ZOOM now allows inspection of X509 peer certificate for verification.

[yaz-moved-to-github.git] / client / client.c

diff --git a/client/client.c b/client/client.c
index d0f9ad5..b113f78 100644 (file)
--- a/client/client.c
+++ b/client/client.c
@@ -2,7 +2,7 @@
  * Copyright (c) 1995-2004, Index Data
  * See the file LICENSE for details.
  *
- * $Id: client.c,v 1.238 2004-04-07 13:51:50 adam Exp $
+ * $Id: client.c,v 1.241 2004-04-28 22:44:58 adam Exp $
  */
 
 #include <stdio.h>
@@ -16,6 +16,15 @@
 #include <langinfo.h>
 #endif
 
+#if HAVE_OPENSSL_SSL_H
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#endif
+
 #include <time.h>
 #include <ctype.h>
 
@@ -529,6 +538,9 @@ int session_connect(const char *arg)
     void *add;
     char type_and_host[101];
     const char *basep = 0;
+#if HAVE_OPENSSL_SSL_H
+    SSL *ssl;
+#endif
     if (conn)
     {
         cs_close (conn);
@@ -586,6 +598,30 @@ int session_connect(const char *arg)
         return 0;
     }
     printf("OK.\n");
+#if HAVE_OPENSSL_SSL_H
+    if ((ssl = (SSL *) cs_get_ssl(conn)))
+    {
+       X509 *server_cert = SSL_get_peer_certificate (ssl);
+
+       if (server_cert)
+       {
+           char *pem_buf;
+           int pem_len;
+           BIO *bio = BIO_new(BIO_s_mem());
+
+           /* get PEM buffer in memory */
+           PEM_write_bio_X509(bio, server_cert);
+           pem_len = BIO_get_mem_data(bio, &pem_buf);
+           fwrite(pem_buf, pem_len, 1, stdout);
+       
+           /* print all info on screen .. */
+           X509_print_fp(stdout, server_cert);
+           BIO_free(bio);
+
+           X509_free (server_cert);
+       }
+    }
+#endif
     if (basep && *basep)
         set_base (basep);
     if (protocol == PROTO_Z3950)