oops, really check brief mode only ;-)

[openssl.git] / apps / s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index aebdeaca4126c9057ad3915a55f2df84d26d8e9c..7041fb49feab6870ebd93c52f74129b514d7e074 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -639,6 +639,10 @@ int MAIN(int argc, char **argv)
        SSL_CONF_CTX *cctx = NULL;
        STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
 
+       char *crl_file = NULL;
+       int crl_format = FORMAT_PEM;
+       STACK_OF(X509_CRL) *crls = NULL;
+
        meth=SSLv23_client_method();
 
        apps_startup();
@@ -708,6 +712,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        cert_file= *(++argv);
                        }
+               else if (strcmp(*argv,"-CRL") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       crl_file= *(++argv);
+                       }
                else if (strcmp(*argv,"-sess_out") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -723,6 +732,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        cert_format = str2fmt(*(++argv));
                        }
+               else if (strcmp(*argv,"-CRLform") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       crl_format = str2fmt(*(++argv));
+                       }
                else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
                        {
                        if (badarg)
@@ -1128,6 +1142,26 @@ bad:
                        }
                }
 
+       if (crl_file)
+               {
+               X509_CRL *crl;
+               crl = load_crl(crl_file, crl_format);
+               if (!crl)
+                       {
+                       BIO_puts(bio_err, "Error loading CRL\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               crls = sk_X509_CRL_new_null();
+               if (!crls || !sk_X509_CRL_push(crls, crl))
+                       {
+                       BIO_puts(bio_err, "Error adding CRL\n");
+                       ERR_print_errors(bio_err);
+                       X509_CRL_free(crl);
+                       goto end;
+                       }
+               }
+
        if (!load_excert(&exc, bio_err))
                goto end;
 
@@ -1179,7 +1213,7 @@ bad:
                goto end;
                }
 
-       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile))
+       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
                {
                BIO_printf(bio_err, "Error loading store locations\n");
                ERR_print_errors(bio_err);
@@ -1241,6 +1275,8 @@ bad:
                /* goto end; */
                }
 
+       ssl_ctx_add_crls(ctx, crls);
+
        if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
                goto end;
 
@@ -1876,7 +1912,10 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
                                break;
                        case SSL_ERROR_SYSCALL:
                                ret=get_last_socket_error();
-                               BIO_printf(bio_err,"read:errno=%d\n",ret);
+                               if (c_brief)
+                                       BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n");
+                               else
+                                       BIO_printf(bio_err,"read:errno=%d\n",ret);
                                goto shut;
                        case SSL_ERROR_ZERO_RETURN:
                                BIO_printf(bio_c_out,"closed\n");
@@ -1983,6 +2022,8 @@ end:
        if (ctx != NULL) SSL_CTX_free(ctx);
        if (cert)
                X509_free(cert);
+       if (crls)
+               sk_X509_CRL_pop_free(crls, X509_CRL_free);
        if (key)
                EVP_PKEY_free(key);
        if (pass)