Mirrors/proxytunnel
1
0
Fork 0
mirror of https://github.com/proxytunnel/proxytunnel.git synced 2026-01-23 02:34:59 +00:00
Code Issues Projects Releases Wiki Activity

Add an option to provide a CA cert for server certificate verification

Browse source 
Enable this option with -C/--cacert
This commit is contained in:
Stephen Kent 2016-08-18 10:26:41 -07:00
parent 5a7692f28f
commit 655845108c
4 changed files with 41 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

18
cmdline.c
View file

@ -66,6 +66,7 @@ void cmdline_parser_print_help (void) {
"Additional options for specific features:\n"
#ifdef USE_SSL
" -z, --no-check-certficate Don't verify server SSL certificate\n"
" -C, --cacert=STRING Path to trusted CA certificate or directory\n"
#endif
" -F, --passfile=STRING File with credentials for proxy authentication\n"
" -P, --proxyauth=STRING Proxy auth credentials user:pass combination\n"
@ -140,6 +141,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
args_info->proctitle_given = 0;
args_info->enforcetls1_given = 0;
args_info->host_given = 0;
args_info->cacert_given = 0;
/* No... we can't make this a function... -- Maniac */
#define clear_args() \
@ -169,6 +171,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
args_info->enforcetls1_flag = 0; \
args_info->host_arg = NULL; \
args_info->no_check_cert_flag = 0; \
args_info->cacert_arg = NULL; \
}
clear_args();
@ -214,12 +217,13 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
{ "encrypt-remproxy",0,NULL, 'X' },
{ "no-ssl3", 0, NULL, 'T' },
{ "no-check-certificate",0,NULL,'z' },
{ "cacert", 1, NULL, 'C' },
{ NULL, 0, NULL, 0 }
};
c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqLo:Tz", long_options, &option_index);
c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqLo:TzC:", long_options, &option_index);
#else
c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqLo:Tz" );
c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqLo:TzC:" );
#endif
if (c == -1)
@ -442,6 +446,16 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
message("Server SSL certificate verification disabled\n");
break;
case 'C': /* Trusted CA certificate (or directory) for server SSL certificate verification */
if (args_info->cacert_given) {
fprintf (stderr, "%s: `--cacert' (`-C') option given more than once\n", PACKAGE);
clear_args ();
exit(1);
}
args_info->cacert_given = 1;
args_info->cacert_arg = gengetopt_strdup (optarg);
break;
case 0: /* Long option with no short option */
case '?': /* Invalid option. */