diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-02 16:16:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-02 16:16:28 +0000 |
commit | fdb78f3d8867c9b0c21608840ce0bd3135bcd710 (patch) | |
tree | 52488ff5454690b376d5e1f4b65aeb7d67178db5 /apps/s_client.c | |
parent | 95ea53186413c293d981ec1b042954a5fa47d8b7 (diff) | |
download | openssl-fdb78f3d8867c9b0c21608840ce0bd3135bcd710.tar.gz |
New option to add CRLs for s_client and s_server.
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index aebdeaca41..1a8f8ac844 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -639,6 +639,10 @@ int MAIN(int argc, char **argv) SSL_CONF_CTX *cctx = NULL; STACK_OF(OPENSSL_STRING) *ssl_args = NULL; + char *crl_file = NULL; + int crl_format = FORMAT_PEM; + STACK_OF(X509_CRL) *crls = NULL; + meth=SSLv23_client_method(); apps_startup(); @@ -708,6 +712,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_file= *(++argv); } + else if (strcmp(*argv,"-CRL") == 0) + { + if (--argc < 1) goto bad; + crl_file= *(++argv); + } else if (strcmp(*argv,"-sess_out") == 0) { if (--argc < 1) goto bad; @@ -723,6 +732,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_format = str2fmt(*(++argv)); } + else if (strcmp(*argv,"-CRLform") == 0) + { + if (--argc < 1) goto bad; + crl_format = str2fmt(*(++argv)); + } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { if (badarg) @@ -1128,6 +1142,26 @@ bad: } } + if (crl_file) + { + X509_CRL *crl; + crl = load_crl(crl_file, crl_format); + if (!crl) + { + BIO_puts(bio_err, "Error loading CRL\n"); + ERR_print_errors(bio_err); + goto end; + } + crls = sk_X509_CRL_new_null(); + if (!crls || !sk_X509_CRL_push(crls, crl)) + { + BIO_puts(bio_err, "Error adding CRL\n"); + ERR_print_errors(bio_err); + X509_CRL_free(crl); + goto end; + } + } + if (!load_excert(&exc, bio_err)) goto end; @@ -1179,7 +1213,7 @@ bad: goto end; } - if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile)) + if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls)) { BIO_printf(bio_err, "Error loading store locations\n"); ERR_print_errors(bio_err); @@ -1241,6 +1275,8 @@ bad: /* goto end; */ } + ssl_ctx_add_crls(ctx, crls); + if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain)) goto end; @@ -1983,6 +2019,8 @@ end: if (ctx != NULL) SSL_CTX_free(ctx); if (cert) X509_free(cert); + if (crls) + sk_X509_CRL_pop_free(crls, X509_CRL_free); if (key) EVP_PKEY_free(key); if (pass) |