diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-06-30 15:56:35 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-06-30 15:56:35 +0000 |
| commit | db99779beef73075f37c191723e9e7ba525f119d (patch) | |
| tree | f5bd1e492dfc2a750fbaa497987f2737feff911e /apps | |
| parent | e5b2b0f91fbd4b1f743a9254c9af2e900f6d95fb (diff) | |
Use common verify parameters instead of the small ad-hoc subset in
s_client, s_server.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/s_client.c | 20 | ||||
| -rw-r--r-- | apps/s_server.c | 22 |
2 files changed, 22 insertions, 20 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index bd2a3b8633..a41a915ed4 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -383,7 +383,6 @@ int MAIN(int argc, char **argv) { int off=0; SSL *con=NULL; - X509_STORE *store = NULL; int s,k,width,state=0; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; @@ -404,7 +403,9 @@ int MAIN(int argc, char **argv) SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; int starttls_proto = PROTO_OFF; - int prexit = 0, vflags = 0; + int prexit = 0; + X509_VERIFY_PARAM *vpm = NULL; + int badarg = 0; const SSL_METHOD *meth=NULL; int socket_type=SOCK_STREAM; BIO *sbio; @@ -521,10 +522,12 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_format = str2fmt(*(++argv)); } - else if (strcmp(*argv,"-crl_check") == 0) - vflags |= X509_V_FLAG_CRL_CHECK; - else if (strcmp(*argv,"-crl_check_all") == 0) - vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) + { + if (badarg) + goto bad; + continue; + } else if (strcmp(*argv,"-verify_return_error") == 0) verify_return_error = 1; else if (strcmp(*argv,"-prexit") == 0) @@ -831,6 +834,9 @@ bad: goto end; } + if (vpm) + SSL_CTX_set1_param(ctx, vpm); + #ifndef OPENSSL_NO_ENGINE if (ssl_client_engine) { @@ -890,8 +896,6 @@ bad: /* goto end; */ } - store = SSL_CTX_get_cert_store(ctx); - X509_STORE_set_flags(store, vflags); #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { diff --git a/apps/s_server.c b/apps/s_server.c index 6c9e6baba4..456952ea7f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -835,8 +835,8 @@ static char *jpake_secret = NULL; int MAIN(int argc, char *argv[]) { - X509_STORE *store = NULL; - int vflags = 0; + X509_VERIFY_PARAM *vpm = NULL; + int badarg = 0; short port=PORT; char *CApath=NULL,*CAfile=NULL; unsigned char *context = NULL; @@ -1001,13 +1001,11 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } - else if (strcmp(*argv,"-crl_check") == 0) + else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { - vflags |= X509_V_FLAG_CRL_CHECK; - } - else if (strcmp(*argv,"-crl_check_all") == 0) - { - vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + if (badarg) + goto bad; + continue; } else if (strcmp(*argv,"-verify_return_error") == 0) verify_return_error = 1; @@ -1412,8 +1410,8 @@ bad: ERR_print_errors(bio_err); /* goto end; */ } - store = SSL_CTX_get_cert_store(ctx); - X509_STORE_set_flags(store, vflags); + if (vpm) + SSL_CTX_set1_param(ctx, vpm); #ifndef OPENSSL_NO_TLSEXT if (s_cert2) @@ -1464,8 +1462,8 @@ bad: { ERR_print_errors(bio_err); } - store = SSL_CTX_get_cert_store(ctx2); - X509_STORE_set_flags(store, vflags); + if (vpm) + SSL_CTX_set1_param(ctx2, vpm); } #endif |