GH408 follow-on: update buflen

[openssl.git] / apps / s_time.c

diff --git a/apps/s_time.c b/apps/s_time.c
index 5bca72ba72bad4ea2d6857bf8641c970ede78cad..91d28c209ca8c7d165dd053d229450ee52213001 100644 (file)
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -113,10 +113,8 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
-    OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME,
-#ifndef OPENSSL_NO_SSL3
-    OPT_SSL3,
-#endif
+    OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS,
+    OPT_VERIFY, OPT_TIME, OPT_SSL3,
     OPT_WWW
 } OPTION_CHOICE;
 
@@ -129,6 +127,10 @@ OPTIONS s_time_options[] = {
     {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
     {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
     {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
     {"new", OPT_NEW, '-', "Just time new connections"},
     {"reuse", OPT_REUSE, '-', "Just time connection reuse"},
     {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
@@ -159,6 +161,7 @@ int s_time_main(int argc, char **argv)
     char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *www_path = NULL;
     char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
     double totalTime = 0.0;
+    int noCApath = 0, noCAfile = 0;
     int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs =
         0, ver;
     long bytes_read = 0, finishtime = 0;
@@ -167,7 +170,7 @@ int s_time_main(int argc, char **argv)
     int exitNow = 0;            /* Set when it's time to exit main */
 #endif
 
-    meth = SSLv23_client_method();
+    meth = TLS_client_method();
     verify_depth = 0;
     verify_error = X509_V_OK;
 
@@ -210,6 +213,12 @@ int s_time_main(int argc, char **argv)
         case OPT_CAFILE:
             CAfile = opt_arg();
             break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
         case OPT_CIPHER:
             cipher = opt_arg();
             break;
@@ -227,11 +236,11 @@ int s_time_main(int argc, char **argv)
                 goto end;
             }
             break;
-#ifndef OPENSSL_NO_SSL3
         case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
             meth = SSLv3_client_method();
-            break;
 #endif
+            break;
         }
     }
     argc = opt_num_rest();
@@ -240,7 +249,7 @@ int s_time_main(int argc, char **argv)
     if (cipher == NULL)
         cipher = getenv("SSL_CIPHER");
     if (cipher == NULL) {
-        fprintf(stderr, "No CIPHER specified\n");
+        BIO_printf(bio_err, "No CIPHER specified\n");
         goto end;
     }
 
@@ -256,7 +265,7 @@ int s_time_main(int argc, char **argv)
     if (!set_cert_stuff(ctx, certfile, keyfile))
         goto end;
 
-    if (!ctx_set_verify_locations(ctx, CAfile, CApath)) {
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
         ERR_print_errors(bio_err);
         goto end;
     }
@@ -338,7 +347,7 @@ int s_time_main(int argc, char **argv)
 
     /* Get an SSL object so we can reuse the session id */
     if ((scon = doConnection(NULL, host, ctx)) == NULL) {
-        fprintf(stderr, "Unable to get connection\n");
+        BIO_printf(bio_err, "Unable to get connection\n");
         goto end;
     }