static BIO * my_connect(char *host, int port, int ssl, SSL_CTX **ctx) { BIO *conn; SSL *ssl_ptr; if (ssl) { if (!(conn = my_connect_ssl(host, port, ctx))) goto error_exit; BIO_get_ssl(conn, &ssl_ptr); if (!verify_cert_hostname(SSL_get_peer_certificate(ssl_ptr), host)) goto error_exit; if (SSL_get_verify_result(ssl_ptr) != X509_V_OK) goto error_exit; return conn; } if (!(conn = BIO_new_connect(host))) goto error_exit; BIO_set_conn_int_port(conn, &port); if (BIO_do_connect(conn) <= 0) goto error_exit; return conn; error_exit: if (conn) BIO_free_all(conn); return 0; }
int main(int argc, char *argv[]) { if (argc < 4) { printf("UNSUPPORTED"); //for now at least return 3; } BIO *sbio; SSL_CTX *ssl_ctx; SSL *ssl; X509 *cert; int returncode = 0; char url[256]; sprintf(url, "%s:%s", argv[1], argv[2]); char ca_bundle[256]; strcpy(ca_bundle, argv[3]); //init: SSL_library_init(); SSL_load_error_strings(); ssl_ctx = SSL_CTX_new(TLSv1_client_method()); SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); if (SSL_CTX_load_verify_locations(ssl_ctx, ca_bundle, NULL) != 1) { printf("Couldn't load certificate trust store."); returncode=1; goto end; } else { goto connect; } connect: sbio = BIO_new_ssl_connect(ssl_ctx); BIO_get_ssl(sbio, &ssl); if (!ssl) { printf("Connection failed"); returncode=2; goto connect_end; } SSL_set_tlsext_host_name(ssl, url); BIO_set_conn_hostname(sbio, url); if(SSL_do_handshake(ssl) <= 0 || !verify_cert_hostname(SSL_get_peer_certificate(ssl), argv[1])) { printf ("VERIFY FAILURE"); } else { printf ("VERIFY SUCCESS"); } X509_free(cert); BIO_ssl_shutdown(sbio); connect_end: BIO_free_all(sbio); end: SSL_CTX_free(ssl_ctx); EVP_cleanup(); ERR_free_strings(); return returncode; }