int
tls_peer_cert_contains_name(struct tls *ctx, const char *name)
{
if (ctx->ssl_peer_cert == NULL)
return (0);
return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);
}
int
tls_handshake_client(struct tls *ctx)
{
X509 *cert = NULL;
int match, ssl_ret;
int rv = -1;
if ((ctx->flags & TLS_CLIENT) == 0) {
tls_set_errorx(ctx, "not a client context");
goto err;
}
if ((ctx->state & TLS_CONNECTED) == 0) {
tls_set_errorx(ctx, "context not connected");
goto err;
}
ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
ERR_clear_error();
if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) {
rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
goto err;
}
if (ctx->config->verify_name) {
cert = SSL_get_peer_certificate(ctx->ssl_conn);
if (cert == NULL) {
tls_set_errorx(ctx, "no server certificate");
goto err;
}
if (tls_check_name(ctx, cert, ctx->servername, &match) == -1)
goto err;
if (!match) {
tls_set_errorx(ctx, "name `%s' not present in"
" server certificate", ctx->servername);
goto err;
}
}
ctx->state |= TLS_HANDSHAKE_COMPLETE;
rv = 0;
err:
X509_free(cert);
return (rv);
}
