short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
- char *cert_file=NULL,*key_file=NULL;
+ char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
+ STACK_OF(X509) *chain = NULL;
char *CApath=NULL,*CAfile=NULL;
char *chCApath=NULL,*chCAfile=NULL;
char *vfyCApath=NULL,*vfyCAfile=NULL;
int enable_timeouts = 0 ;
long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE
- char *jpake_secret = NULL;
+static char *jpake_secret = NULL;
+#define no_jpake !jpake_secret
+#else
+#define no_jpake 1
#endif
#ifndef OPENSSL_NO_SRP
char * srppass = NULL;
char *crl_file = NULL;
int crl_format = FORMAT_PEM;
+ int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
meth=SSLv23_client_method();
if (--argc < 1) goto bad;
crl_file= *(++argv);
}
+ else if (strcmp(*argv,"-crl_download") == 0)
+ crl_download = 1;
else if (strcmp(*argv,"-sess_out") == 0)
{
if (--argc < 1) goto bad;
meth=TLSv1_client_method();
#endif
#ifndef OPENSSL_NO_DTLS1
+ else if (strcmp(*argv,"-dtls") == 0)
+ {
+ meth=DTLS_client_method();
+ socket_type=SOCK_DGRAM;
+ }
else if (strcmp(*argv,"-dtls1") == 0)
{
meth=DTLSv1_client_method();
socket_type=SOCK_DGRAM;
}
+ else if (strcmp(*argv,"-dtls1_2") == 0)
+ {
+ meth=DTLSv1_2_client_method();
+ socket_type=SOCK_DGRAM;
+ }
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts=1;
else if (strcmp(*argv,"-mtu") == 0)
if (--argc < 1) goto bad;
passarg = *(++argv);
}
+ else if (strcmp(*argv,"-cert_chain") == 0)
+ {
+ if (--argc < 1) goto bad;
+ chain_file= *(++argv);
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
}
psk_identity = "JPAKE";
}
-
- if (cipher)
- {
- BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
- goto end;
- }
- cipher = "PSK";
#endif
OpenSSL_add_ssl_algorithms();
}
}
+ if (chain_file)
+ {
+ chain = load_certs(bio_err, chain_file,FORMAT_PEM,
+ NULL, e, "client certificate chain");
+ if (!chain)
+ goto end;
+ }
+
if (crl_file)
{
X509_CRL *crl;
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
- if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1))
+ if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake))
{
ERR_print_errors(bio_err);
goto end;
}
- if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
+ if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+ crls, crl_download))
{
BIO_printf(bio_err, "Error loading store locations\n");
ERR_print_errors(bio_err);
/* goto end; */
}
- ssl_ctx_add_crls(ctx, crls);
+ ssl_ctx_add_crls(ctx, crls, crl_download);
- if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
+ if (!set_cert_key_stuff(ctx,cert,key,chain,build_chain))
goto end;
#ifndef OPENSSL_NO_TLSEXT
#endif
if (c_Pause & 0x01) SSL_set_debug(con, 1);
- if ( SSL_version(con) == DTLS1_VERSION)
+ if (socket_type == SOCK_DGRAM)
{
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
if (key)
EVP_PKEY_free(key);
+ if (chain)
+ sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
if (vpm)
sk_OPENSSL_STRING_free(ssl_args);
if (cctx)
SSL_CONF_CTX_free(cctx);
+#ifndef OPENSSL_NO_JPAKE
+ if (jpake_secret && psk_key)
+ OPENSSL_free(psk_key);
+#endif
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
projects / openssl.git / blobdiff