Commit dd696a55 authored by Rob Percival's avatar Rob Percival Committed by Rich Salz
Browse files

Extends s_client to allow a basic CT policy to be enabled 



Reviewed-by: default avatarBen Laurie <ben@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 98d8ddd2

apps/Makefile.in

+15 −6
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ LIBSSL=-L.. -lssl 


SCRIPTS=CA.pl tsget

EXE= openssl$(EXE_EXT)

CONFS=openssl.cnf ct_log_list.cnf



COMMANDS= \

	asn1pars.o ca.o ciphers.o cms.o crl.o crl2p7.o dgst.o dhparam.o \
@@ -92,10 +93,14 @@ install: 
	 cp $$i $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new; \

	 chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new; \

	 mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new $(DESTDIR)$(OPENSSLDIR)/misc/$$i ); \

	 done

	@cp openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new; \

	chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new; \

	mv -f  $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf

	 done;

	@set -e; for i in $(CONFS); \

	do \

	(echo installing $$i; \

	 cp $$i $(DESTDIR)$(OPENSSLDIR)/$$i.new; \

	 chmod 644 $(DESTDIR)$(OPENSSLDIR)/$$i.new; \

	 mv -f $(DESTDIR)$(OPENSSLDIR)/$$i.new $(DESTDIR)$(OPENSSLDIR)/$$i ); \

	 done;



uninstall:

	@set -e; for i in $(EXE); \
@@ -107,8 +112,12 @@ uninstall: 
	do  \

		echo $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$i; \

		$(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$i; \

	done

	$(RM) $(DESTDIR)$(OPENSSLDIR)/openssl.cnf

	done;

	@set -e; for i in $(CONFS); \

	do  \

		echo $(RM) $(DESTDIR)$(OPENSSLDIR)/$$i; \

		$(RM) $(DESTDIR)$(OPENSSLDIR)/$$i; \

	done;



generate: openssl-vms.cnf progs.h

apps/apps.c

+13 −0
Original line number Diff line number Diff line
@@ -235,6 +235,19 @@ int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, 
    return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);

}



int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)

{

    if (path == NULL) {

        if (SSL_CTX_set_default_ctlog_list_file(ctx) <= 0) {

            BIO_puts(bio_err, "Failed to load default Certificate Transparency "

                     "log list\n");

        }

        return 1; /* Do not treat failure to load the default as an error */

    }



    return SSL_CTX_set_ctlog_list_file(ctx, path);

}



int dump_cert_text(BIO *out, X509 *x)

{

    char *p;

apps/apps.h

+2 −0
Original line number Diff line number Diff line
@@ -489,6 +489,8 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, 
                         int noCAfile, int noCApath);

int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,

                             const char *CApath, int noCAfile, int noCApath);

int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);



# ifdef OPENSSL_NO_ENGINE

#  define setup_engine(engine, debug) NULL

# else

apps/ct_log_list.cnf

0 → 100644
+34 −0
Original line number Diff line number Diff line 
enabled_logs=pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi



[pilot]

description = Google Pilot Log

key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==



[aviator]

description = Google Aviator log

key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==



[rocketeer]

description = Google Rocketeer log

key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==



[digicert]

description = DigiCert Log Server

key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==



[certly]

description = Certly.IO log

key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA==



[izempe]

description = Izempe log

key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg==



[symantec]

description = Symantec log

key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg==



[venafi]

description = Venafi log

key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB

apps/s_cb.c

+1 −0
Original line number Diff line number Diff line
@@ -711,6 +711,7 @@ static STRINT_PAIR tlsext_types[] = { 
    {"heartbeat", TLSEXT_TYPE_heartbeat},

    {"session ticket", TLSEXT_TYPE_session_ticket},

    {"renegotiation info", TLSEXT_TYPE_renegotiate},

    {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},

    {"TLS padding", TLSEXT_TYPE_padding},

#ifdef TLSEXT_TYPE_next_proto_neg

    {"next protocol", TLSEXT_TYPE_next_proto_neg},