Add options to set additional type specific certificate chains to

[openssl.git] / apps / s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index 6870368ff1f2c90475963b18c5e0666850f81aaa..16f1ac37dbb0ae3dcd32be3cef1f325ee02d35f3 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -601,6 +601,7 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_TLSEXT
        char *servername = NULL; 
+       char *curves=NULL;
         tlsextctx tlsextcbp = 
         {NULL,0};
 # ifndef OPENSSL_NO_NEXTPROTONEG
@@ -937,6 +938,11 @@ int MAIN(int argc, char **argv)
                        servername= *(++argv);
                        /* meth=TLSv1_client_method(); */
                        }
+               else if (strcmp(*argv,"-curves") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       curves= *(++argv);
+                       }
 #endif
 #ifndef OPENSSL_NO_JPAKE
                else if (strcmp(*argv,"-jpake") == 0)
@@ -1164,7 +1170,7 @@ bad:
 #endif
 
        SSL_CTX_set_verify(ctx,verify,verify_callback);
-       if (!set_cert_key_stuff(ctx,cert,key))
+       if (!set_cert_key_stuff(ctx,cert,key, NULL))
                goto end;
 
        if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
@@ -1176,6 +1182,12 @@ bad:
                }
 
 #ifndef OPENSSL_NO_TLSEXT
+       if (curves != NULL)
+               if(!SSL_CTX_set1_curves_list(ctx,curves)) {
+               BIO_printf(bio_err,"error setting curve list\n");
+               ERR_print_errors(bio_err);
+               goto end;
+       }
        if (servername != NULL)
                {
                tlsextcbp.biodebug = bio_err;