Don't display messages about verify depth in s_server if -quiet it set.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 23 Nov 2012 18:56:25 +0000 (18:56 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 23 Nov 2012 18:56:25 +0000 (18:56 +0000)
Add support for separate verify and chain stores in s_client.

apps/s_apps.h
apps/s_cb.c
apps/s_client.c
apps/s_server.c

index 5d7d158a7d53dc4c81bec8acb22fdeac89f7cb87..6aab0a60b591f4f62bc78f765ad2a6d747c55658 100644 (file)
@@ -201,4 +201,7 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
                        int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
 int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
                                STACK_OF(OPENSSL_STRING) *str, int no_ecdhe);
+int ssl_load_stores(SSL_CTX *ctx,
+                       const char *vfyCApath, const char *vfyCAfile,
+                       const char *chCApath, const char *chCAfile);
 #endif
index c83687fb0b7d27fa049c8a83b6e7e79b996b684c..aed718b1f648825464425d8d879f9bceba319d51 100644 (file)
@@ -1671,3 +1671,32 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
                }
        return 1;
        }
+
+int ssl_load_stores(SSL_CTX *ctx,
+                       const char *vfyCApath, const char *vfyCAfile,
+                       const char *chCApath, const char *chCAfile)
+       {
+       X509_STORE *vfy = NULL, *ch = NULL;
+       int rv = 0;
+       if (vfyCApath || vfyCAfile)
+               {
+               vfy = X509_STORE_new();
+               if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
+                       goto err;
+               SSL_CTX_set1_verify_cert_store(ctx, vfy);
+               }
+       if (chCApath || chCAfile)
+               {
+               ch = X509_STORE_new();
+               if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
+                       goto err;
+               SSL_CTX_set1_chain_cert_store(ctx, ch);
+               }
+       rv = 1;
+       err:
+       if (vfy)
+               X509_STORE_free(vfy);
+       if (ch)
+               X509_STORE_free(ch);
+       return rv;
+       }
index 2a8861e8bd6fd73fbb7760abb1116593269b2ea0..aebdeaca4126c9057ad3915a55f2df84d26d8e9c 100644 (file)
@@ -581,6 +581,8 @@ int MAIN(int argc, char **argv)
        X509 *cert = NULL;
        EVP_PKEY *key = NULL;
        char *CApath=NULL,*CAfile=NULL;
+       char *chCApath=NULL,*chCAfile=NULL;
+       char *vfyCApath=NULL,*vfyCAfile=NULL;
        int reconnect=0,badop=0,verify=SSL_VERIFY_NONE;
        int crlf=0;
        int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
@@ -901,6 +903,16 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
+               else if (strcmp(*argv,"-chainCApath") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       chCApath= *(++argv);
+                       }
+               else if (strcmp(*argv,"-verifyCApath") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       vfyCApath= *(++argv);
+                       }
                else if (strcmp(*argv,"-build_chain") == 0)
                        build_chain = 1;
                else if (strcmp(*argv,"-CAfile") == 0)
@@ -908,6 +920,16 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        CAfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-chainCAfile") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       chCAfile= *(++argv);
+                       }
+               else if (strcmp(*argv,"-verifyCAfile") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       vfyCAfile= *(++argv);
+                       }
 #ifndef OPENSSL_NO_TLSEXT
 # ifndef OPENSSL_NO_NEXTPROTONEG
                else if (strcmp(*argv,"-nextprotoneg") == 0)
@@ -1157,6 +1179,13 @@ bad:
                goto end;
                }
 
+       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile))
+               {
+               BIO_printf(bio_err, "Error loading store locations\n");
+               ERR_print_errors(bio_err);
+               goto end;
+               }
+
 #ifndef OPENSSL_NO_ENGINE
        if (ssl_client_engine)
                {
index f9e33e72c29aeebd37c45f526246eebf9042f702..2fd2ec0738279ad4db0d3f7ac9061b5c64616804 100644 (file)
@@ -216,9 +216,6 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
                                unsigned int *id_len);
 static void init_session_cache_ctx(SSL_CTX *sctx);
 static void free_sessions(void);
-static int ssl_load_stores(SSL_CTX *sctx,
-                       const char *vfyCApath, const char *vfyCAfile,
-                       const char *chCApath, const char *chCAfile);
 #ifndef OPENSSL_NO_DH
 static DH *load_dh_param(const char *dhfile);
 static DH *get_dh512(void);
@@ -1057,7 +1054,8 @@ int MAIN(int argc, char *argv[])
                        s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
                        if (--argc < 1) goto bad;
                        verify_depth=atoi(*(++argv));
-                       BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+                       if (!s_quiet)
+                               BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
                        }
                else if (strcmp(*argv,"-Verify") == 0)
                        {
@@ -1065,7 +1063,8 @@ int MAIN(int argc, char *argv[])
                                SSL_VERIFY_CLIENT_ONCE;
                        if (--argc < 1) goto bad;
                        verify_depth=atoi(*(++argv));
-                       BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
+                       if (!s_quiet)
+                               BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
                        }
                else if (strcmp(*argv,"-context") == 0)
                        {
@@ -3399,42 +3398,3 @@ static void free_sessions(void)
                }
        first = NULL;
        }
-
-static int ssl_load_stores(SSL_CTX *sctx,
-                       const char *vfyCApath, const char *vfyCAfile,
-                       const char *chCApath, const char *chCAfile)
-       {
-       X509_STORE *vfy = NULL, *ch = NULL;
-       int rv = 0;
-       if (vfyCApath || vfyCAfile)
-               {
-               vfy = X509_STORE_new();
-               if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
-                       goto err;
-               SSL_CTX_set1_verify_cert_store(ctx, vfy);
-               }
-       if (chCApath || chCAfile)
-               {
-               ch = X509_STORE_new();
-               if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
-                       goto err;
-               /*X509_STORE_set_verify_cb(ch, verify_callback);*/
-               SSL_CTX_set1_chain_cert_store(ctx, ch);
-               }
-       rv = 1;
-       err:
-       if (vfy)
-               X509_STORE_free(vfy);
-       if (ch)
-               X509_STORE_free(ch);
-       return rv;
-       }
-
-
-
-
-
-
-       
-
-