version 1.214, 2020/01/06 19:39:58 |
version 1.215, 2020/01/07 17:36:04 |
|
|
} |
} |
if (vflag) |
if (vflag) |
report_tls(tls_ctx, host); |
report_tls(tls_ctx, host); |
if (tls_expecthash && tls_peer_cert_hash(tls_ctx) && |
if (tls_expecthash && (tls_peer_cert_hash(tls_ctx) == NULL || |
strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0) |
strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)) |
errx(1, "peer certificate is not %s", tls_expecthash); |
errx(1, "peer certificate is not %s", tls_expecthash); |
if (Zflag) { |
if (Zflag) { |
save_peer_cert(tls_ctx, Zflag); |
save_peer_cert(tls_ctx, Zflag); |
|
|
report_tls(tls_cctx, host); |
report_tls(tls_cctx, host); |
if ((TLSopt & TLS_CCERT) && !gotcert) |
if ((TLSopt & TLS_CCERT) && !gotcert) |
warnx("No client certificate provided"); |
warnx("No client certificate provided"); |
else if (gotcert && tls_peer_cert_hash(tls_ctx) && tls_expecthash && |
else if (gotcert && tls_expecthash && |
strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0) |
(tls_peer_cert_hash(tls_cctx) == NULL || |
|
strcmp(tls_expecthash, tls_peer_cert_hash(tls_cctx)) != 0)) |
warnx("peer certificate is not %s", tls_expecthash); |
warnx("peer certificate is not %s", tls_expecthash); |
else if (gotcert && tls_expectname && |
else if (gotcert && tls_expectname && |
(!tls_peer_cert_contains_name(tls_cctx, tls_expectname))) |
(!tls_peer_cert_contains_name(tls_cctx, tls_expectname))) |