" -engine e - use engine e, possibly a hardware device.\n",
#endif
" -certopt arg - various certificate text options\n",
+" -checkhost host - check certificate matches \"host\"\n",
+" -checkemail email - check certificate matches \"email\"\n",
+" -checkip ipaddr - check certificate matches \"ipaddr\"\n",
NULL
};
X509 *x=NULL,*xca=NULL;
ASN1_OBJECT *objtmp;
STACK_OF(OPENSSL_STRING) *sigopts = NULL;
- EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+ EVP_PKEY *Upkey=NULL,*CApkey=NULL, *fkey = NULL;
ASN1_INTEGER *sno = NULL;
int i,num,badops=0;
BIO *out=NULL;
int informat,outformat,keyformat,CAformat,CAkeyformat;
char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
char *CAkeyfile=NULL,*CAserial=NULL;
+ char *fkeyfile=NULL;
char *alias=NULL;
int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
int next_serial=0;
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
+ unsigned char *checkhost = NULL, *checkemail = NULL;
+ char *checkip = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
days=atoi(*(++argv));
if (days == 0)
{
- BIO_printf(STDout,"bad number of days\n");
+ BIO_printf(bio_err,"bad number of days\n");
goto bad;
}
}
if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
goto bad;
}
+ else if (strcmp(*argv,"-force_pubkey") == 0)
+ {
+ if (--argc < 1) goto bad;
+ fkeyfile= *(++argv);
+ }
else if (strcmp(*argv,"-addtrust") == 0)
{
if (--argc < 1) goto bad;
checkoffset=atoi(*(++argv));
checkend=1;
}
+ else if (strcmp(*argv,"-checkhost") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkhost=(unsigned char *)*(++argv);
+ }
+ else if (strcmp(*argv,"-checkemail") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkemail=(unsigned char *)*(++argv);
+ }
+ else if (strcmp(*argv,"-checkip") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkip=*(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-trustout") == 0)
goto end;
}
+ if (fkeyfile)
+ {
+ fkey = load_pubkey(bio_err, fkeyfile, keyformat, 0,
+ NULL, e, "Forced key");
+ if (fkey == NULL) goto end;
+ }
+
if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
{ CAkeyfile=CAfile; }
else if ((CA_flag) && (CAkeyfile == NULL))
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
-
- pkey = X509_REQ_get_pubkey(req);
- X509_set_pubkey(x,pkey);
- EVP_PKEY_free(pkey);
+ if (fkey)
+ X509_set_pubkey(x, fkey);
+ else
+ {
+ pkey = X509_REQ_get_pubkey(req);
+ X509_set_pubkey(x,pkey);
+ EVP_PKEY_free(pkey);
+ }
}
else
x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
}
else if (text == i)
{
- X509_print_ex(out,x,nmflag, certflag);
+ X509_print_ex(STDout,x,nmflag, certflag);
}
else if (startdate == i)
{
else
{
pk=load_key(bio_err,
- keyfile, FORMAT_PEM, 0,
+ keyfile, keyformat, 0,
passin, e, "request key");
if (pk == NULL) goto end;
}
goto end;
}
+ print_cert_checks(STDout, x, checkhost, checkemail, checkip);
+
if (noout)
{
ret=0;
X509_free(xca);
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
+ EVP_PKEY_free(fkey);
if (sigopts)
sk_OPENSSL_STRING_free(sigopts);
X509_REQ_free(rq);