allow setting of verify names in command line utilities and print out verify names...

diff --git a/apps/apps.c b/apps/apps.c
index 5dccea70d2be6d43492578fe5db565da71c05d2b..4688224213feb0b8ac41014c2de8c74b7e7d00e2 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2239,6 +2239,7 @@ int args_verify(char ***pargs, int *pargc,
        int purpose = 0, depth = -1;
        char **oldargs = *pargs;
        char *arg = **pargs, *argn = (*pargs)[1];
        int purpose = 0, depth = -1;
        char **oldargs = *pargs;
        char *arg = **pargs, *argn = (*pargs)[1];

+       const X509_VERIFY_PARAM *vpm = NULL;

        if (!strcmp(arg, "-policy"))
                {
                if (!argn)
        if (!strcmp(arg, "-policy"))
                {
                if (!argn)


@@ -2276,6 +2277,21 @@ int args_verify(char ***pargs, int *pargc,
                        }
                (*pargs)++;
                }
                        }
                (*pargs)++;
                }

+       else if (strcmp(arg,"-verify_name") == 0)
+               {
+               if (!argn)
+                       *badarg = 1;
+               else
+                       {
+                       vpm = X509_VERIFY_PARAM_lookup(argn);
+                       if(!vpm)
+                               {
+                               BIO_printf(err, "unrecognized verify name\n");
+                               *badarg = 1;
+                               }
+                       }
+               (*pargs)++;
+               }

        else if (strcmp(arg,"-verify_depth") == 0)
                {
                if (!argn)
        else if (strcmp(arg,"-verify_depth") == 0)
                {
                if (!argn)


@@ -2334,6 +2350,9 @@ int args_verify(char ***pargs, int *pargc,
                goto end;
                }
 
                goto end;
                }
 

+       if (vpm)
+               X509_VERIFY_PARAM_set1(*pm, vpm);
+

        if (otmp)
                X509_VERIFY_PARAM_add0_policy(*pm, otmp);
        if (flags)
        if (otmp)
                X509_VERIFY_PARAM_add0_policy(*pm, otmp);
        if (flags)

diff --git a/apps/verify.c b/apps/verify.c
index 9163997e93c5e62118ba841f1e40352eedfa172a..4fd6b192e34d6c1a983c0d38d415452e8aa93459 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -234,13 +234,26 @@ end:
                BIO_printf(bio_err," [-engine e]");
 #endif
                BIO_printf(bio_err," cert1 cert2 ...\n");
                BIO_printf(bio_err," [-engine e]");
 #endif
                BIO_printf(bio_err," cert1 cert2 ...\n");

+

                BIO_printf(bio_err,"recognized usages:\n");
                BIO_printf(bio_err,"recognized usages:\n");

-               for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+               for(i = 0; i < X509_PURPOSE_get_count(); i++)
+                       {

                        X509_PURPOSE *ptmp;
                        ptmp = X509_PURPOSE_get0(i);
                        X509_PURPOSE *ptmp;
                        ptmp = X509_PURPOSE_get0(i);

-                       BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
-                                                               X509_PURPOSE_get0_name(ptmp));
-               }
+                       BIO_printf(bio_err, "\t%-10s\t%s\n",
+                                       X509_PURPOSE_get0_sname(ptmp),
+                                       X509_PURPOSE_get0_name(ptmp));
+                       }
+
+               BIO_printf(bio_err,"recognized verify names:\n");
+               for(i = 0; i < X509_VERIFY_PARAM_get_count(); i++)
+                       {
+                       const X509_VERIFY_PARAM *vptmp;
+                       vptmp = X509_VERIFY_PARAM_get0(i);
+                       BIO_printf(bio_err, "\t%-10s\n",
+                                       X509_VERIFY_PARAM_get0_name(vptmp));
+                       }
+

        }
        if (vpm) X509_VERIFY_PARAM_free(vpm);
        if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
        }
        if (vpm) X509_VERIFY_PARAM_free(vpm);
        if (cert_ctx != NULL) X509_STORE_free(cert_ctx);