Allow setting of verify depth in verify parameters (as opposed to the depth

implemented using the verify callback).

Allow setting of verify depth in verify parameters (as opposed to the depth
implemented using the verify callback).
9a5faeaa · Dr. Stephen Henson · d2f6d282 · 9a5faeaa
隐藏空白更改
内联并排

Showing with 19 addition and 1 deletion

apps/apps.c apps/apps.c +19 -1

未找到文件。
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2192,7 +2192,7 @@ int args_verify(char ***pargs, int *pargc,
 	ASN1_OBJECT *otmp = NULL;
 	unsigned long flags = 0;
 	int i;
-	int purpose = 0;
+	int purpose = 0, depth = -1;
 	char **oldargs = *pargs;
 	char *arg = **pargs, *argn = (*pargs)[1];
 	if (!strcmp(arg, "-policy"))
@@ -2232,6 +2232,21 @@ int args_verify(char ***pargs, int *pargc,
 			}
 		(*pargs)++;
 		}
+	else if (strcmp(arg,"-verify_depth") == 0)
+		{
+		if (!argn)
+			*badarg = 1;
+		else
+			{
+			depth = atoi(argn);
+			if(depth < 0)
+				{
+				BIO_printf(err, "invalid depth\n");
+				*badarg = 1;
+				}
+			}
+		(*pargs)++;
+		}
 	else if (!strcmp(arg, "-ignore_critical"))
 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
 	else if (!strcmp(arg, "-issuer_checks"))
@@ -2283,6 +2298,9 @@ int args_verify(char ***pargs, int *pargc,
 	if (purpose)
 		X509_VERIFY_PARAM_set_purpose(*pm, purpose);

+	if (depth >= 0)
+		X509_VERIFY_PARAM_set_depth(*pm, depth);
+
 	end:

 	(*pargs)++;