generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add support for client cert engine setting in s_client app.

Browse Source 
Add appropriate #ifdefs round client cert functions in headers.
This commit is contained in:
Dr. Stephen Henson 2008-06-03 11:26:27 +00:00
parent b3c8dd4eab
commit 59d2d48f64
3 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
apps/s_client.c
View File

@ -404,7 +404,8 @@ int MAIN(int argc, char **argv)
int mbuf_len=0; int mbuf_len=0;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL; char *engine_id=NULL;
ENGINE *e=NULL; char *ssl_client_engine_id=NULL;
ENGINE *e=NULL, *ssl_client_engine=NULL;
#endif #endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
struct timeval tv; struct timeval tv;
@ -670,6 +671,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
engine_id = *(++argv); engine_id = *(++argv);
} }
else if (strcmp(*argv,"-ssl_client_engine") == 0)
{
if (--argc < 1) goto bad;
ssl_client_engine_id = *(++argv);
}
#endif #endif
else if (strcmp(*argv,"-rand") == 0) else if (strcmp(*argv,"-rand") == 0)
{ {
@ -705,6 +711,17 @@ bad:
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1); e = setup_engine(bio_err, engine_id, 1);
if (ssl_client_engine_id)
{
ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
if (!ssl_client_engine)
{
BIO_printf(bio_err,
"Error getting client auth engine\n");
goto end;
}
}
#endif #endif
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{ {
@ -772,6 +789,20 @@ bad:
goto end; goto end;
} }
#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine)
{
if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
{
BIO_puts(bio_err, "Error setting client auth engine\n");
ERR_print_errors(bio_err);
ENGINE_free(ssl_client_engine);
goto end;
}
ENGINE_free(ssl_client_engine);
}
#endif
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
if (psk_key != NULL) if (psk_key != NULL)
{ {

6
crypto/engine/engine.h
View File

@ -334,6 +334,9 @@ void ENGINE_load_nuron(void);
void ENGINE_load_sureware(void); void ENGINE_load_sureware(void);
void ENGINE_load_ubsec(void); void ENGINE_load_ubsec(void);
void ENGINE_load_padlock(void); void ENGINE_load_padlock(void);
#ifndef OPENSSL_NO_CAPIENG
void ENGINE_load_capi(void);
#endif
#ifndef OPENSSL_NO_GMP #ifndef OPENSSL_NO_GMP
void ENGINE_load_gmp(void); void ENGINE_load_gmp(void);
#endif #endif
@ -343,9 +346,6 @@ void ENGINE_load_gost(void);
#endif #endif
void ENGINE_load_cryptodev(void); void ENGINE_load_cryptodev(void);
void ENGINE_load_builtin_engines(void); void ENGINE_load_builtin_engines(void);
#ifndef OPENSSL_NO_CAPIENG
void ENGINE_load_capi(void);
#endif
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */ * "registry" handling. */

2
ssl/ssl.h
View File

@ -895,7 +895,9 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
#ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
#endif
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));