summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/s_client.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/src/s_client.c b/src/s_client.c
index 683f08b..51f0adb 100644
--- a/src/s_client.c
+++ b/src/s_client.c
@@ -283,6 +283,11 @@ s_client(int argc, char **argv)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
int sfd;
+ int err;
+ char buf[WOLFSSL_MAX_ERROR_SZ];
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_X509 *cert;
+#endif
for (; argc > 0; --argc, ++argv) {
if (strcmp(*argv, "-quiet") == 0) {
@@ -365,6 +370,29 @@ s_client(int argc, char **argv)
}
wolfSSL_set_fd(ssl, sfd);
+ if ((err = wolfSSL_connect(ssl)) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, err);
+ wolfSSL_ERR_error_string(err, buf);
+ fprintf(stderr, "Handshake error: %s\n", buf);
+ ret = EXIT_FAILURE;
+ goto ssl_free;
+ }
+
+#ifdef OPENSSL_EXTRA
+ cert = wolfSSL_get_peer_certificate(ssl);
+ if (cert == NULL) {
+ fputs("Failed to get certificate\n", stderr);
+ ret = EXIT_FAILURE;
+ goto ssl_free;
+ }
+ if (wolfSSL_X509_check_host(cert, host, strlen(host), 0, NULL) !=
+ WOLFSSL_SUCCESS) {
+ fputs("Domain name mismatch\n", stderr);
+ ret = EXIT_FAILURE;
+ goto ssl_free;
+ }
+#endif /* OPENSSL_EXTRA */
+
if (poll_fds(sfd, ssl) == false) {
ret = EXIT_FAILURE;
}