2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include "internal/cryptlib.h"
15 #include <openssl/buffer.h>
16 #include <openssl/x509.h>
17 #include <openssl/pem.h>
20 static int by_file_ctrl(X509_LOOKUP
*ctx
, int cmd
, const char *argc
,
21 long argl
, char **ret
);
22 static X509_LOOKUP_METHOD x509_file_lookup
= {
23 "Load file into cache",
28 by_file_ctrl
, /* ctrl */
29 NULL
, /* get_by_subject */
30 NULL
, /* get_by_issuer_serial */
31 NULL
, /* get_by_fingerprint */
32 NULL
, /* get_by_alias */
35 X509_LOOKUP_METHOD
*X509_LOOKUP_file(void)
37 return (&x509_file_lookup
);
40 static int by_file_ctrl(X509_LOOKUP
*ctx
, int cmd
, const char *argp
,
41 long argl
, char **ret
)
47 case X509_L_FILE_LOAD
:
48 if (argl
== X509_FILETYPE_DEFAULT
) {
49 file
= getenv(X509_get_default_cert_file_env());
51 ok
= (X509_load_cert_crl_file(ctx
, file
,
52 X509_FILETYPE_PEM
) != 0);
55 ok
= (X509_load_cert_crl_file
56 (ctx
, X509_get_default_cert_file(),
57 X509_FILETYPE_PEM
) != 0);
60 X509err(X509_F_BY_FILE_CTRL
, X509_R_LOADING_DEFAULTS
);
63 if (argl
== X509_FILETYPE_PEM
)
64 ok
= (X509_load_cert_crl_file(ctx
, argp
,
65 X509_FILETYPE_PEM
) != 0);
67 ok
= (X509_load_cert_file(ctx
, argp
, (int)argl
) != 0);
74 int X509_load_cert_file(X509_LOOKUP
*ctx
, const char *file
, int type
)
81 in
= BIO_new(BIO_s_file());
83 if ((in
== NULL
) || (BIO_read_filename(in
, file
) <= 0)) {
84 X509err(X509_F_X509_LOAD_CERT_FILE
, ERR_R_SYS_LIB
);
88 if (type
== X509_FILETYPE_PEM
) {
90 x
= PEM_read_bio_X509_AUX(in
, NULL
, NULL
, "");
92 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
93 PEM_R_NO_START_LINE
) && (count
> 0)) {
97 X509err(X509_F_X509_LOAD_CERT_FILE
, ERR_R_PEM_LIB
);
101 i
= X509_STORE_add_cert(ctx
->store_ctx
, x
);
109 } else if (type
== X509_FILETYPE_ASN1
) {
110 x
= d2i_X509_bio(in
, NULL
);
112 X509err(X509_F_X509_LOAD_CERT_FILE
, ERR_R_ASN1_LIB
);
115 i
= X509_STORE_add_cert(ctx
->store_ctx
, x
);
120 X509err(X509_F_X509_LOAD_CERT_FILE
, X509_R_BAD_X509_FILETYPE
);
124 X509err(X509_F_X509_LOAD_CERT_FILE
, X509_R_NO_CERTIFICATE_FOUND
);
131 int X509_load_crl_file(X509_LOOKUP
*ctx
, const char *file
, int type
)
138 in
= BIO_new(BIO_s_file());
140 if ((in
== NULL
) || (BIO_read_filename(in
, file
) <= 0)) {
141 X509err(X509_F_X509_LOAD_CRL_FILE
, ERR_R_SYS_LIB
);
145 if (type
== X509_FILETYPE_PEM
) {
147 x
= PEM_read_bio_X509_CRL(in
, NULL
, NULL
, "");
149 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
150 PEM_R_NO_START_LINE
) && (count
> 0)) {
154 X509err(X509_F_X509_LOAD_CRL_FILE
, ERR_R_PEM_LIB
);
158 i
= X509_STORE_add_crl(ctx
->store_ctx
, x
);
166 } else if (type
== X509_FILETYPE_ASN1
) {
167 x
= d2i_X509_CRL_bio(in
, NULL
);
169 X509err(X509_F_X509_LOAD_CRL_FILE
, ERR_R_ASN1_LIB
);
172 i
= X509_STORE_add_crl(ctx
->store_ctx
, x
);
177 X509err(X509_F_X509_LOAD_CRL_FILE
, X509_R_BAD_X509_FILETYPE
);
181 X509err(X509_F_X509_LOAD_CRL_FILE
, X509_R_NO_CRL_FOUND
);
188 int X509_load_cert_crl_file(X509_LOOKUP
*ctx
, const char *file
, int type
)
190 STACK_OF(X509_INFO
) *inf
;
195 if (type
!= X509_FILETYPE_PEM
)
196 return X509_load_cert_file(ctx
, file
, type
);
197 in
= BIO_new_file(file
, "r");
199 X509err(X509_F_X509_LOAD_CERT_CRL_FILE
, ERR_R_SYS_LIB
);
202 inf
= PEM_X509_INFO_read_bio(in
, NULL
, NULL
, "");
205 X509err(X509_F_X509_LOAD_CERT_CRL_FILE
, ERR_R_PEM_LIB
);
208 for (i
= 0; i
< sk_X509_INFO_num(inf
); i
++) {
209 itmp
= sk_X509_INFO_value(inf
, i
);
211 if (!X509_STORE_add_cert(ctx
->store_ctx
, itmp
->x509
))
216 if (!X509_STORE_add_crl(ctx
->store_ctx
, itmp
->crl
))
222 X509err(X509_F_X509_LOAD_CERT_CRL_FILE
,
223 X509_R_NO_CERTIFICATE_OR_CRL_FOUND
);
225 sk_X509_INFO_pop_free(inf
, X509_INFO_free
);