Fix openssl passwd -1

[openssl.git] / apps / verify.c
diff --git a/apps/verify.c b/apps/verify.c

index f50eaaecb3ea0db753b8d1a5498cd53d38533a0d..f384de6d296311bf718b83e72d1573c54d45192c 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -65,6 +65,7 @@
  #include <openssl/x509.h>
  #include <openssl/x509v3.h>
  #include <openssl/pem.h>
+#include <openssl/engine.h>
  
  #undef PROG
  #define PROG   verify_main
@@ -72,12 +73,13 @@
  static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
  static STACK_OF(X509) *load_untrusted(char *file);
-static int v_verbose=0;
+static int v_verbose=0, issuer_checks = 0;
  
  int MAIN(int, char **);
  
  int MAIN(int argc, char **argv)
         {
+       ENGINE *e = NULL;
         int i,ret=1;
         int purpose = -1;
         char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +87,7 @@ int MAIN(int argc, char **argv)
         STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
         X509_STORE *cert_ctx=NULL;
         X509_LOOKUP *lookup=NULL;
+       char *engine=NULL;
  
         cert_ctx=X509_STORE_new();
         if (cert_ctx == NULL) goto end;
@@ -137,8 +140,15 @@ int MAIN(int argc, char **argv)
                                 if (argc-- < 1) goto end;
                                 trustfile= *(++argv);
                                 }
+                       else if (strcmp(*argv,"-engine") == 0)
+                               {
+                               if (--argc < 1) goto end;
+                               engine= *(++argv);
+                               }
                         else if (strcmp(*argv,"-help") == 0)
                                 goto end;
+                       else if (strcmp(*argv,"-issuer_checks") == 0)
+                               issuer_checks=1;
                         else if (strcmp(*argv,"-verbose") == 0)
                                 v_verbose=1;
                         else if (argv[0][0] == '-')
@@ -152,6 +162,24 @@ int MAIN(int argc, char **argv)
                         break;
                 }
  
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
         lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
         if (lookup == NULL) abort();
         if (CAfile) {
@@ -199,7 +227,7 @@ int MAIN(int argc, char **argv)
         ret=0;
  end:
         if (ret == 1) {
-               BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
+               BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
                 BIO_printf(bio_err,"recognized usages:\n");
                 for(i = 0; i < X509_PURPOSE_get_count(); i++) {
                         X509_PURPOSE *ptmp;
@@ -258,6 +286,8 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
         X509_STORE_CTX_init(csc,ctx,x,uchain);
         if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
         if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
+       if(issuer_checks)
+               X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
         i=X509_verify_cert(csc);
         X509_STORE_CTX_free(csc);