generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use "cont" consistently in cms-examples.pl

Browse Source 
Add a -certsout option to output any certificates in a message.

Add test for example 4.11
This commit is contained in:
Dr. Stephen Henson 2008-05-01 23:30:06 +00:00
parent d05a474556
commit 4a954b56c9
3 changed files with 50 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
apps/cms.c
View File

@ -107,6 +107,7 @@ int MAIN(int argc, char **argv)
char *signerfile = NULL, *recipfile = NULL; char *signerfile = NULL, *recipfile = NULL;
STACK *sksigners = NULL, *skkeys = NULL; STACK *sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
char *certsoutfile = NULL;
const EVP_CIPHER *cipher = NULL; const EVP_CIPHER *cipher = NULL;
CMS_ContentInfo *cms = NULL, *rcms = NULL; CMS_ContentInfo *cms = NULL, *rcms = NULL;
X509_STORE *store = NULL; X509_STORE *store = NULL;
@ -397,6 +398,12 @@ int MAIN(int argc, char **argv)
goto argerr; goto argerr;
recipfile = *++args; recipfile = *++args;
} }
else if (!strcmp (*args, "-certsout"))
{
if (!args[1])
goto argerr;
certsoutfile = *++args;
}
else if (!strcmp (*args, "-md")) else if (!strcmp (*args, "-md"))
{ {
if (!args[1]) if (!args[1])
@ -602,6 +609,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
BIO_printf (bio_err, "-binary don't translate message to text\n"); BIO_printf (bio_err, "-binary don't translate message to text\n");
BIO_printf (bio_err, "-certfile file other certificates file\n"); BIO_printf (bio_err, "-certfile file other certificates file\n");
BIO_printf (bio_err, "-certsout file certificate output file\n");
BIO_printf (bio_err, "-signer file signer certificate file\n"); BIO_printf (bio_err, "-signer file signer certificate file\n");
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
BIO_printf (bio_err, "-skeyid use subject key identifier\n"); BIO_printf (bio_err, "-skeyid use subject key identifier\n");
@ -797,6 +805,20 @@ int MAIN(int argc, char **argv)
goto end; goto end;
} }
} }
if (certsoutfile)
{
STACK_OF(X509) *allcerts;
allcerts = CMS_get1_certs(cms);
if (!save_certs(certsoutfile, allcerts))
{
BIO_printf(bio_err,
"Error writing certs to %s\n",
certsoutfile);
ret = 5;
goto end;
}
sk_X509_pop_free(allcerts, X509_free);
}
} }
if (rctfile) if (rctfile)

5
doc/apps/cms.pod
View File

@ -55,6 +55,7 @@ B<openssl> B<cms>
[B<-binary>] [B<-binary>]
[B<-nodetach>] [B<-nodetach>]
[B<-certfile file>] [B<-certfile file>]
[B<-certsout file>]
[B<-signer file>] [B<-signer file>]
[B<-recip file>] [B<-recip file>]
[B<-keyid>] [B<-keyid>]
@ -312,6 +313,10 @@ allows additional certificates to be specified. When signing these will
be included with the message. When verifying these will be searched for be included with the message. When verifying these will be searched for
the signers certificates. The certificates should be in PEM format. the signers certificates. The certificates should be in PEM format.
=item B<-certsout file>
any certificates contained in to the message are written to B<file>.
=item B<-signer file> =item B<-signer file>
a signing certificate when signing or resigning a message, this option can be a signing certificate when signing or resigning a message, this option can be

26
test/cms-examples.pl
View File

@ -78,17 +78,17 @@ elsif (-f "..\\out32\\openssl.exe")
my @test_list = ( my @test_list = (
[ "3.1.bin" => "dataout" ], [ "3.1.bin" => "dataout" ],
[ "3.2.bin" => "encode, dataout" ], [ "3.2.bin" => "encode, dataout" ],
[ "4.1.bin" => "encode, verifyder, content, dss" ], [ "4.1.bin" => "encode, verifyder, cont, dss" ],
[ "4.2.bin" => "encode, verifyder, cont, rsa" ], [ "4.2.bin" => "encode, verifyder, cont, rsa" ],
[ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
[ "4.4.bin" => "encode, verifyder, cont, dss" ], [ "4.4.bin" => "encode, verifyder, cont, dss" ],
[ "4.5.bin" => "verifyder, content, rsa" ], [ "4.5.bin" => "verifyder, cont, rsa" ],
[ "4.6.bin" => "encode, verifyder, cont, dss" ], [ "4.6.bin" => "encode, verifyder, cont, dss" ],
[ "4.7.bin" => "encode, verifyder, cont, dss" ], [ "4.7.bin" => "encode, verifyder, cont, dss" ],
[ "4.8.eml" => "verifymime, dss" ], [ "4.8.eml" => "verifymime, dss" ],
[ "4.9.eml" => "verifymime, dss" ], [ "4.9.eml" => "verifymime, dss" ],
[ "4.10.bin" => "encode, verifyder, cont, dss" ], [ "4.10.bin" => "encode, verifyder, cont, dss" ],
[ "4.11.bin" => "encode" ], [ "4.11.bin" => "encode, certsout" ],
[ "5.1.bin" => "encode, envelopeder, cont" ], [ "5.1.bin" => "encode, envelopeder, cont" ],
[ "5.2.bin" => "encode, envelopeder, cont" ], [ "5.2.bin" => "encode, envelopeder, cont" ],
[ "5.3.eml" => "envelopemime, cont" ], [ "5.3.eml" => "envelopemime, cont" ],
@ -151,6 +151,9 @@ foreach (@test_list) {
if ( $tlist =~ /encode/ ) { if ( $tlist =~ /encode/ ) {
run_reencode_test( $exdir, $file ); run_reencode_test( $exdir, $file );
} }
if ( $tlist =~ /certsout/ ) {
run_certsout_test( $exdir, $file );
}
if ( $tlist =~ /dataout/ ) { if ( $tlist =~ /dataout/ ) {
run_dataout_test( $exdir, $file ); run_dataout_test( $exdir, $file );
} }
@ -216,6 +219,23 @@ sub run_reencode_test {
} }
} }
sub run_certsout_test {
my ( $cmsdir, $tfile ) = @_;
unlink "tmp.der";
unlink "tmp.pem";
system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
. " -in $cmsdir/$tfile -out tmp.der" );
if ($?) {
print "\tCertificate output command FAILED!!\n";
$badtest++;
}
else {
print "\tCertificate output passed\n" if $verbose;
}
}
sub run_dataout_test { sub run_dataout_test {
my ( $cmsdir, $tfile ) = @_; my ( $cmsdir, $tfile ) = @_;
unlink "tmp.txt"; unlink "tmp.txt";