revert OCSP_basic_verify changes: they aren't needed now we support partial chain...

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index dc0cc36fb0d04a959127e8ffe06ade33e5f6c164..ce83a1bcd4d2ba32a6903380e63cae5518927bfd 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -995,6 +995,7 @@ int MAIN(int argc, char *argv[])
 
        char *crl_file = NULL;
        int crl_format = FORMAT_PEM;
+       int crl_download = 0;
        STACK_OF(X509_CRL) *crls = NULL;
 
        meth=SSLv23_server_method();
@@ -1080,6 +1081,8 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        crl_file= *(++argv);
                        }
+               else if (strcmp(*argv,"-crl_download") == 0)
+                       crl_download = 1;
 #ifndef OPENSSL_NO_TLSEXT
                else if (strcmp(*argv,"-authz") == 0)
                        {
@@ -1720,7 +1723,8 @@ bad:
        if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
                goto end;
 
-       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls, 0))
+       if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+                                               crls, crl_download))
                {
                BIO_printf(bio_err, "Error loading store locations\n");
                ERR_print_errors(bio_err);