Add support for certificate stores in CERT structure. This makes it

[openssl.git] / apps / s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index 97f7cbd9225916126c790c0ef08a45affccb0baa..783a49e083d26f4f1726f7c77b29d153ba07148b 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -559,6 +559,7 @@ int MAIN(int argc, char **argv)
        {
        unsigned int off=0, clr=0;
        unsigned int cert_flags=0;
+       int build_chain = 0;
        SSL *con=NULL;
 #ifndef OPENSSL_NO_KRB5
        KSSL_CTX *kctx;
@@ -877,6 +878,8 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
+               else if (strcmp(*argv,"-build_chain") == 0)
+                       build_chain = 1;
                else if (strcmp(*argv,"-CAfile") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -1212,8 +1215,6 @@ bad:
 #endif
 
        SSL_CTX_set_verify(ctx,verify,verify_callback);
-       if (!set_cert_key_stuff(ctx,cert,key, NULL))
-               goto end;
 
        if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
                (!SSL_CTX_set_default_verify_paths(ctx)))
@@ -1223,6 +1224,9 @@ bad:
                /* goto end; */
                }
 
+       if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
+               goto end;
+
 #ifndef OPENSSL_NO_TLSEXT
        if (curves != NULL)
                if(!SSL_CTX_set1_curves_list(ctx,curves)) {