OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_V_ENUM,
- OPT_CAPATH, OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTFORM, OPT_CONTENT
+ OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
+ OPT_OUTFORM, OPT_CONTENT
} OPTION_CHOICE;
OPTIONS smime_options[] = {
{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+ {"no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file"},
+ {"no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory"},
{"resign", OPT_RESIGN, '-'},
{"nochain", OPT_NOCHAIN, '-'},
{"nosmimecap", OPT_NOSMIMECAP, '-'},
X509_VERIFY_PARAM *vpm = NULL;
const EVP_CIPHER *cipher = NULL;
const EVP_MD *sign_md = NULL;
- char *CAfile = NULL, *CApath = NULL, *inrand = NULL, *engine = NULL;
+ char *CAfile = NULL, *CApath = NULL, *inrand = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *prog;
char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile =
NULL;
char *passinarg = NULL, *passin = NULL, *to = NULL, *from =
NULL, *subject = NULL;
- const char *inmode = "r", *outmode = "w";
OPTION_CHOICE o;
+ int noCApath = 0, noCAfile = 0;
int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef =
0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
FORMAT_PEM;
int vpmtouched = 0, rv = 0;
-#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
-#endif
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
need_rand = 1;
break;
case OPT_ENGINE:
- engine = opt_arg();
+ e = setup_engine(opt_arg(), 0);
break;
case OPT_PASSIN:
passinarg = opt_arg();
case OPT_CAPATH:
CApath = opt_arg();
break;
+ case OPT_NOCAFILE:
+ noCAfile = 1;
+ break;
+ case OPT_NOCAPATH:
+ noCApath = 1;
+ break;
case OPT_CONTENT:
contfile = opt_arg();
break;
} else if (!operation)
goto opthelp;
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(engine, 0);
-#endif
-
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
if (!(operation & SMIME_SIGNERS))
flags &= ~PKCS7_DETACHED;
- if (operation & SMIME_OP) {
- if (outformat == FORMAT_ASN1)
- outmode = "wb";
- } else {
+ if (!(operation & SMIME_OP)) {
if (flags & PKCS7_BINARY)
- outmode = "wb";
+ outformat = FORMAT_BINARY;
}
- if (operation & SMIME_IP) {
- if (informat == FORMAT_ASN1)
- inmode = "rb";
- } else {
+ if (!(operation & SMIME_IP)) {
if (flags & PKCS7_BINARY)
- inmode = "rb";
+ informat = FORMAT_BINARY;
}
if (operation == SMIME_ENCRYPT) {
}
if (certfile) {
- if (!(other = load_certs(certfile, FORMAT_PEM, NULL,
- e, "certificate file"))) {
+ if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+ "certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
}
if (recipfile && (operation == SMIME_DECRYPT)) {
- if (!(recip = load_cert(recipfile, FORMAT_PEM, NULL,
- e, "recipient certificate file"))) {
+ if ((recip = load_cert(recipfile, FORMAT_PEM, NULL,
+ e, "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
goto end;
}
- in = bio_open_default(infile, inmode);
+ in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
}
if (contfile) {
BIO_free(indata);
- if (!(indata = BIO_new_file(contfile, "rb"))) {
+ if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end;
}
}
}
- out = bio_open_default(outfile, outmode);
+ out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (operation == SMIME_VERIFY) {
- if (!(store = setup_verify(CAfile, CApath)))
+ if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
goto end;
X509_STORE_set_verify_cb(store, smime_cb);
if (vpmtouched)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
- if (sksigners)
- sk_OPENSSL_STRING_free(sksigners);
- if (skkeys)
- sk_OPENSSL_STRING_free(skkeys);
+ X509_VERIFY_PARAM_free(vpm);
+ sk_OPENSSL_STRING_free(sksigners);
+ sk_OPENSSL_STRING_free(skkeys);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
BIO_free(in);
BIO_free(indata);
BIO_free_all(out);
- if (passin)
- OPENSSL_free(passin);
+ OPENSSL_free(passin);
return (ret);
}
&& ((error != X509_V_OK) || (ok != 2)))
return ok;
- policies_print(bio_err, ctx);
+ policies_print(ctx);
return ok;
projects / openssl.git / blobdiff