-/* danetest.c */
/* ====================================================================
* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
*
ok = verify_chain(ssl, chain);
sk_X509_pop_free(chain, X509_free);
err = SSL_get_verify_result(ssl);
+ /*
+ * Peek under the hood, normally TLSA match data is hidden when
+ * verification fails, we can obtain any suppressed data by setting the
+ * verification result to X509_V_OK before looking.
+ */
+ SSL_set_verify_result(ssl, X509_V_OK);
mdpth = SSL_get0_dane_authority(ssl, NULL, NULL);
+ /* Not needed any more, but lead by example and put the error back. */
+ SSL_set_verify_result(ssl, err);
SSL_free(ssl);
if (ok < 0) {
CAfile = argv[2];
tlsafile = argv[3];
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
p = getenv("OPENSSL_DEBUG_MEMORY");
if (p != NULL && strcmp(p, "on") == 0)
CRYPTO_set_mem_debug(1);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
f = fopen(tlsafile, "r");
if (f == NULL) {
return 0;
}
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- SSL_library_init();
- SSL_load_error_strings();
ctx = SSL_CTX_new(TLS_client_method());
if (SSL_CTX_dane_enable(ctx) <= 0) {
(void) fclose(f);
SSL_CTX_free(ctx);
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CONF_modules_unload(1);
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_thread_state(NULL);
- EVP_cleanup();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
- CRYPTO_mem_leaks(bio_err);
+ if (CRYPTO_mem_leaks(bio_err) <= 0)
+ ret = 1;
#endif
BIO_free(bio_err);
EXIT(ret);