mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 23:14:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use common verify parameters instead of the small ad-hoc subset in

Browse Source 
s_client, s_server.
This commit is contained in:
Dr. Stephen Henson 2009-06-30 15:56:35 +00:00
parent e5b2b0f91f
commit db99779bee
2 changed files with 22 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/s_client.c
View File

@ -383,7 +383,6 @@ int MAIN(int argc, char **argv)
{ {
int off=0; int off=0;
SSL *con=NULL; SSL *con=NULL;
X509_STORE *store = NULL;
int s,k,width,state=0; int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off; int cbuf_len,cbuf_off;
@ -404,7 +403,9 @@ int MAIN(int argc, char **argv)
SSL_CTX *ctx=NULL; SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0; int ret=1,in_init=1,i,nbio_test=0;
int starttls_proto = PROTO_OFF; int starttls_proto = PROTO_OFF;
int prexit = 0, vflags = 0; int prexit = 0;
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
const SSL_METHOD *meth=NULL; const SSL_METHOD *meth=NULL;
int socket_type=SOCK_STREAM; int socket_type=SOCK_STREAM;
BIO *sbio; BIO *sbio;
@ -521,10 +522,12 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
cert_format = str2fmt(*(++argv)); cert_format = str2fmt(*(++argv));
} }
else if (strcmp(*argv,"-crl_check") == 0) else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
vflags |= X509_V_FLAG_CRL_CHECK; {
else if (strcmp(*argv,"-crl_check_all") == 0) if (badarg)
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; goto bad;
continue;
}
else if (strcmp(*argv,"-verify_return_error") == 0) else if (strcmp(*argv,"-verify_return_error") == 0)
verify_return_error = 1; verify_return_error = 1;
else if (strcmp(*argv,"-prexit") == 0) else if (strcmp(*argv,"-prexit") == 0)
@ -831,6 +834,9 @@ bad:
goto end; goto end;
} }
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine) if (ssl_client_engine)
{ {
@ -890,8 +896,6 @@ bad:
/* goto end; */ /* goto end; */
} }
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_set_flags(store, vflags);
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (servername != NULL) if (servername != NULL)
{ {

22
apps/s_server.c
View File

@ -835,8 +835,8 @@ static char *jpake_secret = NULL;
int MAIN(int argc, char *argv[]) int MAIN(int argc, char *argv[])
{ {
X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL;
int vflags = 0; int badarg = 0;
short port=PORT; short port=PORT;
char *CApath=NULL,*CAfile=NULL; char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL; unsigned char *context = NULL;
@ -1001,13 +1001,11 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
CApath= *(++argv); CApath= *(++argv);
} }
else if (strcmp(*argv,"-crl_check") == 0) else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
{ {
vflags |= X509_V_FLAG_CRL_CHECK; if (badarg)
} goto bad;
else if (strcmp(*argv,"-crl_check_all") == 0) continue;
{
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
} }
else if (strcmp(*argv,"-verify_return_error") == 0) else if (strcmp(*argv,"-verify_return_error") == 0)
verify_return_error = 1; verify_return_error = 1;
@ -1412,8 +1410,8 @@ bad:
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
/* goto end; */ /* goto end; */
} }
store = SSL_CTX_get_cert_store(ctx); if (vpm)
X509_STORE_set_flags(store, vflags); SSL_CTX_set1_param(ctx, vpm);
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (s_cert2) if (s_cert2)
@ -1464,8 +1462,8 @@ bad:
{ {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} }
store = SSL_CTX_get_cert_store(ctx2); if (vpm)
X509_STORE_set_flags(store, vflags); SSL_CTX_set1_param(ctx2, vpm);
} }
#endif #endif