summaryrefslogtreecommitdiffstats
path: root/apps/s_client.c
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2012-12-12 01:50:26 +0100
committerDr. Stephen Henson <steve@openssl.org>2012-12-12 01:50:26 +0100
commit4e71d95260e87169da9f951ce15f1d5a2cf5f7d3 (patch)
treef7fa483bd8067ac853d568239ac865479bd9943d /apps/s_client.c
parentMake openssl verify return errors. (diff)
downloadopenssl-4e71d95260e87169da9f951ce15f1d5a2cf5f7d3.tar.xz
openssl-4e71d95260e87169da9f951ce15f1d5a2cf5f7d3.zip
add -cert_chain option to s_client
Diffstat (limited to 'apps/s_client.c')
-rw-r--r--apps/s_client.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index 1646556547..5edede4633 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -571,11 +571,12 @@ int MAIN(int argc, char **argv)
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
- char *cert_file=NULL,*key_file=NULL;
+ char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
+ STACK_OF(X509) *chain = NULL;
char *CApath=NULL,*CAfile=NULL;
char *chCApath=NULL,*chCAfile=NULL;
char *vfyCApath=NULL,*vfyCAfile=NULL;
@@ -900,6 +901,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passarg = *(++argv);
}
+ else if (strcmp(*argv,"-cert_chain") == 0)
+ {
+ if (--argc < 1) goto bad;
+ chain_file= *(++argv);
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@@ -1124,6 +1130,14 @@ bad:
}
}
+ if (chain_file)
+ {
+ chain = load_certs(bio_err, chain_file,FORMAT_PEM,
+ NULL, e, "client certificate chain");
+ if (!chain)
+ goto end;
+ }
+
if (crl_file)
{
X509_CRL *crl;
@@ -1260,7 +1274,7 @@ bad:
ssl_ctx_add_crls(ctx, crls, crl_download);
- if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
+ if (!set_cert_key_stuff(ctx,cert,key,chain,build_chain))
goto end;
#ifndef OPENSSL_NO_TLSEXT
@@ -2007,6 +2021,8 @@ end:
sk_X509_CRL_pop_free(crls, X509_CRL_free);
if (key)
EVP_PKEY_free(key);
+ if (chain)
+ sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
if (vpm)