summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/s_client.c28
-rwxr-xr-xtests/badssl.sh2
2 files changed, 29 insertions, 1 deletions
diff --git a/src/s_client.c b/src/s_client.c
index 683f08b..51f0adb 100644
--- a/src/s_client.c
+++ b/src/s_client.c
@@ -283,6 +283,11 @@ s_client(int argc, char **argv)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
int sfd;
+ int err;
+ char buf[WOLFSSL_MAX_ERROR_SZ];
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_X509 *cert;
+#endif
for (; argc > 0; --argc, ++argv) {
if (strcmp(*argv, "-quiet") == 0) {
@@ -365,6 +370,29 @@ s_client(int argc, char **argv)
}
wolfSSL_set_fd(ssl, sfd);
+ if ((err = wolfSSL_connect(ssl)) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, err);
+ wolfSSL_ERR_error_string(err, buf);
+ fprintf(stderr, "Handshake error: %s\n", buf);
+ ret = EXIT_FAILURE;
+ goto ssl_free;
+ }
+
+#ifdef OPENSSL_EXTRA
+ cert = wolfSSL_get_peer_certificate(ssl);
+ if (cert == NULL) {
+ fputs("Failed to get certificate\n", stderr);
+ ret = EXIT_FAILURE;
+ goto ssl_free;
+ }
+ if (wolfSSL_X509_check_host(cert, host, strlen(host), 0, NULL) !=
+ WOLFSSL_SUCCESS) {
+ fputs("Domain name mismatch\n", stderr);
+ ret = EXIT_FAILURE;
+ goto ssl_free;
+ }
+#endif /* OPENSSL_EXTRA */
+
if (poll_fds(sfd, ssl) == false) {
ret = EXIT_FAILURE;
}
diff --git a/tests/badssl.sh b/tests/badssl.sh
index dd4db14..6b9a332 100755
--- a/tests/badssl.sh
+++ b/tests/badssl.sh
@@ -53,7 +53,7 @@ plan_ 39
# Certificate
do_test '' 'not' 'expired' 443
-do_test 'TODO' 'not' 'wrong.host' 443
+do_test '' 'not' 'wrong.host' 443
do_test '' 'not' 'self-signed' 443
do_test '' 'not' 'untrusted-root' 443
do_test '' 'not' 'revoked' 443