static int cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain);
+ STACK_OF(X509_CRL) *crls, int show_chain);
static int v_verbose = 0, vflags = 0;
typedef enum OPTION_choice {
int verify_main(int argc, char **argv)
{
- ENGINE *e = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
char *prog, *CApath = NULL, *CAfile = NULL;
int noCApath = 0, noCAfile = 0;
- char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
OPTION_CHOICE o;
noCAfile = 1;
break;
case OPT_UNTRUSTED:
- untfile = opt_arg();
+ /* Zero or more times */
+ if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL,
+ "untrusted certificates"))
+ goto end;
break;
case OPT_TRUSTED:
- trustfile = opt_arg();
+ /* Zero or more times */
+ noCAfile = 1;
+ noCApath = 1;
+ if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL,
+ "trusted certificates"))
+ goto end;
break;
case OPT_CRLFILE:
- crlfile = opt_arg();
+ /* Zero or more times */
+ if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL,
+ "other CRLs"))
+ goto end;
break;
case OPT_CRL_DOWNLOAD:
crl_download = 1;
break;
+ case OPT_ENGINE:
+ if (setup_engine(opt_arg(), 0) == NULL) {
+ /* Failure message already displayed */
+ goto end;
+ }
+ break;
case OPT_SHOW_CHAIN:
show_chain = 1;
break;
- case OPT_ENGINE:
- e = setup_engine(opt_arg(), 0);
- break;
case OPT_VERBOSE:
v_verbose = 1;
break;
}
argc = opt_num_rest();
argv = opt_rest();
- if (trustfile && (CAfile || CApath)) {
+ if (trusted != NULL && (CAfile || CApath)) {
BIO_printf(bio_err,
"%s: Cannot use -trusted with -CAfile or -CApath\n",
prog);
ERR_clear_error();
- if (untfile) {
- untrusted = load_certs(untfile, FORMAT_PEM,
- NULL, e, "untrusted certificates");
- if (!untrusted)
- goto end;
- }
-
- if (trustfile) {
- trusted = load_certs(trustfile, FORMAT_PEM,
- NULL, e, "trusted certificates");
- if (!trusted)
- goto end;
- }
-
- if (crlfile) {
- crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs");
- if (!crls)
- goto end;
- }
-
if (crl_download)
store_setup_crl_download(store);
ret = 0;
if (argc < 1) {
- if (check(store, NULL, untrusted, trusted, crls, e, show_chain) != 1)
+ if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
ret = -1;
} else {
for (i = 0; i < argc; i++)
- if (check(store, argv[i], untrusted, trusted, crls, e,
+ if (check(store, argv[i], untrusted, trusted, crls,
show_chain) != 1)
ret = -1;
}
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain)
+ STACK_OF(X509_CRL) *crls, int show_chain)
{
X509 *x = NULL;
int i = 0, ret = 0;
STACK_OF(X509) *chain = NULL;
int num_untrusted;
- x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file");
+ x = load_cert(file, FORMAT_PEM, "certificate file");
if (x == NULL)
goto end;