Remove purpose checks in smime_keys.pl verify step.

The purpose checks are subsequently performed, and added as a field to
the .index.  In any case, it turns out passing multiple '-purpose'
arguments isn't even correct: openssl appears to just use the last
one.

Thanks to David J. Weller-Fahy for reporting the problem, and for
including a possible patch.

diff --git a/smime_keys.pl b/smime_keys.pl
index fdab3856fcaefd479d8c3137e621b8aa7aa50b0e..f9b9ec573d7b9d7e847bcdbddd7a6d0e815549f5 100755 (executable)
--- a/smime_keys.pl
+++ b/smime_keys.pl
@@ -425,8 +425,7 @@ sub openssl_verify ($$) {
   my ($issuer_path, $cert_path) = @_;
 
   my @args = ("verify", $root_certs_switch, $root_certs_path,
-              "-purpose", "smimesign", "-purpose", "smimeencrypt", "-untrusted",
-              $issuer_path, $cert_path);
+              "-untrusted", $issuer_path, $cert_path);
   my $output = join("", openssl_exec(@args));
 
   chomp($output);