From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 31 Oct 2011 14:56:48 +0000 (+0000)
Subject: debug printout certificate of ssl dns server.
X-Git-Tag: release-1.4.14rc1~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03c34b695f77e47c8222a65a5a9ae76d573e27aa;p=thirdparty%2Funbound.git

debug printout certificate of ssl dns server.


git-svn-id: file:///svn/unbound/trunk@2531 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c
index e32e578c3..89dab8b57 100644
--- a/testcode/streamtcp.c
+++ b/testcode/streamtcp.c
@@ -52,6 +52,7 @@
 #include "util/data/msgparse.h"
 #include "util/data/msgreply.h"
 #include "util/data/dname.h"
+#include <openssl/err.h>
 
 #ifndef PF_INET6
 /** define in case streamtcp is compiled on legacy systems */
@@ -281,6 +282,26 @@ send_em(const char* svr, int udp, int usessl, int noanswer, int num, char** qs)
 		if(!ctx) fatal_exit("cannot create ssl ctx");
 		ssl = outgoing_ssl_fd(ctx, fd);
 		if(!ssl) fatal_exit("cannot create ssl");
+		while(1) {
+			int r;
+			ERR_clear_error();
+			if( (r=SSL_do_handshake(ssl)) == 1)
+				break;
+			r = SSL_get_error(ssl, r);
+			if(r != SSL_ERROR_WANT_READ &&
+				r != SSL_ERROR_WANT_WRITE) {
+				log_crypto_err("could not ssl_handshake");
+				exit(1);
+			}
+		}
+		if(1) {
+			X509* x = SSL_get_peer_certificate(ssl);
+			if(!x) printf("SSL: no peer certificate\n");
+			else {
+				X509_print_fp(stdout, x);
+				X509_free(x);
+			}
+		}
 	}
 	for(i=0; i<num; i+=3) {
 		printf("\nNext query is %s %s %s\n", qs[i], qs[i+1], qs[i+2]);