-/* $OpenBSD: main.c,v 1.109 2016/07/13 16:35:47 jsing Exp $ */
+/* $OpenBSD: main.c,v 1.110 2016/08/13 12:55:21 jsing Exp $ */
/* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */
/*
};
struct tls_config *tls_config;
+
+static void
+process_ssl_options(char *cp)
+{
+ const char *errstr;
+ long long depth;
+ char *str;
+
+ while (*cp) {
+ switch (getsubopt(&cp, ssl_verify_opts, &str)) {
+ case SSL_CAFILE:
+ if (str == NULL)
+ errx(1, "missing CA file");
+ if (tls_config_set_ca_file(tls_config, str) != 0)
+ errx(1, "tls ca file failed: %s",
+ tls_config_error(tls_config));
+ break;
+ case SSL_CAPATH:
+ if (str == NULL)
+ errx(1, "missing CA directory path");
+ if (tls_config_set_ca_path(tls_config, str) != 0)
+ errx(1, "tls ca path failed: %s",
+ tls_config_error(tls_config));
+ break;
+ case SSL_CIPHERS:
+ if (str == NULL)
+ errx(1, "missing cipher list");
+ if (tls_config_set_ciphers(tls_config, str) != 0)
+ errx(1, "tls ciphers failed: %s",
+ tls_config_error(tls_config));
+ break;
+ case SSL_DONTVERIFY:
+ tls_config_insecure_noverifycert(tls_config);
+ tls_config_insecure_noverifyname(tls_config);
+ break;
+ case SSL_DOVERIFY:
+ tls_config_verify(tls_config);
+ break;
+ case SSL_VERIFYDEPTH:
+ if (str == NULL)
+ errx(1, "missing depth");
+ depth = strtonum(str, 0, INT_MAX, &errstr);
+ if (errstr)
+ errx(1, "certificate validation depth is %s",
+ errstr);
+ tls_config_set_verify_depth(tls_config, (int)depth);
+ break;
+ default:
+ errx(1, "unknown -S suboption `%s'",
+ suboptarg ? suboptarg : "");
+ /* NOTREACHED */
+ }
+ }
+}
#endif /* !SMALL */
int family = PF_UNSPEC;
char *outfile = NULL;
const char *errstr;
int dumb_terminal = 0;
-#ifndef SMALL
- long long depth;
-#endif
ftpport = "ftp";
httpport = "http";
errx(1, "tls config failed");
tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL);
if (tls_config_set_ciphers(tls_config, "all") != 0)
- errx(1, "tls set ciphers failed");
+ errx(1, "tls set ciphers failed: %s",
+ tls_config_error(tls_config));
}
#endif /* !SMALL */
case 'S':
#ifndef SMALL
- cp = optarg;
- while (*cp) {
- char *str;
- switch (getsubopt(&cp, ssl_verify_opts, &str)) {
- case SSL_CAFILE:
- if (str == NULL)
- errx(1, "missing CA file");
- if (tls_config_set_ca_file(
- tls_config, str) != 0)
- errx(1, "tls ca file failed");
- break;
- case SSL_CAPATH:
- if (str == NULL)
- errx(1, "missing CA directory"
- " path");
- if (tls_config_set_ca_path(
- tls_config, str) != 0)
- errx(1, "tls ca path failed");
- break;
- case SSL_CIPHERS:
- if (str == NULL)
- errx(1, "missing cipher list");
- if (tls_config_set_ciphers(
- tls_config, str) != 0)
- errx(1, "tls ciphers failed");
- break;
- case SSL_DONTVERIFY:
- tls_config_insecure_noverifycert(
- tls_config);
- tls_config_insecure_noverifyname(
- tls_config);
- break;
- case SSL_DOVERIFY:
- tls_config_verify(tls_config);
- break;
- case SSL_VERIFYDEPTH:
- if (str == NULL)
- errx(1, "missing depth");
- depth = strtonum(str, 0, INT_MAX,
- &errstr);
- if (errstr)
- errx(1, "certificate "
- "validation depth is %s",
- errstr);
- tls_config_set_verify_depth(
- tls_config, (int)depth);
- break;
- default:
- errx(1, "unknown -S suboption `%s'",
- suboptarg ? suboptarg : "");
- /* NOTREACHED */
- }
- }
-#endif
+ process_ssl_options(optarg);
+#endif /* !SMALL */
break;
case 's':
projects / openbsd / commitdiff