APPS: make sure the -CAfile argument can be in DER format

Note that PKCS#12 input is still not supported here- Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18917)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2022-07-29 11:31:39 +0200
committer: Hugo Landau <hlandau@openssl.org> 2023-04-27 15:45:38 +0100
commit: 57c0205b4df7d612a0333415dfc0a845c22e7458 (patch)
tree: 45f90c434cf45bda5ad5202e17e8ae7335f653b1 /apps
parent: 2786160731257540a957216aeb6431970bbce95f (diff)
download: openssl-new-57c0205b4df7d612a0333415dfc0a845c22e7458.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 69bf5b4e37..6f9bf4a6c8 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1379,8 +1379,12 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile,
         if (CAfile != NULL) {
             if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM,
                                          libctx, propq) <= 0) {
-                BIO_printf(bio_err, "Error loading file %s\n", CAfile);
-                goto end;
+                ERR_clear_error();
+                if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_ASN1,
+                                             libctx, propq) <= 0) {
+                    BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+                    goto end;
+                }
             }
         } else {
             X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT,
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2022-07-29 11:31:39 +0200
committer	Hugo Landau <hlandau@openssl.org>	2023-04-27 15:45:38 +0100
commit	57c0205b4df7d612a0333415dfc0a845c22e7458 (patch)
tree	45f90c434cf45bda5ad5202e17e8ae7335f653b1 /apps
parent	2786160731257540a957216aeb6431970bbce95f (diff)
download	openssl-new-57c0205b4df7d612a0333415dfc0a845c22e7458.tar.gz