More little changes to the tunala demo;

* A little bit of code-cleanup
* Reformat the usage string (not so wide)
* Allow adding an alternative (usually DSA) cert/key pair (a la s_server)
* Allow control over cert-chain verify depth

1 files changed, 11 insertions, 9 deletions

diff --git a/demos/tunala/cb.c b/demos/tunala/cb.c
index 37a474e37e..4633c0993e 100644
--- a/demos/tunala/cb.c
+++ b/demos/tunala/cb.c
@@ -7,8 +7,8 @@ static FILE *fp_cb_ssl_info = NULL;
 static FILE *fp_cb_ssl_verify = NULL;
 
 /* Other static rubbish (to mirror s_cb.c where required) */
-static int verify_depth = 10;
-static int verify_error = X509_V_OK;
+static int int_verify_depth = 10;
+static int int_verify_error = X509_V_OK;
 
 /* This function is largely borrowed from the one used in OpenSSL's "s_client"
  * and "s_server" utilities. */
@@ -61,13 +61,10 @@ int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
 	if(!ok) {
 		fprintf(fp_cb_ssl_verify,"verify error:num=%d:%s\n",err,
 			X509_verify_cert_error_string(err));
-		if(verify_depth >= depth) {
-			ok = 1;
-			verify_error = X509_V_OK;
-		} else {
-			ok=0;
-			verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
-		}
+		if((int)int_verify_depth >= depth)
+			int_verify_error = err;
+		else
+			int_verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
 	}
 	switch (ctx->error) {
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
@@ -97,5 +94,10 @@ void cb_ssl_verify_set_output(FILE *fp)
 	fp_cb_ssl_verify = fp;
 }
 
+void cb_ssl_verify_set_depth(unsigned int verify_depth)
+{
+	int_verify_depth = verify_depth;
+}
+
 #endif /* !defined(NO_OPENSSL) */