Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 86a2f966 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

Add -show_chain option to print out verified chain.

上级 a4cc3c80
隐藏空白更改
内联 并排
Showing with 24 addition and 5 deletion
apps/verify.c
浏览文件 @ 86a2f966
...@@ -72,7 +72,7 @@ ...@@ -72,7 +72,7 @@
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx); static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file, static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e); STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain);
static int v_verbose=0, vflags = 0; static int v_verbose=0, vflags = 0;
int MAIN(int, char **); int MAIN(int, char **);
...@@ -88,7 +88,7 @@ int MAIN(int argc, char **argv) ...@@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
X509_STORE *cert_ctx=NULL; X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL; X509_LOOKUP *lookup=NULL;
X509_VERIFY_PARAM *vpm = NULL; X509_VERIFY_PARAM *vpm = NULL;
int crl_download = 0; int crl_download = 0, show_chain = 0;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine=NULL;
#endif #endif
...@@ -148,6 +148,8 @@ int MAIN(int argc, char **argv) ...@@ -148,6 +148,8 @@ int MAIN(int argc, char **argv)
} }
else if (strcmp(*argv,"-crl_download") == 0) else if (strcmp(*argv,"-crl_download") == 0)
crl_download = 1; crl_download = 1;
else if (strcmp(*argv,"-show_chain") == 0)
show_chain = 1;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv,"-engine") == 0)
{ {
...@@ -231,13 +233,13 @@ int MAIN(int argc, char **argv) ...@@ -231,13 +233,13 @@ int MAIN(int argc, char **argv)
ret=0; ret=0;
if (argc < 1) if (argc < 1)
{ {
if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e)) if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e, show_chain))
ret=-1; ret=-1;
} }
else else
{ {
for (i=0; i<argc; i++) for (i=0; i<argc; i++)
if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e)) if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e, show_chain))
ret=-1; ret=-1;
} }
...@@ -280,11 +282,12 @@ end: ...@@ -280,11 +282,12 @@ end:
static int check(X509_STORE *ctx, char *file, static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e) STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain)
{ {
X509 *x=NULL; X509 *x=NULL;
int i=0,ret=0; int i=0,ret=0;
X509_STORE_CTX *csc; X509_STORE_CTX *csc;
STACK_OF(X509) *chain = NULL;
x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file"); x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
if (x == NULL) if (x == NULL)
...@@ -307,6 +310,8 @@ static int check(X509_STORE *ctx, char *file, ...@@ -307,6 +310,8 @@ static int check(X509_STORE *ctx, char *file,
if (crls) if (crls)
X509_STORE_CTX_set0_crls(csc, crls); X509_STORE_CTX_set0_crls(csc, crls);
i=X509_verify_cert(csc); i=X509_verify_cert(csc);
if (i > 0 && show_chain)
chain = X509_STORE_CTX_get1_chain(csc);
X509_STORE_CTX_free(csc); X509_STORE_CTX_free(csc);
ret=0; ret=0;
...@@ -318,6 +323,20 @@ end: ...@@ -318,6 +323,20 @@ end:
} }
else else
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (chain)
{
printf("Chain:\n");
for (i = 0; i < sk_X509_num(chain); i++)
{
X509 *cert = sk_X509_value(chain, i);
printf("depth=%d: ", i);
X509_NAME_print_ex_fp(stdout,
X509_get_subject_name(cert),
0, XN_FLAG_ONELINE);
printf("\n");
}
sk_X509_pop_free(chain, X509_free);
}
if (x != NULL) X509_free(x); if (x != NULL) X509_free(x);
return(ret); return(ret);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册