kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add -root-certs options to bssl client.

Browse Source 
This option allows a file containing PEM root certificates to be given.
It causes the server's certificate to be verified against those roots.

Change-Id: Iaa92581d5834e436bcedf9d4088f7204abc6b95b
Reviewed-on: https://boringssl-review.googlesource.com/13588
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Adam Langley 2017-02-03 10:31:00 -08:00 committed by CQ bot account: commit-bot@chromium.org
parent e212f27a3e
commit e5dfb52c3b
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tool/client.cc
View File

@ -105,6 +105,11 @@ static const struct argument kArguments[] = {
"-resume", kBooleanArgument,
"Establish a second connection resuming the original connection.",
},
{
"-root-certs", kOptionalArgument,
"A filename containing one of more PEM root certificates. Implies that"
"verification is required.",
},
{
"", kOptionalArgument, "",
},
@ -390,6 +395,16 @@ bool Client(const std::vector<std::string> &args) {
SSL_CTX_set_grease_enabled(ctx.get(), 1);
}
if (args_map.count("-root-certs") != 0) {
if (!SSL_CTX_load_verify_locations(
ctx.get(), args_map["-root-certs"].c_str(), nullptr)) {
fprintf(stderr, "Failed to load root certificates.\n");
ERR_print_errors_cb(PrintErrorCallback, stderr);
return false;
}
SSL_CTX_set_verify(ctx.get(), SSL_VERIFY_PEER, nullptr);
}
if (args_map.count("-resume") != 0 &&
!DoConnection(ctx.get(), args_map, &WaitForSession)) {
return false;