X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fs_cb.c;h=1e03288dc68e0d41fca8e08ab0f16ae62218935f;hb=fbeb85ecb95a3b78370af25d7f90174ad6e48efb;hp=0759c8a7c9f8f0bbd2fb98e01da1c727733b7a03;hpb=84bafb747108486ea8e9716abb7a61285e9126ee;p=openssl.git

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 0759c8a7c9..1e03288dc6 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -190,7 +190,8 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 		BIO_printf(bio_err,"\n");
 		break;
 	case X509_V_ERR_NO_EXPLICIT_POLICY:
-		policies_print(bio_err, ctx);
+		if (!verify_quiet)
+			policies_print(bio_err, ctx);
 		break;
 		}
 	if (err == X509_V_OK && ok == 2 && !verify_quiet)
@@ -293,7 +294,6 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
 		ERR_print_errors(bio_err);
 		return 0;
 		}
-		
 	return 1;
 	}
 
@@ -1670,9 +1670,36 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
 	return 1;
 	}
 
+static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
+	{
+	X509_CRL *crl;
+	int i;
+	if (crls)
+		{
+		for (i = 0; i < sk_X509_CRL_num(crls); i++)
+			{
+			crl = sk_X509_CRL_value(crls, i);
+			X509_STORE_add_crl(st, crl);
+			}
+		}
+	return 1;
+	}
+
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls)
+	{
+	X509_STORE *st;
+	if (crls)
+		{
+		st = SSL_CTX_get_cert_store(ctx);
+		add_crls_store(st, crls);
+		}
+	return 1;
+	}
+
 int ssl_load_stores(SSL_CTX *ctx,
 			const char *vfyCApath, const char *vfyCAfile,
-			const char *chCApath, const char *chCAfile)
+			const char *chCApath, const char *chCAfile,
+			STACK_OF(X509_CRL) *crls)
 	{
 	X509_STORE *vfy = NULL, *ch = NULL;
 	int rv = 0;
@@ -1681,6 +1708,7 @@ int ssl_load_stores(SSL_CTX *ctx,
 		vfy = X509_STORE_new();
 		if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
 			goto err;
+		add_crls_store(vfy, crls);
 		SSL_CTX_set1_verify_cert_store(ctx, vfy);
 		}
 	if (chCApath || chCAfile)