diff options
| author | Matt Caswell <matt@openssl.org> | 2015-09-22 17:00:52 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-09-25 15:49:59 +0200 |
| commit | 2b6bcb702d237171ec5217956a42c8dce031ea51 (patch) | |
| tree | 28ae33107e186389f048d4e7f0aa9a9a12ed79a2 /apps/s_time.c | |
| parent | Document the default CA path functions (diff) | |
| download | openssl-2b6bcb702d237171ec5217956a42c8dce031ea51.tar.xz openssl-2b6bcb702d237171ec5217956a42c8dce031ea51.zip | |
Add support for -no-CApath and -no-CAfile options
For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'apps/s_time.c')
| -rw-r--r-- | apps/s_time.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/apps/s_time.c b/apps/s_time.c index ef95b5ada6..91d28c209c 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -113,8 +113,8 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH, - OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, - OPT_SSL3, + OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, + OPT_VERIFY, OPT_TIME, OPT_SSL3, OPT_WWW } OPTION_CHOICE; @@ -127,6 +127,10 @@ OPTIONS s_time_options[] = { {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, + {"no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file"}, + {"no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory"}, {"new", OPT_NEW, '-', "Just time new connections"}, {"reuse", OPT_REUSE, '-', "Just time connection reuse"}, {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"}, @@ -157,6 +161,7 @@ int s_time_main(int argc, char **argv) char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *www_path = NULL; char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog; double totalTime = 0.0; + int noCApath = 0, noCAfile = 0; int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0, ver; long bytes_read = 0, finishtime = 0; @@ -208,6 +213,12 @@ int s_time_main(int argc, char **argv) case OPT_CAFILE: CAfile = opt_arg(); break; + case OPT_NOCAPATH: + noCApath = 1; + break; + case OPT_NOCAFILE: + noCAfile = 1; + break; case OPT_CIPHER: cipher = opt_arg(); break; @@ -254,7 +265,7 @@ int s_time_main(int argc, char **argv) if (!set_cert_stuff(ctx, certfile, keyfile)) goto end; - if (!ctx_set_verify_locations(ctx, CAfile, CApath)) { + if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) { ERR_print_errors(bio_err); goto end; } |