From 4e71d95260e87169da9f951ce15f1d5a2cf5f7d3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 12 Dec 2012 00:50:26 +0000 Subject: [PATCH] add -cert_chain option to s_client --- apps/s_client.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 1646556547..5edede4633 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -571,11 +571,12 @@ int MAIN(int argc, char **argv) short port=PORT; int full_log=1; char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; + char *cert_file=NULL,*key_file=NULL,*chain_file=NULL; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; + STACK_OF(X509) *chain = NULL; char *CApath=NULL,*CAfile=NULL; char *chCApath=NULL,*chCAfile=NULL; char *vfyCApath=NULL,*vfyCAfile=NULL; @@ -900,6 +901,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg = *(++argv); } + else if (strcmp(*argv,"-cert_chain") == 0) + { + if (--argc < 1) goto bad; + chain_file= *(++argv); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -1124,6 +1130,14 @@ bad: } } + if (chain_file) + { + chain = load_certs(bio_err, chain_file,FORMAT_PEM, + NULL, e, "client certificate chain"); + if (!chain) + goto end; + } + if (crl_file) { X509_CRL *crl; @@ -1260,7 +1274,7 @@ bad: ssl_ctx_add_crls(ctx, crls, crl_download); - if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain)) + if (!set_cert_key_stuff(ctx,cert,key,chain,build_chain)) goto end; #ifndef OPENSSL_NO_TLSEXT @@ -2007,6 +2021,8 @@ end: sk_X509_CRL_pop_free(crls, X509_CRL_free); if (key) EVP_PKEY_free(key); + if (chain) + sk_X509_pop_free(chain, X509_free); if (pass) OPENSSL_free(pass); if (vpm) -- 2.34.1