提交 acc00492 编写于 作者: F FdaSilvaYY 提交者: Richard Levitte

Pack globals variables used to control apps/verify_callback()

  into a structure , to avoid any accident .

Plus some few cleanups
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 e7932c1e
...@@ -551,11 +551,14 @@ int raw_write_stdout(const void *, int); ...@@ -551,11 +551,14 @@ int raw_write_stdout(const void *, int);
# define TM_STOP 1 # define TM_STOP 1
double app_tminterval(int stop, int usertime); double app_tminterval(int stop, int usertime);
/* this is an accident waiting to happen (-Wshadow is your friend) */ typedef struct verify_options_st {
extern int verify_depth; int depth;
extern int verify_quiet; int quiet;
extern int verify_error; int error;
extern int verify_return_error; int return_error;
} VERIFY_CB_ARGS;
extern VERIFY_CB_ARGS verify_args;
# include "progs.h" # include "progs.h"
......
...@@ -26,10 +26,8 @@ ...@@ -26,10 +26,8 @@
#define COOKIE_SECRET_LENGTH 16 #define COOKIE_SECRET_LENGTH 16
int verify_depth = 0; VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
int verify_quiet = 0;
int verify_error = X509_V_OK;
int verify_return_error = 0;
#ifndef OPENSSL_NO_SOCK #ifndef OPENSSL_NO_SOCK
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
static int cookie_initialized = 0; static int cookie_initialized = 0;
...@@ -52,7 +50,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) ...@@ -52,7 +50,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
err = X509_STORE_CTX_get_error(ctx); err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx); depth = X509_STORE_CTX_get_error_depth(ctx);
if (!verify_quiet || !ok) { if (!verify_args.quiet || !ok) {
BIO_printf(bio_err, "depth=%d ", depth); BIO_printf(bio_err, "depth=%d ", depth);
if (err_cert) { if (err_cert) {
X509_NAME_print_ex(bio_err, X509_NAME_print_ex(bio_err,
...@@ -65,13 +63,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) ...@@ -65,13 +63,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
if (!ok) { if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err, BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err)); X509_verify_cert_error_string(err));
if (verify_depth >= depth) { if (verify_args.depth >= depth) {
if (!verify_return_error) if (!verify_args.return_error)
ok = 1; ok = 1;
verify_error = err; verify_args.error = err;
} else { } else {
ok = 0; ok = 0;
verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
} }
} }
switch (err) { switch (err) {
...@@ -94,13 +92,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) ...@@ -94,13 +92,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
break; break;
case X509_V_ERR_NO_EXPLICIT_POLICY: case X509_V_ERR_NO_EXPLICIT_POLICY:
if (!verify_quiet) if (!verify_args.quiet)
policies_print(ctx); policies_print(ctx);
break; break;
} }
if (err == X509_V_OK && ok == 2 && !verify_quiet) if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
policies_print(ctx); policies_print(ctx);
if (ok && !verify_quiet) if (ok && !verify_args.quiet)
BIO_printf(bio_err, "verify return:%d\n", ok); BIO_printf(bio_err, "verify return:%d\n", ok);
return (ok); return (ok);
} }
......
...@@ -83,11 +83,6 @@ typedef unsigned int u_int; ...@@ -83,11 +83,6 @@ typedef unsigned int u_int;
#define BUFSIZZ 1024*8 #define BUFSIZZ 1024*8
#define S_CLIENT_IRC_READ_TIMEOUT 8 #define S_CLIENT_IRC_READ_TIMEOUT 8
extern int verify_depth;
extern int verify_error;
extern int verify_return_error;
extern int verify_quiet;
static char *prog; static char *prog;
static int c_nbio = 0; static int c_nbio = 0;
static int c_tlsextdebug = 0; static int c_tlsextdebug = 0;
...@@ -879,12 +874,7 @@ int s_client_main(int argc, char **argv) ...@@ -879,12 +874,7 @@ int s_client_main(int argc, char **argv)
c_msg = 0; c_msg = 0;
c_showcerts = 0; c_showcerts = 0;
c_nbio = 0; c_nbio = 0;
verify_depth = 0;
verify_error = X509_V_OK;
vpm = X509_VERIFY_PARAM_new(); vpm = X509_VERIFY_PARAM_new();
cbuf = app_malloc(BUFSIZZ, "cbuf");
sbuf = app_malloc(BUFSIZZ, "sbuf");
mbuf = app_malloc(BUFSIZZ, "mbuf");
cctx = SSL_CONF_CTX_new(); cctx = SSL_CONF_CTX_new();
if (vpm == NULL || cctx == NULL) { if (vpm == NULL || cctx == NULL) {
...@@ -892,6 +882,10 @@ int s_client_main(int argc, char **argv) ...@@ -892,6 +882,10 @@ int s_client_main(int argc, char **argv)
goto end; goto end;
} }
cbuf = app_malloc(BUFSIZZ, "cbuf");
sbuf = app_malloc(BUFSIZZ, "sbuf");
mbuf = app_malloc(BUFSIZZ, "mbuf");
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
prog = opt_init(argc, argv, s_client_options); prog = opt_init(argc, argv, s_client_options);
...@@ -975,9 +969,9 @@ int s_client_main(int argc, char **argv) ...@@ -975,9 +969,9 @@ int s_client_main(int argc, char **argv)
break; break;
case OPT_VERIFY: case OPT_VERIFY:
verify = SSL_VERIFY_PEER; verify = SSL_VERIFY_PEER;
verify_depth = atoi(opt_arg()); verify_args.depth = atoi(opt_arg());
if (!c_quiet) if (!c_quiet)
BIO_printf(bio_err, "verify depth is %d\n", verify_depth); BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break; break;
case OPT_CERT: case OPT_CERT:
cert_file = opt_arg(); cert_file = opt_arg();
...@@ -1003,13 +997,13 @@ int s_client_main(int argc, char **argv) ...@@ -1003,13 +997,13 @@ int s_client_main(int argc, char **argv)
goto opthelp; goto opthelp;
break; break;
case OPT_VERIFY_RET_ERROR: case OPT_VERIFY_RET_ERROR:
verify_return_error = 1; verify_args.return_error = 1;
break; break;
case OPT_VERIFY_QUIET: case OPT_VERIFY_QUIET:
verify_quiet = 1; verify_args.quiet = 1;
break; break;
case OPT_BRIEF: case OPT_BRIEF:
c_brief = verify_quiet = c_quiet = 1; c_brief = verify_args.quiet = c_quiet = 1;
break; break;
case OPT_S_CASES: case OPT_S_CASES:
if (ssl_args == NULL) if (ssl_args == NULL)
......
...@@ -44,6 +44,7 @@ ...@@ -44,6 +44,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <openssl/async.h> #include <openssl/async.h>
#include <openssl/ssl.h>
#include <openssl/e_os2.h> #include <openssl/e_os2.h>
...@@ -112,7 +113,6 @@ static int accept_socket = -1; ...@@ -112,7 +113,6 @@ static int accept_socket = -1;
#define TEST_CERT "server.pem" #define TEST_CERT "server.pem"
#define TEST_CERT2 "server2.pem" #define TEST_CERT2 "server2.pem"
extern int verify_depth, verify_return_error, verify_quiet;
static int s_server_verify = SSL_VERIFY_NONE; static int s_server_verify = SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */ static int s_server_session_id_context = 1; /* anything will do */
...@@ -272,7 +272,6 @@ err: ...@@ -272,7 +272,6 @@ err:
static void s_server_init(void) static void s_server_init(void)
{ {
accept_socket = -1; accept_socket = -1;
verify_depth = 0;
s_server_verify = SSL_VERIFY_NONE; s_server_verify = SSL_VERIFY_NONE;
s_dcert_file = NULL; s_dcert_file = NULL;
s_dkey_file = NULL; s_dkey_file = NULL;
...@@ -1078,19 +1077,19 @@ int s_server_main(int argc, char *argv[]) ...@@ -1078,19 +1077,19 @@ int s_server_main(int argc, char *argv[])
break; break;
case OPT_VERIFY: case OPT_VERIFY:
s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
verify_depth = atoi(opt_arg()); verify_args.depth = atoi(opt_arg());
if (!s_quiet) if (!s_quiet)
BIO_printf(bio_err, "verify depth is %d\n", verify_depth); BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break; break;
case OPT_UPPER_V_VERIFY: case OPT_UPPER_V_VERIFY:
s_server_verify = s_server_verify =
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
SSL_VERIFY_CLIENT_ONCE; SSL_VERIFY_CLIENT_ONCE;
verify_depth = atoi(opt_arg()); verify_args.depth = atoi(opt_arg());
if (!s_quiet) if (!s_quiet)
BIO_printf(bio_err, BIO_printf(bio_err,
"verify depth is %d, must return a certificate\n", "verify depth is %d, must return a certificate\n",
verify_depth); verify_args.depth);
break; break;
case OPT_CONTEXT: case OPT_CONTEXT:
context = (unsigned char *)opt_arg(); context = (unsigned char *)opt_arg();
...@@ -1194,10 +1193,10 @@ int s_server_main(int argc, char *argv[]) ...@@ -1194,10 +1193,10 @@ int s_server_main(int argc, char *argv[])
goto end; goto end;
break; break;
case OPT_VERIFY_RET_ERROR: case OPT_VERIFY_RET_ERROR:
verify_return_error = 1; verify_args.return_error = 1;
break; break;
case OPT_VERIFY_QUIET: case OPT_VERIFY_QUIET:
verify_quiet = 1; verify_args.quiet = 1;
break; break;
case OPT_BUILD_CHAIN: case OPT_BUILD_CHAIN:
build_chain = 1; build_chain = 1;
...@@ -1281,7 +1280,7 @@ int s_server_main(int argc, char *argv[]) ...@@ -1281,7 +1280,7 @@ int s_server_main(int argc, char *argv[])
s_quiet = 1; s_quiet = 1;
break; break;
case OPT_BRIEF: case OPT_BRIEF:
s_quiet = s_brief = verify_quiet = 1; s_quiet = s_brief = verify_args.quiet = 1;
break; break;
case OPT_NO_DHE: case OPT_NO_DHE:
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
...@@ -3042,8 +3041,8 @@ static int rev_body(int s, int stype, unsigned char *context) ...@@ -3042,8 +3041,8 @@ static int rev_body(int s, int stype, unsigned char *context)
SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out); SSL_set_tlsext_debug_arg(con, bio_s_out);
} }
if (context && !SSL_set_session_id_context(con, context, if (context
strlen((char *)context))) { && !SSL_set_session_id_context(con, context, strlen((char *)context))) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto err; goto err;
} }
......
...@@ -50,9 +50,6 @@ ...@@ -50,9 +50,6 @@
#define SECONDS 30 #define SECONDS 30
#define SECONDSSTR "30" #define SECONDSSTR "30"
extern int verify_depth;
extern int verify_error;
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n"; static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
...@@ -116,8 +113,6 @@ int s_time_main(int argc, char **argv) ...@@ -116,8 +113,6 @@ int s_time_main(int argc, char **argv)
size_t buf_size; size_t buf_size;
meth = TLS_client_method(); meth = TLS_client_method();
verify_depth = 0;
verify_error = X509_V_OK;
prog = opt_init(argc, argv, s_time_options); prog = opt_init(argc, argv, s_time_options);
while ((o = opt_next()) != OPT_EOF) { while ((o = opt_next()) != OPT_EOF) {
...@@ -141,10 +136,10 @@ int s_time_main(int argc, char **argv) ...@@ -141,10 +136,10 @@ int s_time_main(int argc, char **argv)
perform = 1; perform = 1;
break; break;
case OPT_VERIFY: case OPT_VERIFY:
if (!opt_int(opt_arg(), &verify_depth)) if (!opt_int(opt_arg(), &verify_args.depth))
goto opthelp; goto opthelp;
BIO_printf(bio_err, "%s: verify depth is %d\n", BIO_printf(bio_err, "%s: verify depth is %d\n",
prog, verify_depth); prog, verify_args.depth);
break; break;
case OPT_CERT: case OPT_CERT:
certfile = opt_arg(); certfile = opt_arg();
...@@ -415,9 +410,9 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) ...@@ -415,9 +410,9 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
} }
if (i <= 0) { if (i <= 0) {
BIO_printf(bio_err, "ERROR\n"); BIO_printf(bio_err, "ERROR\n");
if (verify_error != X509_V_OK) if (verify_args.error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n", BIO_printf(bio_err, "verify error:%s\n",
X509_verify_cert_error_string(verify_error)); X509_verify_cert_error_string(verify_args.error));
else else
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (scon == NULL) if (scon == NULL)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册