New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.

Remove references to 'TXT' in -inform and -outform switches.

CHANGES

@@ -4,6 +4,16 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) New function X509_CTX_rget_chain(), this returns the chain
+     from an X509_CTX structure with a dup of the stack and all
+     the X509 reference counts upped: so the stack will exist
+     after X509_CTX_cleanup() has been called. Modify pkcs12.c
+     to use this.
+
+     Also make SSL_SESSION_print() print out the verify return
+     code.
+     [Steve Henson]
+
   *) Add manpage for the pkcs12 command. Also change the default
      behaviour so MAC iteration counts are used unless the new
      -nomaciter option is used. This improves file security and

apps/crl.c

@@ -75,7 +75,7 @@
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
-" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg     - input format - default PEM (DER or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -text           - print out a text format version\n",
 " -in arg         - input file - default stdin\n",

apps/crl2p7.c

@@ -76,7 +76,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -157,8 +157,8 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");

apps/dh.c

@@ -72,7 +72,7 @@
 #undef PROG
 #define PROG	dh_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout

apps/dsaparam.c

@@ -73,7 +73,7 @@
 #undef PROG
 #define PROG	dsaparam_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout

apps/pkcs12.c

@@ -607,11 +607,7 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
 		i = X509_STORE_CTX_get_error (&store_ctx);
 		goto err;
 	}
-	chn =  sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx));
+	chn =  X509_STORE_CTX_rget_chain(&store_ctx);
-	for (i = 0; i < sk_X509_num(chn); i++) {
-		x = sk_X509_value(chn, i);
-		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-	}
 	i = 0;
 	*chain = chn;
 err:

apps/pkcs7.c

@@ -71,7 +71,7 @@
 #undef PROG
 #define PROG	pkcs7_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -145,8 +145,8 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");

apps/req.c

@@ -91,7 +91,7 @@
 #undef PROG
 #define PROG	req_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -377,8 +377,8 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options  are\n");
-		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -text          text form of request\n");

apps/sess_id.c

@@ -72,7 +72,7 @@
 static char *sess_id_usage[]={
 "usage: sess_id args\n",
 "\n",
-" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg     - input format - default PEM (DER or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",

crypto/x509/x509_vfy.c

@@ -717,6 +717,19 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
 	return(ctx->chain);
 	}
 
+STACK_OF(X509) *X509_STORE_CTX_rget_chain(X509_STORE_CTX *ctx)
+	{
+	int i;
+	X509 *x;
+	STACK_OF(X509) *chain;
+	if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
+	for(i = 0; i < sk_X509_num(chain); i++) {
+		x = sk_X509_value(chain, i);
+		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+	}
+	return(chain);
+	}
+
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
 	{
 	ctx->cert=x;

crypto/x509/x509_vfy.h

@@ -347,6 +347,7 @@ void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
 int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
 X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_rget_chain(X509_STORE_CTX *ctx);
 void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
 void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);

ssl/ssl_lib.c

@@ -910,7 +910,7 @@ const char *SSL_get_cipher_list(SSL *s,int n)
 	return(c->name);
 	}
 
-/** specify the ciphers to be used by defaut by the SSL_CTX */
+/** specify the ciphers to be used by default by the SSL_CTX */
 int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
 	{
 	STACK_OF(SSL_CIPHER) *sk;

ssl/ssl_txt.c

@@ -112,7 +112,7 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
 		sprintf(str,"%02X",x->session_id[i]);
 		if (BIO_puts(bp,str) <= 0) goto err;
 		}
-	if (BIO_puts(bp,"\nSession-ID-ctx: ") <= 0) goto err;
+	if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;
 	for (i=0; i<x->sid_ctx_length; i++)
 		{
 		sprintf(str,"%02X",x->sid_ctx[i]);
@@ -164,6 +164,11 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
 		}
 	if (BIO_puts(bp,"\n") <= 0) goto err;
 
+	if (BIO_puts(bp, "    Verify return code ") <= 0) goto err;
+	sprintf(str, "%ld (%s)\n", x->verify_result, 
+			X509_verify_cert_error_string(x->verify_result));
+	if (BIO_puts(bp,str) <= 0) goto err;
+		
 	return(1);
 err:
 	return(0);