version 1.16, 2022/11/11 17:07:38 |
version 1.17, 2023/03/06 14:32:05 |
|
|
int outformat; |
int outformat; |
int text; |
int text; |
int verify; |
int verify; |
} crl_config; |
} cfg; |
|
|
static const struct option crl_options[] = { |
static const struct option crl_options[] = { |
{ |
{ |
|
|
.argname = "file", |
.argname = "file", |
.desc = "Verify the CRL using certificates in the given file", |
.desc = "Verify the CRL using certificates in the given file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &crl_config.cafile, |
.opt.arg = &cfg.cafile, |
}, |
}, |
{ |
{ |
.name = "CApath", |
.name = "CApath", |
.argname = "path", |
.argname = "path", |
.desc = "Verify the CRL using certificates in the given path", |
.desc = "Verify the CRL using certificates in the given path", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &crl_config.capath, |
.opt.arg = &cfg.capath, |
}, |
}, |
{ |
{ |
.name = "crlnumber", |
.name = "crlnumber", |
.desc = "Print the CRL number", |
.desc = "Print the CRL number", |
.type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
.opt.flag = &crl_config.crlnumber, |
.opt.flag = &cfg.crlnumber, |
}, |
}, |
{ |
{ |
.name = "fingerprint", |
.name = "fingerprint", |
.desc = "Print the CRL fingerprint", |
.desc = "Print the CRL fingerprint", |
.type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
.opt.flag = &crl_config.fingerprint, |
.opt.flag = &cfg.fingerprint, |
}, |
}, |
{ |
{ |
.name = "hash", |
.name = "hash", |
.desc = "Print the hash of the issuer name", |
.desc = "Print the hash of the issuer name", |
.type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
.opt.flag = &crl_config.hash, |
.opt.flag = &cfg.hash, |
}, |
}, |
{ |
{ |
.name = "hash_old", |
.name = "hash_old", |
.desc = "Print an old-style (MD5) hash of the issuer name", |
.desc = "Print an old-style (MD5) hash of the issuer name", |
.type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
.opt.flag = &crl_config.hash_old, |
.opt.flag = &cfg.hash_old, |
}, |
}, |
{ |
{ |
.name = "in", |
.name = "in", |
.argname = "file", |
.argname = "file", |
.desc = "Input file to read from (stdin if unspecified)", |
.desc = "Input file to read from (stdin if unspecified)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &crl_config.infile, |
.opt.arg = &cfg.infile, |
}, |
}, |
{ |
{ |
.name = "inform", |
.name = "inform", |
.argname = "format", |
.argname = "format", |
.desc = "Input format (DER or PEM)", |
.desc = "Input format (DER or PEM)", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &crl_config.informat, |
.opt.value = &cfg.informat, |
}, |
}, |
{ |
{ |
.name = "issuer", |
.name = "issuer", |
.desc = "Print the issuer name", |
.desc = "Print the issuer name", |
.type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
.opt.flag = &crl_config.issuer, |
.opt.flag = &cfg.issuer, |
}, |
}, |
{ |
{ |
.name = "lastupdate", |
.name = "lastupdate", |
.desc = "Print the lastUpdate field", |
.desc = "Print the lastUpdate field", |
.type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
.opt.flag = &crl_config.lastupdate, |
.opt.flag = &cfg.lastupdate, |
}, |
}, |
{ |
{ |
.name = "nameopt", |
.name = "nameopt", |
.argname = "options", |
.argname = "options", |
.desc = "Specify certificate name options", |
.desc = "Specify certificate name options", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &crl_config.nameopt, |
.opt.arg = &cfg.nameopt, |
}, |
}, |
{ |
{ |
.name = "nextupdate", |
.name = "nextupdate", |
.desc = "Print the nextUpdate field", |
.desc = "Print the nextUpdate field", |
.type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
.opt.flag = &crl_config.nextupdate, |
.opt.flag = &cfg.nextupdate, |
}, |
}, |
{ |
{ |
.name = "noout", |
.name = "noout", |
.desc = "Do not output the encoded version of the CRL", |
.desc = "Do not output the encoded version of the CRL", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &crl_config.noout, |
.opt.flag = &cfg.noout, |
}, |
}, |
{ |
{ |
.name = "out", |
.name = "out", |
.argname = "file", |
.argname = "file", |
.desc = "Output file to write to (stdout if unspecified)", |
.desc = "Output file to write to (stdout if unspecified)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &crl_config.outfile, |
.opt.arg = &cfg.outfile, |
}, |
}, |
{ |
{ |
.name = "outform", |
.name = "outform", |
.argname = "format", |
.argname = "format", |
.desc = "Output format (DER or PEM)", |
.desc = "Output format (DER or PEM)", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &crl_config.outformat, |
.opt.value = &cfg.outformat, |
}, |
}, |
{ |
{ |
.name = "text", |
.name = "text", |
.desc = "Print out the CRL in text form", |
.desc = "Print out the CRL in text form", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &crl_config.text, |
.opt.flag = &cfg.text, |
}, |
}, |
{ |
{ |
.name = "verify", |
.name = "verify", |
.desc = "Verify the signature on the CRL", |
.desc = "Verify the signature on the CRL", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &crl_config.verify, |
.opt.flag = &cfg.verify, |
}, |
}, |
{NULL}, |
{NULL}, |
}; |
}; |
|
|
|
|
digest = EVP_sha256(); |
digest = EVP_sha256(); |
|
|
memset(&crl_config, 0, sizeof(crl_config)); |
memset(&cfg, 0, sizeof(cfg)); |
crl_config.informat = FORMAT_PEM; |
cfg.informat = FORMAT_PEM; |
crl_config.outformat = FORMAT_PEM; |
cfg.outformat = FORMAT_PEM; |
|
|
if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { |
if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { |
crl_usage(); |
crl_usage(); |
goto end; |
goto end; |
} |
} |
|
|
if (crl_config.cafile != NULL || crl_config.capath != NULL) |
if (cfg.cafile != NULL || cfg.capath != NULL) |
crl_config.verify = 1; |
cfg.verify = 1; |
|
|
if (crl_config.nameopt != NULL) { |
if (cfg.nameopt != NULL) { |
if (set_name_ex(&nmflag, crl_config.nameopt) != 1) { |
if (set_name_ex(&nmflag, cfg.nameopt) != 1) { |
fprintf(stderr, |
fprintf(stderr, |
"Invalid -nameopt argument '%s'\n", |
"Invalid -nameopt argument '%s'\n", |
crl_config.nameopt); |
cfg.nameopt); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
} |
} |
} |
} |
|
|
x = load_crl(crl_config.infile, crl_config.informat); |
x = load_crl(cfg.infile, cfg.informat); |
if (x == NULL) |
if (x == NULL) |
goto end; |
goto end; |
|
|
if (crl_config.verify) { |
if (cfg.verify) { |
store = X509_STORE_new(); |
store = X509_STORE_new(); |
if (store == NULL) |
if (store == NULL) |
goto end; |
goto end; |
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); |
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); |
if (lookup == NULL) |
if (lookup == NULL) |
goto end; |
goto end; |
if (!X509_LOOKUP_load_file(lookup, crl_config.cafile, |
if (!X509_LOOKUP_load_file(lookup, cfg.cafile, |
X509_FILETYPE_PEM)) |
X509_FILETYPE_PEM)) |
X509_LOOKUP_load_file(lookup, NULL, |
X509_LOOKUP_load_file(lookup, NULL, |
X509_FILETYPE_DEFAULT); |
X509_FILETYPE_DEFAULT); |
|
|
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); |
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); |
if (lookup == NULL) |
if (lookup == NULL) |
goto end; |
goto end; |
if (!X509_LOOKUP_add_dir(lookup, crl_config.capath, |
if (!X509_LOOKUP_add_dir(lookup, cfg.capath, |
X509_FILETYPE_PEM)) |
X509_FILETYPE_PEM)) |
X509_LOOKUP_add_dir(lookup, NULL, |
X509_LOOKUP_add_dir(lookup, NULL, |
X509_FILETYPE_DEFAULT); |
X509_FILETYPE_DEFAULT); |
|
|
|
|
/* Print requested information the order that the flags were given. */ |
/* Print requested information the order that the flags were given. */ |
for (i = 1; i <= argc; i++) { |
for (i = 1; i <= argc; i++) { |
if (crl_config.issuer == i) { |
if (cfg.issuer == i) { |
print_name(bio_out, "issuer=", |
print_name(bio_out, "issuer=", |
X509_CRL_get_issuer(x), nmflag); |
X509_CRL_get_issuer(x), nmflag); |
} |
} |
if (crl_config.crlnumber == i) { |
if (cfg.crlnumber == i) { |
ASN1_INTEGER *crlnum; |
ASN1_INTEGER *crlnum; |
crlnum = X509_CRL_get_ext_d2i(x, |
crlnum = X509_CRL_get_ext_d2i(x, |
NID_crl_number, NULL, NULL); |
NID_crl_number, NULL, NULL); |
|
|
BIO_puts(bio_out, "<NONE>"); |
BIO_puts(bio_out, "<NONE>"); |
BIO_printf(bio_out, "\n"); |
BIO_printf(bio_out, "\n"); |
} |
} |
if (crl_config.hash == i) { |
if (cfg.hash == i) { |
BIO_printf(bio_out, "%08lx\n", |
BIO_printf(bio_out, "%08lx\n", |
X509_NAME_hash(X509_CRL_get_issuer(x))); |
X509_NAME_hash(X509_CRL_get_issuer(x))); |
} |
} |
#ifndef OPENSSL_NO_MD5 |
#ifndef OPENSSL_NO_MD5 |
if (crl_config.hash_old == i) { |
if (cfg.hash_old == i) { |
BIO_printf(bio_out, "%08lx\n", |
BIO_printf(bio_out, "%08lx\n", |
X509_NAME_hash_old(X509_CRL_get_issuer(x))); |
X509_NAME_hash_old(X509_CRL_get_issuer(x))); |
} |
} |
#endif |
#endif |
if (crl_config.lastupdate == i) { |
if (cfg.lastupdate == i) { |
BIO_printf(bio_out, "lastUpdate="); |
BIO_printf(bio_out, "lastUpdate="); |
ASN1_TIME_print(bio_out, |
ASN1_TIME_print(bio_out, |
X509_CRL_get_lastUpdate(x)); |
X509_CRL_get_lastUpdate(x)); |
BIO_printf(bio_out, "\n"); |
BIO_printf(bio_out, "\n"); |
} |
} |
if (crl_config.nextupdate == i) { |
if (cfg.nextupdate == i) { |
BIO_printf(bio_out, "nextUpdate="); |
BIO_printf(bio_out, "nextUpdate="); |
if (X509_CRL_get_nextUpdate(x)) |
if (X509_CRL_get_nextUpdate(x)) |
ASN1_TIME_print(bio_out, |
ASN1_TIME_print(bio_out, |
|
|
BIO_printf(bio_out, "NONE"); |
BIO_printf(bio_out, "NONE"); |
BIO_printf(bio_out, "\n"); |
BIO_printf(bio_out, "\n"); |
} |
} |
if (crl_config.fingerprint == i) { |
if (cfg.fingerprint == i) { |
int j; |
int j; |
unsigned int n; |
unsigned int n; |
unsigned char md[EVP_MAX_MD_SIZE]; |
unsigned char md[EVP_MAX_MD_SIZE]; |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (crl_config.outfile == NULL) { |
if (cfg.outfile == NULL) { |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
} else { |
} else { |
if (BIO_write_filename(out, crl_config.outfile) <= 0) { |
if (BIO_write_filename(out, cfg.outfile) <= 0) { |
perror(crl_config.outfile); |
perror(cfg.outfile); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
if (crl_config.text) |
if (cfg.text) |
X509_CRL_print(out, x); |
X509_CRL_print(out, x); |
|
|
if (crl_config.noout) { |
if (cfg.noout) { |
ret = 0; |
ret = 0; |
goto end; |
goto end; |
} |
} |
if (crl_config.outformat == FORMAT_ASN1) |
if (cfg.outformat == FORMAT_ASN1) |
i = (int) i2d_X509_CRL_bio(out, x); |
i = (int) i2d_X509_CRL_bio(out, x); |
else if (crl_config.outformat == FORMAT_PEM) |
else if (cfg.outformat == FORMAT_PEM) |
i = PEM_write_bio_X509_CRL(out, x); |
i = PEM_write_bio_X509_CRL(out, x); |
else { |
else { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |