From 25f923ddd18d42a44081dff1ce45ed79ba5fd11f Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 9 Jan 2000 14:21:40 +0000
Subject: [PATCH] New function X509_CTX_rget_chain(), make SSL_SESSION_print()
 display return code. Remove references to 'TXT' in -inform and -outform
 switches.

---
 CHANGES                | 10 ++++++++++
 apps/crl.c             |  2 +-
 apps/crl2p7.c          |  6 +++---
 apps/dh.c              |  2 +-
 apps/dsaparam.c        |  2 +-
 apps/pkcs12.c          |  6 +-----
 apps/pkcs7.c           |  6 +++---
 apps/req.c             |  6 +++---
 apps/sess_id.c         |  2 +-
 crypto/x509/x509_vfy.c | 13 +++++++++++++
 crypto/x509/x509_vfy.h |  1 +
 ssl/ssl_lib.c          |  2 +-
 ssl/ssl_txt.c          |  7 ++++++-
 13 files changed, 45 insertions(+), 20 deletions(-)

diff --git a/CHANGES b/CHANGES
index 18e0c28e7b..49ed7aef5a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,16 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) New function X509_CTX_rget_chain(), this returns the chain
+     from an X509_CTX structure with a dup of the stack and all
+     the X509 reference counts upped: so the stack will exist
+     after X509_CTX_cleanup() has been called. Modify pkcs12.c
+     to use this.
+
+     Also make SSL_SESSION_print() print out the verify return
+     code.
+     [Steve Henson]
+
   *) Add manpage for the pkcs12 command. Also change the default
      behaviour so MAC iteration counts are used unless the new
      -nomaciter option is used. This improves file security and
diff --git a/apps/crl.c b/apps/crl.c
index c73b35db74..d91eb7fd80 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -75,7 +75,7 @@
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
-" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg     - input format - default PEM (DER or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -text           - print out a text format version\n",
 " -in arg         - input file - default stdin\n",
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 8634e3a1ec..8514be2a4f 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -76,7 +76,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -157,8 +157,8 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
diff --git a/apps/dh.c b/apps/dh.c
index d68b388085..e54cd29050 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -72,7 +72,7 @@
 #undef PROG
 #define PROG	dh_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 1b5380662d..7d4a12f562 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -73,7 +73,7 @@
 #undef PROG
 #define PROG	dsaparam_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 800e2a8406..a48f8c2d8b 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -607,11 +607,7 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
 		i = X509_STORE_CTX_get_error (&store_ctx);
 		goto err;
 	}
-	chn =  sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx));
-	for (i = 0; i < sk_X509_num(chn); i++) {
-		x = sk_X509_value(chn, i);
-		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-	}
+	chn =  X509_STORE_CTX_rget_chain(&store_ctx);
 	i = 0;
 	*chain = chn;
 err:
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index c1973646cd..d7feafd2f5 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -71,7 +71,7 @@
 #undef PROG
 #define PROG	pkcs7_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -145,8 +145,8 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
diff --git a/apps/req.c b/apps/req.c
index 78e3edcaea..5d4092507b 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -91,7 +91,7 @@
 #undef PROG
 #define PROG	req_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -377,8 +377,8 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options  are\n");
-		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -text          text form of request\n");
diff --git a/apps/sess_id.c b/apps/sess_id.c
index 8ac118d4a1..3d363d13eb 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -72,7 +72,7 @@
 static char *sess_id_usage[]={
 "usage: sess_id args\n",
 "\n",
-" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg     - input format - default PEM (DER or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2668bd1959..e45c0324a0 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -717,6 +717,19 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
 	return(ctx->chain);
 	}
 
+STACK_OF(X509) *X509_STORE_CTX_rget_chain(X509_STORE_CTX *ctx)
+	{
+	int i;
+	X509 *x;
+	STACK_OF(X509) *chain;
+	if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
+	for(i = 0; i < sk_X509_num(chain); i++) {
+		x = sk_X509_value(chain, i);
+		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+	}
+	return(chain);
+	}
+
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
 	{
 	ctx->cert=x;
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 3e97df14ee..7c7a9c2b80 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -347,6 +347,7 @@ void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
 int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
 X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_rget_chain(X509_STORE_CTX *ctx);
 void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
 void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 02f8d11256..3770bdf0f5 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -910,7 +910,7 @@ const char *SSL_get_cipher_list(SSL *s,int n)
 	return(c->name);
 	}
 
-/** specify the ciphers to be used by defaut by the SSL_CTX */
+/** specify the ciphers to be used by default by the SSL_CTX */
 int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
 	{
 	STACK_OF(SSL_CIPHER) *sk;
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index ca67a98d89..7e27857bcf 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -112,7 +112,7 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
 		sprintf(str,"%02X",x->session_id[i]);
 		if (BIO_puts(bp,str) <= 0) goto err;
 		}
-	if (BIO_puts(bp,"\nSession-ID-ctx: ") <= 0) goto err;
+	if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;
 	for (i=0; i<x->sid_ctx_length; i++)
 		{
 		sprintf(str,"%02X",x->sid_ctx[i]);
@@ -163,6 +163,11 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
 		if (BIO_puts(bp,str) <= 0) goto err;
 		}
 	if (BIO_puts(bp,"\n") <= 0) goto err;
+
+	if (BIO_puts(bp, "    Verify return code ") <= 0) goto err;
+	sprintf(str, "%ld (%s)\n", x->verify_result, 
+			X509_verify_cert_error_string(x->verify_result));
+	if (BIO_puts(bp,str) <= 0) goto err;
 		
 	return(1);
 err:
-- 
GitLab