From fdf713a08b9e58b2264b9efc3f2aae74ffaba9f1 Mon Sep 17 00:00:00 2001 From: Azat Khuzhin Date: Tue, 24 Nov 2015 01:35:25 +0300 Subject: [PATCH] sample/https-client: allow to change path to ca-certificates And default to one that linux have, for freebsd you will need: $ https-client -url https://google.com -crt /usr/local/share/certs/ca-root-nss.crt --- sample/https-client.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/sample/https-client.c b/sample/https-client.c index cbe0b930..029cd19c 100644 --- a/sample/https-client.c +++ b/sample/https-client.c @@ -96,7 +96,7 @@ static void syntax(void) { fputs("Syntax:\n", stderr); - fputs(" https-client -url [-data data-file.bin] [-ignore-cert] [-retries num] [-timeout sec]\n", stderr); + fputs(" https-client -url [-data data-file.bin] [-ignore-cert] [-retries num] [-timeout sec] [-crt crt]\n", stderr); fputs("Example:\n", stderr); fputs(" https-client -url https://ip.appspot.com/\n", stderr); } @@ -189,6 +189,7 @@ main(int argc, char **argv) struct evhttp_uri *http_uri = NULL; const char *url = NULL, *data_file = NULL; + const char *crt = "/etc/ssl/certs/ca-certificates.crt"; const char *scheme, *host, *path, *query; char uri[256]; int port; @@ -215,6 +216,13 @@ main(int argc, char **argv) syntax(); goto error; } + } else if (!strcmp("-crt", argv[i])) { + if (i < argc - 1) { + crt = argv[i + 1]; + } else { + syntax(); + goto error; + } } else if (!strcmp("-ignore-cert", argv[i])) { ignore_cert = 1; } else if (!strcmp("-data", argv[i])) { @@ -328,9 +336,7 @@ main(int argc, char **argv) /* Attempt to use the system's trusted root certificates. * (This path is only valid for Debian-based systems.) */ - if (1 != SSL_CTX_load_verify_locations(ssl_ctx, - "/etc/ssl/certs/ca-certificates.crt", - NULL)) { + if (1 != SSL_CTX_load_verify_locations(ssl_ctx, crt, NULL)) { err_openssl("SSL_CTX_load_verify_locations"); goto error; } -- 2.50.1