diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-06 18:43:40 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-01-18 15:38:13 +0000 |
| commit | 57912ed329f870b237f2fd9f2de8dec3477d1729 (patch) | |
| tree | 9f38f8edce44b775fc043c25d5fe9d96a5c53cb3 /apps/s_cb.c | |
| parent | e998f8aeb83885275aefbba59c811e48308b2771 (diff) | |
Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
Diffstat (limited to 'apps/s_cb.c')
| -rw-r--r-- | apps/s_cb.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index 710c99d076..865aa383e8 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1603,32 +1603,28 @@ static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls) { X509_CRL *crl; int i; - if (crls) + for (i = 0; i < sk_X509_CRL_num(crls); i++) { - for (i = 0; i < sk_X509_CRL_num(crls); i++) - { - crl = sk_X509_CRL_value(crls, i); - X509_STORE_add_crl(st, crl); - } + crl = sk_X509_CRL_value(crls, i); + X509_STORE_add_crl(st, crl); } return 1; } -int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls) +int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download) { X509_STORE *st; - if (crls) - { - st = SSL_CTX_get_cert_store(ctx); - add_crls_store(st, crls); - } + st = SSL_CTX_get_cert_store(ctx); + add_crls_store(st, crls); + if (crl_download) + store_setup_crl_download(st); return 1; } int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile, - STACK_OF(X509_CRL) *crls) + STACK_OF(X509_CRL) *crls, int crl_download) { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; @@ -1639,6 +1635,8 @@ int ssl_load_stores(SSL_CTX *ctx, goto err; add_crls_store(vfy, crls); SSL_CTX_set1_verify_cert_store(ctx, vfy); + if (crl_download) + store_setup_crl_download(vfy); } if (chCApath || chCAfile) { |