projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
fefc111
)
add -cert_chain option to s_client
author
Dr. Stephen Henson
<steve@openssl.org>
Wed, 12 Dec 2012 00:50:26 +0000
(
00:50
+0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Wed, 12 Dec 2012 00:50:26 +0000
(
00:50
+0000)
apps/s_client.c
patch
|
blob
|
history
diff --git
a/apps/s_client.c
b/apps/s_client.c
index 16465565474f1f6b813de6581d6eaf125b2e0ce0..5edede4633185be747f4e510652ba1269182a93e 100644
(file)
--- a/
apps/s_client.c
+++ b/
apps/s_client.c
@@
-571,11
+571,12
@@
int MAIN(int argc, char **argv)
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
- char *cert_file=NULL,*key_file=NULL;
+ char *cert_file=NULL,*key_file=NULL
,*chain_file=NULL
;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
+ STACK_OF(X509) *chain = NULL;
char *CApath=NULL,*CAfile=NULL;
char *chCApath=NULL,*chCAfile=NULL;
char *vfyCApath=NULL,*vfyCAfile=NULL;
char *CApath=NULL,*CAfile=NULL;
char *chCApath=NULL,*chCAfile=NULL;
char *vfyCApath=NULL,*vfyCAfile=NULL;
@@
-900,6
+901,11
@@
int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passarg = *(++argv);
}
if (--argc < 1) goto bad;
passarg = *(++argv);
}
+ else if (strcmp(*argv,"-cert_chain") == 0)
+ {
+ if (--argc < 1) goto bad;
+ chain_file= *(++argv);
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@@
-1124,6
+1130,14
@@
bad:
}
}
}
}
+ if (chain_file)
+ {
+ chain = load_certs(bio_err, chain_file,FORMAT_PEM,
+ NULL, e, "client certificate chain");
+ if (!chain)
+ goto end;
+ }
+
if (crl_file)
{
X509_CRL *crl;
if (crl_file)
{
X509_CRL *crl;
@@
-1260,7
+1274,7
@@
bad:
ssl_ctx_add_crls(ctx, crls, crl_download);
ssl_ctx_add_crls(ctx, crls, crl_download);
- if (!set_cert_key_stuff(ctx,cert,key,
NULL,
build_chain))
+ if (!set_cert_key_stuff(ctx,cert,key,
chain,
build_chain))
goto end;
#ifndef OPENSSL_NO_TLSEXT
goto end;
#ifndef OPENSSL_NO_TLSEXT
@@
-2007,6
+2021,8
@@
end:
sk_X509_CRL_pop_free(crls, X509_CRL_free);
if (key)
EVP_PKEY_free(key);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
if (key)
EVP_PKEY_free(key);
+ if (chain)
+ sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
if (vpm)
if (pass)
OPENSSL_free(pass);
if (vpm)