From: FdaSilvaYY Date: Mon, 1 Aug 2016 19:30:57 +0000 (+0200) Subject: Pack globals variables used to control apps/verify_callback() X-Git-Tag: OpenSSL_1_1_0~283 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=acc00492130d53d2d6a25bbe5409240aeba98420;p=oweals%2Fopenssl.git Pack globals variables used to control apps/verify_callback() into a structure , to avoid any accident . Plus some few cleanups Reviewed-by: Rich Salz Reviewed-by: Richard Levitte --- diff --git a/apps/apps.h b/apps/apps.h index 22eead3a18..33a2f683fa 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -551,11 +551,14 @@ int raw_write_stdout(const void *, int); # define TM_STOP 1 double app_tminterval(int stop, int usertime); -/* this is an accident waiting to happen (-Wshadow is your friend) */ -extern int verify_depth; -extern int verify_quiet; -extern int verify_error; -extern int verify_return_error; +typedef struct verify_options_st { + int depth; + int quiet; + int error; + int return_error; +} VERIFY_CB_ARGS; + +extern VERIFY_CB_ARGS verify_args; # include "progs.h" diff --git a/apps/s_cb.c b/apps/s_cb.c index 9481fa5157..330dedbecd 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -26,10 +26,8 @@ #define COOKIE_SECRET_LENGTH 16 -int verify_depth = 0; -int verify_quiet = 0; -int verify_error = X509_V_OK; -int verify_return_error = 0; +VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 }; + #ifndef OPENSSL_NO_SOCK static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; static int cookie_initialized = 0; @@ -52,7 +50,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) err = X509_STORE_CTX_get_error(ctx); depth = X509_STORE_CTX_get_error_depth(ctx); - if (!verify_quiet || !ok) { + if (!verify_args.quiet || !ok) { BIO_printf(bio_err, "depth=%d ", depth); if (err_cert) { X509_NAME_print_ex(bio_err, @@ -65,13 +63,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) if (!ok) { BIO_printf(bio_err, "verify error:num=%d:%s\n", err, X509_verify_cert_error_string(err)); - if (verify_depth >= depth) { - if (!verify_return_error) + if (verify_args.depth >= depth) { + if (!verify_args.return_error) ok = 1; - verify_error = err; + verify_args.error = err; } else { ok = 0; - verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; + verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG; } } switch (err) { @@ -94,13 +92,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) BIO_printf(bio_err, "\n"); break; case X509_V_ERR_NO_EXPLICIT_POLICY: - if (!verify_quiet) + if (!verify_args.quiet) policies_print(ctx); break; } - if (err == X509_V_OK && ok == 2 && !verify_quiet) + if (err == X509_V_OK && ok == 2 && !verify_args.quiet) policies_print(ctx); - if (ok && !verify_quiet) + if (ok && !verify_args.quiet) BIO_printf(bio_err, "verify return:%d\n", ok); return (ok); } diff --git a/apps/s_client.c b/apps/s_client.c index 0488a27d60..46fa87bcf9 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -83,11 +83,6 @@ typedef unsigned int u_int; #define BUFSIZZ 1024*8 #define S_CLIENT_IRC_READ_TIMEOUT 8 -extern int verify_depth; -extern int verify_error; -extern int verify_return_error; -extern int verify_quiet; - static char *prog; static int c_nbio = 0; static int c_tlsextdebug = 0; @@ -879,12 +874,7 @@ int s_client_main(int argc, char **argv) c_msg = 0; c_showcerts = 0; c_nbio = 0; - verify_depth = 0; - verify_error = X509_V_OK; vpm = X509_VERIFY_PARAM_new(); - cbuf = app_malloc(BUFSIZZ, "cbuf"); - sbuf = app_malloc(BUFSIZZ, "sbuf"); - mbuf = app_malloc(BUFSIZZ, "mbuf"); cctx = SSL_CONF_CTX_new(); if (vpm == NULL || cctx == NULL) { @@ -892,6 +882,10 @@ int s_client_main(int argc, char **argv) goto end; } + cbuf = app_malloc(BUFSIZZ, "cbuf"); + sbuf = app_malloc(BUFSIZZ, "sbuf"); + mbuf = app_malloc(BUFSIZZ, "mbuf"); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE); prog = opt_init(argc, argv, s_client_options); @@ -975,9 +969,9 @@ int s_client_main(int argc, char **argv) break; case OPT_VERIFY: verify = SSL_VERIFY_PEER; - verify_depth = atoi(opt_arg()); + verify_args.depth = atoi(opt_arg()); if (!c_quiet) - BIO_printf(bio_err, "verify depth is %d\n", verify_depth); + BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth); break; case OPT_CERT: cert_file = opt_arg(); @@ -1003,13 +997,13 @@ int s_client_main(int argc, char **argv) goto opthelp; break; case OPT_VERIFY_RET_ERROR: - verify_return_error = 1; + verify_args.return_error = 1; break; case OPT_VERIFY_QUIET: - verify_quiet = 1; + verify_args.quiet = 1; break; case OPT_BRIEF: - c_brief = verify_quiet = c_quiet = 1; + c_brief = verify_args.quiet = c_quiet = 1; break; case OPT_S_CASES: if (ssl_args == NULL) diff --git a/apps/s_server.c b/apps/s_server.c index 36ad266386..f4ec72d5d7 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -44,6 +44,7 @@ #include #include #include +#include #include @@ -112,7 +113,6 @@ static int accept_socket = -1; #define TEST_CERT "server.pem" #define TEST_CERT2 "server2.pem" -extern int verify_depth, verify_return_error, verify_quiet; static int s_server_verify = SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ @@ -272,7 +272,6 @@ err: static void s_server_init(void) { accept_socket = -1; - verify_depth = 0; s_server_verify = SSL_VERIFY_NONE; s_dcert_file = NULL; s_dkey_file = NULL; @@ -1078,19 +1077,19 @@ int s_server_main(int argc, char *argv[]) break; case OPT_VERIFY: s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; - verify_depth = atoi(opt_arg()); + verify_args.depth = atoi(opt_arg()); if (!s_quiet) - BIO_printf(bio_err, "verify depth is %d\n", verify_depth); + BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth); break; case OPT_UPPER_V_VERIFY: s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; - verify_depth = atoi(opt_arg()); + verify_args.depth = atoi(opt_arg()); if (!s_quiet) BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", - verify_depth); + verify_args.depth); break; case OPT_CONTEXT: context = (unsigned char *)opt_arg(); @@ -1194,10 +1193,10 @@ int s_server_main(int argc, char *argv[]) goto end; break; case OPT_VERIFY_RET_ERROR: - verify_return_error = 1; + verify_args.return_error = 1; break; case OPT_VERIFY_QUIET: - verify_quiet = 1; + verify_args.quiet = 1; break; case OPT_BUILD_CHAIN: build_chain = 1; @@ -1281,7 +1280,7 @@ int s_server_main(int argc, char *argv[]) s_quiet = 1; break; case OPT_BRIEF: - s_quiet = s_brief = verify_quiet = 1; + s_quiet = s_brief = verify_args.quiet = 1; break; case OPT_NO_DHE: #ifndef OPENSSL_NO_DH @@ -3042,8 +3041,8 @@ static int rev_body(int s, int stype, unsigned char *context) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (context && !SSL_set_session_id_context(con, context, - strlen((char *)context))) { + if (context + && !SSL_set_session_id_context(con, context, strlen((char *)context))) { ERR_print_errors(bio_err); goto err; } diff --git a/apps/s_time.c b/apps/s_time.c index a08a14d83a..de25319929 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -50,9 +50,6 @@ #define SECONDS 30 #define SECONDSSTR "30" -extern int verify_depth; -extern int verify_error; - static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n"; @@ -116,8 +113,6 @@ int s_time_main(int argc, char **argv) size_t buf_size; meth = TLS_client_method(); - verify_depth = 0; - verify_error = X509_V_OK; prog = opt_init(argc, argv, s_time_options); while ((o = opt_next()) != OPT_EOF) { @@ -141,10 +136,10 @@ int s_time_main(int argc, char **argv) perform = 1; break; case OPT_VERIFY: - if (!opt_int(opt_arg(), &verify_depth)) + if (!opt_int(opt_arg(), &verify_args.depth)) goto opthelp; BIO_printf(bio_err, "%s: verify depth is %d\n", - prog, verify_depth); + prog, verify_args.depth); break; case OPT_CERT: certfile = opt_arg(); @@ -415,9 +410,9 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) } if (i <= 0) { BIO_printf(bio_err, "ERROR\n"); - if (verify_error != X509_V_OK) + if (verify_args.error != X509_V_OK) BIO_printf(bio_err, "verify error:%s\n", - X509_verify_cert_error_string(verify_error)); + X509_verify_cert_error_string(verify_args.error)); else ERR_print_errors(bio_err); if (scon == NULL)