diff options
Diffstat (limited to 'demos/tunala/cb.c')
-rw-r--r-- | demos/tunala/cb.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/demos/tunala/cb.c b/demos/tunala/cb.c index 37a474e37e..4633c0993e 100644 --- a/demos/tunala/cb.c +++ b/demos/tunala/cb.c @@ -7,8 +7,8 @@ static FILE *fp_cb_ssl_info = NULL; static FILE *fp_cb_ssl_verify = NULL; /* Other static rubbish (to mirror s_cb.c where required) */ -static int verify_depth = 10; -static int verify_error = X509_V_OK; +static int int_verify_depth = 10; +static int int_verify_error = X509_V_OK; /* This function is largely borrowed from the one used in OpenSSL's "s_client" * and "s_server" utilities. */ @@ -61,13 +61,10 @@ int cb_ssl_verify(int ok, X509_STORE_CTX *ctx) if(!ok) { fprintf(fp_cb_ssl_verify,"verify error:num=%d:%s\n",err, X509_verify_cert_error_string(err)); - if(verify_depth >= depth) { - ok = 1; - verify_error = X509_V_OK; - } else { - ok=0; - verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; - } + if((int)int_verify_depth >= depth) + int_verify_error = err; + else + int_verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; } switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: @@ -97,5 +94,10 @@ void cb_ssl_verify_set_output(FILE *fp) fp_cb_ssl_verify = fp; } +void cb_ssl_verify_set_depth(unsigned int verify_depth) +{ + int_verify_depth = verify_depth; +} + #endif /* !defined(NO_OPENSSL) */ |