From: Dr. Stephen Henson Date: Sun, 30 Dec 2012 16:17:29 +0000 (+0000) Subject: add -chain options to s_client (backrpot from HEAD) X-Git-Tag: OpenSSL_1_0_2-beta1~472 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ede5f6cf7484637cd6ee0c3a302993f18dd55c65;p=oweals%2Fopenssl.git add -chain options to s_client (backrpot from HEAD) --- diff --git a/apps/s_client.c b/apps/s_client.c index c559004731..6df4e92a4d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -570,11 +570,12 @@ int MAIN(int argc, char **argv) short port=PORT; int full_log=1; char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; + char *cert_file=NULL,*key_file=NULL,*chain_file=NULL; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; + STACK_OF(X509) *chain = NULL; char *CApath=NULL,*CAfile=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE; int crlf=0; @@ -875,6 +876,11 @@ static char *jpake_secret = NULL; if (--argc < 1) goto bad; passarg = *(++argv); } + else if (strcmp(*argv,"-cert_chain") == 0) + { + if (--argc < 1) goto bad; + chain_file= *(++argv); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -1072,6 +1078,14 @@ bad: } } + if (chain_file) + { + chain = load_certs(bio_err, chain_file,FORMAT_PEM, + NULL, e, "client certificate chain"); + if (!chain) + goto end; + } + if (!load_excert(&exc, bio_err)) goto end; @@ -1178,7 +1192,7 @@ bad: /* goto end; */ } - if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain)) + if (!set_cert_key_stuff(ctx,cert,key,chain,build_chain)) goto end; #ifndef OPENSSL_NO_TLSEXT @@ -1914,6 +1928,8 @@ end: X509_free(cert); if (key) EVP_PKEY_free(key); + if (chain) + sk_X509_pop_free(chain, X509_free); if (pass) OPENSSL_free(pass); if (vpm)