version 1.90, 2014/07/14 05:54:12 |
version 1.91, 2014/07/14 09:26:27 |
|
|
#include <string.h> |
#include <string.h> |
#include <unistd.h> |
#include <unistd.h> |
|
|
#include "ftp_var.h" |
#include <ressl.h> |
|
|
#include "cmds.h" |
#include "cmds.h" |
|
#include "ftp_var.h" |
|
|
#ifndef SMALL |
#ifndef SMALL |
char * const ssl_verify_opts[] = { |
char * const ssl_verify_opts[] = { |
|
|
"depth", |
"depth", |
NULL |
NULL |
}; |
}; |
char *ssl_ciphers; |
|
int ssl_verify = 1; |
struct ressl_config *ressl_config; |
int ssl_verify_depth = -1; |
|
char *ssl_ca_file; |
|
char *ssl_ca_path; |
|
#endif /* !SMALL */ |
#endif /* !SMALL */ |
|
|
int family = PF_UNSPEC; |
int family = PF_UNSPEC; |
|
|
char *outfile = NULL; |
char *outfile = NULL; |
const char *errstr; |
const char *errstr; |
int dumb_terminal = 0; |
int dumb_terminal = 0; |
|
#ifndef SMALL |
|
long long depth; |
|
#endif |
|
|
ftpport = "ftp"; |
ftpport = "ftp"; |
httpport = "http"; |
httpport = "http"; |
|
|
|
|
case 'S': |
case 'S': |
#ifndef SMALL |
#ifndef SMALL |
|
if (ressl_config == NULL) { |
|
ressl_config = ressl_config_new(); |
|
if (ressl_config == NULL) |
|
errx(1, "ressl config failed"); |
|
} |
|
|
cp = optarg; |
cp = optarg; |
while (*cp) { |
while (*cp) { |
char *str; |
char *str; |
|
|
case SSL_CAFILE: |
case SSL_CAFILE: |
if (str == NULL) |
if (str == NULL) |
errx(1, "missing CA file"); |
errx(1, "missing CA file"); |
ssl_ca_file = str; |
ressl_config_set_ca_file(ressl_config, |
|
str); |
break; |
break; |
case SSL_CAPATH: |
case SSL_CAPATH: |
if (str == NULL) |
if (str == NULL) |
errx(1, "missing CA directory" |
errx(1, "missing CA directory" |
" path"); |
" path"); |
ssl_ca_path = str; |
ressl_config_set_ca_path(ressl_config, |
|
str); |
break; |
break; |
case SSL_CIPHERS: |
case SSL_CIPHERS: |
if (str == NULL) |
if (str == NULL) |
errx(1, "missing cipher list"); |
errx(1, "missing cipher list"); |
ssl_ciphers = str; |
ressl_config_set_ciphers(ressl_config, |
|
str); |
break; |
break; |
case SSL_DONTVERIFY: |
case SSL_DONTVERIFY: |
ssl_verify = 0; |
ressl_config_insecure_no_verify( |
|
ressl_config); |
break; |
break; |
case SSL_DOVERIFY: |
case SSL_DOVERIFY: |
ssl_verify = 1; |
ressl_config_verify(ressl_config); |
break; |
break; |
case SSL_VERIFYDEPTH: |
case SSL_VERIFYDEPTH: |
if (str == NULL) |
if (str == NULL) |
errx(1, "missing depth"); |
errx(1, "missing depth"); |
ssl_verify_depth = strtonum(str, 0, |
depth = strtonum(str, 0, INT_MAX, |
INT_MAX, &errstr); |
&errstr); |
if (errstr) |
if (errstr) |
errx(1, "certificate " |
errx(1, "certificate " |
"validation depth is %s", |
"validation depth is %s", |
errstr); |
errstr); |
|
ressl_config_set_verify_depth( |
|
ressl_config, (int)depth); |
break; |
break; |
default: |
default: |
errx(1, "unknown -S suboption `%s'", |
errx(1, "unknown -S suboption `%s'", |