From 0813ab1321a65e9c72c42d7ec6d33701e24a9b61 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Sun, 3 Feb 2013 16:04:07 +0000 Subject: [PATCH] Optionally turn on OCSP in examples --- emi.canl.canl-c/examples/canl_sample_client.c | 12 ++++++++++-- emi.canl.canl-c/examples/canl_sample_server.c | 10 +++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/emi.canl.canl-c/examples/canl_sample_client.c b/emi.canl.canl-c/examples/canl_sample_client.c index 1b696ec..8ba240b 100644 --- a/emi.canl.canl-c/examples/canl_sample_client.c +++ b/emi.canl.canl-c/examples/canl_sample_client.c @@ -28,17 +28,19 @@ int main(int argc, char *argv[]) canl_principal princ = NULL; int get_peer_princ = 0; char *name = NULL; + int ocsp_on = 0; timeout.tv_sec = DEF_TIMEOUT; timeout.tv_usec = 0; - while ((opt = getopt(argc, argv, "nhp:s:c:k:t:")) != -1) { + while ((opt = getopt(argc, argv, "nhop:s:c:k:t:")) != -1) { switch (opt) { case 'h': fprintf(stderr, "Usage: %s [-p port] [-c certificate]" " [-k private key] [-d ca_dir] [-h] " " [-s server] [-x proxy certificate] " - "[-t timeout] [-n {print peer's princ name}] " + "[-t timeout] [-n {print peer's princ name}] " + "[-o {turn OCSP on}] " " \n", argv[0]); exit(0); case 'p': @@ -65,11 +67,15 @@ int main(int argc, char *argv[]) case 'n': get_peer_princ = 1; break; + case 'o': + ocsp_on = 1; + break; default: /* '?' */ fprintf(stderr, "Usage: %s [-p port] [-c certificate]" " [-k private key] [-d ca_dir] [-h]" " [-s server] [-x proxy certificate]" "[-t timeout] [-n {print peer's princ name}] " + "[-o {turn OCSP on}] " " \n", argv[0]); exit(-1); } @@ -101,6 +107,8 @@ int main(int argc, char *argv[]) goto end; } } + if (ocsp_on) + canl_ctx_set_ssl_flags(my_ctx, CANL_SSL_OCSP_VERIFY_ALL); if (get_peer_princ) { err = canl_io_connect(my_ctx, my_io_h, p_server, NULL, port, NULL, 0, diff --git a/emi.canl.canl-c/examples/canl_sample_server.c b/emi.canl.canl-c/examples/canl_sample_server.c index f7bf581..8c18d54 100644 --- a/emi.canl.canl-c/examples/canl_sample_server.c +++ b/emi.canl.canl-c/examples/canl_sample_server.c @@ -27,18 +27,20 @@ int main(int argc, char *argv[]) struct timeval timeout; canl_principal princ = NULL; int get_peer_princ = 0; + int ocsp_on = 0; char *name = NULL; timeout.tv_sec = DEF_TIMEOUT; timeout.tv_usec = 0; - while ((opt = getopt(argc, argv, "nhp:c:k:d:t:")) != -1) { + while ((opt = getopt(argc, argv, "nhop:c:k:d:t:")) != -1) { switch (opt) { case 'h': fprintf(stderr, "Usage: %s [-p port] [-c certificate]" " [-k private key] [-d ca_dir] [-h] " "[-t timeout] [-n {print peer's princ name}] " + " [-o {turn OCSP on}] " " \n", argv[0]); exit(0); case 'p': @@ -59,10 +61,14 @@ int main(int argc, char *argv[]) case 'n': get_peer_princ = 1; break; + case 'o': + ocsp_on = 1; + break; default: /* '?' */ fprintf(stderr, "Usage: %s [-p port] [-c certificate]" " [-k private key] [-d ca_dir] [-h] " "[-t timeout] [-n {print peer's princ name}] " + " [-o {turn OCSP on}] " " \n", argv[0]); exit(-1); } @@ -151,6 +157,8 @@ int main(int argc, char *argv[]) printf("server: waiting for connections...\n"); sin_size = sizeof(s_addr); + if (ocsp_on) + canl_ctx_set_ssl_flags(my_ctx, CANL_SSL_OCSP_VERIFY_ALL); new_fd = accept(sockfd, &s_addr, &sin_size); if (new_fd == -1){ printf("Failed to accept network connection: %s", strerror(errno)); -- 1.8.2.3