Add support for '-' as input and output filenames in ocsp utility.

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index b9f6f30b0a7781d5a14aee37f89bc03d1bbb3d3e..ce83a1bcd4d2ba32a6903380e63cae5518927bfd 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -473,9 +473,6 @@ static void sv_usage(void)
        BIO_printf(bio_err,"usage: s_server [args ...]\n");
        BIO_printf(bio_err,"\n");
        BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
-       BIO_printf(bio_err," -checkhost host - check peer certificate matches \"host\"\n");
-       BIO_printf(bio_err," -checkemail email - check peer certificate matches \"email\"\n");
-       BIO_printf(bio_err," -checkip ipaddr - check peer certificate matches \"ipaddr\"\n");
        BIO_printf(bio_err," -context arg  - set session ID context\n");
        BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
        BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
@@ -946,9 +943,6 @@ static char *jpake_secret = NULL;
        static srpsrvparm srp_callback_parm;
 #endif
 static char *srtp_profiles = NULL;
-static unsigned char *checkhost = NULL, *checkemail = NULL;
-static char *checkip = NULL;
-
 
 int MAIN(int argc, char *argv[])
        {
@@ -1001,6 +995,7 @@ int MAIN(int argc, char *argv[])
 
        char *crl_file = NULL;
        int crl_format = FORMAT_PEM;
+       int crl_download = 0;
        STACK_OF(X509_CRL) *crls = NULL;
 
        meth=SSLv23_server_method();
@@ -1086,6 +1081,8 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        crl_file= *(++argv);
                        }
+               else if (strcmp(*argv,"-crl_download") == 0)
+                       crl_download = 1;
 #ifndef OPENSSL_NO_TLSEXT
                else if (strcmp(*argv,"-authz") == 0)
                        {
@@ -1268,21 +1265,6 @@ int MAIN(int argc, char *argv[])
                                }
                        }
 #endif
-               else if (strcmp(*argv,"-checkhost") == 0)
-                       {
-                       if (--argc < 1) goto bad;
-                       checkhost=(unsigned char *)*(++argv);
-                       }
-               else if (strcmp(*argv,"-checkemail") == 0)
-                       {
-                       if (--argc < 1) goto bad;
-                       checkemail=(unsigned char *)*(++argv);
-                       }
-               else if (strcmp(*argv,"-checkip") == 0)
-                       {
-                       if (--argc < 1) goto bad;
-                       checkip=*(++argv);
-                       }
                else if (strcmp(*argv,"-msg") == 0)
                        { s_msg=1; }
                else if (strcmp(*argv,"-msgfile") == 0)
@@ -1736,12 +1718,13 @@ bad:
        if (vpm)
                SSL_CTX_set1_param(ctx, vpm);
 
-       ssl_ctx_add_crls(ctx, crls);
+       ssl_ctx_add_crls(ctx, crls, 0);
 
        if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
                goto end;
 
-       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
+       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+                                               crls, crl_download))
                {
                BIO_printf(bio_err, "Error loading store locations\n");
                ERR_print_errors(bio_err);
@@ -1804,7 +1787,7 @@ bad:
                if (vpm)
                        SSL_CTX_set1_param(ctx2, vpm);
 
-               ssl_ctx_add_crls(ctx2, crls);
+               ssl_ctx_add_crls(ctx2, crls, 0);
 
                if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
                        goto end;
@@ -2578,8 +2561,6 @@ static int init_ssl_connection(SSL *con)
        if (s_brief)
                print_ssl_summary(bio_err, con);
 
-       print_ssl_cert_checks(bio_err, con, checkhost, checkemail, checkip);
-
        PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
 
        peer=SSL_get_peer_certificate(con);