New option to add CRLs for s_client and s_server.

[openssl.git] / apps / s_cb.c

diff --git a/apps/s_cb.c b/apps/s_cb.c
index c876adf3e95d85358354279e332b067897d90871..710c99d076e382c76961a55c0cfb33706a75e0b3 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -288,7 +288,6 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
                ERR_print_errors(bio_err);
                return 0;
                }
-               
        return 1;
        }
 
@@ -1600,9 +1599,36 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
        return 1;
        }
 
+static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
+       {
+       X509_CRL *crl;
+       int i;
+       if (crls)
+               {
+               for (i = 0; i < sk_X509_CRL_num(crls); i++)
+                       {
+                       crl = sk_X509_CRL_value(crls, i);
+                       X509_STORE_add_crl(st, crl);
+                       }
+               }
+       return 1;
+       }
+
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls)
+       {
+       X509_STORE *st;
+       if (crls)
+               {
+               st = SSL_CTX_get_cert_store(ctx);
+               add_crls_store(st, crls);
+               }
+       return 1;
+       }
+
 int ssl_load_stores(SSL_CTX *ctx,
                        const char *vfyCApath, const char *vfyCAfile,
-                       const char *chCApath, const char *chCAfile)
+                       const char *chCApath, const char *chCAfile,
+                       STACK_OF(X509_CRL) *crls)
        {
        X509_STORE *vfy = NULL, *ch = NULL;
        int rv = 0;
@@ -1611,6 +1637,7 @@ int ssl_load_stores(SSL_CTX *ctx,
                vfy = X509_STORE_new();
                if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
                        goto err;
+               add_crls_store(vfy, crls);
                SSL_CTX_set1_verify_cert_store(ctx, vfy);
                }
        if (chCApath || chCAfile)