fix: s_time -verify skips certificate validation

apps/s_time.c

@@ -47,8 +47,8 @@ typedef enum OPTION_choice {
     OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
     OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
     OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
-    OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
+    OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_VERIFY_RET_ERROR, OPT_TIME,
-    OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3,
+    OPT_SSL3, OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
 
@@ -82,6 +82,8 @@ const OPTIONS s_time_options[] = {
 #endif
     {"verify", OPT_VERIFY, 'p',
      "Turn on peer certificate verification, set depth"},
+    {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+     "Close connection on verification error"},
     {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
     {"www", OPT_WWW, 's', "Fetch specified page from the site"},
 
@@ -129,6 +131,7 @@ int s_time_main(int argc, char **argv)
     OPTION_CHOICE o;
     int min_version = 0, max_version = 0, ver, buf_len, fd;
     size_t buf_size;
+    int verify = SSL_VERIFY_NONE;
 
     meth = TLS_client_method();
 
@@ -154,6 +157,7 @@ int s_time_main(int argc, char **argv)
             perform = 1;
             break;
         case OPT_VERIFY:
+            verify = SSL_VERIFY_PEER;
             verify_args.depth = opt_int_arg();
             BIO_printf(bio_err, "%s: verify depth is %d\n",
                        prog, verify_args.depth);
@@ -186,6 +190,10 @@ int s_time_main(int argc, char **argv)
         case OPT_NOCASTORE:
             noCAstore = 1;
             break;
+        case OPT_VERIFY_RET_ERROR:
+            verify = SSL_VERIFY_PEER;
+            verify_args.return_error = 1;
+            break;
         case OPT_CIPHER:
             cipher = opt_arg();
             break;
@@ -243,6 +251,9 @@ int s_time_main(int argc, char **argv)
     if ((ctx = SSL_CTX_new(meth)) == NULL)
         goto end;
 
+    verify_args.quiet = 1;
+    SSL_CTX_set_verify(ctx, verify, verify_callback);
+
     SSL_CTX_set_quiet_shutdown(ctx, 1);
     if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
         goto end;

doc/man1/openssl-s_time.pod.in

@@ -16,6 +16,7 @@ B<openssl> B<s_time>
 [B<-reuse>]
 [B<-new>]
 [B<-verify> I<depth>]
+[B<-verify_return_error>]
 [B<-time> I<seconds>]
 [B<-ssl3>]
 [B<-tls1>]
@@ -73,10 +74,17 @@ be used. The file is in PEM format.
 
 The verify depth to use. This specifies the maximum length of the
 server certificate chain and turns on server certificate verification.
-Currently the verify operation continues after errors so all the problems
+Unless the B<-verify_return_error> option is given,
+the verify operation continues after errors so all the problems
 with a certificate chain can be seen. As a side effect the connection
 will never fail due to a server certificate verify failure.
 
+=item B<-verify_return_error>
+
+Turns on server certificate verification, like with B<-verify>,
+but returns verification errors instead of continuing.
+This will typically abort the handshake with a fatal error.
+
 =item B<-new>
 
 Performs the timing test using a new session ID for each connection.
@@ -172,9 +180,6 @@ Because this program does not have all the options of the
 L<openssl-s_client(1)> program to turn protocols on and off, you may not
 be able to measure the performance of all protocols with all servers.
 
-The B<-verify> option should really exit if the server verification
-fails.
-
 =head1 HISTORY
 
 The B<-cafile> option was deprecated in OpenSSL 3.0.