Use common verify parameters instead of the small ad-hoc subset in
authorDr. Stephen Henson <steve@openssl.org>
Tue, 30 Jun 2009 15:56:35 +0000 (15:56 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 30 Jun 2009 15:56:35 +0000 (15:56 +0000)
s_client, s_server.

apps/s_client.c
apps/s_server.c

index bd2a3b8633920b3d8e680eb19d3d692387d03f53..a41a915ed4d5a8e849054e104e2cc2d968e929b7 100644 (file)
@@ -383,7 +383,6 @@ int MAIN(int argc, char **argv)
        {
        int off=0;
        SSL *con=NULL;
-       X509_STORE *store = NULL;
        int s,k,width,state=0;
        char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
        int cbuf_len,cbuf_off;
@@ -404,7 +403,9 @@ int MAIN(int argc, char **argv)
        SSL_CTX *ctx=NULL;
        int ret=1,in_init=1,i,nbio_test=0;
        int starttls_proto = PROTO_OFF;
-       int prexit = 0, vflags = 0;
+       int prexit = 0;
+       X509_VERIFY_PARAM *vpm = NULL;
+       int badarg = 0;
        const SSL_METHOD *meth=NULL;
        int socket_type=SOCK_STREAM;
        BIO *sbio;
@@ -521,10 +522,12 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        cert_format = str2fmt(*(++argv));
                        }
-               else if (strcmp(*argv,"-crl_check") == 0)
-                       vflags |= X509_V_FLAG_CRL_CHECK;
-               else if (strcmp(*argv,"-crl_check_all") == 0)
-                       vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+               else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
+                       {
+                       if (badarg)
+                               goto bad;
+                       continue;
+                       }
                else if (strcmp(*argv,"-verify_return_error") == 0)
                        verify_return_error = 1;
                else if (strcmp(*argv,"-prexit") == 0)
@@ -831,6 +834,9 @@ bad:
                goto end;
                }
 
+       if (vpm)
+               SSL_CTX_set1_param(ctx, vpm);
+
 #ifndef OPENSSL_NO_ENGINE
        if (ssl_client_engine)
                {
@@ -890,8 +896,6 @@ bad:
                /* goto end; */
                }
 
-       store = SSL_CTX_get_cert_store(ctx);
-       X509_STORE_set_flags(store, vflags);
 #ifndef OPENSSL_NO_TLSEXT
        if (servername != NULL)
                {
index 6c9e6baba41f178e49db9d0bc950efb7e52d3555..456952ea7fd459696fcc3ec693a8ccb208aa1558 100644 (file)
@@ -835,8 +835,8 @@ static char *jpake_secret = NULL;
 
 int MAIN(int argc, char *argv[])
        {
-       X509_STORE *store = NULL;
-       int vflags = 0;
+       X509_VERIFY_PARAM *vpm = NULL;
+       int badarg = 0;
        short port=PORT;
        char *CApath=NULL,*CAfile=NULL;
        unsigned char *context = NULL;
@@ -1001,13 +1001,11 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
-               else if (strcmp(*argv,"-crl_check") == 0)
+               else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
                        {
-                       vflags |= X509_V_FLAG_CRL_CHECK;
-                       }
-               else if (strcmp(*argv,"-crl_check_all") == 0)
-                       {
-                       vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+                       if (badarg)
+                               goto bad;
+                       continue;
                        }
                else if (strcmp(*argv,"-verify_return_error") == 0)
                        verify_return_error = 1;
@@ -1412,8 +1410,8 @@ bad:
                ERR_print_errors(bio_err);
                /* goto end; */
                }
-       store = SSL_CTX_get_cert_store(ctx);
-       X509_STORE_set_flags(store, vflags);
+       if (vpm)
+               SSL_CTX_set1_param(ctx, vpm);
 
 #ifndef OPENSSL_NO_TLSEXT
        if (s_cert2)
@@ -1464,8 +1462,8 @@ bad:
                        {
                        ERR_print_errors(bio_err);
                        }
-               store = SSL_CTX_get_cert_store(ctx2);
-               X509_STORE_set_flags(store, vflags);
+               if (vpm)
+                       SSL_CTX_set1_param(ctx2, vpm);
                }
 #endif