#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/err.h>
-#include <openssl/engine.h>
#undef PROG
#define PROG smime_main
STACK_OF(X509) *encerts = NULL, *other = NULL;
BIO *in = NULL, *out = NULL, *indata = NULL;
int badarg = 0;
- int flags = PKCS7_DETACHED;
+ int flags = PKCS7_DETACHED, store_flags = 0;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL;
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
+ else if (!strcmp (*args, "-crl_check"))
+ store_flags |= X509_V_FLAG_CRL_CHECK;
+ else if (!strcmp (*args, "-crl_check_all"))
+ store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (!strcmp(*args,"-rand")) {
if (args[1]) {
args++;
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
goto end;
}
- if (engine != NULL)
- {
- if((e = ENGINE_by_id(engine)) == NULL)
- {
- BIO_printf(bio_err,"invalid engine \"%s\"\n",
- engine);
- goto end;
- }
- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
- {
- BIO_printf(bio_err,"can't use that engine\n");
- goto end;
- }
- BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
- /* Free our "structural" reference. */
- ENGINE_free(e);
- }
+ e = setup_engine(bio_err, engine, 0);
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
}
encerts = sk_X509_new_null();
while (*args) {
- if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
+ if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+ NULL, e, "recipient certificate file"))) {
+#if 0 /* An appropriate message is already printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+#endif
goto end;
}
sk_X509_push(encerts, cert);
}
if(signerfile && (operation == SMIME_SIGN)) {
- if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
+ if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
+ e, "signer certificate"))) {
+#if 0 /* An appropri message has already been printed */
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+#endif
goto end;
}
}
if(certfile) {
- if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
+ if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+ e, "certificate file"))) {
+#if 0 /* An appropriate message has already been printed */
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+#endif
ERR_print_errors(bio_err);
goto end;
}
}
if(recipfile && (operation == SMIME_DECRYPT)) {
- if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
+ if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+ e, "recipient certificate file"))) {
+#if 0 /* An appropriate message has alrady been printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+#endif
ERR_print_errors(bio_err);
goto end;
}
} else keyfile = NULL;
if(keyfile) {
- if (keyform == FORMAT_ENGINE) {
- if (!e) {
- BIO_printf(bio_err,"no engine specified\n");
- goto end;
- }
- key = ENGINE_load_private_key(e, keyfile, passin);
- } else {
- if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
- BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
- ERR_print_errors(bio_err);
- goto end;
- }
+ key = load_key(bio_err, keyfile, keyform, passin, e,
+ "signing key file");
+ if (!key) {
+ goto end;
}
}
if(operation == SMIME_VERIFY) {
if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
+ X509_STORE_set_flags(store, store_flags);
}
+
ret = 3;
if(operation == SMIME_ENCRYPT) {
projects / openssl.git / blobdiff