X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fs_client.c;h=d76f921db6cfc6766fe823f59d6426f8ec7bb5db;hb=d40a1f72b6a298ee34c9de2c96b222d70609ce4c;hp=819cff344a747688292306344f1877ae21a050b0;hpb=fb029cebaeb6b0dbdb05a26a515e38a52a3c0fa1;p=oweals%2Fopenssl.git diff --git a/apps/s_client.c b/apps/s_client.c index 819cff344a..d76f921db6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -395,7 +395,7 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) #endif -char *srtp_profiles = NULL; +static char *srtp_profiles = NULL; #ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ @@ -466,8 +466,8 @@ typedef enum OPTION_choice { OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, - OPT_CERT_CHAIN, OPT_CAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, - OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, + OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, + OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_JPAKE, OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST, @@ -495,6 +495,10 @@ OPTIONS s_client_options[] = { {"pass", OPT_PASS, 's', "Private key file pass phrase source"}, {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, + {"no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file"}, + {"no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory"}, {"reconnect", OPT_RECONNECT, '-', "Drop and re-make the connection with the same Session-ID"}, {"pause", OPT_PAUSE, '-', "Sleep after each read and write system call"}, @@ -651,6 +655,7 @@ int s_client_main(int argc, char **argv) struct sockaddr peer; struct timeval timeout, *timeoutp; fd_set readfds, writefds; + int noCApath = 0, noCAfile = 0; int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM; int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0; int prexit = 0; @@ -991,6 +996,9 @@ int s_client_main(int argc, char **argv) case OPT_CAPATH: CApath = opt_arg(); break; + case OPT_NOCAPATH: + noCApath = 1; + break; case OPT_CHAINCAPATH: chCApath = opt_arg(); break; @@ -1003,6 +1011,9 @@ int s_client_main(int argc, char **argv) case OPT_CAFILE: CAfile = opt_arg(); break; + case OPT_NOCAFILE: + noCAfile = 1; + break; case OPT_CHAINCAFILE: chCAfile = opt_arg(); break; @@ -1162,9 +1173,9 @@ int s_client_main(int argc, char **argv) if (c_quiet && !c_debug) { bio_c_out = BIO_new(BIO_s_null()); if (c_msg && !bio_c_msg) - bio_c_msg = dup_bio_out(); + bio_c_msg = dup_bio_out(FORMAT_TEXT); } else if (bio_c_out == NULL) - bio_c_out = dup_bio_out(); + bio_c_out = dup_bio_out(FORMAT_TEXT); } #ifndef OPENSSL_NO_SRP if (!app_passwd(srppass, NULL, &srp_arg.srppassin, NULL)) { @@ -1267,7 +1278,7 @@ int s_client_main(int argc, char **argv) SSL_CTX_set_verify(ctx, verify, verify_callback); - if (!ctx_set_verify_locations(ctx, CAfile, CApath)) { + if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) { ERR_print_errors(bio_err); goto end; } @@ -2012,6 +2023,9 @@ int s_client_main(int argc, char **argv) EVP_PKEY_free(key); sk_X509_pop_free(chain, X509_free); OPENSSL_free(pass); +#ifndef OPENSSL_NO_SRP + OPENSSL_free(srp_arg.srppassin); +#endif X509_VERIFY_PARAM_free(vpm); ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args);