diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-30 16:27:15 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-30 16:27:15 +0000 |
commit | 3341b820cc9b9632f4e764306988d29940d17c23 (patch) | |
tree | 1e6d1d86c411efbafe26f6f55be3f7c4097ea554 /apps/s_cb.c | |
parent | ede5f6cf7484637cd6ee0c3a302993f18dd55c65 (diff) |
add support for separate verify can chain stores to s_client (backport from HEAD)
Diffstat (limited to 'apps/s_cb.c')
-rw-r--r-- | apps/s_cb.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index e760289f9d..c876adf3e9 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1599,3 +1599,33 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, #endif return 1; } + +int ssl_load_stores(SSL_CTX *ctx, + const char *vfyCApath, const char *vfyCAfile, + const char *chCApath, const char *chCAfile) + { + X509_STORE *vfy = NULL, *ch = NULL; + int rv = 0; + if (vfyCApath || vfyCAfile) + { + vfy = X509_STORE_new(); + if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) + goto err; + SSL_CTX_set1_verify_cert_store(ctx, vfy); + } + if (chCApath || chCAfile) + { + ch = X509_STORE_new(); + if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) + goto err; + /*X509_STORE_set_verify_cb(ch, verify_callback);*/ + SSL_CTX_set1_chain_cert_store(ctx, ch); + } + rv = 1; + err: + if (vfy) + X509_STORE_free(vfy); + if (ch) + X509_STORE_free(ch); + return rv; + } |