BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
- policies_print(bio_err, ctx);
+ if (!verify_quiet)
+ policies_print(bio_err, ctx);
break;
}
if (err == X509_V_OK && ok == 2 && !verify_quiet)
ssl_print_tmp_key(bio, s);
}
-void print_ssl_cert_checks(BIO *bio, SSL *s,
- const unsigned char *checkhost,
- const unsigned char *checkemail,
- const char *checkip)
- {
- X509 *peer;
- peer = SSL_get_peer_certificate(s);
- if (peer)
- {
- print_cert_checks(bio, peer, checkhost, checkemail, checkip);
- X509_free(peer);
- }
- }
-
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
{
{
X509_CRL *crl;
int i;
- if (crls)
+ for (i = 0; i < sk_X509_CRL_num(crls); i++)
{
- for (i = 0; i < sk_X509_CRL_num(crls); i++)
- {
- crl = sk_X509_CRL_value(crls, i);
- X509_STORE_add_crl(st, crl);
- }
+ crl = sk_X509_CRL_value(crls, i);
+ X509_STORE_add_crl(st, crl);
}
return 1;
}
-int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls)
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
{
X509_STORE *st;
- if (crls)
- {
- st = SSL_CTX_get_cert_store(ctx);
- add_crls_store(st, crls);
- }
+ st = SSL_CTX_get_cert_store(ctx);
+ add_crls_store(st, crls);
+ if (crl_download)
+ store_setup_crl_download(st);
return 1;
}
int ssl_load_stores(SSL_CTX *ctx,
const char *vfyCApath, const char *vfyCAfile,
const char *chCApath, const char *chCAfile,
- STACK_OF(X509_CRL) *crls)
+ STACK_OF(X509_CRL) *crls, int crl_download)
{
X509_STORE *vfy = NULL, *ch = NULL;
int rv = 0;
goto err;
add_crls_store(vfy, crls);
SSL_CTX_set1_verify_cert_store(ctx, vfy);
+ if (crl_download)
+ store_setup_crl_download(vfy);
}
if (chCApath || chCAfile)
{