Don't display messages about verify depth in s_server if -quiet it set.

Add support for separate verify and chain stores in s_client.
2012-11-23 18:56:25 +00:00
parent 20b431e3a9
commit a5afc0a8f4
4 changed files with 65 additions and 44 deletions
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1671,3 +1671,32 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
 		}
 	return 1;
 	}
+
+int ssl_load_stores(SSL_CTX *ctx,
+			const char *vfyCApath, const char *vfyCAfile,
+			const char *chCApath, const char *chCAfile)
+	{
+	X509_STORE *vfy = NULL, *ch = NULL;
+	int rv = 0;
+	if (vfyCApath || vfyCAfile)
+		{
+		vfy = X509_STORE_new();
+		if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
+			goto err;
+		SSL_CTX_set1_verify_cert_store(ctx, vfy);
+		}
+	if (chCApath || chCAfile)
+		{
+		ch = X509_STORE_new();
+		if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
+			goto err;
+		SSL_CTX_set1_chain_cert_store(ctx, ch);
+		}
+	rv = 1;
+	err:
+	if (vfy)
+		X509_STORE_free(vfy);
+	if (ch)
+		X509_STORE_free(ch);
+	return rv;
+	}