static BIO *
my_connect(char *host, int port, int ssl, SSL_CTX **ctx) {
BIO *conn;
SSL *ssl_ptr;
if (ssl) {
if (!(conn = my_connect_ssl(host, port, ctx))) goto error_exit;
BIO_get_ssl(conn, &ssl_ptr);
if (!verify_cert_hostname(SSL_get_peer_certificate(ssl_ptr), host))
goto error_exit;
if (SSL_get_verify_result(ssl_ptr) != X509_V_OK) goto error_exit;
return conn;
}
if (!(conn = BIO_new_connect(host))) goto error_exit;
BIO_set_conn_int_port(conn, &port);
if (BIO_do_connect(conn) <= 0) goto error_exit;
return conn;
error_exit:
if (conn) BIO_free_all(conn);
return 0;
}
int main(int argc, char *argv[]) {
if (argc < 4) {
printf("UNSUPPORTED"); //for now at least
return 3;
}
BIO *sbio;
SSL_CTX *ssl_ctx;
SSL *ssl;
X509 *cert;
int returncode = 0;
char url[256]; sprintf(url, "%s:%s", argv[1], argv[2]);
char ca_bundle[256]; strcpy(ca_bundle, argv[3]);
//init:
SSL_library_init();
SSL_load_error_strings();
ssl_ctx = SSL_CTX_new(TLSv1_client_method());
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
if (SSL_CTX_load_verify_locations(ssl_ctx, ca_bundle, NULL) != 1) {
printf("Couldn't load certificate trust store.");
returncode=1;
goto end;
} else {
goto connect;
}
connect:
sbio = BIO_new_ssl_connect(ssl_ctx);
BIO_get_ssl(sbio, &ssl);
if (!ssl) {
printf("Connection failed");
returncode=2;
goto connect_end;
}
SSL_set_tlsext_host_name(ssl, url);
BIO_set_conn_hostname(sbio, url);
if(SSL_do_handshake(ssl) <= 0 || !verify_cert_hostname(SSL_get_peer_certificate(ssl), argv[1])) {
printf ("VERIFY FAILURE");
} else {
printf ("VERIFY SUCCESS");
}
X509_free(cert);
BIO_ssl_shutdown(sbio);
connect_end:
BIO_free_all(sbio);
end:
SSL_CTX_free(ssl_ctx);
EVP_cleanup();
ERR_free_strings();
return returncode;
}
