aboutsummaryrefslogtreecommitdiffstats
path: root/apps/crl.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2015-09-22 16:00:52 +0100
committerMatt Caswell <matt@openssl.org>2015-09-25 14:49:59 +0100
commit2b6bcb702d237171ec5217956a42c8dce031ea51 (patch)
tree28ae33107e186389f048d4e7f0aa9a9a12ed79a2 /apps/crl.c
parent631fb6af5f404e4f8b4ae33f3ffdcec81b9df19a (diff)
downloadopenssl-2b6bcb702d237171ec5217956a42c8dce031ea51.tar.gz
Add support for -no-CApath and -no-CAfile options
For those command line options that take the verification options -CApath and -CAfile, if those options are absent then the default path or file is used instead. It is not currently possible to specify *no* path or file at all. This change adds the options -no-CApath and -no-CAfile to specify that the default locations should not be used to all relevant applications. Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'apps/crl.c')
-rw-r--r--apps/crl.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/apps/crl.c b/apps/crl.c
index 735c8c014f..253f7a5b75 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -70,8 +70,8 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
- OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD, OPT_NOOUT,
- OPT_NAMEOPT, OPT_MD
+ OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
+ OPT_NOOUT, OPT_NAMEOPT, OPT_MD
} OPTION_CHOICE;
OPTIONS crl_options[] = {
@@ -92,6 +92,10 @@ OPTIONS crl_options[] = {
{"gendelta", OPT_GENDELTA, '<'},
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
+ {"no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file"},
+ {"no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory"},
{"verify", OPT_VERIFY, '-'},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
@@ -121,7 +125,7 @@ int crl_main(int argc, char **argv)
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
- int text = 0, do_ver = 0;
+ int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
@@ -171,6 +175,12 @@ int crl_main(int argc, char **argv)
CAfile = opt_arg();
do_ver = 1;
break;
+ case OPT_NOCAPATH:
+ noCApath = 1;
+ break;
+ case OPT_NOCAFILE:
+ noCAfile = 1;
+ break;
case OPT_HASH_OLD:
#ifndef OPENSSL_NO_MD5
hash_old = ++num;
@@ -230,7 +240,7 @@ int crl_main(int argc, char **argv)
goto end;
if (do_ver) {
- if ((store = setup_verify(CAfile, CApath)) == NULL)
+ if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)