Use "cont" consistently in cms-examples.pl

Add a -certsout option to output any certificates in a message.

Add test for example 4.11

apps/cms.c

@@ -107,6 +107,7 @@ int MAIN(int argc, char **argv)
 	char *signerfile = NULL, *recipfile = NULL;
 	STACK *sksigners = NULL, *skkeys = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+	char *certsoutfile = NULL;
 	const EVP_CIPHER *cipher = NULL;
 	CMS_ContentInfo *cms = NULL, *rcms = NULL;
 	X509_STORE *store = NULL;
@@ -397,6 +398,12 @@ int MAIN(int argc, char **argv)
 				goto argerr;
 			recipfile = *++args;
 			}
+		else if (!strcmp (*args, "-certsout"))
+			{
+			if (!args[1])
+				goto argerr;
+			certsoutfile = *++args;
+			}
 		else if (!strcmp (*args, "-md"))
 			{
 			if (!args[1])
@@ -602,6 +609,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
 		BIO_printf (bio_err, "-binary        don't translate message to text\n");
 		BIO_printf (bio_err, "-certfile file other certificates file\n");
+		BIO_printf (bio_err, "-certsout file certificate output file\n");
 		BIO_printf (bio_err, "-signer file   signer certificate file\n");
 		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
 		BIO_printf (bio_err, "-skeyid        use subject key identifier\n");
@@ -797,6 +805,20 @@ int MAIN(int argc, char **argv)
 				goto end;
 				}
 			}
+		if (certsoutfile)
+			{
+			STACK_OF(X509) *allcerts;
+			allcerts = CMS_get1_certs(cms);
+			if (!save_certs(certsoutfile, allcerts))
+				{
+				BIO_printf(bio_err,
+						"Error writing certs to %s\n",
+								certsoutfile);
+				ret = 5;
+				goto end;
+				}
+			sk_X509_pop_free(allcerts, X509_free);
+			}
 		}
 
 	if (rctfile)

doc/apps/cms.pod

@@ -55,6 +55,7 @@ B<openssl> B<cms>
 [B<-binary>]
 [B<-nodetach>]
 [B<-certfile file>]
+[B<-certsout file>]
 [B<-signer file>]
 [B<-recip file>]
 [B<-keyid>]
@@ -312,6 +313,10 @@ allows additional certificates to be specified. When signing these will
 be included with the message. When verifying these will be searched for
 the signers certificates. The certificates should be in PEM format.
 
+=item B<-certsout file>
+
+any certificates contained in to the message are written to B<file>.
+
 =item B<-signer file>
 
 a signing certificate when signing or resigning a message, this option can be

test/cms-examples.pl

@@ -78,17 +78,17 @@ elsif (-f "..\\out32\\openssl.exe")
 my @test_list = (
     [ "3.1.bin"  => "dataout" ],
     [ "3.2.bin"  => "encode, dataout" ],
-    [ "4.1.bin"  => "encode, verifyder, content, dss" ],
+    [ "4.1.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.2.bin"  => "encode, verifyder, cont, rsa" ],
     [ "4.3.bin"  => "encode, verifyder, cont_extern, dss" ],
     [ "4.4.bin"  => "encode, verifyder, cont, dss" ],
-    [ "4.5.bin"  => "verifyder, content, rsa" ],
+    [ "4.5.bin"  => "verifyder, cont, rsa" ],
     [ "4.6.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.7.bin"  => "encode, verifyder, cont, dss" ],
     [ "4.8.eml"  => "verifymime, dss" ],
     [ "4.9.eml"  => "verifymime, dss" ],
     [ "4.10.bin" => "encode, verifyder, cont, dss" ],
-    [ "4.11.bin" => "encode" ],
+    [ "4.11.bin" => "encode, certsout" ],
     [ "5.1.bin"  => "encode, envelopeder, cont" ],
     [ "5.2.bin"  => "encode, envelopeder, cont" ],
     [ "5.3.eml"  => "envelopemime, cont" ],
@@ -151,6 +151,9 @@ foreach (@test_list) {
     if ( $tlist =~ /encode/ ) {
         run_reencode_test( $exdir, $file );
     }
+    if ( $tlist =~ /certsout/ ) {
+        run_certsout_test( $exdir, $file );
+    }
     if ( $tlist =~ /dataout/ ) {
         run_dataout_test( $exdir, $file );
     }
@@ -216,6 +219,23 @@ sub run_reencode_test {
     }
 }
 
+sub run_certsout_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.der";
+    unlink "tmp.pem";
+
+    system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
+          . " -in $cmsdir/$tfile -out tmp.der" );
+
+    if ($?) {
+        print "\tCertificate output command FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tCertificate output passed\n" if $verbose;
+    }
+}
+
 sub run_dataout_test {
     my ( $cmsdir, $tfile ) = @_;
     unlink "tmp.txt";