Pack globals variables used to control apps/verify_callback()

  into a structure , to avoid any accident .

Plus some few cleanups
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

apps/apps.h

@@ -551,11 +551,14 @@ int raw_write_stdout(const void *, int);
 # define TM_STOP         1
 double app_tminterval(int stop, int usertime);
 
-/* this is an accident waiting to happen (-Wshadow is your friend) */
-extern int verify_depth;
-extern int verify_quiet;
-extern int verify_error;
-extern int verify_return_error;
+typedef struct verify_options_st {
+    int depth;
+    int quiet;
+    int error;
+    int return_error;
+} VERIFY_CB_ARGS;
+
+extern VERIFY_CB_ARGS verify_args;
 
 # include "progs.h"
 

apps/s_cb.c

@@ -26,10 +26,8 @@
 
 #define COOKIE_SECRET_LENGTH    16
 
-int verify_depth = 0;
-int verify_quiet = 0;
-int verify_error = X509_V_OK;
-int verify_return_error = 0;
+VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+
 #ifndef OPENSSL_NO_SOCK
 static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
 static int cookie_initialized = 0;
@@ -52,7 +50,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
     err = X509_STORE_CTX_get_error(ctx);
     depth = X509_STORE_CTX_get_error_depth(ctx);
 
-    if (!verify_quiet || !ok) {
+    if (!verify_args.quiet || !ok) {
         BIO_printf(bio_err, "depth=%d ", depth);
         if (err_cert) {
             X509_NAME_print_ex(bio_err,
@@ -65,13 +63,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
     if (!ok) {
         BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
                    X509_verify_cert_error_string(err));
-        if (verify_depth >= depth) {
-            if (!verify_return_error)
+        if (verify_args.depth >= depth) {
+            if (!verify_args.return_error)
                 ok = 1;
-            verify_error = err;
+            verify_args.error = err;
         } else {
             ok = 0;
-            verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+            verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
         }
     }
     switch (err) {
@@ -94,13 +92,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
         BIO_printf(bio_err, "\n");
         break;
     case X509_V_ERR_NO_EXPLICIT_POLICY:
-        if (!verify_quiet)
+        if (!verify_args.quiet)
             policies_print(ctx);
         break;
     }
-    if (err == X509_V_OK && ok == 2 && !verify_quiet)
+    if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
         policies_print(ctx);
-    if (ok && !verify_quiet)
+    if (ok && !verify_args.quiet)
         BIO_printf(bio_err, "verify return:%d\n", ok);
     return (ok);
 }

apps/s_client.c

@@ -83,11 +83,6 @@ typedef unsigned int u_int;
 #define BUFSIZZ 1024*8
 #define S_CLIENT_IRC_READ_TIMEOUT 8
 
-extern int verify_depth;
-extern int verify_error;
-extern int verify_return_error;
-extern int verify_quiet;
-
 static char *prog;
 static int c_nbio = 0;
 static int c_tlsextdebug = 0;
@@ -879,12 +874,7 @@ int s_client_main(int argc, char **argv)
     c_msg = 0;
     c_showcerts = 0;
     c_nbio = 0;
-    verify_depth = 0;
-    verify_error = X509_V_OK;
     vpm = X509_VERIFY_PARAM_new();
-    cbuf = app_malloc(BUFSIZZ, "cbuf");
-    sbuf = app_malloc(BUFSIZZ, "sbuf");
-    mbuf = app_malloc(BUFSIZZ, "mbuf");
     cctx = SSL_CONF_CTX_new();
 
     if (vpm == NULL || cctx == NULL) {
@@ -892,6 +882,10 @@ int s_client_main(int argc, char **argv)
         goto end;
     }
 
+    cbuf = app_malloc(BUFSIZZ, "cbuf");
+    sbuf = app_malloc(BUFSIZZ, "sbuf");
+    mbuf = app_malloc(BUFSIZZ, "mbuf");
+
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
 
     prog = opt_init(argc, argv, s_client_options);
@@ -975,9 +969,9 @@ int s_client_main(int argc, char **argv)
             break;
         case OPT_VERIFY:
             verify = SSL_VERIFY_PEER;
-            verify_depth = atoi(opt_arg());
+            verify_args.depth = atoi(opt_arg());
             if (!c_quiet)
-                BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
             break;
         case OPT_CERT:
             cert_file = opt_arg();
@@ -1003,13 +997,13 @@ int s_client_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_VERIFY_RET_ERROR:
-            verify_return_error = 1;
+            verify_args.return_error = 1;
             break;
         case OPT_VERIFY_QUIET:
-            verify_quiet = 1;
+            verify_args.quiet = 1;
             break;
         case OPT_BRIEF:
-            c_brief = verify_quiet = c_quiet = 1;
+            c_brief = verify_args.quiet = c_quiet = 1;
             break;
         case OPT_S_CASES:
             if (ssl_args == NULL)

apps/s_server.c

@@ -44,6 +44,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/async.h>
+#include <openssl/ssl.h>
 
 #include <openssl/e_os2.h>
 
@@ -112,7 +113,6 @@ static int accept_socket = -1;
 #define TEST_CERT       "server.pem"
 #define TEST_CERT2      "server2.pem"
 
-extern int verify_depth, verify_return_error, verify_quiet;
 
 static int s_server_verify = SSL_VERIFY_NONE;
 static int s_server_session_id_context = 1; /* anything will do */
@@ -272,7 +272,6 @@ err:
 static void s_server_init(void)
 {
     accept_socket = -1;
-    verify_depth = 0;
     s_server_verify = SSL_VERIFY_NONE;
     s_dcert_file = NULL;
     s_dkey_file = NULL;
@@ -1078,19 +1077,19 @@ int s_server_main(int argc, char *argv[])
             break;
         case OPT_VERIFY:
             s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
-            verify_depth = atoi(opt_arg());
+            verify_args.depth = atoi(opt_arg());
             if (!s_quiet)
-                BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
             break;
         case OPT_UPPER_V_VERIFY:
             s_server_verify =
                 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
                 SSL_VERIFY_CLIENT_ONCE;
-            verify_depth = atoi(opt_arg());
+            verify_args.depth = atoi(opt_arg());
             if (!s_quiet)
                 BIO_printf(bio_err,
                            "verify depth is %d, must return a certificate\n",
-                           verify_depth);
+                           verify_args.depth);
             break;
         case OPT_CONTEXT:
             context = (unsigned char *)opt_arg();
@@ -1194,10 +1193,10 @@ int s_server_main(int argc, char *argv[])
                 goto end;
             break;
         case OPT_VERIFY_RET_ERROR:
-            verify_return_error = 1;
+            verify_args.return_error = 1;
             break;
         case OPT_VERIFY_QUIET:
-            verify_quiet = 1;
+            verify_args.quiet = 1;
             break;
         case OPT_BUILD_CHAIN:
             build_chain = 1;
@@ -1281,7 +1280,7 @@ int s_server_main(int argc, char *argv[])
             s_quiet = 1;
             break;
         case OPT_BRIEF:
-            s_quiet = s_brief = verify_quiet = 1;
+            s_quiet = s_brief = verify_args.quiet = 1;
             break;
         case OPT_NO_DHE:
 #ifndef OPENSSL_NO_DH
@@ -3042,8 +3041,8 @@ static int rev_body(int s, int stype, unsigned char *context)
         SSL_set_tlsext_debug_callback(con, tlsext_cb);
         SSL_set_tlsext_debug_arg(con, bio_s_out);
     }
-    if (context && !SSL_set_session_id_context(con, context,
-                        strlen((char *)context))) {
+    if (context 
+        && !SSL_set_session_id_context(con, context, strlen((char *)context))) {
         ERR_print_errors(bio_err);
         goto err;
     }

apps/s_time.c

@@ -50,9 +50,6 @@
 #define SECONDS 30
 #define SECONDSSTR "30"
 
-extern int verify_depth;
-extern int verify_error;
-
 static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
 
 static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
@@ -116,8 +113,6 @@ int s_time_main(int argc, char **argv)
     size_t buf_size;
 
     meth = TLS_client_method();
-    verify_depth = 0;
-    verify_error = X509_V_OK;
 
     prog = opt_init(argc, argv, s_time_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -141,10 +136,10 @@ int s_time_main(int argc, char **argv)
             perform = 1;
             break;
         case OPT_VERIFY:
-            if (!opt_int(opt_arg(), &verify_depth))
+            if (!opt_int(opt_arg(), &verify_args.depth))
                 goto opthelp;
             BIO_printf(bio_err, "%s: verify depth is %d\n",
-                       prog, verify_depth);
+                       prog, verify_args.depth);
             break;
         case OPT_CERT:
             certfile = opt_arg();
@@ -415,9 +410,9 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
     }
     if (i <= 0) {
         BIO_printf(bio_err, "ERROR\n");
-        if (verify_error != X509_V_OK)
+        if (verify_args.error != X509_V_OK)
             BIO_printf(bio_err, "verify error:%s\n",
-                       X509_verify_cert_error_string(verify_error));
+                       X509_verify_cert_error_string(verify_args.error));
         else
             ERR_print_errors(bio_err);
         if (scon == NULL)