Commit acc00492 authored by FdaSilvaYY's avatar FdaSilvaYY Committed by Richard Levitte
Browse files

Pack globals variables used to control apps/verify_callback() 



  into a structure , to avoid any accident .

Plus some few cleanups

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent e7932c1e

apps/apps.h

+8 −5
Original line number Diff line number Diff line
@@ -551,11 +551,14 @@ int raw_write_stdout(const void *, int); 
# define TM_STOP         1

double app_tminterval(int stop, int usertime);



/* this is an accident waiting to happen (-Wshadow is your friend) */

extern int verify_depth;

extern int verify_quiet;

extern int verify_error;

extern int verify_return_error;

typedef struct verify_options_st {

    int depth;

    int quiet;

    int error;

    int return_error;

} VERIFY_CB_ARGS;



extern VERIFY_CB_ARGS verify_args;



# include "progs.h"

apps/s_cb.c

+10 −12
Original line number Diff line number Diff line
@@ -26,10 +26,8 @@ 


#define COOKIE_SECRET_LENGTH    16



int verify_depth = 0;

int verify_quiet = 0;

int verify_error = X509_V_OK;

int verify_return_error = 0;

VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };



#ifndef OPENSSL_NO_SOCK

static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];

static int cookie_initialized = 0;
@@ -52,7 +50,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) 
    err = X509_STORE_CTX_get_error(ctx);

    depth = X509_STORE_CTX_get_error_depth(ctx);



    if (!verify_quiet || !ok) {

    if (!verify_args.quiet || !ok) {

        BIO_printf(bio_err, "depth=%d ", depth);

        if (err_cert) {

            X509_NAME_print_ex(bio_err,
@@ -65,13 +63,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) 
    if (!ok) {

        BIO_printf(bio_err, "verify error:num=%d:%s\n", err,

                   X509_verify_cert_error_string(err));

        if (verify_depth >= depth) {

            if (!verify_return_error)

        if (verify_args.depth >= depth) {

            if (!verify_args.return_error)

                ok = 1;

            verify_error = err;

            verify_args.error = err;

        } else {

            ok = 0;

            verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;

            verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;

        }

    }

    switch (err) {
@@ -94,13 +92,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) 
        BIO_printf(bio_err, "\n");

        break;

    case X509_V_ERR_NO_EXPLICIT_POLICY:

        if (!verify_quiet)

        if (!verify_args.quiet)

            policies_print(ctx);

        break;

    }

    if (err == X509_V_OK && ok == 2 && !verify_quiet)

    if (err == X509_V_OK && ok == 2 && !verify_args.quiet)

        policies_print(ctx);

    if (ok && !verify_quiet)

    if (ok && !verify_args.quiet)

        BIO_printf(bio_err, "verify return:%d\n", ok);

    return (ok);

}

apps/s_client.c

+9 −15
Original line number Diff line number Diff line
@@ -83,11 +83,6 @@ typedef unsigned int u_int; 
#define BUFSIZZ 1024*8

#define S_CLIENT_IRC_READ_TIMEOUT 8



extern int verify_depth;

extern int verify_error;

extern int verify_return_error;

extern int verify_quiet;



static char *prog;

static int c_nbio = 0;

static int c_tlsextdebug = 0;
@@ -879,12 +874,7 @@ int s_client_main(int argc, char **argv) 
    c_msg = 0;

    c_showcerts = 0;

    c_nbio = 0;

    verify_depth = 0;

    verify_error = X509_V_OK;

    vpm = X509_VERIFY_PARAM_new();

    cbuf = app_malloc(BUFSIZZ, "cbuf");

    sbuf = app_malloc(BUFSIZZ, "sbuf");

    mbuf = app_malloc(BUFSIZZ, "mbuf");

    cctx = SSL_CONF_CTX_new();



    if (vpm == NULL || cctx == NULL) {
@@ -892,6 +882,10 @@ int s_client_main(int argc, char **argv) 
        goto end;

    }



    cbuf = app_malloc(BUFSIZZ, "cbuf");

    sbuf = app_malloc(BUFSIZZ, "sbuf");

    mbuf = app_malloc(BUFSIZZ, "mbuf");



    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);



    prog = opt_init(argc, argv, s_client_options);
@@ -975,9 +969,9 @@ int s_client_main(int argc, char **argv) 
            break;

        case OPT_VERIFY:

            verify = SSL_VERIFY_PEER;

            verify_depth = atoi(opt_arg());

            verify_args.depth = atoi(opt_arg());

            if (!c_quiet)

                BIO_printf(bio_err, "verify depth is %d\n", verify_depth);

                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);

            break;

        case OPT_CERT:

            cert_file = opt_arg();
@@ -1003,13 +997,13 @@ int s_client_main(int argc, char **argv) 
                goto opthelp;

            break;

        case OPT_VERIFY_RET_ERROR:

            verify_return_error = 1;

            verify_args.return_error = 1;

            break;

        case OPT_VERIFY_QUIET:

            verify_quiet = 1;

            verify_args.quiet = 1;

            break;

        case OPT_BRIEF:

            c_brief = verify_quiet = c_quiet = 1;

            c_brief = verify_args.quiet = c_quiet = 1;

            break;

        case OPT_S_CASES:

            if (ssl_args == NULL)

apps/s_server.c

+10 −11
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ 
#include <stdlib.h>

#include <string.h>

#include <openssl/async.h>

#include <openssl/ssl.h>



#include <openssl/e_os2.h>
@@ -112,7 +113,6 @@ static int accept_socket = -1; 
#define TEST_CERT       "server.pem"

#define TEST_CERT2      "server2.pem"



extern int verify_depth, verify_return_error, verify_quiet;



static int s_server_verify = SSL_VERIFY_NONE;

static int s_server_session_id_context = 1; /* anything will do */
@@ -272,7 +272,6 @@ err: 
static void s_server_init(void)

{

    accept_socket = -1;

    verify_depth = 0;

    s_server_verify = SSL_VERIFY_NONE;

    s_dcert_file = NULL;

    s_dkey_file = NULL;
@@ -1078,19 +1077,19 @@ int s_server_main(int argc, char *argv[]) 
            break;

        case OPT_VERIFY:

            s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;

            verify_depth = atoi(opt_arg());

            verify_args.depth = atoi(opt_arg());

            if (!s_quiet)

                BIO_printf(bio_err, "verify depth is %d\n", verify_depth);

                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);

            break;

        case OPT_UPPER_V_VERIFY:

            s_server_verify =

                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |

                SSL_VERIFY_CLIENT_ONCE;

            verify_depth = atoi(opt_arg());

            verify_args.depth = atoi(opt_arg());

            if (!s_quiet)

                BIO_printf(bio_err,

                           "verify depth is %d, must return a certificate\n",

                           verify_depth);

                           verify_args.depth);

            break;

        case OPT_CONTEXT:

            context = (unsigned char *)opt_arg();
@@ -1194,10 +1193,10 @@ int s_server_main(int argc, char *argv[]) 
                goto end;

            break;

        case OPT_VERIFY_RET_ERROR:

            verify_return_error = 1;

            verify_args.return_error = 1;

            break;

        case OPT_VERIFY_QUIET:

            verify_quiet = 1;

            verify_args.quiet = 1;

            break;

        case OPT_BUILD_CHAIN:

            build_chain = 1;
@@ -1281,7 +1280,7 @@ int s_server_main(int argc, char *argv[]) 
            s_quiet = 1;

            break;

        case OPT_BRIEF:

            s_quiet = s_brief = verify_quiet = 1;

            s_quiet = s_brief = verify_args.quiet = 1;

            break;

        case OPT_NO_DHE:

#ifndef OPENSSL_NO_DH
@@ -3042,8 +3041,8 @@ static int rev_body(int s, int stype, unsigned char *context) 
        SSL_set_tlsext_debug_callback(con, tlsext_cb);

        SSL_set_tlsext_debug_arg(con, bio_s_out);

    }

    if (context && !SSL_set_session_id_context(con, context,

                        strlen((char *)context))) {

    if (context 

        && !SSL_set_session_id_context(con, context, strlen((char *)context))) {

        ERR_print_errors(bio_err);

        goto err;

    }

apps/s_time.c

+4 −9
Original line number Diff line number Diff line
@@ -50,9 +50,6 @@ 
#define SECONDS 30

#define SECONDSSTR "30"



extern int verify_depth;

extern int verify_error;



static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);



static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
@@ -116,8 +113,6 @@ int s_time_main(int argc, char **argv) 
    size_t buf_size;



    meth = TLS_client_method();

    verify_depth = 0;

    verify_error = X509_V_OK;



    prog = opt_init(argc, argv, s_time_options);

    while ((o = opt_next()) != OPT_EOF) {
@@ -141,10 +136,10 @@ int s_time_main(int argc, char **argv) 
            perform = 1;

            break;

        case OPT_VERIFY:

            if (!opt_int(opt_arg(), &verify_depth))

            if (!opt_int(opt_arg(), &verify_args.depth))

                goto opthelp;

            BIO_printf(bio_err, "%s: verify depth is %d\n",

                       prog, verify_depth);

                       prog, verify_args.depth);

            break;

        case OPT_CERT:

            certfile = opt_arg();
@@ -415,9 +410,9 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) 
    }

    if (i <= 0) {

        BIO_printf(bio_err, "ERROR\n");

        if (verify_error != X509_V_OK)

        if (verify_args.error != X509_V_OK)

            BIO_printf(bio_err, "verify error:%s\n",

                       X509_verify_cert_error_string(verify_error));

                       X509_verify_cert_error_string(verify_args.error));

        else

            ERR_print_errors(bio_err);

        if (scon == NULL)