Allow various X509_STORE_CTX properties to be

         *) applies to 0.9.6a (/0.9.6b) and 0.9.7

         *) applies to 0.9.6a (/0.9.6b) and 0.9.7

         +) applies to 0.9.7 only

         +) applies to 0.9.7 only

  +) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE

     structure. These are inherited by X509_STORE_CTX when it is 

     initialised. This allows various defaults to be set in the

     X509_STORE structure (such as flags for CRL checking and custom

     purpose or trust settings) for functions which only use X509_STORE_CTX

     internally such as S/MIME.

     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and

     trust settings if they are not set in X509_STORE. This allows X509_STORE

     purposes and trust (in S/MIME for example) to override any set by default.

     Add command line options for CRL checking to smime, s_client and s_server

     applications.

     [Steve Henson]

  +) Initial CRL based revocation checking. If the CRL checking flag(s)

  +) Initial CRL based revocation checking. If the CRL checking flag(s)

     are set then the CRL is looked up in the X509_STORE structure and

     are set then the CRL is looked up in the X509_STORE structure and

     its validity and signature checked, then if the certificate is found

     its validity and signature checked, then if the certificate is found

                                     copied!)

                                     copied!)

     [Bodo Moeller]

     [Bodo Moeller]

  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options

  *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode

     worked.

     worked.

  *) Fix problems with no-hmac etc.

  *) Fix problems with no-hmac etc.

	{

	{

	int off=0;

	int off=0;

	SSL *con=NULL,*con2=NULL;

	SSL *con=NULL,*con2=NULL;

	X509_STORE *store = NULL;

	int s,k,width,state=0;

	int s,k,width,state=0;

	char *cbuf=NULL,*sbuf=NULL;

	char *cbuf=NULL,*sbuf=NULL;

	int cbuf_len,cbuf_off;

	int cbuf_len,cbuf_off;

	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;

	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;

	SSL_CTX *ctx=NULL;

	SSL_CTX *ctx=NULL;

	int ret=1,in_init=1,i,nbio_test=0;

	int ret=1,in_init=1,i,nbio_test=0;

	int prexit = 0;

	int prexit = 0, vflags = 0;

	SSL_METHOD *meth=NULL;

	SSL_METHOD *meth=NULL;

	BIO *sbio;

	BIO *sbio;

	char *inrand=NULL;

	char *inrand=NULL;

			if (--argc < 1) goto bad;

			if (--argc < 1) goto bad;

			cert_file= *(++argv);

			cert_file= *(++argv);

			}

			}

		else if	(strcmp(*argv,"-crl_check") == 0)

			vflags |= X509_V_FLAG_CRL_CHECK;

		else if	(strcmp(*argv,"-crl_check_all") == 0)

			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

		else if	(strcmp(*argv,"-prexit") == 0)

		else if	(strcmp(*argv,"-prexit") == 0)

			prexit=1;

			prexit=1;

		else if	(strcmp(*argv,"-crlf") == 0)

		else if	(strcmp(*argv,"-crlf") == 0)

		/* goto end; */

		/* goto end; */

		}

		}

	store = SSL_CTX_get_cert_store(ctx);

	X509_STORE_set_flags(store, vflags);

	con=SSL_new(ctx);

	con=SSL_new(ctx);

#ifndef OPENSSL_NO_KRB5

#ifndef OPENSSL_NO_KRB5

int MAIN(int argc, char *argv[])

int MAIN(int argc, char *argv[])

	{

	{

	X509_STORE *store = NULL;

	int vflags = 0;

	short port=PORT;

	short port=PORT;

	char *CApath=NULL,*CAfile=NULL;

	char *CApath=NULL,*CAfile=NULL;

	char *context = NULL;

	char *context = NULL;

			if (--argc < 1) goto bad;

			if (--argc < 1) goto bad;

			CApath= *(++argv);

			CApath= *(++argv);

			}

			}

		else if (strcmp(*argv,"-crl_check") == 0)

			{

			vflags |= X509_V_FLAG_CRL_CHECK;

			}

		else if (strcmp(*argv,"-crl_check") == 0)

			{

			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

			}

		else if	(strcmp(*argv,"-serverpref") == 0)

		else if	(strcmp(*argv,"-serverpref") == 0)

			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }

			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }

		else if	(strcmp(*argv,"-cipher") == 0)

		else if	(strcmp(*argv,"-cipher") == 0)

		ERR_print_errors(bio_err);

		ERR_print_errors(bio_err);

		/* goto end; */

		/* goto end; */

		}

		}

	store = SSL_CTX_get_cert_store(ctx);

	X509_STORE_set_flags(store, vflags);

#ifndef OPENSSL_NO_DH

#ifndef OPENSSL_NO_DH

	if (!no_dhe)

	if (!no_dhe)

	STACK_OF(X509) *encerts = NULL, *other = NULL;

	STACK_OF(X509) *encerts = NULL, *other = NULL;

	BIO *in = NULL, *out = NULL, *indata = NULL;

	BIO *in = NULL, *out = NULL, *indata = NULL;

	int badarg = 0;

	int badarg = 0;

	int flags = PKCS7_DETACHED;

	int flags = PKCS7_DETACHED, store_flags = 0;

	char *to = NULL, *from = NULL, *subject = NULL;

	char *to = NULL, *from = NULL, *subject = NULL;

	char *CAfile = NULL, *CApath = NULL;

	char *CAfile = NULL, *CApath = NULL;

	char *passargin = NULL, *passin = NULL;

	char *passargin = NULL, *passin = NULL;

				flags |= PKCS7_BINARY;

				flags |= PKCS7_BINARY;

		else if (!strcmp (*args, "-nosigs"))

		else if (!strcmp (*args, "-nosigs"))

				flags |= PKCS7_NOSIGS;

				flags |= PKCS7_NOSIGS;

		else if (!strcmp (*args, "-crl_check"))

				store_flags |= X509_V_FLAG_CRL_CHECK;

		else if (!strcmp (*args, "-crl_check_all"))

				store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

		else if (!strcmp(*args,"-rand")) {

		else if (!strcmp(*args,"-rand")) {

			if (args[1]) {

			if (args[1]) {

				args++;

				args++;

		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");

		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");

		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");

		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");

		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");

		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");

		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");

		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");

		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");

		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");

		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");

		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");

		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

	if(operation == SMIME_VERIFY) {

	if(operation == SMIME_VERIFY) {

		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;

		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;

		X509_STORE_set_flags(store, store_flags);

	}

	}

	ret = 3;

	ret = 3;

	if(operation == SMIME_ENCRYPT) {

	if(operation == SMIME_ENCRYPT) {

		ERR_print_errors(bio_err);

		ERR_print_errors(bio_err);

		goto end;

		goto end;

		}

		}

	X509_STORE_set_flags(ctx, vflags);

	X509_STORE_CTX_init(csc,ctx,x,uchain);

	X509_STORE_CTX_init(csc,ctx,x,uchain);

	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);

	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);

	if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);

	if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);

	X509_STORE_CTX_set_flags(csc, vflags);

	i=X509_verify_cert(csc);

	i=X509_verify_cert(csc);

	X509_STORE_CTX_free(csc);

	X509_STORE_CTX_free(csc);