Print CA names in s_server, add -requestCAfile to s_client (5969a2dd) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/s_apps.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -77,4 +77,5 @@ int ssl_load_stores(SSL_CTX ctx, const char vfyCApath,
		int crl_download);
		void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
		int set_keylog_file(SSL_CTX ctx, const char keylog_file);
		void print_ca_names(BIO bio, SSL s);
		#endif

apps/s_cb.c

+18 −0

Original line number	Diff line number	Diff line
		@@ -1426,3 +1426,21 @@ int set_keylog_file(SSL_CTX ctx, const char keylog_file)
		SSL_CTX_set_keylog_callback(ctx, keylog_callback);
		return 0;
		}

		void print_ca_names(BIO bio, SSL s)
		{
		const char *cs = SSL_is_server(s) ? "server" : "client";
		const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s);
		int i;

		if (sk == NULL \|\| sk_X509_NAME_num(sk) == 0) {
		BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
		return;
		}

		BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
		for (i = 0; i < sk_X509_NAME_num(sk); i++) {
		X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, XN_FLAG_ONELINE);
		BIO_write(bio, "\n", 1);
		}
		}

apps/s_client.c

+4 −16

Original line number	Diff line number	Diff line
		@@ -588,7 +588,7 @@ const OPTIONS s_client_options[] = {
		{"no-CApath", OPT_NOCAPATH, '-',
		"Do not load certificates from the default certificates directory"},
		{"requestCAfile", OPT_REQCAFILE, '<',
		"PEM format file of CA names sent to server"},
		"PEM format file of CA names to send to the server"},
		{"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"},
		{"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',
		"DANE TLSA rrdata presentation form"},
		@@ -1585,6 +1585,7 @@ int s_client_main(int argc, char **argv)
		}
		if (ReqCAfile != NULL) {
		STACK_OF(X509_NAME) *nm = sk_X509_NAME_new_null();

		if (nm == NULL \|\| !SSL_add_file_cert_subjects_to_stack(nm, ReqCAfile)) {
		sk_X509_NAME_pop_free(nm, X509_NAME_free);
		BIO_printf(bio_err, "Error loading CA names\n");
		@@ -2820,9 +2821,7 @@ static void print_stuff(BIO bio, SSL s, int full)
		X509 *peer = NULL;
		char buf[BUFSIZ];
		STACK_OF(X509) *sk;
		STACK_OF(X509_NAME) *sk2;
		const SSL_CIPHER *c;
		X509_NAME *xn;
		int i;
		#ifndef OPENSSL_NO_COMP
		const COMP_METHOD comp, expansion;
		@@ -2864,21 +2863,10 @@ static void print_stuff(BIO bio, SSL s, int full)
		BIO_printf(bio, "subject=%s\n", buf);
		X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
		BIO_printf(bio, "issuer=%s\n", buf);
		} else
		BIO_printf(bio, "no peer certificate available\n");

		sk2 = SSL_get_client_CA_list(s);
		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) {
		BIO_printf(bio, "---\nAcceptable client certificate CA names\n");
		for (i = 0; i < sk_X509_NAME_num(sk2); i++) {
		xn = sk_X509_NAME_value(sk2, i);
		X509_NAME_oneline(xn, buf, sizeof(buf));
		BIO_write(bio, buf, strlen(buf));
		BIO_write(bio, "\n", 1);
		}
		} else {
		BIO_printf(bio, "---\nNo client certificate CA names sent\n");
		BIO_printf(bio, "no peer certificate available\n");
		}
		print_ca_names(bio, s);

		ssl_print_sigalgs(bio, s);
		ssl_print_tmp_key(bio, s);

apps/s_server.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -2704,6 +2704,7 @@ static void print_connection_info(SSL *con)
		ssl_print_point_formats(bio_s_out, con);
		ssl_print_groups(bio_s_out, con, 0);
		#endif
		print_ca_names(bio_s_out, con);
		BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");

		#if !defined(OPENSSL_NO_NEXTPROTONEG)
		@@ -2990,6 +2991,7 @@ static int www_body(int s, int stype, unsigned char *context)
		#ifndef OPENSSL_NO_EC
		ssl_print_groups(io, con, 0);
		#endif
		print_ca_names(io, con);
		BIO_printf(io, (SSL_session_reused(con)
		? "---\nReused, " : "---\nNew, "));
		c = SSL_get_current_cipher(con);