check mval for NULL too

[openssl.git] / apps / s_server.c
diff --git a/apps/s_server.c b/apps/s_server.c

index 310f85b067f3592a9816454399aa89a19415b162..b9f6f30b0a7781d5a14aee37f89bc03d1bbb3d3e 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -216,9 +216,6 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
                                 unsigned int *id_len);
  static void init_session_cache_ctx(SSL_CTX *sctx);
  static void free_sessions(void);
-static int ssl_load_stores(SSL_CTX *sctx,
-                       const char *vfyCApath, const char *vfyCAfile,
-                       const char *chCApath, const char *chCAfile);
  #ifndef OPENSSL_NO_DH
  static DH *load_dh_param(const char *dhfile);
  static DH *get_dh512(void);
@@ -1002,6 +999,10 @@ int MAIN(int argc, char *argv[])
         SSL_CONF_CTX *cctx = NULL;
         STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
  
+       char *crl_file = NULL;
+       int crl_format = FORMAT_PEM;
+       STACK_OF(X509_CRL) *crls = NULL;
+
         meth=SSLv23_server_method();
  
         local_argc=argc;
@@ -1022,6 +1023,7 @@ int MAIN(int argc, char *argv[])
         if (!cctx)
                 goto end;
         SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
+       SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE);
  
         verify_depth=0;
  #ifdef FIONBIO
@@ -1057,7 +1059,8 @@ int MAIN(int argc, char *argv[])
                         s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
                         if (--argc < 1) goto bad;
                         verify_depth=atoi(*(++argv));
-                       BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+                       if (!s_quiet)
+                               BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
                         }
                 else if (strcmp(*argv,"-Verify") == 0)
                         {
@@ -1065,7 +1068,8 @@ int MAIN(int argc, char *argv[])
                                 SSL_VERIFY_CLIENT_ONCE;
                         if (--argc < 1) goto bad;
                         verify_depth=atoi(*(++argv));
-                       BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
+                       if (!s_quiet)
+                               BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
                         }
                 else if (strcmp(*argv,"-context") == 0)
                         {
@@ -1077,6 +1081,11 @@ int MAIN(int argc, char *argv[])
                         if (--argc < 1) goto bad;
                         s_cert_file= *(++argv);
                         }
+               else if (strcmp(*argv,"-CRL") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       crl_file= *(++argv);
+                       }
  #ifndef OPENSSL_NO_TLSEXT
                 else if (strcmp(*argv,"-authz") == 0)
                         {
@@ -1167,6 +1176,11 @@ int MAIN(int argc, char *argv[])
                         no_cache = 1;
                 else if (strcmp(*argv,"-ext_cache") == 0)
                         ext_cache = 1;
+               else if (strcmp(*argv,"-CRLform") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       crl_format = str2fmt(*(++argv));
+                       }
                 else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
                         {
                         if (badarg)
@@ -1567,6 +1581,26 @@ bad:
                 }
  #endif
  
+       if (crl_file)
+               {
+               X509_CRL *crl;
+               crl = load_crl(crl_file, crl_format);
+               if (!crl)
+                       {
+                       BIO_puts(bio_err, "Error loading CRL\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               crls = sk_X509_CRL_new_null();
+               if (!crls || !sk_X509_CRL_push(crls, crl))
+                       {
+                       BIO_puts(bio_err, "Error adding CRL\n");
+                       ERR_print_errors(bio_err);
+                       X509_CRL_free(crl);
+                       goto end;
+                       }
+               }
+
  
         if (s_dcert_file)
                 {
@@ -1702,10 +1736,12 @@ bad:
         if (vpm)
                 SSL_CTX_set1_param(ctx, vpm);
  
+       ssl_ctx_add_crls(ctx, crls);
+
         if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
                 goto end;
  
-       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile))
+       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
                 {
                 BIO_printf(bio_err, "Error loading store locations\n");
                 ERR_print_errors(bio_err);
@@ -1768,6 +1804,8 @@ bad:
                 if (vpm)
                         SSL_CTX_set1_param(ctx2, vpm);
  
+               ssl_ctx_add_crls(ctx2, crls);
+
                 if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
                         goto end;
                 }
@@ -1973,6 +2011,8 @@ end:
         if (ctx != NULL) SSL_CTX_free(ctx);
         if (s_cert)
                 X509_free(s_cert);
+       if (crls)
+               sk_X509_CRL_pop_free(crls, X509_CRL_free);
         if (s_dcert)
                 X509_free(s_dcert);
         if (s_key)
@@ -2558,6 +2598,7 @@ static int init_ssl_connection(SSL *con)
                 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
         str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
         ssl_print_sigalgs(bio_s_out, con);
+       ssl_print_point_formats(bio_s_out, con);
         ssl_print_curves(bio_s_out, con, 0);
         BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
  
@@ -3398,42 +3439,3 @@ static void free_sessions(void)
                 }
         first = NULL;
         }
-
-static int ssl_load_stores(SSL_CTX *sctx,
-                       const char *vfyCApath, const char *vfyCAfile,
-                       const char *chCApath, const char *chCAfile)
-       {
-       X509_STORE *vfy = NULL, *ch = NULL;
-       int rv = 0;
-       if (vfyCApath || vfyCAfile)
-               {
-               vfy = X509_STORE_new();
-               if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
-                       goto err;
-               SSL_CTX_set1_verify_cert_store(ctx, vfy);
-               }
-       if (chCApath || chCAfile)
-               {
-               ch = X509_STORE_new();
-               if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
-                       goto err;
-               /*X509_STORE_set_verify_cb(ch, verify_callback);*/
-               SSL_CTX_set1_chain_cert_store(ctx, ch);
-               }
-       rv = 1;
-       err:
-       if (vfy)
-               X509_STORE_free(vfy);
-       if (ch)
-               X509_STORE_free(ch);
-       return rv;
-       }
-
-
-
-
-
-
-       
-
-