add -cert_chain option to s_client
authorDr. Stephen Henson <steve@openssl.org>
Wed, 12 Dec 2012 00:50:26 +0000 (00:50 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 12 Dec 2012 00:50:26 +0000 (00:50 +0000)
apps/s_client.c

index 1646556..5edede4 100644 (file)
@@ -571,11 +571,12 @@ int MAIN(int argc, char **argv)
        short port=PORT;
        int full_log=1;
        char *host=SSL_HOST_NAME;
-       char *cert_file=NULL,*key_file=NULL;
+       char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
        int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
        char *passarg = NULL, *pass = NULL;
        X509 *cert = NULL;
        EVP_PKEY *key = NULL;
+       STACK_OF(X509) *chain = NULL;
        char *CApath=NULL,*CAfile=NULL;
        char *chCApath=NULL,*chCAfile=NULL;
        char *vfyCApath=NULL,*vfyCAfile=NULL;
@@ -900,6 +901,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        passarg = *(++argv);
                        }
+               else if (strcmp(*argv,"-cert_chain") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       chain_file= *(++argv);
+                       }
                else if (strcmp(*argv,"-key") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -1124,6 +1130,14 @@ bad:
                        }
                }
 
+       if (chain_file)
+               {
+               chain = load_certs(bio_err, chain_file,FORMAT_PEM,
+                                       NULL, e, "client certificate chain");
+               if (!chain)
+                       goto end;
+               }
+
        if (crl_file)
                {
                X509_CRL *crl;
@@ -1260,7 +1274,7 @@ bad:
 
        ssl_ctx_add_crls(ctx, crls, crl_download);
 
-       if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
+       if (!set_cert_key_stuff(ctx,cert,key,chain,build_chain))
                goto end;
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -2007,6 +2021,8 @@ end:
                sk_X509_CRL_pop_free(crls, X509_CRL_free);
        if (key)
                EVP_PKEY_free(key);
+       if (chain)
+               sk_X509_pop_free(chain, X509_free);
        if (pass)
                OPENSSL_free(pass);
        if (vpm)