Print CA names in s_server, add -requestCAfile to s_client

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
author: Dr. Stephen Henson <steve@openssl.org> 2017-03-31 18:04:28 +0200
committer: Dr. Stephen Henson <steve@openssl.org> 2017-04-04 00:47:22 +0200
commit: 5969a2dd2cce3ee4f35cc256256d9c8119080e98 (patch)
tree: 94d7f3aadeabc1567bcd3663c2629d1d134cbd88 /apps/s_cb.c
parent: Don't use client specific functions to retrieve CA list (diff)
download: openssl-5969a2dd2cce3ee4f35cc256256d9c8119080e98.tar.xz
openssl-5969a2dd2cce3ee4f35cc256256d9c8119080e98.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 8c6ce48863..1b68164485 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1426,3 +1426,21 @@ int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
     SSL_CTX_set_keylog_callback(ctx, keylog_callback);
     return 0;
 }
+
+void print_ca_names(BIO *bio, SSL *s)
+{
+    const char *cs = SSL_is_server(s) ? "server" : "client";
+    const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s);
+    int i;
+
+    if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
+        BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
+        return;
+    }
+
+    BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
+    for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+        X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, XN_FLAG_ONELINE);
+        BIO_write(bio, "\n", 1);
+    }
+}
author	Dr. Stephen Henson <steve@openssl.org>	2017-03-31 18:04:28 +0200
committer	Dr. Stephen Henson <steve@openssl.org>	2017-04-04 00:47:22 +0200
commit	5969a2dd2cce3ee4f35cc256256d9c8119080e98 (patch)
tree	94d7f3aadeabc1567bcd3663c2629d1d134cbd88 /apps/s_cb.c
parent	Don't use client specific functions to retrieve CA list (diff)
download	openssl-5969a2dd2cce3ee4f35cc256256d9c8119080e98.tar.xz openssl-5969a2dd2cce3ee4f35cc256256d9c8119080e98.zip