Use common verify parameters instead of the small ad-hoc subset in
[openssl.git] / apps / s_server.c
index 6c9e6ba..456952e 100644 (file)
@@ -835,8 +835,8 @@ static char *jpake_secret = NULL;
 
 int MAIN(int argc, char *argv[])
        {
-       X509_STORE *store = NULL;
-       int vflags = 0;
+       X509_VERIFY_PARAM *vpm = NULL;
+       int badarg = 0;
        short port=PORT;
        char *CApath=NULL,*CAfile=NULL;
        unsigned char *context = NULL;
@@ -1001,13 +1001,11 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
-               else if (strcmp(*argv,"-crl_check") == 0)
+               else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
                        {
-                       vflags |= X509_V_FLAG_CRL_CHECK;
-                       }
-               else if (strcmp(*argv,"-crl_check_all") == 0)
-                       {
-                       vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+                       if (badarg)
+                               goto bad;
+                       continue;
                        }
                else if (strcmp(*argv,"-verify_return_error") == 0)
                        verify_return_error = 1;
@@ -1412,8 +1410,8 @@ bad:
                ERR_print_errors(bio_err);
                /* goto end; */
                }
-       store = SSL_CTX_get_cert_store(ctx);
-       X509_STORE_set_flags(store, vflags);
+       if (vpm)
+               SSL_CTX_set1_param(ctx, vpm);
 
 #ifndef OPENSSL_NO_TLSEXT
        if (s_cert2)
@@ -1464,8 +1462,8 @@ bad:
                        {
                        ERR_print_errors(bio_err);
                        }
-               store = SSL_CTX_get_cert_store(ctx2);
-               X509_STORE_set_flags(store, vflags);
+               if (vpm)
+                       SSL_CTX_set1_param(ctx2, vpm);
                }
 #endif