BIO_printf(bio_err,"usage: s_server [args ...]\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
- BIO_printf(bio_err," -checkhost host - check peer certificate matches \"host\"\n");
- BIO_printf(bio_err," -checkemail email - check peer certificate matches \"email\"\n");
- BIO_printf(bio_err," -checkip ipaddr - check peer certificate matches \"ipaddr\"\n");
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
static srpsrvparm srp_callback_parm;
#endif
static char *srtp_profiles = NULL;
-static unsigned char *checkhost = NULL, *checkemail = NULL;
-static char *checkip = NULL;
-
int MAIN(int argc, char *argv[])
{
char *crl_file = NULL;
int crl_format = FORMAT_PEM;
+ int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
meth=SSLv23_server_method();
if (--argc < 1) goto bad;
crl_file= *(++argv);
}
+ else if (strcmp(*argv,"-crl_download") == 0)
+ crl_download = 1;
#ifndef OPENSSL_NO_TLSEXT
else if (strcmp(*argv,"-authz") == 0)
{
}
}
#endif
- else if (strcmp(*argv,"-checkhost") == 0)
- {
- if (--argc < 1) goto bad;
- checkhost=(unsigned char *)*(++argv);
- }
- else if (strcmp(*argv,"-checkemail") == 0)
- {
- if (--argc < 1) goto bad;
- checkemail=(unsigned char *)*(++argv);
- }
- else if (strcmp(*argv,"-checkip") == 0)
- {
- if (--argc < 1) goto bad;
- checkip=*(++argv);
- }
else if (strcmp(*argv,"-msg") == 0)
{ s_msg=1; }
else if (strcmp(*argv,"-msgfile") == 0)
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
- ssl_ctx_add_crls(ctx, crls);
+ ssl_ctx_add_crls(ctx, crls, 0);
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
goto end;
- if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
+ if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+ crls, crl_download))
{
BIO_printf(bio_err, "Error loading store locations\n");
ERR_print_errors(bio_err);
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
- ssl_ctx_add_crls(ctx2, crls);
+ ssl_ctx_add_crls(ctx2, crls, 0);
if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
goto end;
if (s_brief)
print_ssl_summary(bio_err, con);
- print_ssl_cert_checks(bio_err, con, checkhost, checkemail, checkip);
-
PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
peer=SSL_get_peer_certificate(con);