Overhaul of by_dir code to handle dynamic loading of CRLs.

 Changes between 0.9.8d and 0.9.9  [xx XXX xxxx]

 Changes between 0.9.8d and 0.9.9  [xx XXX xxxx]

  *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so

     new CRLs added to a directory can be used. New command line option

     -verify_return_error to s_client and s_server. This causes real errors

     to be returned by the verify callback instead of carrying on no matter

     what. This reflects the way a "real world" verify callback would behave.

     [Steve Henson]

  *) GOST engine, supporting several GOST algorithms and public key formats.

     Kindly donated by Cryptocom.

     [Cryptocom]

  *) Partial support for Issuing Distribution Point CRL extension. CRLs

  *) Partial support for Issuing Distribution Point CRL extension. CRLs

     partitioned by DP are handled but no indirect CRL or reason partitioning

     partitioned by DP are handled but no indirect CRL or reason partitioning

     (yet). Complete overhaul of CRL handling: now the most suitable CRL is

     (yet). Complete overhaul of CRL handling: now the most suitable CRL is

int verify_depth=0;

int verify_depth=0;

int verify_error=X509_V_OK;

int verify_error=X509_V_OK;

int verify_return_error=0;

int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)

int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)

	{

	{

			X509_verify_cert_error_string(err));

			X509_verify_cert_error_string(err));

		if (verify_depth >= depth)

		if (verify_depth >= depth)

			{

			{

			if (!verify_return_error)

				ok=1;

				ok=1;

			verify_error=X509_V_OK;

			verify_error=X509_V_OK;

			}

			}

extern int verify_depth;

extern int verify_depth;

extern int verify_error;

extern int verify_error;

extern int verify_return_error;

#ifdef FIONBIO

#ifdef FIONBIO

static int c_nbio=0;

static int c_nbio=0;

			vflags |= X509_V_FLAG_CRL_CHECK;

			vflags |= X509_V_FLAG_CRL_CHECK;

		else if	(strcmp(*argv,"-crl_check_all") == 0)

		else if	(strcmp(*argv,"-crl_check_all") == 0)

			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

		else if (strcmp(*argv,"-verify_return_error") == 0)

			verify_return_error = 1;

		else if	(strcmp(*argv,"-prexit") == 0)

		else if	(strcmp(*argv,"-prexit") == 0)

			prexit=1;

			prexit=1;

		else if	(strcmp(*argv,"-crlf") == 0)

		else if	(strcmp(*argv,"-crlf") == 0)

#undef PROG

#undef PROG

#define PROG		s_server_main

#define PROG		s_server_main

extern int verify_depth;

extern int verify_depth, verify_return_error;

static char *cipher=NULL;

static char *cipher=NULL;

static int s_server_verify=SSL_VERIFY_NONE;

static int s_server_verify=SSL_VERIFY_NONE;

			{

			{

			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

			}

			}

		else if (strcmp(*argv,"-verify_return_error") == 0)

			verify_return_error = 1;

		else if	(strcmp(*argv,"-serverpref") == 0)

		else if	(strcmp(*argv,"-serverpref") == 0)

			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }

			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }

		else if	(strcmp(*argv,"-cipher") == 0)

		else if	(strcmp(*argv,"-cipher") == 0)

#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))

#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))

#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))

#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))

#define sk_BY_DIR_ENTRY_new(st) SKM_sk_new(BY_DIR_ENTRY, (st))

#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY)

#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st))

#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st))

#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i))

#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val))

#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st))

#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val))

#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val))

#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val))

#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val))

#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i))

#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr))

#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i))

#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp))

#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st)

#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func))

#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st))

#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st))

#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st))

#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st))

#define sk_BY_DIR_HASH_new(st) SKM_sk_new(BY_DIR_HASH, (st))

#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH)

#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st))

#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st))

#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i))

#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val))

#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st))

#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val))

#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val))

#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val))

#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val))

#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i))

#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr))

#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i))

#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp))

#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st)

#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func))

#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st))

#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st))

#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st))

#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st))

#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))

#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))

#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)

#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)

#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))

#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))