add support for separate verify can chain stores to s_client (backport from HEAD)

author: Dr. Stephen Henson <steve@openssl.org> 2012-12-30 16:27:15 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-12-30 16:27:15 +0000
commit: 3341b820cc9b9632f4e764306988d29940d17c23 (patch)
tree: 1e6d1d86c411efbafe26f6f55be3f7c4097ea554 /apps/s_cb.c
parent: ede5f6cf7484637cd6ee0c3a302993f18dd55c65 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c
index e760289f9d..c876adf3e9 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1599,3 +1599,33 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
 #endif
 	return 1;
 	}
+
+int ssl_load_stores(SSL_CTX *ctx,
+			const char *vfyCApath, const char *vfyCAfile,
+			const char *chCApath, const char *chCAfile)
+	{
+	X509_STORE *vfy = NULL, *ch = NULL;
+	int rv = 0;
+	if (vfyCApath || vfyCAfile)
+		{
+		vfy = X509_STORE_new();
+		if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
+			goto err;
+		SSL_CTX_set1_verify_cert_store(ctx, vfy);
+		}
+	if (chCApath || chCAfile)
+		{
+		ch = X509_STORE_new();
+		if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
+			goto err;
+		/*X509_STORE_set_verify_cb(ch, verify_callback);*/
+		SSL_CTX_set1_chain_cert_store(ctx, ch);
+		}
+	rv = 1;
+	err:
+	if (vfy)
+		X509_STORE_free(vfy);
+	if (ch)
+		X509_STORE_free(ch);
+	return rv;
+	}
author	Dr. Stephen Henson <steve@openssl.org>	2012-12-30 16:27:15 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-12-30 16:27:15 +0000
commit	3341b820cc9b9632f4e764306988d29940d17c23 (patch)
tree	1e6d1d86c411efbafe26f6f55be3f7c4097ea554 /apps/s_cb.c
parent	ede5f6cf7484637cd6ee0c3a302993f18dd55c65 (diff)