2 files changed, 19 insertions, 9 deletions
diff --git a/src/regress/lib/libcrypto/ocsp/Makefile b/src/regress/lib/libcrypto/ocsp/Makefile
index 5748b48c77..4178f3199f 100644
--- a/src/regress/lib/libcrypto/ocsp/Makefile
+++ b/src/regress/lib/libcrypto/ocsp/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.1 2016/07/04 23:43:30 beck Exp $
+#       $OpenBSD: Makefile,v 1.2 2016/07/05 00:16:23 beck Exp $
 TESTS = \
        ocsp_test
@@ -16,6 +16,7 @@ CLEANFILES+= ${TESTS}
 all_tests: ${TESTS}
        @for test in $>; do \
                ./$$test www.amazon.com 443; \
+                ./$$test cloudflare.com 443; \
        done
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ocsp/ocsp_test.c b/src/regress/lib/libcrypto/ocsp/ocsp_test.c
index 11dcda7462..88675364cf 100644
--- a/src/regress/lib/libcrypto/ocsp/ocsp_test.c
+++ b/src/regress/lib/libcrypto/ocsp/ocsp_test.c
@@ -2,21 +2,22 @@
 #include <netdb.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <err.h>
 #include <sys/socket.h>
 #include <openssl/ssl.h>
 #include <openssl/ocsp.h>
 static int tcp_connect(char *host, char *port) {
-        int err, sd = -1;
+        int error, sd = -1;
        struct addrinfo hints, *res, *r;
        memset(&hints, 0, sizeof(struct addrinfo));
        hints.ai_family = AF_INET;
        hints.ai_socktype = SOCK_STREAM;
-        err = getaddrinfo(host, port, &hints, &res);
+        error = getaddrinfo(host, port, &hints, &res);
-        if (err != 0) {
+        if (error != 0) {
                perror("getaddrinfo()");
                exit(-1);
        }
@@ -45,6 +46,7 @@ int main(int argc, char *argv[]) {
        OCSP_BASICRESP *br = NULL;
        X509_STORE     *st = NULL;
        STACK_OF(X509) *ch = NULL;
+        char *host, *port;
        SSL *ssl;
        SSL_CTX *ctx;
@@ -56,7 +58,14 @@ int main(int argc, char *argv[]) {
        SSL_CTX_load_verify_locations(ctx, "/etc/ssl/cert.pem", NULL);
-        sd = tcp_connect(argv[1], argv[2]);
+        if (argc != 3)
+                errx(-1, "need a host and port to connect to");
+        else {
+                host = argv[1];
+                port = argv[2];
+        }
+        sd = tcp_connect(host, port);
        ssl = SSL_new(ctx);
@@ -64,12 +73,12 @@ int main(int argc, char *argv[]) {
        SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
        if (SSL_connect(ssl) <= 0) {
-                puts("SSL connect error");
+                printf("SSL connect error\n");
                exit(-1);
        }
        if (SSL_get_verify_result(ssl) != X509_V_OK) {
-                puts("Certificate doesn't verify");
+                printf("Certificate doesn't verify from host %s port %s\n", host, port);
                exit(-1);
        }
@@ -79,7 +88,7 @@ int main(int argc, char *argv[]) {
        len = SSL_get_tlsext_status_ocsp_resp(ssl, &p);
        if (!p) {
-                puts("No OCSP response received");
+                printf("No OCSP response received for %s port %s\n", host, port);
                exit(-1);
        }
@@ -110,7 +119,7 @@ int main(int argc, char *argv[]) {
                exit(-1);
        }
-        printf("OCSP validated from %s %s\n", argv[1], argv[2]);
+        printf("OCSP validated from %s %s\n", host, port);
        return 0;
 }