free(ne_values);
if (ne_types)
OPENSSL_free(ne_types);
+ if (mval)
+ OPENSSL_free(mval);
if (buf)
OPENSSL_free(buf);
return NULL;
char **oldargs = *pargs;
char *arg = **pargs, *argn = (*pargs)[1];
time_t at_time = 0;
+ const unsigned char *hostname = NULL, *email = NULL;
+ char *ipasc = NULL;
if (!strcmp(arg, "-policy"))
{
if (!argn)
}
(*pargs)++;
}
+ else if (strcmp(arg,"-verify_hostname") == 0)
+ {
+ if (!argn)
+ *badarg = 1;
+ hostname = (unsigned char *)argn;
+ (*pargs)++;
+ }
+ else if (strcmp(arg,"-verify_email") == 0)
+ {
+ if (!argn)
+ *badarg = 1;
+ email = (unsigned char *)argn;
+ (*pargs)++;
+ }
+ else if (strcmp(arg,"-verify_ip") == 0)
+ {
+ if (!argn)
+ *badarg = 1;
+ ipasc = argn;
+ (*pargs)++;
+ }
else if (!strcmp(arg, "-ignore_critical"))
flags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (!strcmp(arg, "-issuer_checks"))
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-trusted_first"))
+ flags |= X509_V_FLAG_TRUSTED_FIRST;
+ else if (!strcmp(arg, "-partial_chain"))
+ flags |= X509_V_FLAG_PARTIAL_CHAIN;
else
return 0;
if (at_time)
X509_VERIFY_PARAM_set_time(*pm, at_time);
+ if (hostname && !X509_VERIFY_PARAM_set1_host(*pm, hostname, 0))
+ *badarg = 1;
+
+ if (email && !X509_VERIFY_PARAM_set1_email(*pm, email, 0))
+ *badarg = 1;
+
+ if (ipasc && !X509_VERIFY_PARAM_set1_ip_asc(*pm, ipasc))
+ *badarg = 1;
+
end:
(*pargs)++;
}
#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+void print_cert_checks(BIO *bio, X509 *x,
+ const unsigned char *checkhost,
+ const unsigned char *checkemail,
+ const char *checkip)
+ {
+ if (x == NULL)
+ return;
+ if (checkhost)
+ {
+ BIO_printf(bio, "Hostname %s does%s match certificate\n",
+ checkhost, X509_check_host(x, checkhost, 0, 0)
+ ? "" : " NOT");
+ }
+
+ if (checkemail)
+ {
+ BIO_printf(bio, "Email %s does%s match certificate\n",
+ checkemail, X509_check_email(x, checkemail, 0,
+ 0) ? "" : " NOT");
+ }
+
+ if (checkip)
+ {
+ BIO_printf(bio, "IP %s does%s match certificate\n",
+ checkip, X509_check_ip_asc(x, checkip,
+ 0) ? "" : " NOT");
+ }
+ }
+
/*
* Platform-specific sections
*/