Loading CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 1.0.1c and 1.0.1d [xx XXX xxxx] *) Make openssl verify return errors. [Chris Palmer <palmer@google.com> and Ben Laurie] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. Loading Makefile.org +1 −1 Original line number Diff line number Diff line Loading @@ -444,7 +444,7 @@ rehash.time: certs apps [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ $(PERL) tools/c_rehash certs) && \ $(PERL) tools/c_rehash certs/demo) && \ touch rehash.time; \ else :; fi Loading apps/verify.c +12 −4 Original line number Diff line number Diff line Loading @@ -222,11 +222,19 @@ int MAIN(int argc, char **argv) goto end; } if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e); ret = 0; if (argc < 1) { if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e)) ret = -1; } else { for (i=0; i<argc; i++) check(cert_ctx,argv[i], untrusted, trusted, crls, e); ret=0; if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e)) ret = -1; } end: if (ret == 1) { BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); Loading @@ -252,7 +260,7 @@ end: sk_X509_pop_free(trusted, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); apps_shutdown(); OPENSSL_EXIT(ret); OPENSSL_EXIT(ret < 0 ? 2 : ret); } static int check(X509_STORE *ctx, char *file, Loading test/Makefile +1 −1 Original line number Diff line number Diff line Loading @@ -246,7 +246,7 @@ test_ecdh: test_verify: @echo "The following command should have some OK's and some failures" @echo "There are definitly a few expired certificates" ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem test_dh: @echo "Generate a set of DH parameters" Loading Loading
CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 1.0.1c and 1.0.1d [xx XXX xxxx] *) Make openssl verify return errors. [Chris Palmer <palmer@google.com> and Ben Laurie] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. Loading
Makefile.org +1 −1 Original line number Diff line number Diff line Loading @@ -444,7 +444,7 @@ rehash.time: certs apps [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ $(PERL) tools/c_rehash certs) && \ $(PERL) tools/c_rehash certs/demo) && \ touch rehash.time; \ else :; fi Loading
apps/verify.c +12 −4 Original line number Diff line number Diff line Loading @@ -222,11 +222,19 @@ int MAIN(int argc, char **argv) goto end; } if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e); ret = 0; if (argc < 1) { if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e)) ret = -1; } else { for (i=0; i<argc; i++) check(cert_ctx,argv[i], untrusted, trusted, crls, e); ret=0; if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e)) ret = -1; } end: if (ret == 1) { BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); Loading @@ -252,7 +260,7 @@ end: sk_X509_pop_free(trusted, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); apps_shutdown(); OPENSSL_EXIT(ret); OPENSSL_EXIT(ret < 0 ? 2 : ret); } static int check(X509_STORE *ctx, char *file, Loading
test/Makefile +1 −1 Original line number Diff line number Diff line Loading @@ -246,7 +246,7 @@ test_ecdh: test_verify: @echo "The following command should have some OK's and some failures" @echo "There are definitly a few expired certificates" ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem test_dh: @echo "Generate a set of DH parameters" Loading
