diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-30 16:27:15 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-30 16:27:15 +0000 |
| commit | 3341b820cc9b9632f4e764306988d29940d17c23 (patch) | |
| tree | 1e6d1d86c411efbafe26f6f55be3f7c4097ea554 /apps/s_client.c | |
| parent | ede5f6cf7484637cd6ee0c3a302993f18dd55c65 (diff) | |
add support for separate verify can chain stores to s_client (backport from HEAD)
Diffstat (limited to 'apps/s_client.c')
| -rw-r--r-- | apps/s_client.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 6df4e92a4d..1be3028cfc 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -577,6 +577,8 @@ int MAIN(int argc, char **argv) EVP_PKEY *key = NULL; STACK_OF(X509) *chain = NULL; char *CApath=NULL,*CAfile=NULL; + char *chCApath=NULL,*chCAfile=NULL; + char *vfyCApath=NULL,*vfyCAfile=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE; int crlf=0; int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; @@ -895,6 +897,16 @@ static char *jpake_secret = NULL; if (--argc < 1) goto bad; CApath= *(++argv); } + else if (strcmp(*argv,"-chainCApath") == 0) + { + if (--argc < 1) goto bad; + chCApath= *(++argv); + } + else if (strcmp(*argv,"-verifyCApath") == 0) + { + if (--argc < 1) goto bad; + vfyCApath= *(++argv); + } else if (strcmp(*argv,"-build_chain") == 0) build_chain = 1; else if (strcmp(*argv,"-CAfile") == 0) @@ -902,6 +914,16 @@ static char *jpake_secret = NULL; if (--argc < 1) goto bad; CAfile= *(++argv); } + else if (strcmp(*argv,"-chainCAfile") == 0) + { + if (--argc < 1) goto bad; + chCAfile= *(++argv); + } + else if (strcmp(*argv,"-verifyCAfile") == 0) + { + if (--argc < 1) goto bad; + vfyCAfile= *(++argv); + } #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-nextprotoneg") == 0) @@ -1137,6 +1159,13 @@ bad: goto end; } + if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile)) + { + BIO_printf(bio_err, "Error loading store locations\n"); + ERR_print_errors(bio_err); + goto end; + } + #ifndef OPENSSL_NO_ENGINE if (ssl_client_engine) { |