Initial support for certificate purpose checking: this will

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

  *) Add various functions that can check a certificate's extensions

     to see if it usable for various purposes such as SSL client,

     server or S/MIME and CAs of these types. This is currently 

     VERY EXPERIMENTAL but will ultimately be used for certificate chain

     verification. Also added a -purpose flag to x509 utility to

     print out all the purposes.

     [Steve Henson]

  *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated

     functions.

     [Steve Henson]

" -issuer         - print issuer DN\n",

" -startdate      - notBefore field\n",

" -enddate        - notAfter field\n",

" -purpose        - print out certificate purposes\n",

" -dates          - both Before and After dates\n",

" -modulus        - print the RSA key modulus\n",

" -fingerprint    - print the certificate fingerprint\n",

static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,

			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,

			 int create,int days, LHASH *conf, char *section);

static int efunc(X509_PURPOSE *pt, void *arg);

static int reqfile=0;

typedef struct {

BIO *bio;

X509 *cert;

} X509_PPRINT;

int MAIN(int argc, char **argv)

	{

	int ret=1;

	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;

	int C=0;

	int x509req=0,days=DEF_DAYS,modulus=0;

	int pprint = 0;

	char **pp;

	X509_STORE *ctx=NULL;

	X509_REQ *rq=NULL;

			startdate= ++num;

			enddate= ++num;

			}

		else if (strcmp(*argv,"-purpose") == 0)

			pprint= ++num;

		else if (strcmp(*argv,"-startdate") == 0)

			startdate= ++num;

		else if (strcmp(*argv,"-enddate") == 0)

	ERR_load_crypto_strings();

	X509V3_add_standard_extensions();

	X509_PURPOSE_add_standard();

	if (!X509_STORE_set_default_paths(ctx))

		{

				{

				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));

				}

			else if (pprint == i)

				{

				X509_PPRINT ptmp;

				ptmp.bio = STDout;

				ptmp.cert = x;

				BIO_printf(STDout, "Certificate purposes:\n");

				X509_PURPOSE_enum(efunc, &ptmp);

				}

			else

				if (modulus == i)

				{

	ERR_print_errors(bio_err);

	return(0);

	}

static int efunc(X509_PURPOSE *pt, void *arg)

{

	X509_PPRINT *ptmp;

	int id, i, idret;

	char *pname;

	ptmp = arg;

	id = X509_PURPOSE_get_id(pt);

	pname = X509_PURPOSE_get_name(pt);

	for(i = 0; i < 2; i++) {

		idret = X509_check_purpose(ptmp->cert, id, i);

		BIO_printf(ptmp->bio, "%s%s : ", pname, i ? " CA" : ""); 

		if(idret == 1) BIO_printf(ptmp->bio, "Yes\n");

		else if (idret == 0) BIO_printf(ptmp->bio, "No\n");

		else BIO_printf(ptmp->bio, "Yes (WARNING code=%d)\n", idret);

	}

	return 1;

}

	M_ASN1_New_Malloc(ret,X509);

	ret->references=1;

	ret->valid=0;

	ret->ex_flags = 0;

	ret->name=NULL;

	M_ASN1_New(ret->cert_info,X509_CINF_new);

	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);

	int references;

	char *name;

	CRYPTO_EX_DATA ex_data;

	/* These contain copies of various extension values */

	long ex_pathlen;

	unsigned long ex_flags;

	unsigned long ex_kusage;

	unsigned long ex_xkusage;

	unsigned long ex_nscert;

	} X509;

DECLARE_STACK_OF(X509)

LIB=$(TOP)/libcrypto.a

LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \

v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \

v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c

v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c

LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \

v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \

v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o

v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o

SRC= $(LIBSRC)