diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-02 16:16:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-01-18 14:37:14 +0000 |
commit | e318431e5408a341b582cf14159220a0d1346886 (patch) | |
tree | 10a30bf9cbdaa4b0b160845c9a79b1d9f9c79ac3 /apps/s_server.c | |
parent | 6a10f38daacb59fa3d61c61b91961fb132c9b193 (diff) |
New option to add CRLs for s_client and s_server.
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 2b8754bbf5..acc124538a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -986,6 +986,11 @@ int MAIN(int argc, char *argv[]) SSL_EXCERT *exc = NULL; SSL_CONF_CTX *cctx = NULL; STACK_OF(OPENSSL_STRING) *ssl_args = NULL; + + char *crl_file = NULL; + int crl_format = FORMAT_PEM; + STACK_OF(X509_CRL) *crls = NULL; + meth=SSLv23_server_method(); local_argc=argc; @@ -1051,6 +1056,11 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_cert_file= *(++argv); } + else if (strcmp(*argv,"-CRL") == 0) + { + if (--argc < 1) goto bad; + crl_file= *(++argv); + } #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-authz") == 0) { @@ -1146,6 +1156,11 @@ int MAIN(int argc, char *argv[]) } else if (strcmp(*argv,"-no_cache") == 0) no_cache = 1; + else if (strcmp(*argv,"-CRLform") == 0) + { + if (--argc < 1) goto bad; + crl_format = str2fmt(*(++argv)); + } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { if (badarg) @@ -1508,6 +1523,26 @@ bad: } #endif + if (crl_file) + { + X509_CRL *crl; + crl = load_crl(crl_file, crl_format); + if (!crl) + { + BIO_puts(bio_err, "Error loading CRL\n"); + ERR_print_errors(bio_err); + goto end; + } + crls = sk_X509_CRL_new_null(); + if (!crls || !sk_X509_CRL_push(crls, crl)) + { + BIO_puts(bio_err, "Error adding CRL\n"); + ERR_print_errors(bio_err); + X509_CRL_free(crl); + goto end; + } + } + if (s_dcert_file) { @@ -1641,10 +1676,12 @@ bad: if (vpm) SSL_CTX_set1_param(ctx, vpm); + ssl_ctx_add_crls(ctx, crls); + if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake)) goto end; - if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile)) + if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls)) { BIO_printf(bio_err, "Error loading store locations\n"); ERR_print_errors(bio_err); @@ -1705,8 +1742,11 @@ bad: if (vpm) SSL_CTX_set1_param(ctx2, vpm); + ssl_ctx_add_crls(ctx2, crls); + if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake)) goto end; + } # ifndef OPENSSL_NO_NEXTPROTONEG @@ -1968,6 +2008,8 @@ end: if (ctx != NULL) SSL_CTX_free(ctx); if (s_cert) X509_free(s_cert); + if (crls) + sk_X509_CRL_pop_free(crls, X509_CRL_free); if (s_dcert) X509_free(s_dcert); if (s_key) |