into a structure , to avoid any accident .
Plus some few cleanups
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
-/* this is an accident waiting to happen (-Wshadow is your friend) */
-extern int verify_depth;
-extern int verify_quiet;
-extern int verify_error;
-extern int verify_return_error;
+typedef struct verify_options_st {
+ int depth;
+ int quiet;
+ int error;
+ int return_error;
+} VERIFY_CB_ARGS;
+
+extern VERIFY_CB_ARGS verify_args;
# include "progs.h"
#define COOKIE_SECRET_LENGTH 16
-int verify_depth = 0;
-int verify_quiet = 0;
-int verify_error = X509_V_OK;
-int verify_return_error = 0;
+VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+
#ifndef OPENSSL_NO_SOCK
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
static int cookie_initialized = 0;
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
- if (!verify_quiet || !ok) {
+ if (!verify_args.quiet || !ok) {
BIO_printf(bio_err, "depth=%d ", depth);
if (err_cert) {
X509_NAME_print_ex(bio_err,
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
- if (verify_depth >= depth) {
- if (!verify_return_error)
+ if (verify_args.depth >= depth) {
+ if (!verify_args.return_error)
ok = 1;
- verify_error = err;
+ verify_args.error = err;
} else {
ok = 0;
- verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+ verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
switch (err) {
BIO_printf(bio_err, "\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
- if (!verify_quiet)
+ if (!verify_args.quiet)
policies_print(ctx);
break;
}
- if (err == X509_V_OK && ok == 2 && !verify_quiet)
+ if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
policies_print(ctx);
- if (ok && !verify_quiet)
+ if (ok && !verify_args.quiet)
BIO_printf(bio_err, "verify return:%d\n", ok);
return (ok);
}
#define BUFSIZZ 1024*8
#define S_CLIENT_IRC_READ_TIMEOUT 8
-extern int verify_depth;
-extern int verify_error;
-extern int verify_return_error;
-extern int verify_quiet;
-
static char *prog;
static int c_nbio = 0;
static int c_tlsextdebug = 0;
c_msg = 0;
c_showcerts = 0;
c_nbio = 0;
- verify_depth = 0;
- verify_error = X509_V_OK;
vpm = X509_VERIFY_PARAM_new();
- cbuf = app_malloc(BUFSIZZ, "cbuf");
- sbuf = app_malloc(BUFSIZZ, "sbuf");
- mbuf = app_malloc(BUFSIZZ, "mbuf");
cctx = SSL_CONF_CTX_new();
if (vpm == NULL || cctx == NULL) {
goto end;
}
+ cbuf = app_malloc(BUFSIZZ, "cbuf");
+ sbuf = app_malloc(BUFSIZZ, "sbuf");
+ mbuf = app_malloc(BUFSIZZ, "mbuf");
+
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
prog = opt_init(argc, argv, s_client_options);
break;
case OPT_VERIFY:
verify = SSL_VERIFY_PEER;
- verify_depth = atoi(opt_arg());
+ verify_args.depth = atoi(opt_arg());
if (!c_quiet)
- BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_CERT:
cert_file = opt_arg();
goto opthelp;
break;
case OPT_VERIFY_RET_ERROR:
- verify_return_error = 1;
+ verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
- verify_quiet = 1;
+ verify_args.quiet = 1;
break;
case OPT_BRIEF:
- c_brief = verify_quiet = c_quiet = 1;
+ c_brief = verify_args.quiet = c_quiet = 1;
break;
case OPT_S_CASES:
if (ssl_args == NULL)
#include <stdlib.h>
#include <string.h>
#include <openssl/async.h>
+#include <openssl/ssl.h>
#include <openssl/e_os2.h>
#define TEST_CERT "server.pem"
#define TEST_CERT2 "server2.pem"
-extern int verify_depth, verify_return_error, verify_quiet;
static int s_server_verify = SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */
static void s_server_init(void)
{
accept_socket = -1;
- verify_depth = 0;
s_server_verify = SSL_VERIFY_NONE;
s_dcert_file = NULL;
s_dkey_file = NULL;
break;
case OPT_VERIFY:
s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
- verify_depth = atoi(opt_arg());
+ verify_args.depth = atoi(opt_arg());
if (!s_quiet)
- BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_UPPER_V_VERIFY:
s_server_verify =
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
SSL_VERIFY_CLIENT_ONCE;
- verify_depth = atoi(opt_arg());
+ verify_args.depth = atoi(opt_arg());
if (!s_quiet)
BIO_printf(bio_err,
"verify depth is %d, must return a certificate\n",
- verify_depth);
+ verify_args.depth);
break;
case OPT_CONTEXT:
context = (unsigned char *)opt_arg();
goto end;
break;
case OPT_VERIFY_RET_ERROR:
- verify_return_error = 1;
+ verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
- verify_quiet = 1;
+ verify_args.quiet = 1;
break;
case OPT_BUILD_CHAIN:
build_chain = 1;
s_quiet = 1;
break;
case OPT_BRIEF:
- s_quiet = s_brief = verify_quiet = 1;
+ s_quiet = s_brief = verify_args.quiet = 1;
break;
case OPT_NO_DHE:
#ifndef OPENSSL_NO_DH
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
- if (context && !SSL_set_session_id_context(con, context,
- strlen((char *)context))) {
+ if (context
+ && !SSL_set_session_id_context(con, context, strlen((char *)context))) {
ERR_print_errors(bio_err);
goto err;
}
#define SECONDS 30
#define SECONDSSTR "30"
-extern int verify_depth;
-extern int verify_error;
-
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
size_t buf_size;
meth = TLS_client_method();
- verify_depth = 0;
- verify_error = X509_V_OK;
prog = opt_init(argc, argv, s_time_options);
while ((o = opt_next()) != OPT_EOF) {
perform = 1;
break;
case OPT_VERIFY:
- if (!opt_int(opt_arg(), &verify_depth))
+ if (!opt_int(opt_arg(), &verify_args.depth))
goto opthelp;
BIO_printf(bio_err, "%s: verify depth is %d\n",
- prog, verify_depth);
+ prog, verify_args.depth);
break;
case OPT_CERT:
certfile = opt_arg();
}
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
- if (verify_error != X509_V_OK)
+ if (verify_args.error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
- X509_verify_cert_error_string(verify_error));
+ X509_verify_cert_error_string(verify_args.error));
else
ERR_print_errors(bio_err);
if (scon == NULL)