s_client: Verify host

wolfSSL doesn't do this automatically?!
author: Patrick McDermott <patrick.mcdermott@libiquity.com> 2019-07-30 02:41:51 (EDT)
committer: Patrick McDermott <patrick.mcdermott@libiquity.com> 2019-07-30 02:46:02 (EDT)
commit: d87530f0ee5d3f7449a67239d6187340570dd2d3 (patch)
tree: 49a201602d13103936005fca6712267ee518789c /src
parent: 20544b033c8ece5814318d23272b31ba8b2bd9fc (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/src/s_client.c b/src/s_client.c
index 683f08b..51f0adb 100644
--- a/src/s_client.c
+++ b/src/s_client.c
@@ -283,6 +283,11 @@ s_client(int argc, char **argv)
 	WOLFSSL_CTX    *ctx;
 	WOLFSSL        *ssl;
 	int             sfd;
+	int             err;
+	char            buf[WOLFSSL_MAX_ERROR_SZ];
+#ifdef OPENSSL_EXTRA
+	WOLFSSL_X509   *cert;
+#endif
 
 	for (; argc > 0; --argc, ++argv) {
 		if (strcmp(*argv, "-quiet") == 0) {
@@ -365,6 +370,29 @@ s_client(int argc, char **argv)
 	}
 	wolfSSL_set_fd(ssl, sfd);
 
+	if ((err = wolfSSL_connect(ssl)) != WOLFSSL_SUCCESS) {
+		err = wolfSSL_get_error(ssl, err);
+		wolfSSL_ERR_error_string(err, buf);
+		fprintf(stderr, "Handshake error: %s\n", buf);
+		ret = EXIT_FAILURE;
+		goto ssl_free;
+	}
+
+#ifdef OPENSSL_EXTRA
+	cert = wolfSSL_get_peer_certificate(ssl);
+	if (cert == NULL) {
+		fputs("Failed to get certificate\n", stderr);
+		ret = EXIT_FAILURE;
+		goto ssl_free;
+	}
+	if (wolfSSL_X509_check_host(cert, host, strlen(host), 0, NULL) !=
+			WOLFSSL_SUCCESS) {
+		fputs("Domain name mismatch\n", stderr);
+		ret = EXIT_FAILURE;
+		goto ssl_free;
+	}
+#endif  /* OPENSSL_EXTRA */
+
 	if (poll_fds(sfd, ssl) == false) {
 		ret = EXIT_FAILURE;
 	}
author	Patrick McDermott <patrick.mcdermott@libiquity.com>	2019-07-30 02:41:51 (EDT)
committer	Patrick McDermott <patrick.mcdermott@libiquity.com>	2019-07-30 02:46:02 (EDT)
commit	d87530f0ee5d3f7449a67239d6187340570dd2d3 (patch)
tree	49a201602d13103936005fca6712267ee518789c /src
parent	20544b033c8ece5814318d23272b31ba8b2bd9fc (diff)