Loading apps/s_apps.h +3 −0 Original line number Diff line number Diff line Loading @@ -196,4 +196,7 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr); int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake); int ssl_load_stores(SSL_CTX *sctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile); #endif apps/s_cb.c +30 −0 Original line number Diff line number Diff line Loading @@ -1599,3 +1599,33 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, #endif return 1; } int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile) { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; if (vfyCApath || vfyCAfile) { vfy = X509_STORE_new(); if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) goto err; SSL_CTX_set1_verify_cert_store(ctx, vfy); } if (chCApath || chCAfile) { ch = X509_STORE_new(); if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) goto err; /*X509_STORE_set_verify_cb(ch, verify_callback);*/ SSL_CTX_set1_chain_cert_store(ctx, ch); } rv = 1; err: if (vfy) X509_STORE_free(vfy); if (ch) X509_STORE_free(ch); return rv; } apps/s_client.c +29 −0 Original line number Diff line number Diff line Loading @@ -577,6 +577,8 @@ int MAIN(int argc, char **argv) EVP_PKEY *key = NULL; STACK_OF(X509) *chain = NULL; char *CApath=NULL,*CAfile=NULL; char *chCApath=NULL,*chCAfile=NULL; char *vfyCApath=NULL,*vfyCAfile=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE; int crlf=0; int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; Loading Loading @@ -895,6 +897,16 @@ static char *jpake_secret = NULL; if (--argc < 1) goto bad; CApath= *(++argv); } else if (strcmp(*argv,"-chainCApath") == 0) { if (--argc < 1) goto bad; chCApath= *(++argv); } else if (strcmp(*argv,"-verifyCApath") == 0) { if (--argc < 1) goto bad; vfyCApath= *(++argv); } else if (strcmp(*argv,"-build_chain") == 0) build_chain = 1; else if (strcmp(*argv,"-CAfile") == 0) Loading @@ -902,6 +914,16 @@ static char *jpake_secret = NULL; if (--argc < 1) goto bad; CAfile= *(++argv); } else if (strcmp(*argv,"-chainCAfile") == 0) { if (--argc < 1) goto bad; chCAfile= *(++argv); } else if (strcmp(*argv,"-verifyCAfile") == 0) { if (--argc < 1) goto bad; vfyCAfile= *(++argv); } #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-nextprotoneg") == 0) Loading Loading @@ -1137,6 +1159,13 @@ bad: goto end; } if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile)) { BIO_printf(bio_err, "Error loading store locations\n"); ERR_print_errors(bio_err); goto end; } #ifndef OPENSSL_NO_ENGINE if (ssl_client_engine) { Loading apps/s_server.c +0 −33 Original line number Diff line number Diff line Loading @@ -212,9 +212,6 @@ static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp,SSL_CTX *ctx); static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len); static int ssl_load_stores(SSL_CTX *sctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); static DH *get_dh512(void); Loading Loading @@ -3122,33 +3119,3 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, return 0; return 1; } static int ssl_load_stores(SSL_CTX *sctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile) { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; if (vfyCApath || vfyCAfile) { vfy = X509_STORE_new(); if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) goto err; SSL_CTX_set1_verify_cert_store(ctx, vfy); } if (chCApath || chCAfile) { ch = X509_STORE_new(); if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) goto err; /*X509_STORE_set_verify_cb(ch, verify_callback);*/ SSL_CTX_set1_chain_cert_store(ctx, ch); } rv = 1; err: if (vfy) X509_STORE_free(vfy); if (ch) X509_STORE_free(ch); return rv; } Loading
apps/s_apps.h +3 −0 Original line number Diff line number Diff line Loading @@ -196,4 +196,7 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr); int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake); int ssl_load_stores(SSL_CTX *sctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile); #endif
apps/s_cb.c +30 −0 Original line number Diff line number Diff line Loading @@ -1599,3 +1599,33 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, #endif return 1; } int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile) { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; if (vfyCApath || vfyCAfile) { vfy = X509_STORE_new(); if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) goto err; SSL_CTX_set1_verify_cert_store(ctx, vfy); } if (chCApath || chCAfile) { ch = X509_STORE_new(); if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) goto err; /*X509_STORE_set_verify_cb(ch, verify_callback);*/ SSL_CTX_set1_chain_cert_store(ctx, ch); } rv = 1; err: if (vfy) X509_STORE_free(vfy); if (ch) X509_STORE_free(ch); return rv; }
apps/s_client.c +29 −0 Original line number Diff line number Diff line Loading @@ -577,6 +577,8 @@ int MAIN(int argc, char **argv) EVP_PKEY *key = NULL; STACK_OF(X509) *chain = NULL; char *CApath=NULL,*CAfile=NULL; char *chCApath=NULL,*chCAfile=NULL; char *vfyCApath=NULL,*vfyCAfile=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE; int crlf=0; int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; Loading Loading @@ -895,6 +897,16 @@ static char *jpake_secret = NULL; if (--argc < 1) goto bad; CApath= *(++argv); } else if (strcmp(*argv,"-chainCApath") == 0) { if (--argc < 1) goto bad; chCApath= *(++argv); } else if (strcmp(*argv,"-verifyCApath") == 0) { if (--argc < 1) goto bad; vfyCApath= *(++argv); } else if (strcmp(*argv,"-build_chain") == 0) build_chain = 1; else if (strcmp(*argv,"-CAfile") == 0) Loading @@ -902,6 +914,16 @@ static char *jpake_secret = NULL; if (--argc < 1) goto bad; CAfile= *(++argv); } else if (strcmp(*argv,"-chainCAfile") == 0) { if (--argc < 1) goto bad; chCAfile= *(++argv); } else if (strcmp(*argv,"-verifyCAfile") == 0) { if (--argc < 1) goto bad; vfyCAfile= *(++argv); } #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-nextprotoneg") == 0) Loading Loading @@ -1137,6 +1159,13 @@ bad: goto end; } if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile)) { BIO_printf(bio_err, "Error loading store locations\n"); ERR_print_errors(bio_err); goto end; } #ifndef OPENSSL_NO_ENGINE if (ssl_client_engine) { Loading
apps/s_server.c +0 −33 Original line number Diff line number Diff line Loading @@ -212,9 +212,6 @@ static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp,SSL_CTX *ctx); static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len); static int ssl_load_stores(SSL_CTX *sctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); static DH *get_dh512(void); Loading Loading @@ -3122,33 +3119,3 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, return 0; return 1; } static int ssl_load_stores(SSL_CTX *sctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile) { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; if (vfyCApath || vfyCAfile) { vfy = X509_STORE_new(); if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) goto err; SSL_CTX_set1_verify_cert_store(ctx, vfy); } if (chCApath || chCAfile) { ch = X509_STORE_new(); if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) goto err; /*X509_STORE_set_verify_cb(ch, verify_callback);*/ SSL_CTX_set1_chain_cert_store(ctx, ch); } rv = 1; err: if (vfy) X509_STORE_free(vfy); if (ch) X509_STORE_free(ch); return rv; }
