X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssltest.c;h=2ef9ae760159198be4b5b993039dc027a98a797e;hp=7d6b53eed143662cae68def08bde71912ff07ec4;hb=023ec151df447fbb12bba8dddb0bf1396c44014e;hpb=59dbdb51dc41fb871f491e7d91bf6d8aae7078a5

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 7d6b53eed1..2ef9ae7601 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -158,6 +158,10 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
 static void free_tmp_rsa(void);
 #endif
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+#define APP_CALLBACK "Test Callback Argument"
+static char *app_verify_arg = APP_CALLBACK;
+
 #ifndef OPENSSL_NO_DH
 static DH *get_dh512(void);
 static DH *get_dh1024(void);
@@ -336,6 +340,7 @@ int main(int argc, char *argv[])
 	int tls1=0,ssl2=0,ssl3=0,ret=1;
 	int client_auth=0;
 	int server_auth=0,i;
+	int app_verify=0;
 	char *server_cert=TEST_SERVER_CERT;
 	char *server_key=NULL;
 	char *client_cert=TEST_CLIENT_CERT;
@@ -489,6 +494,10 @@ int main(int argc, char *argv[])
 			{
 			comp = COMP_RLE;
 			}
+		else if	(strcmp(*argv,"-app_verify") == 0)
+			{
+			app_verify = 1;
+			}
 		else
 			{
 			fprintf(stderr,"unknown option %s\n",*argv);
@@ -640,12 +649,20 @@ bad:
 		SSL_CTX_set_verify(s_ctx,
 			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
 			verify_callback);
+		if (app_verify) 
+			{
+			SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+			}
 		}
 	if (server_auth)
 		{
 		BIO_printf(bio_err,"server authentication\n");
 		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
 			verify_callback);
+		if (app_verify) 
+			{
+			SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+			}
 		}
 	
 	{
@@ -1433,6 +1450,25 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	return(ok);
 	}
 
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+	{
+	char *s = NULL,buf[256];
+	int ok=1;
+
+	fprintf(stderr, "In app_verify_callback, allowing cert. ");
+	fprintf(stderr, "Arg is: %s\n", (char *)arg);
+	fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
+			(unsigned int)ctx, (unsigned int)ctx->cert);
+	if (ctx->cert)
+		s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
+	if (s != NULL)
+		{
+			fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
+		}
+
+	return(ok);
+	}
+
 #ifndef OPENSSL_NO_RSA
 static RSA *rsa_tmp=NULL;