diff options
author | nelsonb%netscape.com <devnull@localhost> | 2001-11-09 05:43:06 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2001-11-09 05:43:06 +0000 |
commit | 0534d28fe1976d39ea6329feba8c4eee88bb71fc (patch) | |
tree | 6eb717d744c0c5e0affa065b50daf2e00f65786d /security/nss/cmd/strsclnt/strsclnt.c | |
parent | e4bd2f0e9da8216ad98c302c6381c0d1e0665587 (diff) | |
download | nss-hg-0534d28fe1976d39ea6329feba8c4eee88bb71fc.tar.gz |
Add code to test new SSL_LocalCertificate() function on first connection,
or on every connection if -vv option is used. Bug 78959.
Also, the nickname "none" can now be used to prevent performing client
authentication without having to use an invalid password.
Diffstat (limited to 'security/nss/cmd/strsclnt/strsclnt.c')
-rw-r--r-- | security/nss/cmd/strsclnt/strsclnt.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index b2c33b25c..e14404619 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -247,19 +247,17 @@ myBadCertHandler( void *arg, PRFileDesc *fd) void printSecurityInfo(PRFileDesc *fd) { - CERTCertificate * cert; + CERTCertificate * cert = NULL; SSL3Statistics * ssl3stats = SSL_GetStatistics(); SECStatus result; SSLChannelInfo channel; SSLCipherSuiteInfo suite; -#ifndef DEBUG_nelsonb static int only_once; - if (only_once) + if (only_once && verbose < 2) return; only_once = 1; -#endif result = SSL_GetChannelInfo(fd, &channel, sizeof channel); if (result == SECSuccess && @@ -279,13 +277,16 @@ printSecurityInfo(PRFileDesc *fd) channel.keaKeyBits, suite.keaTypeName); } } -#if 0 - cert = SSL_RevealCert(fd); - if (cert) { + + cert = SSL_LocalCertificate(fd); + if (!cert) + cert = SSL_PeerCertificate(fd); + + if (verbose && cert) { char * ip = CERT_NameToAscii(&cert->issuer); char * sp = CERT_NameToAscii(&cert->subject); if (sp) { - fprintf(stderr, "strsclnt: ubject DN: %s\n", sp); + fprintf(stderr, "strsclnt: subject DN: %s\n", sp); PR_Free(sp); } if (ip) { @@ -295,7 +296,6 @@ printSecurityInfo(PRFileDesc *fd) CERT_DestroyCertificate(cert); cert = NULL; } -#endif fprintf(stderr, "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n", ssl3stats->hsh_sid_cache_hits, @@ -1071,7 +1071,7 @@ main(int argc, char **argv) } ssl3stats = SSL_GetStatistics(); - if (nickName) { + if (nickName && strcmp(nickName, "none")) { cert[kt_rsa] = PK11_FindCertFromNickname(nickName, passwd); if (cert[kt_rsa] == NULL) { |