Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / d075706ea5fe39d37dad45ba53216a3bb33256aa / . / tool / client.cc
blob: 005afa858c443b5f6f268fcd8ec517a970561c62 [file] [log] [blame]
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <openssl/base.h>
16
David Benjamind28f59c2015-11-17 22:32:50 -0500[diff] [blame]17#include <stdio.h>
18
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]19#if !defined(OPENSSL_WINDOWS)
20#include <sys/select.h>
21#else
David Benjamin7c7ab212017-01-10 15:20:19 -0500[diff] [blame]22OPENSSL_MSVC_PRAGMA(warning(push, 3))
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]23#include <winsock2.h>
David Benjamin7c7ab212017-01-10 15:20:19 -0500[diff] [blame]24OPENSSL_MSVC_PRAGMA(warning(pop))
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]25#endif
26
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]27#include <openssl/err.h>
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]28#include <openssl/pem.h>
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]29#include <openssl/ssl.h>
30
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]31#include "../crypto/internal.h"
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]32#include "internal.h"
Dave Tapuskab8a824d2014-12-10 19:09:52 -0500[diff] [blame]33#include "transport_common.h"
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]34
35
36static const struct argument kArguments[] = {
37 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]38 "-connect", kRequiredArgument,
39 "The hostname and port of the server to connect to, e.g. foo.com:443",
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]40 },
41 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]42 "-cipher", kOptionalArgument,
43 "An OpenSSL-style cipher suite string that configures the offered "
44 "ciphers",
Adam Langley5f51c252014-10-28 15:45:39 -0700[diff] [blame]45 },
46 {
Piotr Sikorad0757062017-04-14 02:59:34 -0700[diff] [blame^]47 "-curves", kOptionalArgument,
48 "An OpenSSL-style ECDH curves list that configures the offered curves",
49 },
50 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]51 "-max-version", kOptionalArgument,
52 "The maximum acceptable protocol version",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]53 },
54 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]55 "-min-version", kOptionalArgument,
56 "The minimum acceptable protocol version",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]57 },
58 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]59 "-server-name", kOptionalArgument, "The server name to advertise",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]60 },
61 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]62 "-select-next-proto", kOptionalArgument,
63 "An NPN protocol to select if the server supports NPN",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]64 },
65 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]66 "-alpn-protos", kOptionalArgument,
67 "A comma-separated list of ALPN protocols to advertise",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]68 },
69 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]70 "-fallback-scsv", kBooleanArgument, "Enable FALLBACK_SCSV",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]71 },
72 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]73 "-ocsp-stapling", kBooleanArgument,
74 "Advertise support for OCSP stabling",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]75 },
76 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]77 "-signed-certificate-timestamps", kBooleanArgument,
78 "Advertise support for signed certificate timestamps",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]79 },
80 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]81 "-channel-id-key", kOptionalArgument,
82 "The key to use for signing a channel ID",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]83 },
84 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]85 "-false-start", kBooleanArgument, "Enable False Start",
David Benjamin621f95a2015-08-28 15:08:34 -0400[diff] [blame]86 },
David Benjamin1043ac02015-06-04 15:26:04 -0400[diff] [blame]87 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]88 "-session-in", kOptionalArgument,
89 "A file containing a session to resume.",
David Benjamin86e412d2015-12-02 19:34:58 -0500[diff] [blame]90 },
91 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]92 "-session-out", kOptionalArgument,
93 "A file to write the negotiated session to.",
Adam Langley403c52a2016-07-07 14:52:02 -0700[diff] [blame]94 },
95 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]96 "-key", kOptionalArgument,
David Benjamincb3af3e2017-04-09 09:52:47 -0400[diff] [blame]97 "PEM-encoded file containing the private key.",
98 },
99 {
100 "-cert", kOptionalArgument,
101 "PEM-encoded file containing the leaf certificate and optional "
102 "certificate chain. This is taken from the -key argument if this "
103 "argument is not provided.",
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]104 },
105 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]106 "-starttls", kOptionalArgument,
107 "A STARTTLS mini-protocol to run before the TLS handshake. Supported"
108 " values: 'smtp'",
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]109 },
110 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]111 "-grease", kBooleanArgument, "Enable GREASE",
112 },
113 {
114 "-test-resumption", kBooleanArgument,
115 "Connect to the server twice. The first connection is closed once a "
116 "session is established. The second connection offers it.",
117 },
118 {
119 "-root-certs", kOptionalArgument,
120 "A filename containing one of more PEM root certificates. Implies that "
121 "verification is required.",
Adam Langleye5dfb522017-02-03 10:31:00 -0800[diff] [blame]122 },
123 {
Steven Valdez2d850622017-01-11 11:34:52 -0500[diff] [blame]124 "-early-data", kBooleanArgument, "Allow early data",
125 },
126 {
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]127 "-ed25519", kBooleanArgument, "Advertise Ed25519 support",
128 },
129 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]130 "", kOptionalArgument, "",
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]131 },
132};
133
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]134static bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) {
135 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]136 if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
137 return nullptr;
138 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]139 bssl::UniquePtr<EVP_PKEY> pkey(PEM_read_bio_PrivateKey(bio.get(), nullptr,
140 nullptr, nullptr));
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]141 return pkey;
142}
143
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]144static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen,
145 const uint8_t* in, unsigned inlen, void* arg) {
146 *out = reinterpret_cast<uint8_t *>(arg);
147 *outlen = strlen(reinterpret_cast<const char *>(arg));
148 return SSL_TLSEXT_ERR_OK;
149}
150
David Benjamind28f59c2015-11-17 22:32:50 -0500[diff] [blame]151static FILE *g_keylog_file = nullptr;
152
153static void KeyLogCallback(const SSL *ssl, const char *line) {
154 fprintf(g_keylog_file, "%s\n", line);
155 fflush(g_keylog_file);
156}
157
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]158static bssl::UniquePtr<BIO> session_out;
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]159static bssl::UniquePtr<SSL_SESSION> resume_session;
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]160
161static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) {
162 if (session_out) {
163 if (!PEM_write_bio_SSL_SESSION(session_out.get(), session) ||
164 BIO_flush(session_out.get()) <= 0) {
165 fprintf(stderr, "Error while saving session:\n");
166 ERR_print_errors_cb(PrintErrorCallback, stderr);
167 return 0;
168 }
169 }
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]170 resume_session = bssl::UniquePtr<SSL_SESSION>(session);
171 return 1;
172}
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]173
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]174static bool WaitForSession(SSL *ssl, int sock) {
175 fd_set read_fds;
176 FD_ZERO(&read_fds);
177
178 if (!SocketSetNonBlocking(sock, true)) {
179 return false;
180 }
181
182 while (!resume_session) {
183 FD_SET(sock, &read_fds);
184 int ret = select(sock + 1, &read_fds, NULL, NULL, NULL);
185 if (ret <= 0) {
186 perror("select");
187 return false;
188 }
189
190 uint8_t buffer[512];
191 int ssl_ret = SSL_read(ssl, buffer, sizeof(buffer));
192
193 if (ssl_ret <= 0) {
194 int ssl_err = SSL_get_error(ssl, ssl_ret);
195 if (ssl_err == SSL_ERROR_WANT_READ) {
196 continue;
197 }
198 fprintf(stderr, "Error while reading: %d\n", ssl_err);
199 ERR_print_errors_cb(PrintErrorCallback, stderr);
200 return false;
201 }
202 }
203
204 return true;
205}
206
207static bool DoConnection(SSL_CTX *ctx,
208 std::map<std::string, std::string> args_map,
209 bool (*cb)(SSL *ssl, int sock)) {
210 int sock = -1;
211 if (!Connect(&sock, args_map["-connect"])) {
212 return false;
213 }
214
215 if (args_map.count("-starttls") != 0) {
216 const std::string& starttls = args_map["-starttls"];
217 if (starttls == "smtp") {
218 if (!DoSMTPStartTLS(sock)) {
219 return false;
220 }
221 } else {
222 fprintf(stderr, "Unknown value for -starttls: %s\n", starttls.c_str());
223 return false;
224 }
225 }
226
227 bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_CLOSE));
228 bssl::UniquePtr<SSL> ssl(SSL_new(ctx));
229
230 if (args_map.count("-server-name") != 0) {
231 SSL_set_tlsext_host_name(ssl.get(), args_map["-server-name"].c_str());
232 }
233
234 if (args_map.count("-session-in") != 0) {
235 bssl::UniquePtr<BIO> in(BIO_new_file(args_map["-session-in"].c_str(),
236 "rb"));
237 if (!in) {
238 fprintf(stderr, "Error reading session\n");
239 ERR_print_errors_cb(PrintErrorCallback, stderr);
240 return false;
241 }
242 bssl::UniquePtr<SSL_SESSION> session(PEM_read_bio_SSL_SESSION(in.get(),
243 nullptr, nullptr, nullptr));
244 if (!session) {
245 fprintf(stderr, "Error reading session\n");
246 ERR_print_errors_cb(PrintErrorCallback, stderr);
247 return false;
248 }
249 SSL_set_session(ssl.get(), session.get());
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]250 }
251
252 if (resume_session) {
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]253 SSL_set_session(ssl.get(), resume_session.get());
254 }
255
256 SSL_set_bio(ssl.get(), bio.get(), bio.get());
257 bio.release();
258
259 int ret = SSL_connect(ssl.get());
260 if (ret != 1) {
261 int ssl_err = SSL_get_error(ssl.get(), ret);
262 fprintf(stderr, "Error while connecting: %d\n", ssl_err);
263 ERR_print_errors_cb(PrintErrorCallback, stderr);
264 return false;
265 }
266
267 fprintf(stderr, "Connected.\n");
268 PrintConnectionInfo(ssl.get());
269
270 return cb(ssl.get(), sock);
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]271}
272
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]273bool Client(const std::vector<std::string> &args) {
Brian Smith33970e62015-01-27 22:32:08 -0800[diff] [blame]274 if (!InitSocketLibrary()) {
275 return false;
276 }
277
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]278 std::map<std::string, std::string> args_map;
279
280 if (!ParseKeyValueArguments(&args_map, args, kArguments)) {
281 PrintUsage(kArguments);
282 return false;
283 }
284
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]285 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_client_method()));
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]286
David Benjamin859ec3c2014-09-02 16:29:36 -0400[diff] [blame]287 const char *keylog_file = getenv("SSLKEYLOGFILE");
288 if (keylog_file) {
David Benjamind28f59c2015-11-17 22:32:50 -0500[diff] [blame]289 g_keylog_file = fopen(keylog_file, "a");
290 if (g_keylog_file == nullptr) {
291 perror("fopen");
David Benjamin859ec3c2014-09-02 16:29:36 -0400[diff] [blame]292 return false;
293 }
David Benjamind28f59c2015-11-17 22:32:50 -0500[diff] [blame]294 SSL_CTX_set_keylog_callback(ctx.get(), KeyLogCallback);
David Benjamin859ec3c2014-09-02 16:29:36 -0400[diff] [blame]295 }
296
Dave Tapuskab8a824d2014-12-10 19:09:52 -0500[diff] [blame]297 if (args_map.count("-cipher") != 0 &&
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]298 !SSL_CTX_set_strict_cipher_list(ctx.get(), args_map["-cipher"].c_str())) {
Dave Tapuskab8a824d2014-12-10 19:09:52 -0500[diff] [blame]299 fprintf(stderr, "Failed setting cipher list\n");
300 return false;
Adam Langley5f51c252014-10-28 15:45:39 -0700[diff] [blame]301 }
302
Piotr Sikorad0757062017-04-14 02:59:34 -0700[diff] [blame^]303 if (args_map.count("-curves") != 0 &&
304 !SSL_CTX_set1_curves_list(ctx.get(), args_map["-curves"].c_str())) {
305 fprintf(stderr, "Failed setting curves list\n");
306 return false;
307 }
308
Adam Langley040bc492017-02-09 15:30:52 -0800[diff] [blame]309 uint16_t max_version = TLS1_3_VERSION;
310 if (args_map.count("-max-version") != 0 &&
311 !VersionFromString(&max_version, args_map["-max-version"])) {
312 fprintf(stderr, "Unknown protocol version: '%s'\n",
313 args_map["-max-version"].c_str());
314 return false;
315 }
316
317 if (!SSL_CTX_set_max_proto_version(ctx.get(), max_version)) {
318 return false;
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]319 }
320
321 if (args_map.count("-min-version") != 0) {
322 uint16_t version;
323 if (!VersionFromString(&version, args_map["-min-version"])) {
324 fprintf(stderr, "Unknown protocol version: '%s'\n",
325 args_map["-min-version"].c_str());
326 return false;
327 }
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]328 if (!SSL_CTX_set_min_proto_version(ctx.get(), version)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]329 return false;
330 }
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]331 }
332
333 if (args_map.count("-select-next-proto") != 0) {
334 const std::string &proto = args_map["-select-next-proto"];
335 if (proto.size() > 255) {
336 fprintf(stderr, "Bad NPN protocol: '%s'\n", proto.c_str());
337 return false;
338 }
339 // |SSL_CTX_set_next_proto_select_cb| is not const-correct.
340 SSL_CTX_set_next_proto_select_cb(ctx.get(), NextProtoSelectCallback,
341 const_cast<char *>(proto.c_str()));
342 }
343
344 if (args_map.count("-alpn-protos") != 0) {
345 const std::string &alpn_protos = args_map["-alpn-protos"];
346 std::vector<uint8_t> wire;
347 size_t i = 0;
348 while (i <= alpn_protos.size()) {
349 size_t j = alpn_protos.find(',', i);
350 if (j == std::string::npos) {
351 j = alpn_protos.size();
352 }
353 size_t len = j - i;
354 if (len > 255) {
355 fprintf(stderr, "Invalid ALPN protocols: '%s'\n", alpn_protos.c_str());
356 return false;
357 }
358 wire.push_back(static_cast<uint8_t>(len));
359 wire.resize(wire.size() + len);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]360 OPENSSL_memcpy(wire.data() + wire.size() - len, alpn_protos.data() + i,
361 len);
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]362 i = j + 1;
363 }
364 if (SSL_CTX_set_alpn_protos(ctx.get(), wire.data(), wire.size()) != 0) {
365 return false;
366 }
367 }
368
369 if (args_map.count("-fallback-scsv") != 0) {
370 SSL_CTX_set_mode(ctx.get(), SSL_MODE_SEND_FALLBACK_SCSV);
371 }
372
373 if (args_map.count("-ocsp-stapling") != 0) {
374 SSL_CTX_enable_ocsp_stapling(ctx.get());
375 }
376
377 if (args_map.count("-signed-certificate-timestamps") != 0) {
378 SSL_CTX_enable_signed_cert_timestamps(ctx.get());
379 }
380
381 if (args_map.count("-channel-id-key") != 0) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]382 bssl::UniquePtr<EVP_PKEY> pkey =
383 LoadPrivateKey(args_map["-channel-id-key"]);
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]384 if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx.get(), pkey.get())) {
385 return false;
386 }
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]387 }
388
David Benjamin1043ac02015-06-04 15:26:04 -0400[diff] [blame]389 if (args_map.count("-false-start") != 0) {
390 SSL_CTX_set_mode(ctx.get(), SSL_MODE_ENABLE_FALSE_START);
391 }
392
David Benjamin86e412d2015-12-02 19:34:58 -0500[diff] [blame]393 if (args_map.count("-key") != 0) {
394 const std::string &key = args_map["-key"];
David Benjamincb3af3e2017-04-09 09:52:47 -0400[diff] [blame]395 if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(),
396 SSL_FILETYPE_PEM)) {
David Benjamin86e412d2015-12-02 19:34:58 -0500[diff] [blame]397 fprintf(stderr, "Failed to load private key: %s\n", key.c_str());
398 return false;
399 }
David Benjamincb3af3e2017-04-09 09:52:47 -0400[diff] [blame]400 const std::string &cert =
401 args_map.count("-cert") != 0 ? args_map["-cert"] : key;
402 if (!SSL_CTX_use_certificate_chain_file(ctx.get(), cert.c_str())) {
403 fprintf(stderr, "Failed to load cert chain: %s\n", cert.c_str());
David Benjamin86e412d2015-12-02 19:34:58 -0500[diff] [blame]404 return false;
405 }
406 }
407
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]408 SSL_CTX_set_session_cache_mode(ctx.get(), SSL_SESS_CACHE_CLIENT);
409 SSL_CTX_sess_set_new_cb(ctx.get(), NewSessionCallback);
410
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]411 if (args_map.count("-session-out") != 0) {
412 session_out.reset(BIO_new_file(args_map["-session-out"].c_str(), "wb"));
413 if (!session_out) {
David Benjamin70728842016-09-06 18:18:52 -0400[diff] [blame]414 fprintf(stderr, "Error while opening %s:\n",
415 args_map["-session-out"].c_str());
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]416 ERR_print_errors_cb(PrintErrorCallback, stderr);
417 return false;
418 }
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]419 }
420
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]421 if (args_map.count("-grease") != 0) {
422 SSL_CTX_set_grease_enabled(ctx.get(), 1);
423 }
424
Adam Langleye5dfb522017-02-03 10:31:00 -0800[diff] [blame]425 if (args_map.count("-root-certs") != 0) {
426 if (!SSL_CTX_load_verify_locations(
427 ctx.get(), args_map["-root-certs"].c_str(), nullptr)) {
428 fprintf(stderr, "Failed to load root certificates.\n");
429 ERR_print_errors_cb(PrintErrorCallback, stderr);
430 return false;
431 }
432 SSL_CTX_set_verify(ctx.get(), SSL_VERIFY_PEER, nullptr);
433 }
434
Steven Valdez2d850622017-01-11 11:34:52 -0500[diff] [blame]435 if (args_map.count("-early-data") != 0) {
436 SSL_CTX_set_early_data_enabled(ctx.get(), 1);
437 }
438
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]439 if (args_map.count("-ed25519") != 0) {
440 SSL_CTX_set_ed25519_enabled(ctx.get(), 1);
441 }
442
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]443 if (args_map.count("-test-resumption") != 0) {
444 if (args_map.count("-session-in") != 0) {
445 fprintf(stderr,
446 "Flags -session-in and -test-resumption are incompatible.\n");
447 return false;
448 }
449
450 if (!DoConnection(ctx.get(), args_map, &WaitForSession)) {
451 return false;
452 }
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]453 }
454
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]455 return DoConnection(ctx.get(), args_map, &TransferData);
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]456}