OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
- OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD, OPT_NOOUT,
- OPT_NAMEOPT, OPT_MD
+ OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
+ OPT_NOOUT, OPT_NAMEOPT, OPT_MD
} OPTION_CHOICE;
OPTIONS crl_options[] = {
{"gendelta", OPT_GENDELTA, '<'},
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
+ {"no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file"},
+ {"no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory"},
{"verify", OPT_VERIFY, '-'},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
EVP_PKEY *pkey;
const EVP_MD *digest = EVP_sha1();
unsigned long nmflag = 0;
+ char nmflag_set = 0;
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
- int text = 0, do_ver = 0;
+ int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
CAfile = opt_arg();
do_ver = 1;
break;
+ case OPT_NOCAPATH:
+ noCApath = 1;
+ break;
+ case OPT_NOCAFILE:
+ noCAfile = 1;
+ break;
case OPT_HASH_OLD:
#ifndef OPENSSL_NO_MD5
hash_old = ++num;
badsig = 1;
break;
case OPT_NAMEOPT:
+ nmflag_set = 1;
if (!set_name_ex(&nmflag, opt_arg()))
goto opthelp;
break;
argc = opt_num_rest();
argv = opt_rest();
+ if (!nmflag_set)
+ nmflag = XN_FLAG_ONELINE;
+
if (!app_load_modules(NULL))
goto end;
goto end;
if (do_ver) {
- if ((store = setup_verify(CAfile, CApath)) == NULL)
+ if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
}
}
}
- out = bio_open_default(outfile, "w");
+ out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
goto end;
}
- if (badsig)
- x->signature->data[x->signature->length - 1] ^= 0x1;
+ if (badsig) {
+ ASN1_BIT_STRING *sig;
+ unsigned char *psig;
+ X509_CRL_get0_signature(&sig, NULL, x);
+ psig = ASN1_STRING_data(sig);
+ psig[ASN1_STRING_length(sig) - 1] ^= 0x1;
+ }
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);