ZOOM now allows inspection of X509 peer certificate for verification.

[yaz-moved-to-github.git] / client / client.c
diff --git a/client/client.c b/client/client.c

index b6e3616..b113f78 100644 (file)
--- a/client/client.c
+++ b/client/client.c
@@ -2,7 +2,7 @@
   * Copyright (c) 1995-2004, Index Data
   * See the file LICENSE for details.
   *
- * $Id: client.c,v 1.235 2004-03-10 19:42:45 adam Exp $
+ * $Id: client.c,v 1.241 2004-04-28 22:44:58 adam Exp $
   */
  
  #include <stdio.h>
@@ -16,6 +16,15 @@
  #include <langinfo.h>
  #endif
  
+#if HAVE_OPENSSL_SSL_H
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#endif
+
  #include <time.h>
  #include <ctype.h>
  
@@ -308,15 +317,15 @@ static void send_initRequest(const char* type_and_host)
         yaz_oi_APDU(apdu, &p);
         
         if ((p0=yaz_oi_update(p, out, NULL, 0, 0))) {
-               ODR_MASK_SET(req->options, Z_Options_negotiationModel);
-               
-               p0->which = Z_OtherInfo_externallyDefinedInfo;
-               p0->information.externallyDefinedInfo =
-                       yaz_set_proposal_charneg(
-                            out,
-                            (const char**)&negotiationCharset, 
-                            negotiationCharset ? 1 : 0,
-                            (const char**)&yazLang, yazLang ? 1 : 0, 1);
+           ODR_MASK_SET(req->options, Z_Options_negotiationModel);
+           
+           p0->which = Z_OtherInfo_externallyDefinedInfo;
+           p0->information.externallyDefinedInfo =
+               yaz_set_proposal_charneg(
+                   out,
+                   (const char**)&negotiationCharset, 
+                   negotiationCharset ? 1 : 0,
+                   (const char**)&yazLang, yazLang ? 1 : 0, 1);
         }
      }
      
@@ -529,6 +538,9 @@ int session_connect(const char *arg)
      void *add;
      char type_and_host[101];
      const char *basep = 0;
+#if HAVE_OPENSSL_SSL_H
+    SSL *ssl;
+#endif
      if (conn)
      {
          cs_close (conn);
@@ -586,6 +598,30 @@ int session_connect(const char *arg)
          return 0;
      }
      printf("OK.\n");
+#if HAVE_OPENSSL_SSL_H
+    if ((ssl = (SSL *) cs_get_ssl(conn)))
+    {
+       X509 *server_cert = SSL_get_peer_certificate (ssl);
+
+       if (server_cert)
+       {
+           char *pem_buf;
+           int pem_len;
+           BIO *bio = BIO_new(BIO_s_mem());
+
+           /* get PEM buffer in memory */
+           PEM_write_bio_X509(bio, server_cert);
+           pem_len = BIO_get_mem_data(bio, &pem_buf);
+           fwrite(pem_buf, pem_len, 1, stdout);
+       
+           /* print all info on screen .. */
+           X509_print_fp(stdout, server_cert);
+           BIO_free(bio);
+
+           X509_free (server_cert);
+       }
+    }
+#endif
      if (basep && *basep)
          set_base (basep);
      if (protocol == PROTO_Z3950)
@@ -741,16 +777,16 @@ static void display_record(Z_External *r)
              }
          }
      }
-    if (ent && ent->oclass != CLASS_RECSYN) 
-        return;
      if (ent && ent->value == VAL_SOIF)
          print_record((const unsigned char *) r->u.octet_aligned->buf,
                       r->u.octet_aligned->len);
      else if (r->which == Z_External_octet)
      {
          const char *octet_buf = (char*)r->u.octet_aligned->buf;
-        if (ent->value == VAL_TEXT_XML || ent->value == VAL_APPLICATION_XML ||
-            ent->value == VAL_HTML)
+        if (ent->oclass == CLASS_RECSYN && 
+               (ent->value == VAL_TEXT_XML || 
+                ent->value == VAL_APPLICATION_XML ||
+                ent->value == VAL_HTML))
          {
              print_record((const unsigned char *) octet_buf,
                           r->u.octet_aligned->len);