commit 0090a686c0620e5f7d72aef2e74f4a0e01c53e3e
author Dr. Stephen Henson <steve@openssl.org> Thu Dec 06 18:43:40 2012 +0000
committer Dr. Stephen Henson <steve@openssl.org> Thu Dec 06 18:43:40 2012 +0000
tree 9005122bc807212e4ab9ca0956aebc4a74cf3a7a
parent f5a7d5b164aba946ae144fb73fa2e226c26c700d

Add code to download CRLs based on CRLDP extension.

Just a sample, real world applications would have to be cleverer.

apps/s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index 27c1696..1646556 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -635,6 +635,7 @@
 
 	char *crl_file = NULL;
 	int crl_format = FORMAT_PEM;
+	int crl_download = 0;
 	STACK_OF(X509_CRL) *crls = NULL;
 
 	meth=SSLv23_client_method();
@@ -711,6 +712,8 @@
 			if (--argc < 1) goto bad;
 			crl_file= *(++argv);
 			}
+		else if	(strcmp(*argv,"-crl_download") == 0)
+			crl_download = 1;
 		else if	(strcmp(*argv,"-sess_out") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -1192,7 +1195,8 @@
 		goto end;
 		}
 
-	if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
+	if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+						crls, crl_download))
 		{
 		BIO_printf(bio_err, "Error loading store locations\n");
 		ERR_print_errors(bio_err);
@@ -1254,7 +1258,7 @@
 		/* goto end; */
 		}
 
-	ssl_ctx_add_crls(ctx, crls);
+	ssl_ctx_add_crls(ctx, crls, crl_download);
 
 	if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
 		goto end;