diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-02 16:16:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-02 16:16:28 +0000 |
commit | fdb78f3d8867c9b0c21608840ce0bd3135bcd710 (patch) | |
tree | 52488ff5454690b376d5e1f4b65aeb7d67178db5 /apps/s_cb.c | |
parent | 95ea53186413c293d981ec1b042954a5fa47d8b7 (diff) |
New option to add CRLs for s_client and s_server.
Diffstat (limited to 'apps/s_cb.c')
-rw-r--r-- | apps/s_cb.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index 0759c8a7c9..e0289d41dd 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -293,7 +293,6 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, ERR_print_errors(bio_err); return 0; } - return 1; } @@ -1670,9 +1669,36 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, return 1; } +static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls) + { + X509_CRL *crl; + int i; + if (crls) + { + for (i = 0; i < sk_X509_CRL_num(crls); i++) + { + crl = sk_X509_CRL_value(crls, i); + X509_STORE_add_crl(st, crl); + } + } + return 1; + } + +int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls) + { + X509_STORE *st; + if (crls) + { + st = SSL_CTX_get_cert_store(ctx); + add_crls_store(st, crls); + } + return 1; + } + int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, const char *vfyCAfile, - const char *chCApath, const char *chCAfile) + const char *chCApath, const char *chCAfile, + STACK_OF(X509_CRL) *crls) { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; @@ -1681,6 +1707,7 @@ int ssl_load_stores(SSL_CTX *ctx, vfy = X509_STORE_new(); if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) goto err; + add_crls_store(vfy, crls); SSL_CTX_set1_verify_cert_store(ctx, vfy); } if (chCApath || chCAfile) |