Use "cont" consistently in cms-examples.pl
authorDr. Stephen Henson <steve@openssl.org>
Thu, 1 May 2008 23:30:06 +0000 (23:30 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 1 May 2008 23:30:06 +0000 (23:30 +0000)
Add a -certsout option to output any certificates in a message.

Add test for example 4.11

apps/cms.c
doc/apps/cms.pod
test/cms-examples.pl

index b1ffb38..42bdb69 100644 (file)
@@ -107,6 +107,7 @@ int MAIN(int argc, char **argv)
        char *signerfile = NULL, *recipfile = NULL;
        STACK *sksigners = NULL, *skkeys = NULL;
        char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+       char *certsoutfile = NULL;
        const EVP_CIPHER *cipher = NULL;
        CMS_ContentInfo *cms = NULL, *rcms = NULL;
        X509_STORE *store = NULL;
@@ -397,6 +398,12 @@ int MAIN(int argc, char **argv)
                                goto argerr;
                        recipfile = *++args;
                        }
+               else if (!strcmp (*args, "-certsout"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       certsoutfile = *++args;
+                       }
                else if (!strcmp (*args, "-md"))
                        {
                        if (!args[1])
@@ -602,6 +609,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
                BIO_printf (bio_err, "-binary        don't translate message to text\n");
                BIO_printf (bio_err, "-certfile file other certificates file\n");
+               BIO_printf (bio_err, "-certsout file certificate output file\n");
                BIO_printf (bio_err, "-signer file   signer certificate file\n");
                BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
                BIO_printf (bio_err, "-skeyid        use subject key identifier\n");
@@ -797,6 +805,20 @@ int MAIN(int argc, char **argv)
                                goto end;
                                }
                        }
+               if (certsoutfile)
+                       {
+                       STACK_OF(X509) *allcerts;
+                       allcerts = CMS_get1_certs(cms);
+                       if (!save_certs(certsoutfile, allcerts))
+                               {
+                               BIO_printf(bio_err,
+                                               "Error writing certs to %s\n",
+                                                               certsoutfile);
+                               ret = 5;
+                               goto end;
+                               }
+                       sk_X509_pop_free(allcerts, X509_free);
+                       }
                }
 
        if (rctfile)
index b2505c6..9690194 100644 (file)
@@ -55,6 +55,7 @@ B<openssl> B<cms>
 [B<-binary>]
 [B<-nodetach>]
 [B<-certfile file>]
+[B<-certsout file>]
 [B<-signer file>]
 [B<-recip file>]
 [B<-keyid>]
@@ -312,6 +313,10 @@ allows additional certificates to be specified. When signing these will
 be included with the message. When verifying these will be searched for
 the signers certificates. The certificates should be in PEM format.
 
+=item B<-certsout file>
+
+any certificates contained in to the message are written to B<file>.
+
 =item B<-signer file>
 
 a signing certificate when signing or resigning a message, this option can be
index 62290db..2e95b48 100644 (file)
@@ -78,17 +78,17 @@ elsif (-f "..\\out32\\openssl.exe")
 my @test_list = (
     [ "3.1.bin"  => "dataout" ],
     [ "3.2.bin"  => "encode, dataout" ],
-    [ "4.1.bin"  => "encode, verifyder, content, dss" ],
+    [ "4.1.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.2.bin"  => "encode, verifyder, cont, rsa" ],
     [ "4.3.bin"  => "encode, verifyder, cont_extern, dss" ],
     [ "4.4.bin"  => "encode, verifyder, cont, dss" ],
-    [ "4.5.bin"  => "verifyder, content, rsa" ],
+    [ "4.5.bin"  => "verifyder, cont, rsa" ],
     [ "4.6.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.7.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.8.eml"  => "verifymime, dss" ],
     [ "4.9.eml"  => "verifymime, dss" ],
     [ "4.10.bin" => "encode, verifyder, cont, dss" ],
-    [ "4.11.bin" => "encode" ],
+    [ "4.11.bin" => "encode, certsout" ],
     [ "5.1.bin"  => "encode, envelopeder, cont" ],
     [ "5.2.bin"  => "encode, envelopeder, cont" ],
     [ "5.3.eml"  => "envelopemime, cont" ],
@@ -151,6 +151,9 @@ foreach (@test_list) {
     if ( $tlist =~ /encode/ ) {
         run_reencode_test( $exdir, $file );
     }
+    if ( $tlist =~ /certsout/ ) {
+        run_certsout_test( $exdir, $file );
+    }
     if ( $tlist =~ /dataout/ ) {
         run_dataout_test( $exdir, $file );
     }
@@ -216,6 +219,23 @@ sub run_reencode_test {
     }
 }
 
+sub run_certsout_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.der";
+    unlink "tmp.pem";
+
+    system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
+          . " -in $cmsdir/$tfile -out tmp.der" );
+
+    if ($?) {
+        print "\tCertificate output command FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tCertificate output passed\n" if $verbose;
+    }
+}
+
 sub run_dataout_test {
     my ( $cmsdir, $tfile ) = @_;
     unlink "tmp.txt";