Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 acc00492 编写于 作者: F FdaSilvaYY 提交者: Richard Levitte
浏览文件
操作

Pack globals variables used to control apps/verify_callback() 

  into a structure , to avoid any accident .

Plus some few cleanups
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 e7932c1e
隐藏空白更改
内联 并排
Showing with 41 addition and 52 deletion
apps/apps.h
浏览文件 @ acc00492
......@@ -551,11 +551,14 @@ int raw_write_stdout(const void *, int);
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
/* this is an accident waiting to happen (-Wshadow is your friend) */
extern int verify_depth;
extern int verify_quiet;
extern int verify_error;
extern int verify_return_error;
typedef struct verify_options_st {
int depth;
int quiet;
int error;
int return_error;
} VERIFY_CB_ARGS;
extern VERIFY_CB_ARGS verify_args;
# include "progs.h"
......
apps/s_cb.c
浏览文件 @ acc00492
......@@ -26,10 +26,8 @@
#define COOKIE_SECRET_LENGTH 16
int verify_depth = 0;
int verify_quiet = 0;
int verify_error = X509_V_OK;
int verify_return_error = 0;
VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
#ifndef OPENSSL_NO_SOCK
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
static int cookie_initialized = 0;
......@@ -52,7 +50,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
if (!verify_quiet || !ok) {
if (!verify_args.quiet || !ok) {
BIO_printf(bio_err, "depth=%d ", depth);
if (err_cert) {
X509_NAME_print_ex(bio_err,
......@@ -65,13 +63,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
if (verify_depth >= depth) {
if (!verify_return_error)
if (verify_args.depth >= depth) {
if (!verify_args.return_error)
ok = 1;
verify_error = err;
verify_args.error = err;
} else {
ok = 0;
verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
switch (err) {
......@@ -94,13 +92,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
BIO_printf(bio_err, "\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
if (!verify_quiet)
if (!verify_args.quiet)
policies_print(ctx);
break;
}
if (err == X509_V_OK && ok == 2 && !verify_quiet)
if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
policies_print(ctx);
if (ok && !verify_quiet)
if (ok && !verify_args.quiet)
BIO_printf(bio_err, "verify return:%d\n", ok);
return (ok);
}
......
apps/s_client.c
浏览文件 @ acc00492
......@@ -83,11 +83,6 @@ typedef unsigned int u_int;
#define BUFSIZZ 1024*8
#define S_CLIENT_IRC_READ_TIMEOUT 8
extern int verify_depth;
extern int verify_error;
extern int verify_return_error;
extern int verify_quiet;
static char *prog;
static int c_nbio = 0;
static int c_tlsextdebug = 0;
......@@ -879,12 +874,7 @@ int s_client_main(int argc, char **argv)
c_msg = 0;
c_showcerts = 0;
c_nbio = 0;
verify_depth = 0;
verify_error = X509_V_OK;
vpm = X509_VERIFY_PARAM_new();
cbuf = app_malloc(BUFSIZZ, "cbuf");
sbuf = app_malloc(BUFSIZZ, "sbuf");
mbuf = app_malloc(BUFSIZZ, "mbuf");
cctx = SSL_CONF_CTX_new();
if (vpm == NULL || cctx == NULL) {
......@@ -892,6 +882,10 @@ int s_client_main(int argc, char **argv)
goto end;
}
cbuf = app_malloc(BUFSIZZ, "cbuf");
sbuf = app_malloc(BUFSIZZ, "sbuf");
mbuf = app_malloc(BUFSIZZ, "mbuf");
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
prog = opt_init(argc, argv, s_client_options);
......@@ -975,9 +969,9 @@ int s_client_main(int argc, char **argv)
break;
case OPT_VERIFY:
verify = SSL_VERIFY_PEER;
verify_depth = atoi(opt_arg());
verify_args.depth = atoi(opt_arg());
if (!c_quiet)
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_CERT:
cert_file = opt_arg();
......@@ -1003,13 +997,13 @@ int s_client_main(int argc, char **argv)
goto opthelp;
break;
case OPT_VERIFY_RET_ERROR:
verify_return_error = 1;
verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
verify_quiet = 1;
verify_args.quiet = 1;
break;
case OPT_BRIEF:
c_brief = verify_quiet = c_quiet = 1;
c_brief = verify_args.quiet = c_quiet = 1;
break;
case OPT_S_CASES:
if (ssl_args == NULL)
......
apps/s_server.c
浏览文件 @ acc00492
......@@ -44,6 +44,7 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/async.h>
#include <openssl/ssl.h>
#include <openssl/e_os2.h>
......@@ -112,7 +113,6 @@ static int accept_socket = -1;
#define TEST_CERT "server.pem"
#define TEST_CERT2 "server2.pem"
extern int verify_depth, verify_return_error, verify_quiet;
static int s_server_verify = SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */
......@@ -272,7 +272,6 @@ err:
static void s_server_init(void)
{
accept_socket = -1;
verify_depth = 0;
s_server_verify = SSL_VERIFY_NONE;
s_dcert_file = NULL;
s_dkey_file = NULL;
......@@ -1078,19 +1077,19 @@ int s_server_main(int argc, char *argv[])
break;
case OPT_VERIFY:
s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
verify_depth = atoi(opt_arg());
verify_args.depth = atoi(opt_arg());
if (!s_quiet)
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_UPPER_V_VERIFY:
s_server_verify =
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
SSL_VERIFY_CLIENT_ONCE;
verify_depth = atoi(opt_arg());
verify_args.depth = atoi(opt_arg());
if (!s_quiet)
BIO_printf(bio_err,
"verify depth is %d, must return a certificate\n",
verify_depth);
verify_args.depth);
break;
case OPT_CONTEXT:
context = (unsigned char *)opt_arg();
......@@ -1194,10 +1193,10 @@ int s_server_main(int argc, char *argv[])
goto end;
break;
case OPT_VERIFY_RET_ERROR:
verify_return_error = 1;
verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
verify_quiet = 1;
verify_args.quiet = 1;
break;
case OPT_BUILD_CHAIN:
build_chain = 1;
......@@ -1281,7 +1280,7 @@ int s_server_main(int argc, char *argv[])
s_quiet = 1;
break;
case OPT_BRIEF:
s_quiet = s_brief = verify_quiet = 1;
s_quiet = s_brief = verify_args.quiet = 1;
break;
case OPT_NO_DHE:
#ifndef OPENSSL_NO_DH
......@@ -3042,8 +3041,8 @@ static int rev_body(int s, int stype, unsigned char *context)
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
if (context
&& !SSL_set_session_id_context(con, context, strlen((char *)context))) {
ERR_print_errors(bio_err);
goto err;
}
......
apps/s_time.c
浏览文件 @ acc00492
......@@ -50,9 +50,6 @@
#define SECONDS 30
#define SECONDSSTR "30"
extern int verify_depth;
extern int verify_error;
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
......@@ -116,8 +113,6 @@ int s_time_main(int argc, char **argv)
size_t buf_size;
meth = TLS_client_method();
verify_depth = 0;
verify_error = X509_V_OK;
prog = opt_init(argc, argv, s_time_options);
while ((o = opt_next()) != OPT_EOF) {
......@@ -141,10 +136,10 @@ int s_time_main(int argc, char **argv)
perform = 1;
break;
case OPT_VERIFY:
if (!opt_int(opt_arg(), &verify_depth))
if (!opt_int(opt_arg(), &verify_args.depth))
goto opthelp;
BIO_printf(bio_err, "%s: verify depth is %d\n",
prog, verify_depth);
prog, verify_args.depth);
break;
case OPT_CERT:
certfile = opt_arg();
......@@ -415,9 +410,9 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
}
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
if (verify_error != X509_V_OK)
if (verify_args.error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
X509_verify_cert_error_string(verify_error));
X509_verify_cert_error_string(verify_args.error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册