Update ssltest certificate handling.

Use SSL_CONF for certificate handling is ssltest.c, this changes the behaviour slightly: the -cert and -key options are no longer recognised and a default certificate file is not used. This change means that -s_cert and -c_cert can be used mode than once to support use of multiple certificates. Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-08-26 12:22:39 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-09-02 21:22:44 +0100
commit: 6a096889d731a68fb74b7f71de9c9faf206a9da8 (patch)
tree: 22905a8acd98b0778f1ec54524481bf0aee842f2 /test/ssltest.c
parent: cb0585c2cb5f3bdc7fe94cfcdc2cef6a9b2810c2 (diff)
download: openssl-6a096889d731a68fb74b7f71de9c9faf206a9da8.zip
openssl-6a096889d731a68fb74b7f71de9c9faf206a9da8.tar.gz
openssl-6a096889d731a68fb74b7f71de9c9faf206a9da8.tar.bz2
1 files changed, 6 insertions, 64 deletions
diff --git a/test/ssltest.c b/test/ssltest.c
index 26cf96c..9144191 100644
--- a/test/ssltest.c
+++ b/test/ssltest.c
@@ -204,20 +204,6 @@
 # include OPENSSL_UNISTD
 #endif
 
-#ifdef OPENSSL_SYS_VMS
-# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
-# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
-#elif defined(OPENSSL_SYS_WINCE)
-# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
-# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
-#elif defined(OPENSSL_SYS_NETWARE)
-# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
-# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
-#else
-# define TEST_SERVER_CERT "../apps/server.pem"
-# define TEST_CLIENT_CERT "../apps/client.pem"
-#endif
-
 /*
  * There is really no standard for this, so let's assign something
  * only for this test
@@ -965,10 +951,6 @@ int main(int argc, char *argv[])
     int server_auth = 0, i;
     struct app_verify_arg app_verify_arg =
         { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
-    char *server_cert = TEST_SERVER_CERT;
-    char *server_key = NULL;
-    char *client_cert = TEST_CLIENT_CERT;
-    char *client_key = NULL;
 #ifndef OPENSSL_NO_EC
     char *named_curve = NULL;
 #endif
@@ -1043,14 +1025,18 @@ int main(int argc, char *argv[])
     }
 
     SSL_CONF_CTX_set_flags(s_cctx,
-                           SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER);
+                           SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
+                           SSL_CONF_FLAG_CERTIFICATE |
+                           SSL_CONF_FLAG_REQUIRE_PRIVATE);
     if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
         ERR_print_errors(bio_err);
         goto end;
     }
 
     SSL_CONF_CTX_set_flags(c_cctx,
-                           SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT);
+                           SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
+                           SSL_CONF_FLAG_CERTIFICATE |
+                           SSL_CONF_FLAG_REQUIRE_PRIVATE);
     if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
         ERR_print_errors(bio_err);
         goto end;
@@ -1165,30 +1151,6 @@ int main(int argc, char *argv[])
                 bytes *= 1024L;
             if (argv[0][i - 1] == 'm')
                 bytes *= 1024L * 1024L;
-        } else if (strcmp(*argv, "-cert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_cert = *(++argv);
-        } else if (strcmp(*argv, "-s_cert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_cert = *(++argv);
-        } else if (strcmp(*argv, "-key") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_key = *(++argv);
-        } else if (strcmp(*argv, "-s_key") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_key = *(++argv);
-        } else if (strcmp(*argv, "-c_cert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            client_cert = *(++argv);
-        } else if (strcmp(*argv, "-c_key") == 0) {
-            if (--argc < 1)
-                goto bad;
-            client_key = *(++argv);
         } else if (strcmp(*argv, "-cipher") == 0) {
             if (--argc < 1)
                 goto bad;
@@ -1519,26 +1481,6 @@ int main(int argc, char *argv[])
     SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
 #endif
 
-    if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
-        ERR_print_errors(bio_err);
-    } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
-                                            (server_key ? server_key :
-                                             server_cert),
-                                            SSL_FILETYPE_PEM)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (client_auth) {
-        if (!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM)
-           || !SSL_CTX_use_PrivateKey_file(c_ctx,
-                                    (client_key ? client_key : client_cert),
-                                    SSL_FILETYPE_PEM)) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-
     if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
         (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
         (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
author	Dr. Stephen Henson <steve@openssl.org>	2015-08-26 12:22:39 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-09-02 21:22:44 +0100
commit	6a096889d731a68fb74b7f71de9c9faf206a9da8 (patch)
tree	22905a8acd98b0778f1ec54524481bf0aee842f2 /test/ssltest.c
parent	cb0585c2cb5f3bdc7fe94cfcdc2cef6a9b2810c2 (diff)
download	openssl-6a096889d731a68fb74b7f71de9c9faf206a9da8.zip openssl-6a096889d731a68fb74b7f71de9c9faf206a9da8.tar.gz openssl-6a096889d731a68fb74b7f71de9c9faf206a9da8.tar.bz2