generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add code to download CRLs based on CRLDP extension.

Browse Source 
Just a sample, real world applications would have to be cleverer.
This commit is contained in:
Dr. Stephen Henson
2012-12-06 18:43:40 +00:00
parent f5a7d5b164
commit 0090a686c0
8 changed files with 113 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/s_client.c
View File

@@ -635,6 +635,7 @@ int MAIN(int argc, char **argv)
char *crl_file = NULL;
int crl_format = FORMAT_PEM;
int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
meth=SSLv23_client_method();
@@ -711,6 +712,8 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
crl_file= *(++argv);
}
else if (strcmp(*argv,"-crl_download") == 0)
crl_download = 1;
else if (strcmp(*argv,"-sess_out") == 0)
{
if (--argc < 1) goto bad;
@@ -1192,7 +1195,8 @@ bad:
goto end;
}
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download))
{
BIO_printf(bio_err, "Error loading store locations\n");
ERR_print_errors(bio_err);
@@ -1254,7 +1258,7 @@ bad:
/* goto end; */
}
ssl_ctx_add_crls(ctx, crls);
ssl_ctx_add_crls(ctx, crls, crl_download);
if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
goto end;