| version 1.16, 2022/11/11 17:07:38 |
version 1.17, 2023/03/06 14:32:05 |
|
|
| int outformat; |
int outformat; |
| int text; |
int text; |
| int verify; |
int verify; |
| } crl_config; |
} cfg; |
| |
|
| static const struct option crl_options[] = { |
static const struct option crl_options[] = { |
| { |
{ |
|
|
| .argname = "file", |
.argname = "file", |
| .desc = "Verify the CRL using certificates in the given file", |
.desc = "Verify the CRL using certificates in the given file", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &crl_config.cafile, |
.opt.arg = &cfg.cafile, |
| }, |
}, |
| { |
{ |
| .name = "CApath", |
.name = "CApath", |
| .argname = "path", |
.argname = "path", |
| .desc = "Verify the CRL using certificates in the given path", |
.desc = "Verify the CRL using certificates in the given path", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &crl_config.capath, |
.opt.arg = &cfg.capath, |
| }, |
}, |
| { |
{ |
| .name = "crlnumber", |
.name = "crlnumber", |
| .desc = "Print the CRL number", |
.desc = "Print the CRL number", |
| .type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
| .opt.flag = &crl_config.crlnumber, |
.opt.flag = &cfg.crlnumber, |
| }, |
}, |
| { |
{ |
| .name = "fingerprint", |
.name = "fingerprint", |
| .desc = "Print the CRL fingerprint", |
.desc = "Print the CRL fingerprint", |
| .type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
| .opt.flag = &crl_config.fingerprint, |
.opt.flag = &cfg.fingerprint, |
| }, |
}, |
| { |
{ |
| .name = "hash", |
.name = "hash", |
| .desc = "Print the hash of the issuer name", |
.desc = "Print the hash of the issuer name", |
| .type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
| .opt.flag = &crl_config.hash, |
.opt.flag = &cfg.hash, |
| }, |
}, |
| { |
{ |
| .name = "hash_old", |
.name = "hash_old", |
| .desc = "Print an old-style (MD5) hash of the issuer name", |
.desc = "Print an old-style (MD5) hash of the issuer name", |
| .type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
| .opt.flag = &crl_config.hash_old, |
.opt.flag = &cfg.hash_old, |
| }, |
}, |
| { |
{ |
| .name = "in", |
.name = "in", |
| .argname = "file", |
.argname = "file", |
| .desc = "Input file to read from (stdin if unspecified)", |
.desc = "Input file to read from (stdin if unspecified)", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &crl_config.infile, |
.opt.arg = &cfg.infile, |
| }, |
}, |
| { |
{ |
| .name = "inform", |
.name = "inform", |
| .argname = "format", |
.argname = "format", |
| .desc = "Input format (DER or PEM)", |
.desc = "Input format (DER or PEM)", |
| .type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
| .opt.value = &crl_config.informat, |
.opt.value = &cfg.informat, |
| }, |
}, |
| { |
{ |
| .name = "issuer", |
.name = "issuer", |
| .desc = "Print the issuer name", |
.desc = "Print the issuer name", |
| .type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
| .opt.flag = &crl_config.issuer, |
.opt.flag = &cfg.issuer, |
| }, |
}, |
| { |
{ |
| .name = "lastupdate", |
.name = "lastupdate", |
| .desc = "Print the lastUpdate field", |
.desc = "Print the lastUpdate field", |
| .type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
| .opt.flag = &crl_config.lastupdate, |
.opt.flag = &cfg.lastupdate, |
| }, |
}, |
| { |
{ |
| .name = "nameopt", |
.name = "nameopt", |
| .argname = "options", |
.argname = "options", |
| .desc = "Specify certificate name options", |
.desc = "Specify certificate name options", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &crl_config.nameopt, |
.opt.arg = &cfg.nameopt, |
| }, |
}, |
| { |
{ |
| .name = "nextupdate", |
.name = "nextupdate", |
| .desc = "Print the nextUpdate field", |
.desc = "Print the nextUpdate field", |
| .type = OPTION_FLAG_ORD, |
.type = OPTION_FLAG_ORD, |
| .opt.flag = &crl_config.nextupdate, |
.opt.flag = &cfg.nextupdate, |
| }, |
}, |
| { |
{ |
| .name = "noout", |
.name = "noout", |
| .desc = "Do not output the encoded version of the CRL", |
.desc = "Do not output the encoded version of the CRL", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &crl_config.noout, |
.opt.flag = &cfg.noout, |
| }, |
}, |
| { |
{ |
| .name = "out", |
.name = "out", |
| .argname = "file", |
.argname = "file", |
| .desc = "Output file to write to (stdout if unspecified)", |
.desc = "Output file to write to (stdout if unspecified)", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &crl_config.outfile, |
.opt.arg = &cfg.outfile, |
| }, |
}, |
| { |
{ |
| .name = "outform", |
.name = "outform", |
| .argname = "format", |
.argname = "format", |
| .desc = "Output format (DER or PEM)", |
.desc = "Output format (DER or PEM)", |
| .type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
| .opt.value = &crl_config.outformat, |
.opt.value = &cfg.outformat, |
| }, |
}, |
| { |
{ |
| .name = "text", |
.name = "text", |
| .desc = "Print out the CRL in text form", |
.desc = "Print out the CRL in text form", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &crl_config.text, |
.opt.flag = &cfg.text, |
| }, |
}, |
| { |
{ |
| .name = "verify", |
.name = "verify", |
| .desc = "Verify the signature on the CRL", |
.desc = "Verify the signature on the CRL", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &crl_config.verify, |
.opt.flag = &cfg.verify, |
| }, |
}, |
| {NULL}, |
{NULL}, |
| }; |
}; |
|
|
| |
|
| digest = EVP_sha256(); |
digest = EVP_sha256(); |
| |
|
| memset(&crl_config, 0, sizeof(crl_config)); |
memset(&cfg, 0, sizeof(cfg)); |
| crl_config.informat = FORMAT_PEM; |
cfg.informat = FORMAT_PEM; |
| crl_config.outformat = FORMAT_PEM; |
cfg.outformat = FORMAT_PEM; |
| |
|
| if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { |
if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { |
| crl_usage(); |
crl_usage(); |
| goto end; |
goto end; |
| } |
} |
| |
|
| if (crl_config.cafile != NULL || crl_config.capath != NULL) |
if (cfg.cafile != NULL || cfg.capath != NULL) |
| crl_config.verify = 1; |
cfg.verify = 1; |
| |
|
| if (crl_config.nameopt != NULL) { |
if (cfg.nameopt != NULL) { |
| if (set_name_ex(&nmflag, crl_config.nameopt) != 1) { |
if (set_name_ex(&nmflag, cfg.nameopt) != 1) { |
| fprintf(stderr, |
fprintf(stderr, |
| "Invalid -nameopt argument '%s'\n", |
"Invalid -nameopt argument '%s'\n", |
| crl_config.nameopt); |
cfg.nameopt); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
|
|
| } |
} |
| } |
} |
| |
|
| x = load_crl(crl_config.infile, crl_config.informat); |
x = load_crl(cfg.infile, cfg.informat); |
| if (x == NULL) |
if (x == NULL) |
| goto end; |
goto end; |
| |
|
| if (crl_config.verify) { |
if (cfg.verify) { |
| store = X509_STORE_new(); |
store = X509_STORE_new(); |
| if (store == NULL) |
if (store == NULL) |
| goto end; |
goto end; |
| lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); |
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); |
| if (lookup == NULL) |
if (lookup == NULL) |
| goto end; |
goto end; |
| if (!X509_LOOKUP_load_file(lookup, crl_config.cafile, |
if (!X509_LOOKUP_load_file(lookup, cfg.cafile, |
| X509_FILETYPE_PEM)) |
X509_FILETYPE_PEM)) |
| X509_LOOKUP_load_file(lookup, NULL, |
X509_LOOKUP_load_file(lookup, NULL, |
| X509_FILETYPE_DEFAULT); |
X509_FILETYPE_DEFAULT); |
|
|
| lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); |
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); |
| if (lookup == NULL) |
if (lookup == NULL) |
| goto end; |
goto end; |
| if (!X509_LOOKUP_add_dir(lookup, crl_config.capath, |
if (!X509_LOOKUP_add_dir(lookup, cfg.capath, |
| X509_FILETYPE_PEM)) |
X509_FILETYPE_PEM)) |
| X509_LOOKUP_add_dir(lookup, NULL, |
X509_LOOKUP_add_dir(lookup, NULL, |
| X509_FILETYPE_DEFAULT); |
X509_FILETYPE_DEFAULT); |
|
|
| |
|
| /* Print requested information the order that the flags were given. */ |
/* Print requested information the order that the flags were given. */ |
| for (i = 1; i <= argc; i++) { |
for (i = 1; i <= argc; i++) { |
| if (crl_config.issuer == i) { |
if (cfg.issuer == i) { |
| print_name(bio_out, "issuer=", |
print_name(bio_out, "issuer=", |
| X509_CRL_get_issuer(x), nmflag); |
X509_CRL_get_issuer(x), nmflag); |
| } |
} |
| if (crl_config.crlnumber == i) { |
if (cfg.crlnumber == i) { |
| ASN1_INTEGER *crlnum; |
ASN1_INTEGER *crlnum; |
| crlnum = X509_CRL_get_ext_d2i(x, |
crlnum = X509_CRL_get_ext_d2i(x, |
| NID_crl_number, NULL, NULL); |
NID_crl_number, NULL, NULL); |
|
|
| BIO_puts(bio_out, "<NONE>"); |
BIO_puts(bio_out, "<NONE>"); |
| BIO_printf(bio_out, "\n"); |
BIO_printf(bio_out, "\n"); |
| } |
} |
| if (crl_config.hash == i) { |
if (cfg.hash == i) { |
| BIO_printf(bio_out, "%08lx\n", |
BIO_printf(bio_out, "%08lx\n", |
| X509_NAME_hash(X509_CRL_get_issuer(x))); |
X509_NAME_hash(X509_CRL_get_issuer(x))); |
| } |
} |
| #ifndef OPENSSL_NO_MD5 |
#ifndef OPENSSL_NO_MD5 |
| if (crl_config.hash_old == i) { |
if (cfg.hash_old == i) { |
| BIO_printf(bio_out, "%08lx\n", |
BIO_printf(bio_out, "%08lx\n", |
| X509_NAME_hash_old(X509_CRL_get_issuer(x))); |
X509_NAME_hash_old(X509_CRL_get_issuer(x))); |
| } |
} |
| #endif |
#endif |
| if (crl_config.lastupdate == i) { |
if (cfg.lastupdate == i) { |
| BIO_printf(bio_out, "lastUpdate="); |
BIO_printf(bio_out, "lastUpdate="); |
| ASN1_TIME_print(bio_out, |
ASN1_TIME_print(bio_out, |
| X509_CRL_get_lastUpdate(x)); |
X509_CRL_get_lastUpdate(x)); |
| BIO_printf(bio_out, "\n"); |
BIO_printf(bio_out, "\n"); |
| } |
} |
| if (crl_config.nextupdate == i) { |
if (cfg.nextupdate == i) { |
| BIO_printf(bio_out, "nextUpdate="); |
BIO_printf(bio_out, "nextUpdate="); |
| if (X509_CRL_get_nextUpdate(x)) |
if (X509_CRL_get_nextUpdate(x)) |
| ASN1_TIME_print(bio_out, |
ASN1_TIME_print(bio_out, |
|
|
| BIO_printf(bio_out, "NONE"); |
BIO_printf(bio_out, "NONE"); |
| BIO_printf(bio_out, "\n"); |
BIO_printf(bio_out, "\n"); |
| } |
} |
| if (crl_config.fingerprint == i) { |
if (cfg.fingerprint == i) { |
| int j; |
int j; |
| unsigned int n; |
unsigned int n; |
| unsigned char md[EVP_MAX_MD_SIZE]; |
unsigned char md[EVP_MAX_MD_SIZE]; |
|
|
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| if (crl_config.outfile == NULL) { |
if (cfg.outfile == NULL) { |
| BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
| } else { |
} else { |
| if (BIO_write_filename(out, crl_config.outfile) <= 0) { |
if (BIO_write_filename(out, cfg.outfile) <= 0) { |
| perror(crl_config.outfile); |
perror(cfg.outfile); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
| |
|
| if (crl_config.text) |
if (cfg.text) |
| X509_CRL_print(out, x); |
X509_CRL_print(out, x); |
| |
|
| if (crl_config.noout) { |
if (cfg.noout) { |
| ret = 0; |
ret = 0; |
| goto end; |
goto end; |
| } |
} |
| if (crl_config.outformat == FORMAT_ASN1) |
if (cfg.outformat == FORMAT_ASN1) |
| i = (int) i2d_X509_CRL_bio(out, x); |
i = (int) i2d_X509_CRL_bio(out, x); |
| else if (crl_config.outformat == FORMAT_PEM) |
else if (cfg.outformat == FORMAT_PEM) |
| i = PEM_write_bio_X509_CRL(out, x); |
i = PEM_write_bio_X509_CRL(out, x); |
| else { |
else { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
![[BACK]](/icons/back.gif){kind=icon}
Return to crl.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl