Allow setting of verify depth in verify parameters (as opposed to the depth
implemented using the verify callback).
This commit is contained in:
Dr. Stephen Henson
parent
d2f6d28298
commit
9a5faeaa42
1 changed files with 19 additions and 1 deletions
20
apps/apps.c
20
apps/apps.c
|
|
@ -2192,7 +2192,7 @@ int args_verify(char ***pargs, int *pargc,
|
|||
ASN1_OBJECT *otmp = NULL;
|
||||
unsigned long flags = 0;
|
||||
int i;
|
||||
int purpose = 0;
|
||||
int purpose = 0, depth = -1;
|
||||
char **oldargs = *pargs;
|
||||
char *arg = **pargs, *argn = (*pargs)[1];
|
||||
if (!strcmp(arg, "-policy"))
|
||||
|
|
@ -2232,6 +2232,21 @@ int args_verify(char ***pargs, int *pargc,
|
|||
}
|
||||
(*pargs)++;
|
||||
}
|
||||
else if (strcmp(arg,"-verify_depth") == 0)
|
||||
{
|
||||
if (!argn)
|
||||
*badarg = 1;
|
||||
else
|
||||
{
|
||||
depth = atoi(argn);
|
||||
if(depth < 0)
|
||||
{
|
||||
BIO_printf(err, "invalid depth\n");
|
||||
*badarg = 1;
|
||||
}
|
||||
}
|
||||
(*pargs)++;
|
||||
}
|
||||
else if (!strcmp(arg, "-ignore_critical"))
|
||||
flags |= X509_V_FLAG_IGNORE_CRITICAL;
|
||||
else if (!strcmp(arg, "-issuer_checks"))
|
||||
|
|
@ -2283,6 +2298,9 @@ int args_verify(char ***pargs, int *pargc,
|
|||
if (purpose)
|
||||
X509_VERIFY_PARAM_set_purpose(*pm, purpose);
|
||||
|
||||
if (depth >= 0)
|
||||
X509_VERIFY_PARAM_set_depth(*pm, depth);
|
||||
|
||||
end:
|
||||
|
||||
(*pargs)++;
|
||||
|
|
|
|||
Loading…
Reference in a new issue