X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fs_cb.c;h=6d322d4f4092a876a2ae0a724130ca4888c9e64d;hb=cb1fbf9f63065207737b76da55d0d729c17cbaed;hp=ace2682f9badfdfc567e302dadef5ab14a1ec55c;hpb=29e0c30c2a6b62338e1e03c4980e270493627bbf;p=openssl.git diff --git a/apps/s_cb.c b/apps/s_cb.c index ace2682f9b..6d322d4f40 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -123,6 +123,7 @@ int verify_depth=0; int verify_error=X509_V_OK; +int verify_return_error=0; int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { @@ -134,7 +135,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); - X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); BIO_printf(bio_err,"depth=%d %s\n",depth,buf); if (!ok) { @@ -142,7 +143,8 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) X509_verify_cert_error_string(err)); if (verify_depth >= depth) { - ok=1; + if (!verify_return_error) + ok=1; verify_error=X509_V_OK; } else @@ -154,7 +156,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); BIO_printf(bio_err,"issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: @@ -229,8 +231,36 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) return(1); } -long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, - long argl, long ret) +int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) + { + if (cert == NULL) + return 1; + if (SSL_CTX_use_certificate(ctx,cert) <= 0) + { + BIO_printf(bio_err,"error setting certificate\n"); + ERR_print_errors(bio_err); + return 0; + } + if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) + { + BIO_printf(bio_err,"error setting private key\n"); + ERR_print_errors(bio_err); + return 0; + } + + + /* Now we know that a key and cert have been set against + * the SSL context */ + if (!SSL_CTX_check_private_key(ctx)) + { + BIO_printf(bio_err,"Private key does not match the certificate public key\n"); + return 0; + } + return 1; + } + +long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, + int argi, long argl, long ret) { BIO *out; @@ -239,23 +269,23 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { - BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", - bio,argp,argi,ret,ret); + BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { - BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", - bio,argp,argi,ret,ret); + BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } return(ret); } -void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret) +void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) { - char *str; + const char *str; int w; w=where& ~SSL_ST_MASK; @@ -318,14 +348,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len > 0) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", ERROR:"; str_details2 = " ???"; if (len >= 3) { - unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2]; + unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; switch (err) { @@ -394,7 +424,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len == 2) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 1: str_details1 = ", warning"; @@ -405,7 +435,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * } str_details2 = " ???"; - switch (((unsigned char*)buf)[1]) + switch (((const unsigned char*)buf)[1]) { case 0: str_details2 = " close_notify"; @@ -476,6 +506,21 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 100: str_details2 = " no_renegotiation"; break; + case 110: + str_details2 = " unsupported_extension"; + break; + case 111: + str_details2 = " certificate_unobtainable"; + break; + case 112: + str_details2 = " unrecognized_name"; + break; + case 113: + str_details2 = " bad_certificate_status_response"; + break; + case 114: + str_details2 = " bad_certificate_hash_value"; + break; } } } @@ -486,7 +531,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len > 0) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", HelloRequest"; @@ -539,7 +584,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * { if (i % 16 == 0 && i > 0) BIO_printf(bio, "\n "); - BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]); + BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); } if (i < len) BIO_printf(bio, " ...");