mirror of
https://github.com/openssl/openssl.git
synced 2025-01-24 13:55:42 +08:00
apps/cms: Simplify handling of encerts; add warning if they are ignored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14843)
This commit is contained in:
parent
06621ba387
commit
56c98a7d94
42
apps/cms.c
42
apps/cms.c
@ -307,10 +307,10 @@ int cms_main(int argc, char **argv)
|
||||
EVP_MD *sign_md = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
|
||||
STACK_OF(X509) *encerts = NULL, *other = NULL;
|
||||
STACK_OF(X509) *encerts = sk_X509_new_null(), *other = NULL;
|
||||
X509 *cert = NULL, *recip = NULL, *signer = NULL, *originator = NULL;
|
||||
X509_STORE *store = NULL;
|
||||
X509_VERIFY_PARAM *vpm = NULL;
|
||||
X509_VERIFY_PARAM *vpm = X509_VERIFY_PARAM_new();
|
||||
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
|
||||
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
|
||||
char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL;
|
||||
@ -332,8 +332,8 @@ int cms_main(int argc, char **argv)
|
||||
OPTION_CHOICE o;
|
||||
OSSL_LIB_CTX *libctx = app_get0_libctx();
|
||||
|
||||
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
|
||||
return 1;
|
||||
if (encerts == NULL || vpm == NULL)
|
||||
goto end;
|
||||
|
||||
prog = opt_init(argc, argv, cms_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
@ -641,8 +641,6 @@ int cms_main(int argc, char **argv)
|
||||
break;
|
||||
case OPT_RECIP:
|
||||
if (operation == SMIME_ENCRYPT) {
|
||||
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
|
||||
goto end;
|
||||
cert = load_cert(opt_arg(), FORMAT_UNDEF,
|
||||
"recipient certificate file");
|
||||
if (cert == NULL)
|
||||
@ -659,7 +657,7 @@ int cms_main(int argc, char **argv)
|
||||
case OPT_KEYOPT:
|
||||
keyidx = -1;
|
||||
if (operation == SMIME_ENCRYPT) {
|
||||
if (encerts != NULL)
|
||||
if (sk_X509_num(encerts) > 0)
|
||||
keyidx += sk_X509_num(encerts);
|
||||
} else {
|
||||
if (keyfile != NULL || signerfile != NULL)
|
||||
@ -797,7 +795,7 @@ int cms_main(int argc, char **argv)
|
||||
}
|
||||
} else if (operation == SMIME_ENCRYPT) {
|
||||
if (*argv == NULL && secret_key == NULL
|
||||
&& pwri_pass == NULL && encerts == NULL) {
|
||||
&& pwri_pass == NULL && sk_X509_num(encerts) <= 0) {
|
||||
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
|
||||
goto opthelp;
|
||||
}
|
||||
@ -838,16 +836,19 @@ int cms_main(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (*argv && encerts == NULL)
|
||||
if ((encerts = sk_X509_new_null()) == NULL)
|
||||
goto end;
|
||||
while (*argv) {
|
||||
if ((cert = load_cert(*argv, FORMAT_UNDEF,
|
||||
"recipient certificate file")) == NULL)
|
||||
goto end;
|
||||
sk_X509_push(encerts, cert);
|
||||
cert = NULL;
|
||||
argv++;
|
||||
if (*argv != NULL) {
|
||||
if (operation == SMIME_ENCRYPT) {
|
||||
for (; *argv != NULL; argv++) {
|
||||
cert = load_cert(*argv, FORMAT_UNDEF,
|
||||
"recipient certificate file");
|
||||
if (cert == NULL)
|
||||
goto end;
|
||||
sk_X509_push(encerts, cert);
|
||||
cert = NULL;
|
||||
}
|
||||
} else {
|
||||
BIO_printf(bio_err, "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1182,9 +1183,10 @@ int cms_main(int argc, char **argv)
|
||||
} else if (operation == SMIME_VERIFY) {
|
||||
if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
|
||||
BIO_printf(bio_err, "%s Verification successful\n",
|
||||
(flags & CMS_CADES) ? "CAdES" : "CMS");
|
||||
(flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
|
||||
} else {
|
||||
BIO_printf(bio_err, "Verification failure\n");
|
||||
BIO_printf(bio_err, "%s Verification failure\n",
|
||||
(flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
|
||||
if (verify_retcode)
|
||||
ret = verify_err + 32;
|
||||
goto end;
|
||||
|
Loading…
Reference in New Issue
Block a user