commit c431798e82c38855ac033e16b17d79ae18eaadaf
author Dr. Stephen Henson <steve@openssl.org> Tue Sep 07 18:38:46 2004 +0000
committer Dr. Stephen Henson <steve@openssl.org> Tue Sep 07 18:38:46 2004 +0000
tree fb0c68aa67501166619546ea04287e65811dc6b0
parent fb8079456879f7ecd5d387bc0923f97aaeedf4f4

Reformat smime utility.

Add support for policy checking in verify utility.

apps/apps.c

diff --git a/apps/apps.c b/apps/apps.c
index 6bc3562..4121e47 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2141,10 +2141,14 @@
 	}
 #endif
 
-int args_verify(char ***pargs, int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
+int args_verify(char ***pargs, int *pargc,
+			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
 	{
 	ASN1_OBJECT *otmp = NULL;
 	unsigned long flags = 0;
+	int i;
+	int purpose = 0;
+	char **oldargs = *pargs;
 	char *arg = **pargs, *argn = (*pargs)[1];
 	if (!strcmp(arg, "-policy"))
 		{
@@ -2162,6 +2166,27 @@
 			}
 		(*pargs)++;
 		}
+	else if (strcmp(arg,"-purpose") == 0)
+		{
+		X509_PURPOSE *xptmp;
+		if (!argn)
+			*badarg = 1;
+		else
+			{
+			i = X509_PURPOSE_get_by_sname(argn);
+			if(i < 0)
+				{
+				BIO_printf(err, "unrecognized purpose\n");
+				*badarg = 1;
+				}
+			else
+				{
+				xptmp = X509_PURPOSE_get0(i);
+				purpose = X509_PURPOSE_get_id(xptmp);
+				}
+			}
+		(*pargs)++;
+		}
 	else if (!strcmp(arg, "-ignore_critical"))
 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
 	else if (!strcmp(arg, "-issuer_checks"))
@@ -2186,13 +2211,13 @@
 		if (*pm)
 			X509_VERIFY_PARAM_free(*pm);
 		*pm = NULL;
-		return 1;
+		goto end;
 		}
 
 	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
 		{
 		*badarg = 1;
-		return 1;
+		goto end;
 		}
 
 	if (otmp)
@@ -2200,8 +2225,56 @@
 	if (flags)
 		X509_VERIFY_PARAM_set_flags(*pm, flags);
 
+	if (purpose)
+		X509_VERIFY_PARAM_set_purpose(*pm, purpose);
+
+	end:
+
 	(*pargs)++;
 
+	if (pargc)
+		*pargc -= *pargs - oldargs;
+
 	return 1;
 
 	}
+
+static void nodes_print(BIO *out, char *name, STACK_OF(X509_POLICY_NODE) *nodes)
+	{
+	X509_POLICY_NODE *node;
+	int i;
+	BIO_printf(out, "%s Policies:", name);
+	if (nodes)
+		{
+		BIO_puts(out, "\n");
+		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
+			{
+			node = sk_X509_POLICY_NODE_value(nodes, i);
+			X509_POLICY_NODE_print(out, node, 2);
+			}
+		}
+	else
+		BIO_puts(out, " <empty>\n");
+	}
+
+void policies_print(BIO *out, X509_STORE_CTX *ctx)
+	{
+	X509_POLICY_TREE *tree;
+	int explicit_policy;
+	int free_out = 0;
+	if (out == NULL)
+		{
+		out = BIO_new_fp(stderr, BIO_NOCLOSE);
+		free_out = 1;
+		}
+	tree = X509_STORE_CTX_get0_policy_tree(ctx);
+	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
+
+	BIO_printf(out, "Require explicit Policy: %s\n",
+				explicit_policy ? "True" : "False");
+
+	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
+	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
+	if (free_out)
+		BIO_free(out);
+	}