summaryrefslogtreecommitdiff
path: root/apps/verify.c
Commit message (Collapse)AuthorAgeFilesLines
* apps & al : Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-10-121-1/+1
| | | | | | | | | | | | Mostly revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* Update copyright yearMatt Caswell2022-05-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Fix: some patches related to error exitingPeiwei Hu2022-01-071-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17417)
* add OSSL_STACK_OF_X509_free() for commonly used patternDr. David von Oheimb2021-12-211-3/+3
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
* Make the -inform option to be respected if possibleTomas Mraz2021-05-061-1/+1
| | | | | | | | | | | | | | | | Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
* APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macroDr. David von Oheimb2021-05-051-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
* Update copyright yearMatt Caswell2021-04-081-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
* apps: Add maybe_stdin argument to load_certs and set it in pkcs12Tomas Mraz2021-03-151-2/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14449)
* Check non-option argumentsRich Salz2020-12-151-0/+3
| | | | | | | | | | | | | Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)
* apps/verify:c: Enable output of multiple verification errors due to -x509_strictDr. David von Oheimb2020-12-041-2/+17
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13606)
* APPS: Remove the format argument where it's not usedRichard Levitte2020-10-261-1/+1
| | | | | | | | | | | | Also, restore a behaviour change, where load_cert() would look at stdin when the input file name is NULL, and make sure to call load_cert_pass() with a corresponding argument where load_cert() was used in OpenSSL 1.1.1. Fixes #13235 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13236)
* Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCKMatt Caswell2020-09-131-2/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
* Fix safestack issues in x509.hMatt Caswell2020-09-131-2/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
* apps: make use of OSSL_STORE for generalized certs and CRLs loadingDr. David von Oheimb2020-08-201-5/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12647)
* Improve documentation, layout, and code comments regarding self-issued certs ↵Dr. David von Oheimb2020-07-011-1/+1
| | | | | | | etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587)
* APPS: Properly pass -no-CAstoreSebastian Andrzej Siewior2020-06-231-1/+1
| | | | | | | | | | | | | | Since its introduction the option no-CAstore maps to OPT_NOCAPATH and so behaves like -no-CApath. Map no-CAstore to OPT_NOCASTORE. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12171)
* Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.cDr. David von Oheimb2020-05-151-1/+1
| | | | | | | | | | This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755)
* In OpenSSL builds, declare STACK for datatypes ...Rich Salz2020-04-241-0/+4
| | | | | | | | | | | | | | | | | | | | | | ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
* Update copyright yearMatt Caswell2020-04-231-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Fix descriptions of credentials and verification options for various appsDr. David von Oheimb2020-04-201-7/+7
| | | | | | | | | | | | fix doc of s_client and s_server credentials and verification options fix doc of verification options also for s_time, x509, crl, req, ts, and verify correcting and extending texts regarding untrusted and trusted certs, making the order of options in the docs and help texts more consistent, etc. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11273)
* APPS: Remove all traces of special SM2 treatment.Richard Levitte2020-03-151-58/+25
| | | | | | | | | | SM2 IDs are now passed entirely as '-pkeyopt', '-sigopt' or '-vfyopt' values, just like any other valid option. Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
* cmdline app: add provider commandline options.Pauli2020-03-071-1/+8
| | | | | | | | | | Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
* Document command parameters.Rich Salz2019-11-201-9/+12
| | | | | | | | | | | Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10371)
* Add "sections" to -help outputRich Salz2019-11-081-5/+9
| | | | | | | | | | | | | Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
* Add -CAstore and similar to all openssl commands that have -CApathRichard Levitte2019-11-031-6/+19
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8442)
* Coverity fixesShane Lontis2019-06-061-1/+10
| | | | | | | | | | covID 1445689 Resource leak (in error path) covID 1445318 Resource leak (in test - minor) covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used) covID 1443691 Resource leak (in app - minor) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9071)
* Make X509_set_sm2_id consistent with other settersPaul Yang2019-04-091-14/+26
| | | | | | | | | | | This commit makes the X509_set_sm2_id to 'set0' behaviour, which means the memory management is passed to X509 and user doesn't need to free the sm2_id parameter later. API name also changes to X509_set0_sm2_id. Document and test case are also updated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8626)
* Fix a memleak in apps/verifyPaul Yang2019-03-301-0/+4
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8465)
* Support SM2 certificate verification杨洋2019-03-131-5/+40
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8321)
* apps/verify.c: Change an old comment to clarify what the callback doesRichard Levitte2019-01-161-5/+8
| | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7922)
* Following the license change, modify the boilerplates in apps/Richard Levitte2018-12-061-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
* Fix memory leaks in CA related functions.Pavel Kopyl2018-05-021-0/+1
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4700)
* Update copyright yearMatt Caswell2018-02-131-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* apps: Don't include progs.h in apps.hRichard Levitte2018-01-311-0/+1
| | | | | | | | | | | | | Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines, but rather the main commands and their options, and there's no reason why the library modules should include it. So, remove the inclusion of progs.h from apps.h and add that inclusion in all command source files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5222)
* Remove parentheses of return.KaoruToda2017-10-181-1/+1
| | | | | | | | | Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
* Clean up a bundle of codingstyle stuff in apps directoryPaul Yang2017-06-121-4/+4
| | | | | | | | | Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
* Fix a bundle of trailing spaces in several filesPaul Yang2017-06-091-1/+1
| | | | | | | | Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3622)
* Fix gcc-7 warnings.Bernd Edlinger2017-05-111-0/+1
| | | | | | | | - Mostly missing fall thru comments - And uninitialized value used in sslapitest.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3440)
* Switch command-line utils to new nameopt API.Dmitry Belyavskiy2017-04-251-9/+3
| | | | | | | | | | | | | | | | | The CA names should be printed according to user's decision print_name instead of set of BIO_printf dump_cert_text instead of set of BIO_printf Testing cyrillic output of X509_CRL_print_ex Write and use X509_CRL_print_ex Reduce usage of X509_NAME_online Using X509_REQ_print_ex instead of X509_REQ_print Fix nameopt processing. Make dump_cert_text nameopt-friendly Move nameopt getter/setter to apps/apps.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3262)
* Added '-nameopt' option to the verify command.Dmitry Belyavskiy2017-02-201-3/+14
| | | | | | | | It makes possible to print the certificate's DN correctly in case of verification errors. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2656)
* If an engine comes up explicitely, it must also come down explicitelyRichard Levitte2016-10-191-1/+3
| | | | | | | | | | | | | In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it's a built in engine), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1643)
* Constify command optionsFdaSilvaYY2016-10-141-1/+1
| | | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1694)
* Constify char* input parameters in apps codeFdaSilvaYY2016-08-171-3/+3
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Allow proxy certs to be present when verifying a chainRichard Levitte2016-06-201-0/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Copyright consolidation 01/10Rich Salz2016-05-171-54/+6
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Make many X509_xxx types opaque.Rich Salz2016-04-151-1/+1
| | | | | | | | | Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Remove unused parameters from internal functionsRich Salz2016-02-221-13/+14
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Multiple -trusted/-untrusted/-CRLfile options in verifyViktor Dukhovni2016-01-201-22/+16
| | | | | | | | | | | | | | It is sometimes useful (especially in automated tests) to supply multiple trusted or untrusted certificates via separate files rather than have to prepare a single file containing them all. To that end, change verify(1) to accept these options zero or more times. Also automatically set -no-CAfile and -no-CApath when -trusted is specified. Improve verify(1) documentation, which could still use some work. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Refactor apps load_certs/load_crls to work incrementallyViktor Dukhovni2016-01-201-8/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix verify(1) to report failure when verification failsViktor Dukhovni2016-01-131-1/+1
| | | | | | Regenerated expired test certificates, good for the next 100 years. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
View Lorry Controller Status