From a5afc0a8f43cb4ffea5db74b18abc0c6a5b9770c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 23 Nov 2012 18:56:25 +0000 Subject: Don't display messages about verify depth in s_server if -quiet it set. Add support for separate verify and chain stores in s_client. --- apps/s_client.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'apps/s_client.c') diff --git a/apps/s_client.c b/apps/s_client.c index 2a8861e8bd..aebdeaca41 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -581,6 +581,8 @@ int MAIN(int argc, char **argv) X509 *cert = NULL; EVP_PKEY *key = NULL; char *CApath=NULL,*CAfile=NULL; + char *chCApath=NULL,*chCAfile=NULL; + char *vfyCApath=NULL,*vfyCAfile=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE; int crlf=0; int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; @@ -901,6 +903,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; CApath= *(++argv); } + else if (strcmp(*argv,"-chainCApath") == 0) + { + if (--argc < 1) goto bad; + chCApath= *(++argv); + } + else if (strcmp(*argv,"-verifyCApath") == 0) + { + if (--argc < 1) goto bad; + vfyCApath= *(++argv); + } else if (strcmp(*argv,"-build_chain") == 0) build_chain = 1; else if (strcmp(*argv,"-CAfile") == 0) @@ -908,6 +920,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; CAfile= *(++argv); } + else if (strcmp(*argv,"-chainCAfile") == 0) + { + if (--argc < 1) goto bad; + chCAfile= *(++argv); + } + else if (strcmp(*argv,"-verifyCAfile") == 0) + { + if (--argc < 1) goto bad; + vfyCAfile= *(++argv); + } #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-nextprotoneg") == 0) @@ -1157,6 +1179,13 @@ bad: goto end; } + if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile)) + { + BIO_printf(bio_err, "Error loading store locations\n"); + ERR_print_errors(bio_err); + goto end; + } + #ifndef OPENSSL_NO_ENGINE if (ssl_client_engine) { -- cgit v1.2.3