Extends s_client to allow a basic CT policy to be enabled

Reviewed-by: Ben Laurie <ben@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Rob Percival <robpercival@google.com> 2016-03-02 13:34:05 +0000
committer: Rich Salz <rsalz@openssl.org> 2016-03-04 10:50:10 -0500
commit: dd696a55a2554cc8c89dd64f7e1171ce211dfc5c (patch)
tree: fe2299f0f9f213f0e07179fe1548b2be1a745c87 /apps/apps.c
parent: 98d8ddd25474b954d52f01086fcc2536965d015b (diff)
download: openssl-dd696a55a2554cc8c89dd64f7e1171ce211dfc5c.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/apps/apps.c b/apps/apps.c
index 9f60e76dd8..19523d68fc 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -235,6 +235,19 @@ int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
     return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
 }
 
+int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+    if (path == NULL) {
+        if (SSL_CTX_set_default_ctlog_list_file(ctx) <= 0) {
+            BIO_puts(bio_err, "Failed to load default Certificate Transparency "
+                     "log list\n");
+        }
+        return 1; /* Do not treat failure to load the default as an error */
+    }
+
+    return SSL_CTX_set_ctlog_list_file(ctx, path);
+}
+
 int dump_cert_text(BIO *out, X509 *x)
 {
     char *p;
author	Rob Percival <robpercival@google.com>	2016-03-02 13:34:05 +0000
committer	Rich Salz <rsalz@openssl.org>	2016-03-04 10:50:10 -0500
commit	dd696a55a2554cc8c89dd64f7e1171ce211dfc5c (patch)
tree	fe2299f0f9f213f0e07179fe1548b2be1a745c87 /apps/apps.c
parent	98d8ddd25474b954d52f01086fcc2536965d015b (diff)
download	openssl-dd696a55a2554cc8c89dd64f7e1171ce211dfc5c.tar.gz