diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-11-23 18:56:25 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-11-23 18:56:25 +0000 |
commit | a5afc0a8f43cb4ffea5db74b18abc0c6a5b9770c (patch) | |
tree | 3d0c478d7084191e55d12e4f27f231ce7dad7601 /apps/s_cb.c | |
parent | 20b431e3a94e57b916d7e1325217c3a2a6a186a0 (diff) |
Don't display messages about verify depth in s_server if -quiet it set.
Add support for separate verify and chain stores in s_client.
Diffstat (limited to 'apps/s_cb.c')
-rw-r--r-- | apps/s_cb.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index c83687fb0b..aed718b1f6 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1671,3 +1671,32 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, } return 1; } + +int ssl_load_stores(SSL_CTX *ctx, + const char *vfyCApath, const char *vfyCAfile, + const char *chCApath, const char *chCAfile) + { + X509_STORE *vfy = NULL, *ch = NULL; + int rv = 0; + if (vfyCApath || vfyCAfile) + { + vfy = X509_STORE_new(); + if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) + goto err; + SSL_CTX_set1_verify_cert_store(ctx, vfy); + } + if (chCApath || chCAfile) + { + ch = X509_STORE_new(); + if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) + goto err; + SSL_CTX_set1_chain_cert_store(ctx, ch); + } + rv = 1; + err: + if (vfy) + X509_STORE_free(vfy); + if (ch) + X509_STORE_free(ch); + return rv; + } |