diff options
-rw-r--r-- | src/s_client.c | 28 | ||||
-rwxr-xr-x | tests/badssl.sh | 2 |
2 files changed, 29 insertions, 1 deletions
diff --git a/src/s_client.c b/src/s_client.c index 683f08b..51f0adb 100644 --- a/src/s_client.c +++ b/src/s_client.c @@ -283,6 +283,11 @@ s_client(int argc, char **argv) WOLFSSL_CTX *ctx; WOLFSSL *ssl; int sfd; + int err; + char buf[WOLFSSL_MAX_ERROR_SZ]; +#ifdef OPENSSL_EXTRA + WOLFSSL_X509 *cert; +#endif for (; argc > 0; --argc, ++argv) { if (strcmp(*argv, "-quiet") == 0) { @@ -365,6 +370,29 @@ s_client(int argc, char **argv) } wolfSSL_set_fd(ssl, sfd); + if ((err = wolfSSL_connect(ssl)) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, err); + wolfSSL_ERR_error_string(err, buf); + fprintf(stderr, "Handshake error: %s\n", buf); + ret = EXIT_FAILURE; + goto ssl_free; + } + +#ifdef OPENSSL_EXTRA + cert = wolfSSL_get_peer_certificate(ssl); + if (cert == NULL) { + fputs("Failed to get certificate\n", stderr); + ret = EXIT_FAILURE; + goto ssl_free; + } + if (wolfSSL_X509_check_host(cert, host, strlen(host), 0, NULL) != + WOLFSSL_SUCCESS) { + fputs("Domain name mismatch\n", stderr); + ret = EXIT_FAILURE; + goto ssl_free; + } +#endif /* OPENSSL_EXTRA */ + if (poll_fds(sfd, ssl) == false) { ret = EXIT_FAILURE; } diff --git a/tests/badssl.sh b/tests/badssl.sh index dd4db14..6b9a332 100755 --- a/tests/badssl.sh +++ b/tests/badssl.sh @@ -53,7 +53,7 @@ plan_ 39 # Certificate do_test '' 'not' 'expired' 443 -do_test 'TODO' 'not' 'wrong.host' 443 +do_test '' 'not' 'wrong.host' 443 do_test '' 'not' 'self-signed' 443 do_test '' 'not' 'untrusted-root' 443 do_test '' 'not' 'revoked' 443 |