Allow setting of verify depth in verify parameters (as opposed to the depth
authorDr. Stephen Henson <steve@openssl.org>
Mon, 29 Jun 2009 16:09:37 +0000 (16:09 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 29 Jun 2009 16:09:37 +0000 (16:09 +0000)
implemented using the verify callback).

apps/apps.c

index 08ce008..88a479d 100644 (file)
@@ -2192,7 +2192,7 @@ int args_verify(char ***pargs, int *pargc,
        ASN1_OBJECT *otmp = NULL;
        unsigned long flags = 0;
        int i;
-       int purpose = 0;
+       int purpose = 0, depth = -1;
        char **oldargs = *pargs;
        char *arg = **pargs, *argn = (*pargs)[1];
        if (!strcmp(arg, "-policy"))
@@ -2232,6 +2232,21 @@ int args_verify(char ***pargs, int *pargc,
                        }
                (*pargs)++;
                }
+       else if (strcmp(arg,"-verify_depth") == 0)
+               {
+               if (!argn)
+                       *badarg = 1;
+               else
+                       {
+                       depth = atoi(argn);
+                       if(depth < 0)
+                               {
+                               BIO_printf(err, "invalid depth\n");
+                               *badarg = 1;
+                               }
+                       }
+               (*pargs)++;
+               }
        else if (!strcmp(arg, "-ignore_critical"))
                flags |= X509_V_FLAG_IGNORE_CRITICAL;
        else if (!strcmp(arg, "-issuer_checks"))
@@ -2283,6 +2298,9 @@ int args_verify(char ***pargs, int *pargc,
        if (purpose)
                X509_VERIFY_PARAM_set_purpose(*pm, purpose);
 
+       if (depth >= 0)
+               X509_VERIFY_PARAM_set_depth(*pm, depth);
+
        end:
 
        (*pargs)++;