[openssl-dev] s_client, s_server "-verify_host"
Guy
gmane.bl4 at gishpuppy.com
Thu Apr 16 17:45:44 UTC 2015
verify_host should be verify_hostname?
$ openssl version
OpenSSL 1.0.2a-fips 19 Mar 2015
$ openssl s_client -showcerts -verify_host HOST -connect HOST:PORT
unknown option -verify_host
usage: s_client args
-host host - use -connect instead
-port port - use -connect instead
-connect host:port - who to connect to (default is localhost:4433)
-verify_host host - check peer certificate matches "host"
[...]
$ grep -nC3 verify_host apps\apps.c
2320- at_time = (time_t)timestamp;
2321- }
2322- (*pargs)++;
2323: } else if (strcmp(arg, "-verify_hostname") == 0) {
2324- if (!argn)
2325- *badarg = 1;
2326- hostname = argn;
$
---
diff U3 a/apps/s_client.c b/apps/s_client.c
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -308,7 +308,7 @@
" -connect host:port - who to connect to (default is %s:%s)\n",
SSL_HOST_NAME, PORT_STR);
BIO_printf(bio_err,
- " -verify_host host - check peer certificate matches \"host\"\n");
+ " -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
diff U3 a/apps/s_server.c b/apps/s_server.c
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -480,7 +480,7 @@
BIO_printf(bio_err,
" -accept arg - port to accept on (default is %d)\n", PORT);
BIO_printf(bio_err,
- " -verify_host host - check peer certificate matches \"host\"\n");
+ " -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
---
More information about the openssl-dev
mailing list