]>
Commit | Line | Data |
---|---|---|
58964a49 | 1 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
2 | * All rights reserved. |
3 | * | |
4 | * This package is an SSL implementation written | |
5 | * by Eric Young (eay@cryptsoft.com). | |
6 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 7 | * |
d02b48c6 RE |
8 | * This library is free for commercial and non-commercial use as long as |
9 | * the following conditions are aheared to. The following conditions | |
10 | * apply to all code found in this distribution, be it the RC4, RSA, | |
11 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
12 | * included with this distribution is covered by the same copyright terms | |
13 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 14 | * |
d02b48c6 RE |
15 | * Copyright remains Eric Young's, and as such any Copyright notices in |
16 | * the code are not to be removed. | |
17 | * If this package is used in a product, Eric Young should be given attribution | |
18 | * as the author of the parts of the library used. | |
19 | * This can be in the form of a textual message at program startup or | |
20 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 21 | * |
d02b48c6 RE |
22 | * Redistribution and use in source and binary forms, with or without |
23 | * modification, are permitted provided that the following conditions | |
24 | * are met: | |
25 | * 1. Redistributions of source code must retain the copyright | |
26 | * notice, this list of conditions and the following disclaimer. | |
27 | * 2. Redistributions in binary form must reproduce the above copyright | |
28 | * notice, this list of conditions and the following disclaimer in the | |
29 | * documentation and/or other materials provided with the distribution. | |
30 | * 3. All advertising materials mentioning features or use of this software | |
31 | * must display the following acknowledgement: | |
32 | * "This product includes cryptographic software written by | |
33 | * Eric Young (eay@cryptsoft.com)" | |
34 | * The word 'cryptographic' can be left out if the rouines from the library | |
35 | * being used are not cryptographic related :-). | |
0f113f3e | 36 | * 4. If you include any Windows specific code (or a derivative thereof) from |
d02b48c6 RE |
37 | * the apps directory (application code) you must include an acknowledgement: |
38 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 39 | * |
d02b48c6 RE |
40 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
41 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
43 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
44 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
45 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
46 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
48 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
49 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
50 | * SUCH DAMAGE. | |
0f113f3e | 51 | * |
d02b48c6 RE |
52 | * The licence and distribution terms for any publically available version or |
53 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
54 | * copied and put under another distribution licence | |
55 | * [including the GNU Public Licence.] | |
56 | */ | |
57 | ||
58964a49 | 58 | #define NO_SHUTDOWN |
d02b48c6 | 59 | |
0f113f3e | 60 | /* ---------------------------------------- |
b6cff93d | 61 | s_time - SSL client connection timer program |
d02b48c6 RE |
62 | Written and donated by Larry Streepy <streepy@healthcare.com> |
63 | -----------------------------------------*/ | |
64 | ||
65 | #include <stdio.h> | |
66 | #include <stdlib.h> | |
67 | #include <string.h> | |
68 | ||
a4a8f7b3 RL |
69 | #define USE_SOCKETS |
70 | #include "apps.h" | |
ec577822 BM |
71 | #include <openssl/x509.h> |
72 | #include <openssl/ssl.h> | |
73 | #include <openssl/pem.h> | |
d02b48c6 | 74 | #include "s_apps.h" |
ec577822 | 75 | #include <openssl/err.h> |
f559f31b | 76 | #if !defined(OPENSSL_SYS_MSDOS) |
0f113f3e | 77 | # include OPENSSL_UNISTD |
f559f31b | 78 | #endif |
d02b48c6 | 79 | |
7d7d2cbc | 80 | #undef ioctl |
d02b48c6 RE |
81 | #define ioctl ioctlsocket |
82 | ||
0f113f3e | 83 | #define SSL_CONNECT_NAME "localhost:4433" |
d02b48c6 | 84 | |
e636e2ac | 85 | /* no default cert. */ |
0f113f3e MC |
86 | /* |
87 | * #define TEST_CERT "client.pem" | |
88 | */ | |
d02b48c6 RE |
89 | |
90 | #undef BUFSIZZ | |
91 | #define BUFSIZZ 1024*10 | |
92 | ||
54a656ef BL |
93 | #define MYBUFSIZ 1024*8 |
94 | ||
3e83e686 RL |
95 | #undef min |
96 | #undef max | |
d02b48c6 RE |
97 | #define min(a,b) (((a) < (b)) ? (a) : (b)) |
98 | #define max(a,b) (((a) > (b)) ? (a) : (b)) | |
99 | ||
100 | #undef SECONDS | |
0f113f3e | 101 | #define SECONDS 30 |
7e1b7485 RS |
102 | #define SECONDSSTR "30" |
103 | ||
d02b48c6 RE |
104 | extern int verify_depth; |
105 | extern int verify_error; | |
106 | ||
7e1b7485 | 107 | static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); |
d02b48c6 | 108 | |
7e1b7485 RS |
109 | typedef enum OPTION_choice { |
110 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
111 | OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH, | |
2b6bcb70 MC |
112 | OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, |
113 | OPT_VERIFY, OPT_TIME, OPT_SSL3, | |
7e1b7485 RS |
114 | OPT_WWW |
115 | } OPTION_CHOICE; | |
116 | ||
117 | OPTIONS s_time_options[] = { | |
118 | {"help", OPT_HELP, '-', "Display this summary"}, | |
119 | {"connect", OPT_CONNECT, 's', | |
120 | "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"}, | |
121 | {"cipher", OPT_CIPHER, 's', "Cipher to use, see 'openssl ciphers'"}, | |
122 | {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"}, | |
123 | {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, | |
124 | {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, | |
125 | {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, | |
2b6bcb70 MC |
126 | {"no-CAfile", OPT_NOCAFILE, '-', |
127 | "Do not load the default certificates file"}, | |
128 | {"no-CApath", OPT_NOCAPATH, '-', | |
129 | "Do not load certificates from the default certificates directory"}, | |
7e1b7485 RS |
130 | {"new", OPT_NEW, '-', "Just time new connections"}, |
131 | {"reuse", OPT_REUSE, '-', "Just time connection reuse"}, | |
132 | {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"}, | |
133 | {"verify", OPT_VERIFY, 'p', | |
134 | "Turn on peer certificate verification, set depth"}, | |
135 | {"time", OPT_TIME, 'p', "Sf seconds to collect data, default" SECONDSSTR}, | |
136 | {"www", OPT_WWW, 's', "Fetch specified page from the site"}, | |
137 | #ifndef OPENSSL_NO_SSL3 | |
138 | {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, | |
d02b48c6 | 139 | #endif |
7e1b7485 RS |
140 | {NULL} |
141 | }; | |
d02b48c6 | 142 | |
7e1b7485 RS |
143 | #define START 0 |
144 | #define STOP 1 | |
58964a49 | 145 | |
7e1b7485 | 146 | static double tm_Time_F(int s) |
d02b48c6 | 147 | { |
7e1b7485 | 148 | return app_tminterval(s, 1); |
d02b48c6 RE |
149 | } |
150 | ||
7e1b7485 | 151 | int s_time_main(int argc, char **argv) |
d02b48c6 | 152 | { |
7e1b7485 RS |
153 | char buf[1024 * 8]; |
154 | SSL *scon = NULL; | |
155 | SSL_CTX *ctx = NULL; | |
156 | const SSL_METHOD *meth = NULL; | |
157 | char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *www_path = NULL; | |
158 | char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog; | |
159 | double totalTime = 0.0; | |
2b6bcb70 | 160 | int noCApath = 0, noCAfile = 0; |
7e1b7485 RS |
161 | int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = |
162 | 0, ver; | |
163 | long bytes_read = 0, finishtime = 0; | |
164 | OPTION_CHOICE o; | |
d02b48c6 | 165 | |
13c9bb3e | 166 | meth = TLS_client_method(); |
0f113f3e MC |
167 | verify_depth = 0; |
168 | verify_error = X509_V_OK; | |
d02b48c6 | 169 | |
7e1b7485 RS |
170 | prog = opt_init(argc, argv, s_time_options); |
171 | while ((o = opt_next()) != OPT_EOF) { | |
172 | switch (o) { | |
173 | case OPT_EOF: | |
174 | case OPT_ERR: | |
175 | opthelp: | |
176 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
177 | goto end; | |
178 | case OPT_HELP: | |
179 | opt_help(s_time_options); | |
180 | ret = 0; | |
181 | goto end; | |
182 | case OPT_CONNECT: | |
183 | host = opt_arg(); | |
184 | break; | |
185 | case OPT_REUSE: | |
0f113f3e | 186 | perform = 2; |
7e1b7485 RS |
187 | break; |
188 | case OPT_NEW: | |
0f113f3e | 189 | perform = 1; |
7e1b7485 RS |
190 | break; |
191 | case OPT_VERIFY: | |
192 | if (!opt_int(opt_arg(), &verify_depth)) | |
193 | goto opthelp; | |
194 | BIO_printf(bio_err, "%s: verify depth is %d\n", | |
195 | prog, verify_depth); | |
196 | break; | |
197 | case OPT_CERT: | |
198 | certfile = opt_arg(); | |
199 | break; | |
200 | case OPT_KEY: | |
201 | keyfile = opt_arg(); | |
202 | break; | |
203 | case OPT_CAPATH: | |
204 | CApath = opt_arg(); | |
205 | break; | |
206 | case OPT_CAFILE: | |
207 | CAfile = opt_arg(); | |
208 | break; | |
2b6bcb70 MC |
209 | case OPT_NOCAPATH: |
210 | noCApath = 1; | |
211 | break; | |
212 | case OPT_NOCAFILE: | |
213 | noCAfile = 1; | |
214 | break; | |
7e1b7485 RS |
215 | case OPT_CIPHER: |
216 | cipher = opt_arg(); | |
217 | break; | |
218 | case OPT_BUGS: | |
0f113f3e | 219 | st_bugs = 1; |
7e1b7485 RS |
220 | break; |
221 | case OPT_TIME: | |
222 | if (!opt_int(opt_arg(), &maxtime)) | |
223 | goto opthelp; | |
224 | break; | |
225 | case OPT_WWW: | |
226 | www_path = opt_arg(); | |
227 | if (strlen(www_path) > MYBUFSIZ - 100) { | |
228 | BIO_printf(bio_err, "%s: -www option too long\n", prog); | |
229 | goto end; | |
dfef52f6 | 230 | } |
0f113f3e | 231 | break; |
7e1b7485 | 232 | case OPT_SSL3: |
9c3bcfa0 | 233 | #ifndef OPENSSL_NO_SSL3 |
7e1b7485 | 234 | meth = SSLv3_client_method(); |
7e1b7485 | 235 | #endif |
9c3bcfa0 | 236 | break; |
0f113f3e | 237 | } |
d02b48c6 | 238 | } |
7e1b7485 | 239 | argc = opt_num_rest(); |
03358517 KR |
240 | if (argc != 0) |
241 | goto opthelp; | |
d02b48c6 | 242 | |
7e1b7485 RS |
243 | if (cipher == NULL) |
244 | cipher = getenv("SSL_CIPHER"); | |
245 | if (cipher == NULL) { | |
7768e116 | 246 | BIO_printf(bio_err, "No CIPHER specified\n"); |
7e1b7485 | 247 | goto end; |
d02b48c6 RE |
248 | } |
249 | ||
7e1b7485 | 250 | if ((ctx = SSL_CTX_new(meth)) == NULL) |
0f113f3e MC |
251 | goto end; |
252 | ||
7e1b7485 | 253 | SSL_CTX_set_quiet_shutdown(ctx, 1); |
0f113f3e MC |
254 | |
255 | if (st_bugs) | |
7e1b7485 RS |
256 | SSL_CTX_set_options(ctx, SSL_OP_ALL); |
257 | if (!SSL_CTX_set_cipher_list(ctx, cipher)) | |
ac59d705 | 258 | goto end; |
7e1b7485 | 259 | if (!set_cert_stuff(ctx, certfile, keyfile)) |
0f113f3e MC |
260 | goto end; |
261 | ||
2b6bcb70 | 262 | if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) { |
0f113f3e | 263 | ERR_print_errors(bio_err); |
7e1b7485 | 264 | goto end; |
0f113f3e | 265 | } |
0f113f3e MC |
266 | if (!(perform & 1)) |
267 | goto next; | |
7e1b7485 | 268 | printf("Collecting connection statistics for %d seconds\n", maxtime); |
d02b48c6 | 269 | |
0f113f3e | 270 | /* Loop and time how long it takes to make connections */ |
d02b48c6 | 271 | |
0f113f3e | 272 | bytes_read = 0; |
7e1b7485 | 273 | finishtime = (long)time(NULL) + maxtime; |
0f113f3e MC |
274 | tm_Time_F(START); |
275 | for (;;) { | |
276 | if (finishtime < (long)time(NULL)) | |
277 | break; | |
d02b48c6 | 278 | |
7e1b7485 | 279 | if ((scon = doConnection(NULL, host, ctx)) == NULL) |
0f113f3e | 280 | goto end; |
d02b48c6 | 281 | |
7e1b7485 | 282 | if (www_path != NULL) { |
0f113f3e | 283 | BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", |
7e1b7485 | 284 | www_path); |
61986d32 | 285 | if (SSL_write(scon, buf, strlen(buf)) <= 0) |
ac59d705 | 286 | goto end; |
0f113f3e MC |
287 | while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) |
288 | bytes_read += i; | |
289 | } | |
d02b48c6 | 290 | #ifdef NO_SHUTDOWN |
0f113f3e | 291 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
d02b48c6 | 292 | #else |
0f113f3e | 293 | SSL_shutdown(scon); |
d02b48c6 | 294 | #endif |
0f113f3e MC |
295 | SHUTDOWN2(SSL_get_fd(scon)); |
296 | ||
297 | nConn += 1; | |
298 | if (SSL_session_reused(scon)) | |
299 | ver = 'r'; | |
300 | else { | |
301 | ver = SSL_version(scon); | |
302 | if (ver == TLS1_VERSION) | |
303 | ver = 't'; | |
304 | else if (ver == SSL3_VERSION) | |
305 | ver = '3'; | |
306 | else | |
307 | ver = '*'; | |
308 | } | |
309 | fputc(ver, stdout); | |
310 | fflush(stdout); | |
311 | ||
312 | SSL_free(scon); | |
313 | scon = NULL; | |
314 | } | |
315 | totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ | |
316 | ||
7e1b7485 | 317 | i = (int)((long)time(NULL) - finishtime + maxtime); |
0f113f3e MC |
318 | printf |
319 | ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", | |
320 | nConn, totalTime, ((double)nConn / totalTime), bytes_read); | |
321 | printf | |
322 | ("%d connections in %ld real seconds, %ld bytes read per connection\n", | |
7e1b7485 | 323 | nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); |
0f113f3e MC |
324 | |
325 | /* | |
326 | * Now loop and time connections using the same session id over and over | |
327 | */ | |
328 | ||
329 | next: | |
330 | if (!(perform & 2)) | |
331 | goto end; | |
332 | printf("\n\nNow timing with session id reuse.\n"); | |
333 | ||
334 | /* Get an SSL object so we can reuse the session id */ | |
7e1b7485 | 335 | if ((scon = doConnection(NULL, host, ctx)) == NULL) { |
7768e116 | 336 | BIO_printf(bio_err, "Unable to get connection\n"); |
0f113f3e MC |
337 | goto end; |
338 | } | |
339 | ||
7e1b7485 RS |
340 | if (www_path != NULL) { |
341 | BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", www_path); | |
61986d32 | 342 | if (SSL_write(scon, buf, strlen(buf)) <= 0) |
ac59d705 | 343 | goto end; |
7e1b7485 RS |
344 | while (SSL_read(scon, buf, sizeof(buf)) > 0) |
345 | continue; | |
0f113f3e | 346 | } |
d02b48c6 | 347 | #ifdef NO_SHUTDOWN |
0f113f3e | 348 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
d02b48c6 | 349 | #else |
0f113f3e | 350 | SSL_shutdown(scon); |
d02b48c6 | 351 | #endif |
0f113f3e MC |
352 | SHUTDOWN2(SSL_get_fd(scon)); |
353 | ||
354 | nConn = 0; | |
355 | totalTime = 0.0; | |
d02b48c6 | 356 | |
7e1b7485 | 357 | finishtime = (long)time(NULL) + maxtime; |
d02b48c6 | 358 | |
0f113f3e MC |
359 | printf("starting\n"); |
360 | bytes_read = 0; | |
361 | tm_Time_F(START); | |
d02b48c6 | 362 | |
0f113f3e MC |
363 | for (;;) { |
364 | if (finishtime < (long)time(NULL)) | |
365 | break; | |
d02b48c6 | 366 | |
7e1b7485 | 367 | if ((doConnection(scon, host, ctx)) == NULL) |
0f113f3e | 368 | goto end; |
d02b48c6 | 369 | |
7e1b7485 | 370 | if (www_path) { |
0f113f3e | 371 | BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", |
7e1b7485 | 372 | www_path); |
61986d32 | 373 | if (SSL_write(scon, buf, strlen(buf)) <= 0) |
ac59d705 | 374 | goto end; |
0f113f3e MC |
375 | while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) |
376 | bytes_read += i; | |
377 | } | |
d02b48c6 | 378 | #ifdef NO_SHUTDOWN |
0f113f3e | 379 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
d02b48c6 | 380 | #else |
0f113f3e | 381 | SSL_shutdown(scon); |
d02b48c6 | 382 | #endif |
0f113f3e MC |
383 | SHUTDOWN2(SSL_get_fd(scon)); |
384 | ||
385 | nConn += 1; | |
386 | if (SSL_session_reused(scon)) | |
387 | ver = 'r'; | |
388 | else { | |
389 | ver = SSL_version(scon); | |
390 | if (ver == TLS1_VERSION) | |
391 | ver = 't'; | |
392 | else if (ver == SSL3_VERSION) | |
393 | ver = '3'; | |
394 | else | |
395 | ver = '*'; | |
396 | } | |
397 | fputc(ver, stdout); | |
398 | fflush(stdout); | |
399 | } | |
400 | totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ | |
401 | ||
402 | printf | |
403 | ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", | |
404 | nConn, totalTime, ((double)nConn / totalTime), bytes_read); | |
405 | printf | |
406 | ("%d connections in %ld real seconds, %ld bytes read per connection\n", | |
7e1b7485 | 407 | nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); |
0f113f3e MC |
408 | |
409 | ret = 0; | |
7e1b7485 | 410 | |
0f113f3e | 411 | end: |
62adbcee | 412 | SSL_free(scon); |
7e1b7485 RS |
413 | SSL_CTX_free(ctx); |
414 | return (ret); | |
0f113f3e | 415 | } |
d02b48c6 | 416 | |
c80fd6b2 | 417 | /*- |
d02b48c6 | 418 | * doConnection - make a connection |
d02b48c6 | 419 | */ |
7e1b7485 | 420 | static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) |
0f113f3e MC |
421 | { |
422 | BIO *conn; | |
423 | SSL *serverCon; | |
424 | int width, i; | |
425 | fd_set readfds; | |
426 | ||
427 | if ((conn = BIO_new(BIO_s_connect())) == NULL) | |
428 | return (NULL); | |
429 | ||
0f113f3e MC |
430 | BIO_set_conn_hostname(conn, host); |
431 | ||
432 | if (scon == NULL) | |
7e1b7485 | 433 | serverCon = SSL_new(ctx); |
0f113f3e MC |
434 | else { |
435 | serverCon = scon; | |
436 | SSL_set_connect_state(serverCon); | |
437 | } | |
d02b48c6 | 438 | |
0f113f3e | 439 | SSL_set_bio(serverCon, conn, conn); |
d02b48c6 | 440 | |
0f113f3e MC |
441 | /* ok, lets connect */ |
442 | for (;;) { | |
443 | i = SSL_connect(serverCon); | |
444 | if (BIO_sock_should_retry(i)) { | |
445 | BIO_printf(bio_err, "DELAY\n"); | |
446 | ||
447 | i = SSL_get_fd(serverCon); | |
448 | width = i + 1; | |
449 | FD_ZERO(&readfds); | |
450 | openssl_fdset(i, &readfds); | |
451 | /* | |
452 | * Note: under VMS with SOCKETSHR the 2nd parameter is currently | |
453 | * of type (int *) whereas under other systems it is (void *) if | |
454 | * you don't have a cast it will choke the compiler: if you do | |
455 | * have a cast then you can either go for (int *) or (void *). | |
456 | */ | |
457 | select(width, (void *)&readfds, NULL, NULL, NULL); | |
458 | continue; | |
459 | } | |
460 | break; | |
461 | } | |
462 | if (i <= 0) { | |
463 | BIO_printf(bio_err, "ERROR\n"); | |
464 | if (verify_error != X509_V_OK) | |
465 | BIO_printf(bio_err, "verify error:%s\n", | |
466 | X509_verify_cert_error_string(verify_error)); | |
467 | else | |
468 | ERR_print_errors(bio_err); | |
469 | if (scon == NULL) | |
470 | SSL_free(serverCon); | |
471 | return NULL; | |
472 | } | |
d02b48c6 | 473 | |
0f113f3e MC |
474 | return serverCon; |
475 | } |