diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-04-26 14:57:47 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-04-26 14:57:47 +0200 |
| commit | 10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43 (patch) | |
| tree | bf1d05a2e37dbd1911b86fcc026fbe49b0239c71 /scripts/tls_test.c | |
| parent | 7585facf05d927eb6df3929ce09ed5e60d905437 (diff) | |
| download | vyos-strongswan-10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43.tar.gz vyos-strongswan-10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43.zip | |
Imported Upstream version 5.0.3
Diffstat (limited to 'scripts/tls_test.c')
| -rw-r--r-- | scripts/tls_test.c | 59 |
1 files changed, 52 insertions, 7 deletions
diff --git a/scripts/tls_test.c b/scripts/tls_test.c index d0d259e60..332f13d89 100644 --- a/scripts/tls_test.c +++ b/scripts/tls_test.c @@ -33,15 +33,59 @@ static void usage(FILE *out, char *cmd) { fprintf(out, "usage:\n"); - fprintf(out, " %s --connect <address> --port <port> [--cert <file>]+ [--times <n>]\n", cmd); + fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>]+ [--times <n>]\n", cmd); fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ [--times <n>]\n", cmd); } /** + * Check, as client, if we have a client certificate with private key + */ +static identification_t *find_client_id() +{ + identification_t *client = NULL, *keyid; + enumerator_t *enumerator; + certificate_t *cert; + public_key_t *pubkey; + private_key_t *privkey; + chunk_t chunk; + + enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, + CERT_X509, KEY_ANY, NULL, FALSE); + while (enumerator->enumerate(enumerator, &cert)) + { + pubkey = cert->get_public_key(cert); + if (pubkey) + { + if (pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &chunk)) + { + keyid = identification_create_from_encoding(ID_KEY_ID, chunk); + privkey = lib->credmgr->get_private(lib->credmgr, + pubkey->get_type(pubkey), keyid, NULL); + keyid->destroy(keyid); + if (privkey) + { + client = cert->get_subject(cert); + client = client->clone(client); + privkey->destroy(privkey); + } + } + pubkey->destroy(pubkey); + } + if (client) + { + break; + } + } + enumerator->destroy(enumerator); + + return client; +} + +/** * Client routine */ -static int client(host_t *host, identification_t *server, - int times, tls_cache_t *cache) +static int run_client(host_t *host, identification_t *server, + identification_t *client, int times, tls_cache_t *cache) { tls_socket_t *tls; int fd, res; @@ -61,7 +105,7 @@ static int client(host_t *host, identification_t *server, close(fd); return 1; } - tls = tls_socket_create(FALSE, server, NULL, fd, cache); + tls = tls_socket_create(FALSE, server, client, fd, cache); if (!tls) { close(fd); @@ -224,7 +268,7 @@ int main(int argc, char *argv[]) char *address = NULL; bool listen = FALSE; int port = 0, times = -1, res; - identification_t *server; + identification_t *server, *client; tls_cache_t *cache; host_t *host; @@ -307,11 +351,12 @@ int main(int argc, char *argv[]) } else { - res = client(host, server, times, cache); + client = find_client_id(); + res = run_client(host, server, client, times, cache); + DESTROY_IF(client); } cache->destroy(cache); host->destroy(host); server->destroy(server); return res; } - |