debug printout certificate of ssl dns server.

git-svn-id: file:///svn/unbound/trunk@2531 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c
index e32e578c3b80294a809d06d45b87d7efe7869289..89dab8b579340c85a47b9a61e5e8771cb8e1fbbb 100644 (file)
--- a/testcode/streamtcp.c
+++ b/testcode/streamtcp.c
@@ -52,6 +52,7 @@
 #include "util/data/msgparse.h"
 #include "util/data/msgreply.h"
 #include "util/data/dname.h"
+#include <openssl/err.h>
 
 #ifndef PF_INET6
 /** define in case streamtcp is compiled on legacy systems */
@@ -281,6 +282,26 @@ send_em(const char* svr, int udp, int usessl, int noanswer, int num, char** qs)
                if(!ctx) fatal_exit("cannot create ssl ctx");
                ssl = outgoing_ssl_fd(ctx, fd);
                if(!ssl) fatal_exit("cannot create ssl");
+               while(1) {
+                       int r;
+                       ERR_clear_error();
+                       if( (r=SSL_do_handshake(ssl)) == 1)
+                               break;
+                       r = SSL_get_error(ssl, r);
+                       if(r != SSL_ERROR_WANT_READ &&
+                               r != SSL_ERROR_WANT_WRITE) {
+                               log_crypto_err("could not ssl_handshake");
+                               exit(1);
+                       }
+               }
+               if(1) {
+                       X509* x = SSL_get_peer_certificate(ssl);
+                       if(!x) printf("SSL: no peer certificate\n");
+                       else {
+                               X509_print_fp(stdout, x);
+                               X509_free(x);
+                       }
+               }
        }
        for(i=0; i<num; i+=3) {
                printf("\nNext query is %s %s %s\n", qs[i], qs[i+1], qs[i+2]);