mirror of https://github.com/omar-polo/gmid.git
add ocs stapling checking for gg
This commit is contained in:
parent
ebf3373d66
commit
ea47a245aa
|
@ -20,7 +20,7 @@
|
|||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Bk -words
|
||||
.Op Fl 23bchNVv
|
||||
.Op Fl 23bchNOVv
|
||||
.Op Fl C Pa cert.pem Fl K Pa key.pem
|
||||
.Op Fl H Ar hostname
|
||||
.Op Fl T Ar timeout
|
||||
|
@ -55,6 +55,9 @@ Load the client certificate key, must be in PEM format.
|
|||
.It Fl N
|
||||
Don't check whether the peer certificate name matches the requested
|
||||
hostname.
|
||||
.It Fl O
|
||||
Require that a valid stapled OCSP response be provided during the TLS
|
||||
handshake.
|
||||
.It Fl T Ar timeout
|
||||
Kill
|
||||
.Nm
|
||||
|
|
10
regress/gg.c
10
regress/gg.c
|
@ -18,7 +18,7 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
int flag2, flag3, bflag, cflag, hflag, Nflag, Vflag, vflag;
|
||||
int flag2, flag3, bflag, cflag, hflag, Nflag, Oflag, Vflag, vflag;
|
||||
const char *cert, *key;
|
||||
|
||||
static void
|
||||
|
@ -42,7 +42,7 @@ main(int argc, char **argv)
|
|||
ssize_t len;
|
||||
|
||||
hostname = NULL;
|
||||
while ((ch = getopt(argc, argv, "23C:cbH:hK:NT:Vv")) != -1) {
|
||||
while ((ch = getopt(argc, argv, "23C:cbH:hK:NOT:Vv")) != -1) {
|
||||
switch (ch) {
|
||||
case '2':
|
||||
flag2 = 1;
|
||||
|
@ -71,6 +71,9 @@ main(int argc, char **argv)
|
|||
case 'N':
|
||||
Nflag = 1;
|
||||
break;
|
||||
case 'O':
|
||||
Oflag = 1;
|
||||
break;
|
||||
case 'T':
|
||||
timer = strtonum(optarg, 1, 1000, &errstr);
|
||||
if (errstr != NULL)
|
||||
|
@ -125,6 +128,9 @@ main(int argc, char **argv)
|
|||
if (Nflag)
|
||||
tls_config_insecure_noverifyname(conf);
|
||||
|
||||
if (Oflag)
|
||||
tls_config_ocsp_require_stapling(conf);
|
||||
|
||||
if (flag2 && tls_config_set_protocols(conf, TLS_PROTOCOL_TLSv1_2) == -1)
|
||||
errx(1, "cannot set TLSv1.2");
|
||||
if (flag3 && tls_config_set_protocols(conf, TLS_PROTOCOL_TLSv1_3) == -1)
|
||||
|
|
Loading…
Reference in New Issue