summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/verify.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/verify.c36
1 files changed, 9 insertions, 27 deletions
diff --git a/src/usr.bin/openssl/verify.c b/src/usr.bin/openssl/verify.c
index ec27275d79..62ca63f01b 100644
--- a/src/usr.bin/openssl/verify.c
+++ b/src/usr.bin/openssl/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.3 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: verify.c,v 1.4 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -70,13 +70,12 @@
70 70
71static int cb(int ok, X509_STORE_CTX * ctx); 71static int cb(int ok, X509_STORE_CTX * ctx);
72static int check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain, 72static int check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain,
73 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls, ENGINE * e); 73 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls);
74static int v_verbose = 0, vflags = 0; 74static int v_verbose = 0, vflags = 0;
75 75
76int 76int
77verify_main(int argc, char **argv) 77verify_main(int argc, char **argv)
78{ 78{
79 ENGINE *e = NULL;
80 int i, ret = 1, badarg = 0; 79 int i, ret = 1, badarg = 0;
81 char *CApath = NULL, *CAfile = NULL; 80 char *CApath = NULL, *CAfile = NULL;
82 char *untfile = NULL, *trustfile = NULL, *crlfile = NULL; 81 char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
@@ -85,9 +84,6 @@ verify_main(int argc, char **argv)
85 X509_STORE *cert_ctx = NULL; 84 X509_STORE *cert_ctx = NULL;
86 X509_LOOKUP *lookup = NULL; 85 X509_LOOKUP *lookup = NULL;
87 X509_VERIFY_PARAM *vpm = NULL; 86 X509_VERIFY_PARAM *vpm = NULL;
88#ifndef OPENSSL_NO_ENGINE
89 char *engine = NULL;
90#endif
91 87
92 cert_ctx = X509_STORE_new(); 88 cert_ctx = X509_STORE_new();
93 if (cert_ctx == NULL) 89 if (cert_ctx == NULL)
@@ -124,13 +120,6 @@ verify_main(int argc, char **argv)
124 goto end; 120 goto end;
125 crlfile = *(++argv); 121 crlfile = *(++argv);
126 } 122 }
127#ifndef OPENSSL_NO_ENGINE
128 else if (strcmp(*argv, "-engine") == 0) {
129 if (--argc < 1)
130 goto end;
131 engine = *(++argv);
132 }
133#endif
134 else if (strcmp(*argv, "-help") == 0) 123 else if (strcmp(*argv, "-help") == 0)
135 goto end; 124 goto end;
136 else if (strcmp(*argv, "-verbose") == 0) 125 else if (strcmp(*argv, "-verbose") == 0)
@@ -145,10 +134,6 @@ verify_main(int argc, char **argv)
145 break; 134 break;
146 } 135 }
147 136
148#ifndef OPENSSL_NO_ENGINE
149 e = setup_engine(bio_err, engine, 0);
150#endif
151
152 if (vpm) 137 if (vpm)
153 X509_STORE_set1_param(cert_ctx, vpm); 138 X509_STORE_set1_param(cert_ctx, vpm);
154 139
@@ -182,30 +167,30 @@ verify_main(int argc, char **argv)
182 167
183 if (untfile) { 168 if (untfile) {
184 untrusted = load_certs(bio_err, untfile, FORMAT_PEM, 169 untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
185 NULL, e, "untrusted certificates"); 170 NULL, "untrusted certificates");
186 if (!untrusted) 171 if (!untrusted)
187 goto end; 172 goto end;
188 } 173 }
189 if (trustfile) { 174 if (trustfile) {
190 trusted = load_certs(bio_err, trustfile, FORMAT_PEM, 175 trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
191 NULL, e, "trusted certificates"); 176 NULL, "trusted certificates");
192 if (!trusted) 177 if (!trusted)
193 goto end; 178 goto end;
194 } 179 }
195 if (crlfile) { 180 if (crlfile) {
196 crls = load_crls(bio_err, crlfile, FORMAT_PEM, 181 crls = load_crls(bio_err, crlfile, FORMAT_PEM,
197 NULL, e, "other CRLs"); 182 NULL, "other CRLs");
198 if (!crls) 183 if (!crls)
199 goto end; 184 goto end;
200 } 185 }
201 ret = 0; 186 ret = 0;
202 if (argc < 1) { 187 if (argc < 1) {
203 if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e)) 188 if (1 != check(cert_ctx, NULL, untrusted, trusted, crls))
204 ret = -1; 189 ret = -1;
205 } else { 190 } else {
206 for (i = 0; i < argc; i++) 191 for (i = 0; i < argc; i++)
207 if (1 != check(cert_ctx, argv[i], untrusted, trusted, 192 if (1 != check(cert_ctx, argv[i], untrusted, trusted,
208 crls, e)) 193 crls))
209 ret = -1; 194 ret = -1;
210 } 195 }
211 196
@@ -213,9 +198,6 @@ end:
213 if (ret == 1) { 198 if (ret == 1) {
214 BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); 199 BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
215 BIO_printf(bio_err, " [-attime timestamp]"); 200 BIO_printf(bio_err, " [-attime timestamp]");
216#ifndef OPENSSL_NO_ENGINE
217 BIO_printf(bio_err, " [-engine e]");
218#endif
219 BIO_printf(bio_err, " cert1 cert2 ...\n"); 201 BIO_printf(bio_err, " cert1 cert2 ...\n");
220 202
221 BIO_printf(bio_err, "recognized usages:\n"); 203 BIO_printf(bio_err, "recognized usages:\n");
@@ -240,13 +222,13 @@ end:
240 222
241static int 223static int
242check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain, 224check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain,
243 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls, ENGINE * e) 225 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls)
244{ 226{
245 X509 *x = NULL; 227 X509 *x = NULL;
246 int i = 0, ret = 0; 228 int i = 0, ret = 0;
247 X509_STORE_CTX *csc; 229 X509_STORE_CTX *csc;
248 230
249 x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file"); 231 x = load_cert(bio_err, file, FORMAT_PEM, NULL, "certificate file");
250 if (x == NULL) 232 if (x == NULL)
251 goto end; 233 goto end;
252 fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file); 234 fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 14:42:14 +0000