version 1.109, 2016/07/13 16:35:47 |
version 1.110, 2016/08/13 12:55:21 |
|
|
}; |
}; |
|
|
struct tls_config *tls_config; |
struct tls_config *tls_config; |
|
|
|
static void |
|
process_ssl_options(char *cp) |
|
{ |
|
const char *errstr; |
|
long long depth; |
|
char *str; |
|
|
|
while (*cp) { |
|
switch (getsubopt(&cp, ssl_verify_opts, &str)) { |
|
case SSL_CAFILE: |
|
if (str == NULL) |
|
errx(1, "missing CA file"); |
|
if (tls_config_set_ca_file(tls_config, str) != 0) |
|
errx(1, "tls ca file failed: %s", |
|
tls_config_error(tls_config)); |
|
break; |
|
case SSL_CAPATH: |
|
if (str == NULL) |
|
errx(1, "missing CA directory path"); |
|
if (tls_config_set_ca_path(tls_config, str) != 0) |
|
errx(1, "tls ca path failed: %s", |
|
tls_config_error(tls_config)); |
|
break; |
|
case SSL_CIPHERS: |
|
if (str == NULL) |
|
errx(1, "missing cipher list"); |
|
if (tls_config_set_ciphers(tls_config, str) != 0) |
|
errx(1, "tls ciphers failed: %s", |
|
tls_config_error(tls_config)); |
|
break; |
|
case SSL_DONTVERIFY: |
|
tls_config_insecure_noverifycert(tls_config); |
|
tls_config_insecure_noverifyname(tls_config); |
|
break; |
|
case SSL_DOVERIFY: |
|
tls_config_verify(tls_config); |
|
break; |
|
case SSL_VERIFYDEPTH: |
|
if (str == NULL) |
|
errx(1, "missing depth"); |
|
depth = strtonum(str, 0, INT_MAX, &errstr); |
|
if (errstr) |
|
errx(1, "certificate validation depth is %s", |
|
errstr); |
|
tls_config_set_verify_depth(tls_config, (int)depth); |
|
break; |
|
default: |
|
errx(1, "unknown -S suboption `%s'", |
|
suboptarg ? suboptarg : ""); |
|
/* NOTREACHED */ |
|
} |
|
} |
|
} |
#endif /* !SMALL */ |
#endif /* !SMALL */ |
|
|
int family = PF_UNSPEC; |
int family = PF_UNSPEC; |
|
|
char *outfile = NULL; |
char *outfile = NULL; |
const char *errstr; |
const char *errstr; |
int dumb_terminal = 0; |
int dumb_terminal = 0; |
#ifndef SMALL |
|
long long depth; |
|
#endif |
|
|
|
ftpport = "ftp"; |
ftpport = "ftp"; |
httpport = "http"; |
httpport = "http"; |
|
|
errx(1, "tls config failed"); |
errx(1, "tls config failed"); |
tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL); |
tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL); |
if (tls_config_set_ciphers(tls_config, "all") != 0) |
if (tls_config_set_ciphers(tls_config, "all") != 0) |
errx(1, "tls set ciphers failed"); |
errx(1, "tls set ciphers failed: %s", |
|
tls_config_error(tls_config)); |
} |
} |
#endif /* !SMALL */ |
#endif /* !SMALL */ |
|
|
|
|
|
|
case 'S': |
case 'S': |
#ifndef SMALL |
#ifndef SMALL |
cp = optarg; |
process_ssl_options(optarg); |
while (*cp) { |
#endif /* !SMALL */ |
char *str; |
|
switch (getsubopt(&cp, ssl_verify_opts, &str)) { |
|
case SSL_CAFILE: |
|
if (str == NULL) |
|
errx(1, "missing CA file"); |
|
if (tls_config_set_ca_file( |
|
tls_config, str) != 0) |
|
errx(1, "tls ca file failed"); |
|
break; |
|
case SSL_CAPATH: |
|
if (str == NULL) |
|
errx(1, "missing CA directory" |
|
" path"); |
|
if (tls_config_set_ca_path( |
|
tls_config, str) != 0) |
|
errx(1, "tls ca path failed"); |
|
break; |
|
case SSL_CIPHERS: |
|
if (str == NULL) |
|
errx(1, "missing cipher list"); |
|
if (tls_config_set_ciphers( |
|
tls_config, str) != 0) |
|
errx(1, "tls ciphers failed"); |
|
break; |
|
case SSL_DONTVERIFY: |
|
tls_config_insecure_noverifycert( |
|
tls_config); |
|
tls_config_insecure_noverifyname( |
|
tls_config); |
|
break; |
|
case SSL_DOVERIFY: |
|
tls_config_verify(tls_config); |
|
break; |
|
case SSL_VERIFYDEPTH: |
|
if (str == NULL) |
|
errx(1, "missing depth"); |
|
depth = strtonum(str, 0, INT_MAX, |
|
&errstr); |
|
if (errstr) |
|
errx(1, "certificate " |
|
"validation depth is %s", |
|
errstr); |
|
tls_config_set_verify_depth( |
|
tls_config, (int)depth); |
|
break; |
|
default: |
|
errx(1, "unknown -S suboption `%s'", |
|
suboptarg ? suboptarg : ""); |
|
/* NOTREACHED */ |
|
} |
|
} |
|
#endif |
|
break; |
break; |
|
|
case 's': |
case 's': |