diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2015-12-29 13:28:28 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-05 19:31:49 -0500 |
commit | 919ba009429b3617e975933f37a23be996a33b8d (patch) | |
tree | ffe91f4f27fd4d8b3d3401f1e860212f15c8b993 /demos/bio/sconnect.c | |
parent | e29c73c93b88a4b7f492c7c8c7343223e7548612 (diff) | |
download | openssl-919ba009429b3617e975933f37a23be996a33b8d.tar.gz |
DANE support structures, constructructors and accessors
Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup. Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'demos/bio/sconnect.c')
-rw-r--r-- | demos/bio/sconnect.c | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c index 865d503956..2b610cc8b5 100644 --- a/demos/bio/sconnect.c +++ b/demos/bio/sconnect.c @@ -11,27 +11,38 @@ #include <stdio.h> #include <stdlib.h> #include <unistd.h> +#include <string.h> #include <openssl/err.h> #include <openssl/ssl.h> +#define HOSTPORT "localhost:4433" +#define CAFILE "root.pem" + extern int errno; int main(argc, argv) int argc; char *argv[]; { - char *host; - BIO *out; + const char *hostport = HOSTPORT; + const char *CAfile = CAFILE; + char *hostname; + char *cp; + BIO *out = NULL; char buf[1024 * 10], *p; SSL_CTX *ssl_ctx = NULL; SSL *ssl; BIO *ssl_bio; int i, len, off, ret = 1; - if (argc <= 1) - host = "localhost:4433"; - else - host = argv[1]; + if (argc > 1) + hostport = argv[1]; + if (argc > 2) + CAfile = argv[2]; + + hostname = OPENSSL_strdup(hostport); + if ((cp = strchr(hostname, ':')) != NULL) + *cp = 0; #ifdef WATT32 dbug_init(); @@ -45,17 +56,25 @@ char *argv[]; OpenSSL_add_ssl_algorithms(); ssl_ctx = SSL_CTX_new(TLS_client_method()); + /* Enable trust chain verification */ + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL); + /* Lets make a SSL structure */ ssl = SSL_new(ssl_ctx); SSL_set_connect_state(ssl); + /* Enable peername verification */ + if (SSL_set1_host(ssl, hostname) <= 0) + goto err; + /* Use it inside an SSL BIO */ ssl_bio = BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); /* Lets use a connect BIO under the SSL BIO */ out = BIO_new(BIO_s_connect()); - BIO_set_conn_hostname(out, host); + BIO_set_conn_hostname(out, hostport); BIO_set_nbio(out, 1); out = BIO_push(ssl_bio, out); |