version 1.15, 2022/11/11 17:07:39 |
version 1.16, 2023/03/06 14:32:06 |
|
|
char *untfile; |
char *untfile; |
int verbose; |
int verbose; |
X509_VERIFY_PARAM *vpm; |
X509_VERIFY_PARAM *vpm; |
} verify_config; |
} cfg; |
|
|
static int |
static int |
verify_opt_args(int argc, char **argv, int *argsused) |
verify_opt_args(int argc, char **argv, int *argsused) |
|
|
int oargc = argc; |
int oargc = argc; |
int badarg = 0; |
int badarg = 0; |
|
|
if (!args_verify(&argv, &argc, &badarg, bio_err, &verify_config.vpm)) |
if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm)) |
return (1); |
return (1); |
if (badarg) |
if (badarg) |
return (1); |
return (1); |
|
|
.argname = "file", |
.argname = "file", |
.desc = "Certificate Authority file", |
.desc = "Certificate Authority file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &verify_config.CAfile, |
.opt.arg = &cfg.CAfile, |
}, |
}, |
{ |
{ |
.name = "CApath", |
.name = "CApath", |
.argname = "path", |
.argname = "path", |
.desc = "Certificate Authority path", |
.desc = "Certificate Authority path", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &verify_config.CApath, |
.opt.arg = &cfg.CApath, |
}, |
}, |
{ |
{ |
.name = "CRLfile", |
.name = "CRLfile", |
.argname = "file", |
.argname = "file", |
.desc = "Certificate Revocation List file", |
.desc = "Certificate Revocation List file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &verify_config.crlfile, |
.opt.arg = &cfg.crlfile, |
}, |
}, |
{ |
{ |
.name = "trusted", |
.name = "trusted", |
.argname = "file", |
.argname = "file", |
.desc = "Trusted certificates file", |
.desc = "Trusted certificates file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &verify_config.trustfile, |
.opt.arg = &cfg.trustfile, |
}, |
}, |
{ |
{ |
.name = "untrusted", |
.name = "untrusted", |
.argname = "file", |
.argname = "file", |
.desc = "Untrusted certificates file", |
.desc = "Untrusted certificates file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &verify_config.untfile, |
.opt.arg = &cfg.untfile, |
}, |
}, |
{ |
{ |
.name = "verbose", |
.name = "verbose", |
.desc = "Verbose", |
.desc = "Verbose", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &verify_config.verbose, |
.opt.flag = &cfg.verbose, |
}, |
}, |
{ |
{ |
.name = NULL, |
.name = NULL, |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
memset(&verify_config, 0, sizeof(verify_config)); |
memset(&cfg, 0, sizeof(cfg)); |
|
|
if (options_parse(argc, argv, verify_options, NULL, &argsused) != 0) { |
if (options_parse(argc, argv, verify_options, NULL, &argsused) != 0) { |
verify_usage(); |
verify_usage(); |
|
|
goto end; |
goto end; |
X509_STORE_set_verify_cb(cert_ctx, cb); |
X509_STORE_set_verify_cb(cert_ctx, cb); |
|
|
if (verify_config.vpm) |
if (cfg.vpm) |
X509_STORE_set1_param(cert_ctx, verify_config.vpm); |
X509_STORE_set1_param(cert_ctx, cfg.vpm); |
|
|
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); |
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); |
if (lookup == NULL) |
if (lookup == NULL) |
abort(); /* XXX */ |
abort(); /* XXX */ |
if (verify_config.CAfile) { |
if (cfg.CAfile) { |
if (!X509_LOOKUP_load_file(lookup, verify_config.CAfile, |
if (!X509_LOOKUP_load_file(lookup, cfg.CAfile, |
X509_FILETYPE_PEM)) { |
X509_FILETYPE_PEM)) { |
BIO_printf(bio_err, "Error loading file %s\n", |
BIO_printf(bio_err, "Error loading file %s\n", |
verify_config.CAfile); |
cfg.CAfile); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
|
|
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); |
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); |
if (lookup == NULL) |
if (lookup == NULL) |
abort(); /* XXX */ |
abort(); /* XXX */ |
if (verify_config.CApath) { |
if (cfg.CApath) { |
if (!X509_LOOKUP_add_dir(lookup, verify_config.CApath, |
if (!X509_LOOKUP_add_dir(lookup, cfg.CApath, |
X509_FILETYPE_PEM)) { |
X509_FILETYPE_PEM)) { |
BIO_printf(bio_err, "Error loading directory %s\n", |
BIO_printf(bio_err, "Error loading directory %s\n", |
verify_config.CApath); |
cfg.CApath); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
|
|
|
|
ERR_clear_error(); |
ERR_clear_error(); |
|
|
if (verify_config.untfile) { |
if (cfg.untfile) { |
untrusted = load_certs(bio_err, verify_config.untfile, |
untrusted = load_certs(bio_err, cfg.untfile, |
FORMAT_PEM, NULL, "untrusted certificates"); |
FORMAT_PEM, NULL, "untrusted certificates"); |
if (!untrusted) |
if (!untrusted) |
goto end; |
goto end; |
} |
} |
if (verify_config.trustfile) { |
if (cfg.trustfile) { |
trusted = load_certs(bio_err, verify_config.trustfile, |
trusted = load_certs(bio_err, cfg.trustfile, |
FORMAT_PEM, NULL, "trusted certificates"); |
FORMAT_PEM, NULL, "trusted certificates"); |
if (!trusted) |
if (!trusted) |
goto end; |
goto end; |
} |
} |
if (verify_config.crlfile) { |
if (cfg.crlfile) { |
crls = load_crls(bio_err, verify_config.crlfile, FORMAT_PEM, |
crls = load_crls(bio_err, cfg.crlfile, FORMAT_PEM, |
NULL, "other CRLs"); |
NULL, "other CRLs"); |
if (!crls) |
if (!crls) |
goto end; |
goto end; |
|
|
} |
} |
|
|
end: |
end: |
if (verify_config.vpm) |
if (cfg.vpm) |
X509_VERIFY_PARAM_free(verify_config.vpm); |
X509_VERIFY_PARAM_free(cfg.vpm); |
if (cert_ctx != NULL) |
if (cert_ctx != NULL) |
X509_STORE_free(cert_ctx); |
X509_STORE_free(cert_ctx); |
sk_X509_pop_free(untrusted, X509_free); |
sk_X509_pop_free(untrusted, X509_free); |
|
|
} |
} |
if (cert_error == X509_V_OK && ok == 2) |
if (cert_error == X509_V_OK && ok == 2) |
policies_print(NULL, ctx); |
policies_print(NULL, ctx); |
if (!verify_config.verbose) |
if (!cfg.verbose) |
ERR_clear_error(); |
ERR_clear_error(); |
return (ok); |
return (ok); |
} |
} |