smime.c 17.3 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
/* smime.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

/* S/MIME utility function */

#include <stdio.h>
#include <string.h>
63
#include "apps.h"
64
#include <openssl/crypto.h>
65 66
#include <openssl/pem.h>
#include <openssl/err.h>
67
#include <openssl/engine.h>
68 69 70 71

#undef PROG
#define PROG smime_main
static X509_STORE *setup_verify(char *CAfile, char *CApath);
72
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
73 74 75 76 77 78 79 80

#define SMIME_OP	0x10
#define SMIME_ENCRYPT	(1 | SMIME_OP)
#define SMIME_DECRYPT	2
#define SMIME_SIGN	(3 | SMIME_OP)
#define SMIME_VERIFY	4
#define SMIME_PK7OUT	5

81 82
int MAIN(int, char **);

83 84
int MAIN(int argc, char **argv)
{
85
	ENGINE *e = NULL;
86 87 88 89 90 91
	int operation = 0;
	int ret = 0;
	char **args;
	char *inmode = "r", *outmode = "w";
	char *infile = NULL, *outfile = NULL;
	char *signerfile = NULL, *recipfile = NULL;
92
	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
93 94 95 96 97 98 99 100 101 102
	EVP_CIPHER *cipher = NULL;
	PKCS7 *p7 = NULL;
	X509_STORE *store = NULL;
	X509 *cert = NULL, *recip = NULL, *signer = NULL;
	EVP_PKEY *key = NULL;
	STACK_OF(X509) *encerts = NULL, *other = NULL;
	BIO *in = NULL, *out = NULL, *indata = NULL;
	int badarg = 0;
	int flags = PKCS7_DETACHED;
	char *to = NULL, *from = NULL, *subject = NULL;
D
Dr. Stephen Henson 已提交
103 104
	char *CAfile = NULL, *CApath = NULL;
	char *passargin = NULL, *passin = NULL;
105
	char *inrand = NULL;
106
	int need_rand = 0;
107
	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
108
	char *engine=NULL;
109

110
	args = argv + 1;
111 112 113 114 115 116 117 118
	ret = 1;

	while (!badarg && *args && *args[0] == '-') {
		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
B
Bodo Möller 已提交
119
#ifndef NO_DES
120 121 122 123
		else if (!strcmp (*args, "-des3")) 
				cipher = EVP_des_ede3_cbc();
		else if (!strcmp (*args, "-des")) 
				cipher = EVP_des_cbc();
B
Bodo Möller 已提交
124 125
#endif
#ifndef NO_RC2
126 127 128 129 130 131
		else if (!strcmp (*args, "-rc2-40")) 
				cipher = EVP_rc2_40_cbc();
		else if (!strcmp (*args, "-rc2-128")) 
				cipher = EVP_rc2_cbc();
		else if (!strcmp (*args, "-rc2-64")) 
				cipher = EVP_rc2_64_cbc();
B
Bodo Möller 已提交
132
#endif
133 134 135 136 137 138 139 140 141 142 143 144 145 146
		else if (!strcmp (*args, "-text")) 
				flags |= PKCS7_TEXT;
		else if (!strcmp (*args, "-nointern")) 
				flags |= PKCS7_NOINTERN;
		else if (!strcmp (*args, "-noverify")) 
				flags |= PKCS7_NOVERIFY;
		else if (!strcmp (*args, "-nochain")) 
				flags |= PKCS7_NOCHAIN;
		else if (!strcmp (*args, "-nocerts")) 
				flags |= PKCS7_NOCERTS;
		else if (!strcmp (*args, "-noattr")) 
				flags |= PKCS7_NOATTR;
		else if (!strcmp (*args, "-nodetach")) 
				flags &= ~PKCS7_DETACHED;
147 148
		else if (!strcmp (*args, "-nosmimecap"))
				flags |= PKCS7_NOSMIMECAP;
149 150
		else if (!strcmp (*args, "-binary"))
				flags |= PKCS7_BINARY;
151 152
		else if (!strcmp (*args, "-nosigs"))
				flags |= PKCS7_NOSIGS;
153 154 155 156 157 158
		else if (!strcmp(*args,"-rand")) {
			if (args[1]) {
				args++;
				inrand = *args;
			} else badarg = 1;
			need_rand = 1;
159 160 161 162 163
		} else if (!strcmp(*args,"-engine")) {
			if (args[1]) {
				args++;
				engine = *args;
			} else badarg = 1;
164 165 166
		} else if (!strcmp(*args,"-passin")) {
			if (args[1]) {
				args++;
D
Dr. Stephen Henson 已提交
167
				passargin = *args;
168
			} else badarg = 1;
169
		} else if (!strcmp (*args, "-to")) {
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218
			if (args[1]) {
				args++;
				to = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-from")) {
			if (args[1]) {
				args++;
				from = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-subject")) {
			if (args[1]) {
				args++;
				subject = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-signer")) {
			if (args[1]) {
				args++;
				signerfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-recip")) {
			if (args[1]) {
				args++;
				recipfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-inkey")) {
			if (args[1]) {
				args++;
				keyfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-certfile")) {
			if (args[1]) {
				args++;
				certfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-CAfile")) {
			if (args[1]) {
				args++;
				CAfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-CApath")) {
			if (args[1]) {
				args++;
				CApath = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-in")) {
			if (args[1]) {
				args++;
				infile = *args;
			} else badarg = 1;
219 220 221 222 223 224 225 226 227 228
		} else if (!strcmp (*args, "-inform")) {
			if (args[1]) {
				args++;
				informat = str2fmt(*args);
			} else badarg = 1;
		} else if (!strcmp (*args, "-outform")) {
			if (args[1]) {
				args++;
				outformat = str2fmt(*args);
			} else badarg = 1;
229 230 231 232 233
		} else if (!strcmp (*args, "-out")) {
			if (args[1]) {
				args++;
				outfile = *args;
			} else badarg = 1;
234 235 236 237 238
		} else if (!strcmp (*args, "-content")) {
			if (args[1]) {
				args++;
				contfile = *args;
			} else badarg = 1;
239 240 241 242 243 244 245 246 247
		} else badarg = 1;
		args++;
	}

	if(operation == SMIME_SIGN) {
		if(!signerfile) {
			BIO_printf(bio_err, "No signer certificate specified\n");
			badarg = 1;
		}
248
		need_rand = 1;
249 250 251 252 253 254 255 256 257 258
	} else if(operation == SMIME_DECRYPT) {
		if(!recipfile) {
			BIO_printf(bio_err, "No recipient certificate and key specified\n");
			badarg = 1;
		}
	} else if(operation == SMIME_ENCRYPT) {
		if(!*args) {
			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
			badarg = 1;
		}
259
		need_rand = 1;
260 261 262 263 264 265 266 267 268 269
	} else if(!operation) badarg = 1;

	if (badarg) {
		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
		BIO_printf (bio_err, "where options are\n");
		BIO_printf (bio_err, "-encrypt       encrypt message\n");
		BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
		BIO_printf (bio_err, "-sign          sign message\n");
		BIO_printf (bio_err, "-verify        verify signed message\n");
		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
B
Bodo Möller 已提交
270
#ifndef NO_DES
271
		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
B
Bodo Möller 已提交
272 273 274 275
		BIO_printf (bio_err, "-des           encrypt with DES\n");
#endif
#ifndef NO_RC2
		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
276 277
		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
B
Bodo Möller 已提交
278
#endif
279 280 281 282 283 284 285
		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
		BIO_printf (bio_err, "-binary        don't translate message to text\n");
286 287
		BIO_printf (bio_err, "-certfile file other certificates file\n");
		BIO_printf (bio_err, "-signer file   signer certificate file\n");
B
Bodo Möller 已提交
288
		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
289
		BIO_printf (bio_err, "-in file       input file\n");
D
 
Dr. Stephen Henson 已提交
290
		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
291 292
		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
		BIO_printf (bio_err, "-out file      output file\n");
D
 
Dr. Stephen Henson 已提交
293 294
		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
295 296 297 298
		BIO_printf (bio_err, "-to addr       to address\n");
		BIO_printf (bio_err, "-from ad       from address\n");
		BIO_printf (bio_err, "-subject s     subject\n");
		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
299 300
		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
301
		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
B
Bodo Möller 已提交
302
		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
303 304
		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
		BIO_printf(bio_err,  "               the random number generator\n");
B
Bodo Möller 已提交
305
		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
306 307 308
		goto end;
	}

309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326
	if (engine != NULL)
		{
		if((e = ENGINE_by_id(engine)) == NULL)
			{
			BIO_printf(bio_err,"invalid engine \"%s\"\n",
				engine);
			goto end;
			}
		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
			{
			BIO_printf(bio_err,"can't use that engine\n");
			goto end;
			}
		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
		/* Free our "structural" reference. */
		ENGINE_free(e);
		}

D
Dr. Stephen Henson 已提交
327 328 329 330 331
	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
		BIO_printf(bio_err, "Error getting password\n");
		goto end;
	}

332
	if (need_rand) {
333
		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
334 335 336 337 338
		if (inrand != NULL)
			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
				app_RAND_load_files(inrand));
	}

339 340 341 342
	ret = 2;

	if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;

343 344 345 346 347 348
	if(operation & SMIME_OP) {
		if(flags & PKCS7_BINARY) inmode = "rb";
		if(outformat == FORMAT_ASN1) outmode = "wb";
	} else {
		if(flags & PKCS7_BINARY) outmode = "wb";
		if(informat == FORMAT_ASN1) inmode = "rb";
349 350 351
	}

	if(operation == SMIME_ENCRYPT) {
B
Bodo Möller 已提交
352 353 354 355 356 357 358 359
		if (!cipher) {
#ifndef NO_RC2			
			cipher = EVP_rc2_40_cbc();
#else
			BIO_printf(bio_err, "No cipher selected\n");
			goto end;
#endif
		}
360
		encerts = sk_X509_new_null();
361
		while (*args) {
362
			if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
U
Ulf Möller 已提交
363
				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
364 365
				goto end;
			}
366
			sk_X509_push(encerts, cert);
367 368 369 370 371
			cert = NULL;
			args++;
		}
	}

372
	if(signerfile && (operation == SMIME_SIGN)) {
373
		if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
374 375 376 377 378 379
			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
			goto end;
		}
	}

	if(certfile) {
380
		if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
381 382 383 384 385 386
			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
			ERR_print_errors(bio_err);
			goto end;
		}
	}

387
	if(recipfile && (operation == SMIME_DECRYPT)) {
388
		if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
389 390 391 392 393 394 395 396 397 398 399 400 401
			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
			ERR_print_errors(bio_err);
			goto end;
		}
	}

	if(operation == SMIME_DECRYPT) {
		if(!keyfile) keyfile = recipfile;
	} else if(operation == SMIME_SIGN) {
		if(!keyfile) keyfile = signerfile;
	} else keyfile = NULL;

	if(keyfile) {
402
		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422
			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
			ERR_print_errors(bio_err);
			goto end;
		}
	}

	if (infile) {
		if (!(in = BIO_new_file(infile, inmode))) {
			BIO_printf (bio_err,
				 "Can't open input file %s\n", infile);
			goto end;
		}
	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

	if (outfile) {
		if (!(out = BIO_new_file(outfile, outmode))) {
			BIO_printf (bio_err,
				 "Can't open output file %s\n", outfile);
			goto end;
		}
423 424 425 426 427 428 429 430 431
	} else {
		out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
		{
		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
		    out = BIO_push(tmpbio, out);
		}
#endif
	}
432 433

	if(operation == SMIME_VERIFY) {
434
		if(!(store = setup_verify(CAfile, CApath))) goto end;
435
	}
436 437

	ret = 3;
438

439 440 441 442 443 444
	if(operation == SMIME_ENCRYPT) {
		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
	} else if(operation == SMIME_SIGN) {
		p7 = PKCS7_sign(signer, key, other, in, flags);
		BIO_reset(in);
	} else {
445 446 447 448 449 450 451 452 453 454 455 456
		if(informat == FORMAT_SMIME) 
			p7 = SMIME_read_PKCS7(in, &indata);
		else if(informat == FORMAT_PEM) 
			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
		else if(informat == FORMAT_ASN1) 
			p7 = d2i_PKCS7_bio(in, NULL);
		else {
			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
			goto end;
		}

		if(!p7) {
457 458 459
			BIO_printf(bio_err, "Error reading S/MIME message\n");
			goto end;
		}
460 461 462 463 464 465 466
		if(contfile) {
			BIO_free(indata);
			if(!(indata = BIO_new_file(contfile, "rb"))) {
				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
				goto end;
			}
		}
467
	}
468

469 470 471 472 473
	if(!p7) {
		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
		goto end;
	}

474
	ret = 4;
475
	if(operation == SMIME_DECRYPT) {
476
		if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
477
			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
478 479
			goto end;
		}
480
	} else if(operation == SMIME_VERIFY) {
481
		STACK_OF(X509) *signers;
482 483 484 485
		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
			BIO_printf(bio_err, "Verification Successful\n");
		} else {
			BIO_printf(bio_err, "Verification Failure\n");
486
			goto end;
487
		}
488
		signers = PKCS7_get0_signers(p7, other, flags);
489 490 491
		if(!save_certs(signerfile, signers)) {
			BIO_printf(bio_err, "Error writing signers to %s\n",
								signerfile);
492 493
			ret = 5;
			goto end;
494 495
		}
		sk_X509_free(signers);
496 497 498 499 500 501
	} else if(operation == SMIME_PK7OUT) {
		PEM_write_bio_PKCS7(out, p7);
	} else {
		if(to) BIO_printf(out, "To: %s\n", to);
		if(from) BIO_printf(out, "From: %s\n", from);
		if(subject) BIO_printf(out, "Subject: %s\n", subject);
502 503 504 505 506 507 508 509 510 511
		if(outformat == FORMAT_SMIME) 
			SMIME_write_PKCS7(out, p7, in, flags);
		else if(outformat == FORMAT_PEM) 
			PEM_write_bio_PKCS7(out,p7);
		else if(outformat == FORMAT_ASN1) 
			i2d_PKCS7_bio(out,p7);
		else {
			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
			goto end;
		}
512
	}
513
	ret = 0;
514
end:
515 516
	if (need_rand)
		app_RAND_write_file(NULL, bio_err);
517 518 519 520 521 522 523 524 525 526 527
	if(ret) ERR_print_errors(bio_err);
	sk_X509_pop_free(encerts, X509_free);
	sk_X509_pop_free(other, X509_free);
	X509_STORE_free(store);
	X509_free(cert);
	X509_free(recip);
	X509_free(signer);
	EVP_PKEY_free(key);
	PKCS7_free(p7);
	BIO_free(in);
	BIO_free(indata);
528
	BIO_free_all(out);
529
	if(passin) OPENSSL_free(passin);
530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561
	return (ret);
}

static X509_STORE *setup_verify(char *CAfile, char *CApath)
{
	X509_STORE *store;
	X509_LOOKUP *lookup;
	if(!(store = X509_STORE_new())) goto end;
	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
	if (lookup == NULL) goto end;
	if (CAfile) {
		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
			goto end;
		}
	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
		
	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
	if (lookup == NULL) goto end;
	if (CApath) {
		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
			goto end;
		}
	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

	ERR_clear_error();
	return store;
	end:
	X509_STORE_free(store);
	return NULL;
}
562

B
Bodo Möller 已提交
563
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
564 565 566 567 568 569 570 571 572 573 574 575
{
	int i;
	BIO *tmp;
	if(!signerfile) return 1;
	tmp = BIO_new_file(signerfile, "w");
	if(!tmp) return 0;
	for(i = 0; i < sk_X509_num(signers); i++)
		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
	BIO_free(tmp);
	return 1;
}