" -engine e - use engine e, possibly a hardware device.\n",
#endif
" -certopt arg - various certificate text options\n",
+" -checkhost host - check certificate matches \"host\"\n",
+" -checkemail email - check certificate matches \"email\"\n",
+" -checkip ipaddr - check certificate matches \"ipaddr\"\n",
NULL
};
CONF *conf, char *section, ASN1_INTEGER *sno);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int reqfile=0;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+static int force_version=2;
+#endif
int MAIN(int, char **);
STACK_OF(OPENSSL_STRING) *sigopts = NULL;
EVP_PKEY *Upkey=NULL,*CApkey=NULL, *fkey = NULL;
ASN1_INTEGER *sno = NULL;
- int i,num,badops=0;
+ int i,num,badops=0, badsig=0;
BIO *out=NULL;
BIO *STDout=NULL;
STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
+ unsigned char *checkhost = NULL, *checkemail = NULL;
+ char *checkip = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
goto bad;
}
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ else if (strcmp(*argv,"-force_version") == 0)
+ {
+ if (--argc < 1) goto bad;
+ force_version=atoi(*(++argv)) - 1;
+ }
+#endif
else if (strcmp(*argv,"-days") == 0)
{
if (--argc < 1) goto bad;
checkoffset=atoi(*(++argv));
checkend=1;
}
+ else if (strcmp(*argv,"-checkhost") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkhost=(unsigned char *)*(++argv);
+ }
+ else if (strcmp(*argv,"-checkemail") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkemail=(unsigned char *)*(++argv);
+ }
+ else if (strcmp(*argv,"-checkip") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkip=*(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-trustout") == 0)
#endif
else if (strcmp(*argv,"-ocspid") == 0)
ocspid= ++num;
+ else if (strcmp(*argv,"-badsig") == 0)
+ badsig = 1;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
goto end;
}
+ print_cert_checks(STDout, x, checkhost, checkemail, checkip);
+
if (noout)
{
ret=0;
goto end;
}
+ if (badsig)
+ x->signature->data[x->signature->length - 1] ^= 0x1;
+
if (outformat == FORMAT_ASN1)
i=i2d_X509_bio(out,x);
else if (outformat == FORMAT_PEM)
if (conf)
{
X509V3_CTX ctx2;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ X509_set_version(x, force_version);
+#else
X509_set_version(x,2); /* version 3 certificate */
+#endif
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
if (conf)
{
X509V3_CTX ctx;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ X509_set_version(x, force_version);
+#else
X509_set_version(x,2); /* version 3 certificate */
+#endif
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
projects / openssl.git / blobdiff