Add code to download CRLs based on CRLDP extension.

Just a sample, real world applications would have to be cleverer.
author: Dr. Stephen Henson <steve@openssl.org> 2012-12-06 18:43:40 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-01-18 15:38:13 +0000
commit: 57912ed329f870b237f2fd9f2de8dec3477d1729 (patch)
tree: 9f38f8edce44b775fc043c25d5fe9d96a5c53cb3 /apps/s_client.c
parent: e998f8aeb83885275aefbba59c811e48308b2771 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index edd06fc02b..8fe2c56f2a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -638,6 +638,7 @@ static char *jpake_secret = NULL;
 
 	char *crl_file = NULL;
 	int crl_format = FORMAT_PEM;
+	int crl_download = 0;
 	STACK_OF(X509_CRL) *crls = NULL;
 
 	meth=SSLv23_client_method();
@@ -714,6 +715,8 @@ static char *jpake_secret = NULL;
 			if (--argc < 1) goto bad;
 			crl_file= *(++argv);
 			}
+		else if	(strcmp(*argv,"-crl_download") == 0)
+			crl_download = 1;
 		else if	(strcmp(*argv,"-sess_out") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -1193,7 +1196,8 @@ bad:
 		goto end;
 		}
 
-	if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
+	if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+						crls, crl_download))
 		{
 		BIO_printf(bio_err, "Error loading store locations\n");
 		ERR_print_errors(bio_err);
@@ -1255,7 +1259,7 @@ bad:
 		/* goto end; */
 		}
 
-	ssl_ctx_add_crls(ctx, crls);
+	ssl_ctx_add_crls(ctx, crls, crl_download);
 	if (!set_cert_key_stuff(ctx,cert,key,chain,build_chain))
 		goto end;
author	Dr. Stephen Henson <steve@openssl.org>	2012-12-06 18:43:40 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-01-18 15:38:13 +0000
commit	57912ed329f870b237f2fd9f2de8dec3477d1729 (patch)
tree	9f38f8edce44b775fc043c25d5fe9d96a5c53cb3 /apps/s_client.c
parent	e998f8aeb83885275aefbba59c811e48308b2771 (diff)