1 files changed, 51 insertions, 7 deletions
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
index 60fb718fdb..c312d7ae8a 100644
--- a/src/regress/lib/libssl/interop/client.c
+++ b/src/regress/lib/libssl/interop/client.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: client.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $        */
+/*      $OpenBSD: client.c,v 1.4 2018/11/09 06:30:41 bluhm Exp $        */
 /*
 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
 *
@@ -34,7 +34,8 @@ void __dead usage(void);
 void __dead
 usage(void)
 {
-        fprintf(stderr, "usage: client host port");
+        fprintf(stderr,
+            "usage: client [-c] [-C CA] [-c crt -k key] host port");
        exit(2);
 }
@@ -46,19 +47,42 @@ main(int argc, char *argv[])
        SSL *ssl;
        BIO *bio;
        SSL_SESSION *session;
-        int error;
+        int error, verify = 0;
-        char buf[256];
+        char buf[256], ch;
+        char *ca = NULL, *crt = NULL, *key = NULL;
        char *host_port, *host, *port;
-        if (argc == 3) {
+        while ((ch = getopt(argc, argv, "C:c:k:v")) != -1) {
-                host = argv[1];
+                switch (ch) {
-                port = argv[2];
+                case 'C':
+                        ca = optarg;
+                        break;
+                case 'c':
+                        crt = optarg;
+                        break;
+                case 'k':
+                        key = optarg;
+                        break;
+                case 'v':
+                        verify = 1;
+                        break;
+                default:
+                        usage();
+                }
+        }
+        argc -= optind;
+        argv += optind;
+        if (argc == 2) {
+                host = argv[0];
+                port = argv[1];
        } else {
                usage();
        }
        if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
            host, port) == -1)
                err(1, "asprintf host port");
+        if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
+                errx(1, "certificate and private key must be used together");
        SSL_library_init();
        SSL_load_error_strings();
@@ -78,6 +102,26 @@ main(int argc, char *argv[])
        if (ctx == NULL)
                err_ssl(1, "SSL_CTX_new");
+        /* load client certificate */
+        if (crt != NULL) {
+                if (SSL_CTX_use_certificate_file(ctx, crt,
+                    SSL_FILETYPE_PEM) <= 0)
+                        err_ssl(1, "SSL_CTX_use_certificate_file");
+                if (SSL_CTX_use_PrivateKey_file(ctx, key,
+                    SSL_FILETYPE_PEM) <= 0)
+                        err_ssl(1, "SSL_CTX_use_PrivateKey_file");
+                if (SSL_CTX_check_private_key(ctx) <= 0)
+                        err_ssl(1, "SSL_CTX_check_private_key");
+        }
+        /* verify server certificate */
+        if (ca != NULL) {
+                if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
+                        err_ssl(1, "SSL_CTX_load_verify_locations");
+        }
+        SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
+            verify_callback);
        /* setup ssl and bio for socket operations */
        ssl = SSL_new(ctx);
        if (ssl == NULL)

diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index 60fb718fdb..c312d7ae8a 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: client.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $ */	1	/* $OpenBSD: client.c,v 1.4 2018/11/09 06:30:41 bluhm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>	3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4	*	4	*
@@ -34,7 +34,8 @@ void __dead usage(void);
34	void __dead	34	void __dead
35	usage(void)	35	usage(void)
36	{	36	{
37	fprintf(stderr, "usage: client host port");	37	fprintf(stderr,
		38	"usage: client [-c] [-C CA] [-c crt -k key] host port");
38	exit(2);	39	exit(2);
39	}	40	}
40		41
@@ -46,19 +47,42 @@ main(int argc, char *argv[])
46	SSL *ssl;	47	SSL *ssl;
47	BIO *bio;	48	BIO *bio;
48	SSL_SESSION *session;	49	SSL_SESSION *session;
49	int error;	50	int error, verify = 0;
50	char buf[256];	51	char buf[256], ch;
		52	char ca = NULL, crt = NULL, *key = NULL;
51	char host_port, host, *port;	53	char host_port, host, *port;
52		54
53	if (argc == 3) {	55	while ((ch = getopt(argc, argv, "C:c:k:v")) != -1) {
54	host = argv[1];	56	switch (ch) {
55	port = argv[2];	57	case 'C':
		58	ca = optarg;
		59	break;
		60	case 'c':
		61	crt = optarg;
		62	break;
		63	case 'k':
		64	key = optarg;
		65	break;
		66	case 'v':
		67	verify = 1;
		68	break;
		69	default:
		70	usage();
		71	}
		72	}
		73	argc -= optind;
		74	argv += optind;
		75	if (argc == 2) {
		76	host = argv[0];
		77	port = argv[1];
56	} else {	78	} else {
57	usage();	79	usage();
58	}	80	}
59	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",	81	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
60	host, port) == -1)	82	host, port) == -1)
61	err(1, "asprintf host port");	83	err(1, "asprintf host port");
		84	if ((crt == NULL && key != NULL) \|\| (crt != NULL && key == NULL))
		85	errx(1, "certificate and private key must be used together");
62		86
63	SSL_library_init();	87	SSL_library_init();
64	SSL_load_error_strings();	88	SSL_load_error_strings();
@@ -78,6 +102,26 @@ main(int argc, char *argv[])
78	if (ctx == NULL)	102	if (ctx == NULL)
79	err_ssl(1, "SSL_CTX_new");	103	err_ssl(1, "SSL_CTX_new");
80		104
		105	/* load client certificate */
		106	if (crt != NULL) {
		107	if (SSL_CTX_use_certificate_file(ctx, crt,
		108	SSL_FILETYPE_PEM) <= 0)
		109	err_ssl(1, "SSL_CTX_use_certificate_file");
		110	if (SSL_CTX_use_PrivateKey_file(ctx, key,
		111	SSL_FILETYPE_PEM) <= 0)
		112	err_ssl(1, "SSL_CTX_use_PrivateKey_file");
		113	if (SSL_CTX_check_private_key(ctx) <= 0)
		114	err_ssl(1, "SSL_CTX_check_private_key");
		115	}
		116
		117	/* verify server certificate */
		118	if (ca != NULL) {
		119	if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
		120	err_ssl(1, "SSL_CTX_load_verify_locations");
		121	}
		122	SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
		123	verify_callback);
		124
81	/* setup ssl and bio for socket operations */	125	/* setup ssl and bio for socket operations */
82	ssl = SSL_new(ctx);	126	ssl = SSL_new(ctx);
83	if (ssl == NULL)	127	if (ssl == NULL)