int MAIN(int argc, char **argv)
{
unsigned int off=0, clr=0;
+ unsigned int cert_flags=0;
+ int build_chain = 0;
SSL *con=NULL;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
int srp_lateuser = 0;
SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
#endif
+ SSL_EXCERT *exc = NULL;
meth=SSLv23_client_method();
}
else if (strcmp(*argv,"-verify_return_error") == 0)
verify_return_error = 1;
+ else if (args_excert(&argv, &argc, &badarg, bio_err, &exc))
+ {
+ if (badarg)
+ goto bad;
+ continue;
+ }
else if (strcmp(*argv,"-prexit") == 0)
prexit=1;
else if (strcmp(*argv,"-crlf") == 0)
if (--argc < 1) goto bad;
CApath= *(++argv);
}
+ else if (strcmp(*argv,"-build_chain") == 0)
+ build_chain = 1;
else if (strcmp(*argv,"-CAfile") == 0)
{
if (--argc < 1) goto bad;
keymatexportlen=atoi(*(++argv));
if (keymatexportlen == 0) goto bad;
}
+ else if (strcmp(*argv, "-cert_strict") == 0)
+ cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
}
}
+ if (!load_excert(&exc, bio_err))
+ goto end;
+
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
if (clr)
SSL_CTX_clear_options(ctx, clr);
+ if (cert_flags) SSL_CTX_set_cert_flags(ctx, cert_flags);
+ if (exc) ssl_ctx_set_excert(ctx, exc);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
#endif
SSL_CTX_set_verify(ctx,verify,verify_callback);
- if (!set_cert_key_stuff(ctx,cert,key, NULL))
- goto end;
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))
/* goto end; */
}
+ if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
+ goto end;
+
#ifndef OPENSSL_NO_TLSEXT
if (curves != NULL)
if(!SSL_CTX_set1_curves_list(ctx,curves)) {
print_stuff(bio_c_out,con,1);
SSL_free(con);
}
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ if (next_proto.data)
+ OPENSSL_free(next_proto.data);
+#endif
if (ctx != NULL) SSL_CTX_free(ctx);
if (cert)
X509_free(cert);
EVP_PKEY_free(key);
if (pass)
OPENSSL_free(pass);
+ ssl_excert_free(exc);
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
BIO_write(bio,"\n",1);
}
- ssl_print_sigalgs(bio, s, 1);
+ ssl_print_sigalgs(bio, s);
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),