From 59d2d48f6470b6ef5e8c385c34dea1f253bfed62 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 3 Jun 2008 11:26:27 +0000 Subject: Add support for client cert engine setting in s_client app. Add appropriate #ifdefs round client cert functions in headers. --- apps/s_client.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/s_client.c b/apps/s_client.c index ad8760cce5..f68553234d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -404,7 +404,8 @@ int MAIN(int argc, char **argv) int mbuf_len=0; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; - ENGINE *e=NULL; + char *ssl_client_engine_id=NULL; + ENGINE *e=NULL, *ssl_client_engine=NULL; #endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) struct timeval tv; @@ -670,6 +671,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; engine_id = *(++argv); } + else if (strcmp(*argv,"-ssl_client_engine") == 0) + { + if (--argc < 1) goto bad; + ssl_client_engine_id = *(++argv); + } #endif else if (strcmp(*argv,"-rand") == 0) { @@ -705,6 +711,17 @@ bad: #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); + if (ssl_client_engine_id) + { + ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); + if (!ssl_client_engine) + { + BIO_printf(bio_err, + "Error getting client auth engine\n"); + goto end; + } + } + #endif if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { @@ -772,6 +789,20 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE + if (ssl_client_engine) + { + if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) + { + BIO_puts(bio_err, "Error setting client auth engine\n"); + ERR_print_errors(bio_err); + ENGINE_free(ssl_client_engine); + goto end; + } + ENGINE_free(ssl_client_engine); + } +#endif + #ifndef OPENSSL_NO_PSK if (psk_key != NULL) { -- cgit v1.2.3