From 5d20c4fb3582a0e6cbf8513c94c60e4cd326716d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 17 Sep 2006 17:16:28 +0000
Subject: Overhaul of by_dir code to handle dynamic loading of CRLs.

---
 apps/s_cb.c     | 4 +++-
 apps/s_client.c | 3 +++
 apps/s_server.c | 4 +++-
 3 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'apps')

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 573f98cea6..6d322d4f40 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -123,6 +123,7 @@
 
 int verify_depth=0;
 int verify_error=X509_V_OK;
+int verify_return_error=0;
 
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
@@ -142,7 +143,8 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 			X509_verify_cert_error_string(err));
 		if (verify_depth >= depth)
 			{
-			ok=1;
+			if (!verify_return_error)
+				ok=1;
 			verify_error=X509_V_OK;
 			}
 		else
diff --git a/apps/s_client.c b/apps/s_client.c
index d105a7413e..3515070489 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -187,6 +187,7 @@ typedef unsigned int u_int;
 
 extern int verify_depth;
 extern int verify_error;
+extern int verify_return_error;
 
 #ifdef FIONBIO
 static int c_nbio=0;
@@ -478,6 +479,8 @@ int MAIN(int argc, char **argv)
 			vflags |= X509_V_FLAG_CRL_CHECK;
 		else if	(strcmp(*argv,"-crl_check_all") == 0)
 			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+		else if (strcmp(*argv,"-verify_return_error") == 0)
+			verify_return_error = 1;
 		else if	(strcmp(*argv,"-prexit") == 0)
 			prexit=1;
 		else if	(strcmp(*argv,"-crlf") == 0)
diff --git a/apps/s_server.c b/apps/s_server.c
index a294ed343d..ac43e5aac1 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -258,7 +258,7 @@ static int accept_socket= -1;
 #undef PROG
 #define PROG		s_server_main
 
-extern int verify_depth;
+extern int verify_depth, verify_return_error;
 
 static char *cipher=NULL;
 static int s_server_verify=SSL_VERIFY_NONE;
@@ -842,6 +842,8 @@ int MAIN(int argc, char *argv[])
 			{
 			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 			}
+		else if (strcmp(*argv,"-verify_return_error") == 0)
+			verify_return_error = 1;
 		else if	(strcmp(*argv,"-serverpref") == 0)
 			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
 		else if	(strcmp(*argv,"-cipher") == 0)
-- 
cgit v1.2.3