int MAIN(int argc, char **argv) { ENGINE *e = NULL; int i,ret=1, badarg = 0; int purpose = -1; char *CApath=NULL,*CAfile=NULL; char *untfile = NULL, *trustfile = NULL; STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; X509_VERIFY_PARAM *vpm = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; X509_STORE_set_verify_cb_func(cert_ctx,cb); ERR_load_crypto_strings(); apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; argc--; argv++; for (;;) { if (argc >= 1) { if (strcmp(*argv,"-CApath") == 0) { if (argc-- < 1) goto end; CApath= *(++argv); } else if (strcmp(*argv,"-CAfile") == 0) { if (argc-- < 1) goto end; CAfile= *(++argv); } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { if (badarg) goto end; continue; } else if (strcmp(*argv,"-untrusted") == 0) { if (argc-- < 1) goto end; untfile= *(++argv); } else if (strcmp(*argv,"-trusted") == 0) { if (argc-- < 1) goto end; trustfile= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto end; engine= *(++argv); } #endif else if (strcmp(*argv,"-help") == 0) goto end; else if (strcmp(*argv,"-verbose") == 0) v_verbose=1; else if (argv[0][0] == '-') goto end; else break; argc--; argv++; } else break; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if (vpm) X509_STORE_set1_param(cert_ctx, vpm); lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); if (CAfile) { i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM); if(!i) { BIO_printf(bio_err, "Error loading file %s\n", CAfile); ERR_print_errors(bio_err); goto end; } } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir()); if (lookup == NULL) abort(); if (CApath) { i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM); if(!i) { BIO_printf(bio_err, "Error loading directory %s\n", CApath); ERR_print_errors(bio_err); goto end; } } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); ERR_clear_error(); if(untfile) { if(!(untrusted = load_untrusted(untfile))) { BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile); ERR_print_errors(bio_err); goto end; } } if(trustfile) { if(!(trusted = load_untrusted(trustfile))) { BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile); ERR_print_errors(bio_err); goto end; } } if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e); else for (i=0; i<argc; i++) check(cert_ctx,argv[i], untrusted, trusted, purpose, e); ret=0; end: if (ret == 1) { BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," [-engine e]"); #endif BIO_printf(bio_err," cert1 cert2 ...\n"); BIO_printf(bio_err,"recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; ptmp = X509_PURPOSE_get0(i); BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp), X509_PURPOSE_get0_name(ptmp)); } } if (vpm) X509_VERIFY_PARAM_free(vpm); if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); apps_shutdown(); OPENSSL_EXIT(ret); }
int checkCert(X509 *cert, char *CAfile, char *CApath) { X509_STORE *cert_ctx = NULL; int i; #if 0 /* FUTURE EXPANSION OF CAPABILITIES 1 */ int purpose = -1; char *untfile = NULL; char *trustfile = NULL; STACK_OF(X509) *untrusted = NULL; STACK_OF(X509) *trusted = NULL; #endif X509_LOOKUP *lookup = NULL; cert_ctx = X509_STORE_new(); if (cert_ctx == NULL) goto end; lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); if (lookup == NULL) return 123456; if (CAfile) { i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM); if (!i) { fprintf(stderr, "Error loading file %s\n", CAfile); goto end; } } else { X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); } lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); if (lookup == NULL) return 123456; if (CApath) { i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM); if (!i) { fprintf(stderr, "Error loading directory %s\n", CApath); goto end; } } else X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); #if 0 /* FUTURE EXPANSION OF CAPABILITIES 1 */ if (untfile) { if (!(untrusted = load_untrusted(untfile))) { fprintf(stderr, "Error loading untrusted file %s\n", untfile); goto end; } } if (trustfile) { if (!(trusted = load_untrusted(trustfile))) { fprintf(stderr, "Error loading untrusted file %s\n", trustfile); goto end; } } check(cert_ctx, cert, untrusted, trusted, purpose); #endif end: if (cert_ctx != NULL) X509_STORE_free(cert_ctx); #if 0 /* FUTURE EXPANSION OF CAPABILITIES 1 */ sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); #endif return 0; }