X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fs_cb.c;h=1e03288dc68e0d41fca8e08ab0f16ae62218935f;hb=fbeb85ecb95a3b78370af25d7f90174ad6e48efb;hp=11b6ea5d99c35bcc9d9c6408785f5b99223e3f92;hpb=191b3f0ba9d574809b8e18e6238f54525c87b8d3;p=openssl.git diff --git a/apps/s_cb.c b/apps/s_cb.c index 11b6ea5d99..1e03288dc6 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -190,7 +190,8 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) BIO_printf(bio_err,"\n"); break; case X509_V_ERR_NO_EXPLICIT_POLICY: - policies_print(bio_err, ctx); + if (!verify_quiet) + policies_print(bio_err, ctx); break; } if (err == X509_V_OK && ok == 2 && !verify_quiet) @@ -293,7 +294,6 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, ERR_print_errors(bio_err); return 0; } - return 1; } @@ -424,6 +424,44 @@ int ssl_print_sigalgs(BIO *out, SSL *s) return 1; } +int ssl_print_point_formats(BIO *out, SSL *s) + { + int i, nformats; + const char *pformats; + nformats = SSL_get0_ec_point_formats(s, &pformats); + if (nformats <= 0) + return 1; + BIO_puts(out, "Supported Elliptic Curve Point Formats: "); + for (i = 0; i < nformats; i++, pformats++) + { + if (i) + BIO_puts(out, ":"); + switch(*pformats) + { + case TLSEXT_ECPOINTFORMAT_uncompressed: + BIO_puts(out, "uncompressed"); + break; + + case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime: + BIO_puts(out, "ansiX962_compressed_prime"); + break; + + case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2: + BIO_puts(out, "ansiX962_compressed_char2"); + break; + + default: + BIO_printf(out, "unknown(%d)", (int)*pformats); + break; + + } + } + if (nformats <= 0) + BIO_puts(out, "NONE"); + BIO_puts(out, "\n"); + return 1; + } + int ssl_print_curves(BIO *out, SSL *s, int noshared) { int i, ncurves, *curves, nid; @@ -1527,6 +1565,7 @@ void print_ssl_summary(BIO *bio, SSL *s) BIO_puts(bio, "No peer certificate\n"); if (peer) X509_free(peer); + ssl_print_point_formats(bio, s); if (SSL_is_server(s)) ssl_print_curves(bio, s, 1); else @@ -1630,3 +1669,60 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, } return 1; } + +static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls) + { + X509_CRL *crl; + int i; + if (crls) + { + for (i = 0; i < sk_X509_CRL_num(crls); i++) + { + crl = sk_X509_CRL_value(crls, i); + X509_STORE_add_crl(st, crl); + } + } + return 1; + } + +int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls) + { + X509_STORE *st; + if (crls) + { + st = SSL_CTX_get_cert_store(ctx); + add_crls_store(st, crls); + } + return 1; + } + +int ssl_load_stores(SSL_CTX *ctx, + const char *vfyCApath, const char *vfyCAfile, + const char *chCApath, const char *chCAfile, + STACK_OF(X509_CRL) *crls) + { + X509_STORE *vfy = NULL, *ch = NULL; + int rv = 0; + if (vfyCApath || vfyCAfile) + { + vfy = X509_STORE_new(); + if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) + goto err; + add_crls_store(vfy, crls); + SSL_CTX_set1_verify_cert_store(ctx, vfy); + } + if (chCApath || chCAfile) + { + ch = X509_STORE_new(); + if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) + goto err; + SSL_CTX_set1_chain_cert_store(ctx, ch); + } + rv = 1; + err: + if (vfy) + X509_STORE_free(vfy); + if (ch) + X509_STORE_free(ch); + return rv; + }