int tls_peer_cert_contains_name(struct tls *ctx, const char *name) { if (ctx->ssl_peer_cert == NULL) return (0); return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0); }
int tls_handshake_client(struct tls *ctx) { X509 *cert = NULL; int match, ssl_ret; int rv = -1; if ((ctx->flags & TLS_CLIENT) == 0) { tls_set_errorx(ctx, "not a client context"); goto err; } if ((ctx->state & TLS_CONNECTED) == 0) { tls_set_errorx(ctx, "context not connected"); goto err; } ctx->state |= TLS_SSL_NEEDS_SHUTDOWN; ERR_clear_error(); if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) { rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake"); goto err; } if (ctx->config->verify_name) { cert = SSL_get_peer_certificate(ctx->ssl_conn); if (cert == NULL) { tls_set_errorx(ctx, "no server certificate"); goto err; } if (tls_check_name(ctx, cert, ctx->servername, &match) == -1) goto err; if (!match) { tls_set_errorx(ctx, "name `%s' not present in" " server certificate", ctx->servername); goto err; } } ctx->state |= TLS_HANDSHAKE_COMPLETE; rv = 0; err: X509_free(cert); return (rv); }