diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-12 01:50:26 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-12 01:50:26 +0100 |
commit | 4e71d95260e87169da9f951ce15f1d5a2cf5f7d3 (patch) | |
tree | f7fa483bd8067ac853d568239ac865479bd9943d /apps/s_client.c | |
parent | Make openssl verify return errors. (diff) | |
download | openssl-4e71d95260e87169da9f951ce15f1d5a2cf5f7d3.tar.xz openssl-4e71d95260e87169da9f951ce15f1d5a2cf5f7d3.zip |
add -cert_chain option to s_client
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 1646556547..5edede4633 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -571,11 +571,12 @@ int MAIN(int argc, char **argv) short port=PORT; int full_log=1; char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; + char *cert_file=NULL,*key_file=NULL,*chain_file=NULL; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; + STACK_OF(X509) *chain = NULL; char *CApath=NULL,*CAfile=NULL; char *chCApath=NULL,*chCAfile=NULL; char *vfyCApath=NULL,*vfyCAfile=NULL; @@ -900,6 +901,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg = *(++argv); } + else if (strcmp(*argv,"-cert_chain") == 0) + { + if (--argc < 1) goto bad; + chain_file= *(++argv); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -1124,6 +1130,14 @@ bad: } } + if (chain_file) + { + chain = load_certs(bio_err, chain_file,FORMAT_PEM, + NULL, e, "client certificate chain"); + if (!chain) + goto end; + } + if (crl_file) { X509_CRL *crl; @@ -1260,7 +1274,7 @@ bad: ssl_ctx_add_crls(ctx, crls, crl_download); - if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain)) + if (!set_cert_key_stuff(ctx,cert,key,chain,build_chain)) goto end; #ifndef OPENSSL_NO_TLSEXT @@ -2007,6 +2021,8 @@ end: sk_X509_CRL_pop_free(crls, X509_CRL_free); if (key) EVP_PKEY_free(key); + if (chain) + sk_X509_pop_free(chain, X509_free); if (pass) OPENSSL_free(pass); if (vpm) |