add -rmd option to set OCSP response signing digest

[openssl.git] / apps / s_cb.c

diff --git a/apps/s_cb.c b/apps/s_cb.c
index e0289d41dd700fd4998595c3b4f8fa2b24ad2a64..96bc5dba5acdd0bbf623e6740650bf3650d1ae2e 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -190,7 +190,8 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
                BIO_printf(bio_err,"\n");
                break;
        case X509_V_ERR_NO_EXPLICIT_POLICY:
-               policies_print(bio_err, ctx);
+               if (!verify_quiet)
+                       policies_print(bio_err, ctx);
                break;
                }
        if (err == X509_V_OK && ok == 2 && !verify_quiet)
@@ -1571,20 +1572,6 @@ void print_ssl_summary(BIO *bio, SSL *s)
                ssl_print_tmp_key(bio, s);
        }
 
-void print_ssl_cert_checks(BIO *bio, SSL *s,
-                               const unsigned char *checkhost,
-                               const unsigned char *checkemail,
-                               const char *checkip)
-       {
-       X509 *peer;
-       peer = SSL_get_peer_certificate(s);
-       if (peer)
-               {
-               print_cert_checks(bio, peer, checkhost, checkemail, checkip);
-               X509_free(peer);
-               }
-       }
-
 int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
                        int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
        {
@@ -1673,32 +1660,28 @@ static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
        {
        X509_CRL *crl;
        int i;
-       if (crls)
+       for (i = 0; i < sk_X509_CRL_num(crls); i++)
                {
-               for (i = 0; i < sk_X509_CRL_num(crls); i++)
-                       {
-                       crl = sk_X509_CRL_value(crls, i);
-                       X509_STORE_add_crl(st, crl);
-                       }
+               crl = sk_X509_CRL_value(crls, i);
+               X509_STORE_add_crl(st, crl);
                }
        return 1;
        }
 
-int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls)
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
        {
        X509_STORE *st;
-       if (crls)
-               {
-               st = SSL_CTX_get_cert_store(ctx);
-               add_crls_store(st, crls);
-               }
+       st = SSL_CTX_get_cert_store(ctx);
+       add_crls_store(st, crls);
+       if (crl_download)
+               store_setup_crl_download(st);
        return 1;
        }
 
 int ssl_load_stores(SSL_CTX *ctx,
                        const char *vfyCApath, const char *vfyCAfile,
                        const char *chCApath, const char *chCAfile,
-                       STACK_OF(X509_CRL) *crls)
+                       STACK_OF(X509_CRL) *crls, int crl_download)
        {
        X509_STORE *vfy = NULL, *ch = NULL;
        int rv = 0;
@@ -1709,6 +1692,8 @@ int ssl_load_stores(SSL_CTX *ctx,
                        goto err;
                add_crls_store(vfy, crls);
                SSL_CTX_set1_verify_cert_store(ctx, vfy);
+               if (crl_download)
+                       store_setup_crl_download(vfy);
                }
        if (chCApath || chCAfile)
                {