Don't display messages about verify depth in s_server if -quiet it set.

Add support for separate verify and chain stores in s_client.
author: Dr. Stephen Henson <steve@openssl.org> 2012-11-23 18:56:25 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-11-23 18:56:25 +0000
commit: a5afc0a8f43cb4ffea5db74b18abc0c6a5b9770c (patch)
tree: 3d0c478d7084191e55d12e4f27f231ce7dad7601 /apps/s_cb.c
parent: 20b431e3a94e57b916d7e1325217c3a2a6a186a0 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c
index c83687fb0b..aed718b1f6 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1671,3 +1671,32 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
 		}
 	return 1;
 	}
+
+int ssl_load_stores(SSL_CTX *ctx,
+			const char *vfyCApath, const char *vfyCAfile,
+			const char *chCApath, const char *chCAfile)
+	{
+	X509_STORE *vfy = NULL, *ch = NULL;
+	int rv = 0;
+	if (vfyCApath || vfyCAfile)
+		{
+		vfy = X509_STORE_new();
+		if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
+			goto err;
+		SSL_CTX_set1_verify_cert_store(ctx, vfy);
+		}
+	if (chCApath || chCAfile)
+		{
+		ch = X509_STORE_new();
+		if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
+			goto err;
+		SSL_CTX_set1_chain_cert_store(ctx, ch);
+		}
+	rv = 1;
+	err:
+	if (vfy)
+		X509_STORE_free(vfy);
+	if (ch)
+		X509_STORE_free(ch);
+	return rv;
+	}
author	Dr. Stephen Henson <steve@openssl.org>	2012-11-23 18:56:25 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-11-23 18:56:25 +0000
commit	a5afc0a8f43cb4ffea5db74b18abc0c6a5b9770c (patch)
tree	3d0c478d7084191e55d12e4f27f231ce7dad7601 /apps/s_cb.c
parent	20b431e3a94e57b916d7e1325217c3a2a6a186a0 (diff)