Don't display messages about verify depth in s_server if -quiet it set.

Add support for separate verify and chain stores in s_client.

1 files changed, 29 insertions, 0 deletions

diff --git a/apps/s_client.c b/apps/s_client.c
index 2a8861e8bd..aebdeaca41 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -581,6 +581,8 @@ int MAIN(int argc, char **argv)
 	X509 *cert = NULL;
 	EVP_PKEY *key = NULL;
 	char *CApath=NULL,*CAfile=NULL;
+	char *chCApath=NULL,*chCAfile=NULL;
+	char *vfyCApath=NULL,*vfyCAfile=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE;
 	int crlf=0;
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
@@ -901,6 +903,16 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			CApath= *(++argv);
 			}
+		else if	(strcmp(*argv,"-chainCApath") == 0)
+			{
+			if (--argc < 1) goto bad;
+			chCApath= *(++argv);
+			}
+		else if	(strcmp(*argv,"-verifyCApath") == 0)
+			{
+			if (--argc < 1) goto bad;
+			vfyCApath= *(++argv);
+			}
 		else if	(strcmp(*argv,"-build_chain") == 0)
 			build_chain = 1;
 		else if	(strcmp(*argv,"-CAfile") == 0)
@@ -908,6 +920,16 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
+		else if	(strcmp(*argv,"-chainCAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			chCAfile= *(++argv);
+			}
+		else if	(strcmp(*argv,"-verifyCAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			vfyCAfile= *(++argv);
+			}
 #ifndef OPENSSL_NO_TLSEXT
 # ifndef OPENSSL_NO_NEXTPROTONEG
 		else if (strcmp(*argv,"-nextprotoneg") == 0)
@@ -1157,6 +1179,13 @@ bad:
 		goto end;
 		}
 
+	if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile))
+		{
+		BIO_printf(bio_err, "Error loading store locations\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
 #ifndef OPENSSL_NO_ENGINE
 	if (ssl_client_engine)
 		{