Modify 'bssl client' to print the cert subject and issuer
This is the one piece of functionality I miss from the openssl tool -
the ability to see some basic information about the server cert.
Sample output:
==========
$ bssl client -connect www.google.com
Connecting to [2607:f8b0:4006:80d::1010]:443
Connected.
Version: TLSv1.2
Resumed session: no
Cipher: ECDHE-RSA-AES128-GCM-SHA256
ECDHE curve: P-256
Secure renegotiation: yes
Next protocol negotiated:
ALPN protocol:
Cert subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
Cert issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2
==========
Change-Id: I758682784752a616628138e420f52586d5a1bb31
Reviewed-on: https://boringssl-review.googlesource.com/7620
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/tool/transport_common.cc b/tool/transport_common.cc
index 7fa1a64..9115214 100644
--- a/tool/transport_common.cc
+++ b/tool/transport_common.cc
@@ -44,6 +44,7 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
+#include <openssl/x509.h>
#include "internal.h"
#include "transport_common.h"
@@ -191,6 +192,19 @@
unsigned alpn_len;
SSL_get0_alpn_selected(ssl, &alpn, &alpn_len);
fprintf(stderr, " ALPN protocol: %.*s\n", alpn_len, alpn);
+
+ // Print the server cert subject and issuer names.
+ X509 *peer = SSL_get_peer_certificate(ssl);
+ if (peer != NULL) {
+ fprintf(stderr, " Cert subject: ");
+ X509_NAME_print_ex_fp(stderr, X509_get_subject_name(peer), 0,
+ XN_FLAG_ONELINE);
+ fprintf(stderr, "\n Cert issuer: ");
+ X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(peer), 0,
+ XN_FLAG_ONELINE);
+ fprintf(stderr, "\n");
+ X509_free(peer);
+ }
}
bool SocketSetNonBlocking(int sock, bool is_non_blocking) {
