[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Thu Aug 4 15:08:53 UTC 2016
The branch master has been updated
via acc00492130d53d2d6a25bbe5409240aeba98420 (commit)
from e7932c1eb7daa1f8778df57687f6983fe6712734 (commit)
- Log -----------------------------------------------------------------
commit acc00492130d53d2d6a25bbe5409240aeba98420
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Mon Aug 1 21:30:57 2016 +0200
Pack globals variables used to control apps/verify_callback()
into a structure , to avoid any accident .
Plus some few cleanups
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.h | 13 ++++++++-----
apps/s_cb.c | 22 ++++++++++------------
apps/s_client.c | 24 +++++++++---------------
apps/s_server.c | 21 ++++++++++-----------
apps/s_time.c | 13 ++++---------
5 files changed, 41 insertions(+), 52 deletions(-)
diff --git a/apps/apps.h b/apps/apps.h
index 22eead3..33a2f68 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -551,11 +551,14 @@ int raw_write_stdout(const void *, int);
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
-/* this is an accident waiting to happen (-Wshadow is your friend) */
-extern int verify_depth;
-extern int verify_quiet;
-extern int verify_error;
-extern int verify_return_error;
+typedef struct verify_options_st {
+ int depth;
+ int quiet;
+ int error;
+ int return_error;
+} VERIFY_CB_ARGS;
+
+extern VERIFY_CB_ARGS verify_args;
# include "progs.h"
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 9481fa5..330dedb 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -26,10 +26,8 @@
#define COOKIE_SECRET_LENGTH 16
-int verify_depth = 0;
-int verify_quiet = 0;
-int verify_error = X509_V_OK;
-int verify_return_error = 0;
+VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+
#ifndef OPENSSL_NO_SOCK
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
static int cookie_initialized = 0;
@@ -52,7 +50,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
- if (!verify_quiet || !ok) {
+ if (!verify_args.quiet || !ok) {
BIO_printf(bio_err, "depth=%d ", depth);
if (err_cert) {
X509_NAME_print_ex(bio_err,
@@ -65,13 +63,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
- if (verify_depth >= depth) {
- if (!verify_return_error)
+ if (verify_args.depth >= depth) {
+ if (!verify_args.return_error)
ok = 1;
- verify_error = err;
+ verify_args.error = err;
} else {
ok = 0;
- verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+ verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
switch (err) {
@@ -94,13 +92,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
BIO_printf(bio_err, "\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
- if (!verify_quiet)
+ if (!verify_args.quiet)
policies_print(ctx);
break;
}
- if (err == X509_V_OK && ok == 2 && !verify_quiet)
+ if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
policies_print(ctx);
- if (ok && !verify_quiet)
+ if (ok && !verify_args.quiet)
BIO_printf(bio_err, "verify return:%d\n", ok);
return (ok);
}
diff --git a/apps/s_client.c b/apps/s_client.c
index 0488a27..46fa87b 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -83,11 +83,6 @@ typedef unsigned int u_int;
#define BUFSIZZ 1024*8
#define S_CLIENT_IRC_READ_TIMEOUT 8
-extern int verify_depth;
-extern int verify_error;
-extern int verify_return_error;
-extern int verify_quiet;
-
static char *prog;
static int c_nbio = 0;
static int c_tlsextdebug = 0;
@@ -879,12 +874,7 @@ int s_client_main(int argc, char **argv)
c_msg = 0;
c_showcerts = 0;
c_nbio = 0;
- verify_depth = 0;
- verify_error = X509_V_OK;
vpm = X509_VERIFY_PARAM_new();
- cbuf = app_malloc(BUFSIZZ, "cbuf");
- sbuf = app_malloc(BUFSIZZ, "sbuf");
- mbuf = app_malloc(BUFSIZZ, "mbuf");
cctx = SSL_CONF_CTX_new();
if (vpm == NULL || cctx == NULL) {
@@ -892,6 +882,10 @@ int s_client_main(int argc, char **argv)
goto end;
}
+ cbuf = app_malloc(BUFSIZZ, "cbuf");
+ sbuf = app_malloc(BUFSIZZ, "sbuf");
+ mbuf = app_malloc(BUFSIZZ, "mbuf");
+
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
prog = opt_init(argc, argv, s_client_options);
@@ -975,9 +969,9 @@ int s_client_main(int argc, char **argv)
break;
case OPT_VERIFY:
verify = SSL_VERIFY_PEER;
- verify_depth = atoi(opt_arg());
+ verify_args.depth = atoi(opt_arg());
if (!c_quiet)
- BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_CERT:
cert_file = opt_arg();
@@ -1003,13 +997,13 @@ int s_client_main(int argc, char **argv)
goto opthelp;
break;
case OPT_VERIFY_RET_ERROR:
- verify_return_error = 1;
+ verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
- verify_quiet = 1;
+ verify_args.quiet = 1;
break;
case OPT_BRIEF:
- c_brief = verify_quiet = c_quiet = 1;
+ c_brief = verify_args.quiet = c_quiet = 1;
break;
case OPT_S_CASES:
if (ssl_args == NULL)
diff --git a/apps/s_server.c b/apps/s_server.c
index 36ad266..f4ec72d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -44,6 +44,7 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/async.h>
+#include <openssl/ssl.h>
#include <openssl/e_os2.h>
@@ -112,7 +113,6 @@ static int accept_socket = -1;
#define TEST_CERT "server.pem"
#define TEST_CERT2 "server2.pem"
-extern int verify_depth, verify_return_error, verify_quiet;
static int s_server_verify = SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */
@@ -272,7 +272,6 @@ err:
static void s_server_init(void)
{
accept_socket = -1;
- verify_depth = 0;
s_server_verify = SSL_VERIFY_NONE;
s_dcert_file = NULL;
s_dkey_file = NULL;
@@ -1078,19 +1077,19 @@ int s_server_main(int argc, char *argv[])
break;
case OPT_VERIFY:
s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
- verify_depth = atoi(opt_arg());
+ verify_args.depth = atoi(opt_arg());
if (!s_quiet)
- BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_UPPER_V_VERIFY:
s_server_verify =
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
SSL_VERIFY_CLIENT_ONCE;
- verify_depth = atoi(opt_arg());
+ verify_args.depth = atoi(opt_arg());
if (!s_quiet)
BIO_printf(bio_err,
"verify depth is %d, must return a certificate\n",
- verify_depth);
+ verify_args.depth);
break;
case OPT_CONTEXT:
context = (unsigned char *)opt_arg();
@@ -1194,10 +1193,10 @@ int s_server_main(int argc, char *argv[])
goto end;
break;
case OPT_VERIFY_RET_ERROR:
- verify_return_error = 1;
+ verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
- verify_quiet = 1;
+ verify_args.quiet = 1;
break;
case OPT_BUILD_CHAIN:
build_chain = 1;
@@ -1281,7 +1280,7 @@ int s_server_main(int argc, char *argv[])
s_quiet = 1;
break;
case OPT_BRIEF:
- s_quiet = s_brief = verify_quiet = 1;
+ s_quiet = s_brief = verify_args.quiet = 1;
break;
case OPT_NO_DHE:
#ifndef OPENSSL_NO_DH
@@ -3042,8 +3041,8 @@ static int rev_body(int s, int stype, unsigned char *context)
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
- if (context && !SSL_set_session_id_context(con, context,
- strlen((char *)context))) {
+ if (context
+ && !SSL_set_session_id_context(con, context, strlen((char *)context))) {
ERR_print_errors(bio_err);
goto err;
}
diff --git a/apps/s_time.c b/apps/s_time.c
index a08a14d..de25319 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -50,9 +50,6 @@
#define SECONDS 30
#define SECONDSSTR "30"
-extern int verify_depth;
-extern int verify_error;
-
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
@@ -116,8 +113,6 @@ int s_time_main(int argc, char **argv)
size_t buf_size;
meth = TLS_client_method();
- verify_depth = 0;
- verify_error = X509_V_OK;
prog = opt_init(argc, argv, s_time_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -141,10 +136,10 @@ int s_time_main(int argc, char **argv)
perform = 1;
break;
case OPT_VERIFY:
- if (!opt_int(opt_arg(), &verify_depth))
+ if (!opt_int(opt_arg(), &verify_args.depth))
goto opthelp;
BIO_printf(bio_err, "%s: verify depth is %d\n",
- prog, verify_depth);
+ prog, verify_args.depth);
break;
case OPT_CERT:
certfile = opt_arg();
@@ -415,9 +410,9 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
}
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
- if (verify_error != X509_V_OK)
+ if (verify_args.error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
- X509_verify_cert_error_string(verify_error));
+ X509_verify_cert_error_string(verify_args.error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
More information about the openssl-commits
mailing list