From 1014e64141f1bcc3b40f545a45a3bcb90f153e01 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Wed, 15 May 2024 07:18:58 -0400
Subject: [PATCH] Add some toggles to tls_client

These can be useful for testing purposes
---
 src/cli/tls_client.cpp | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index 4ee11c83def..3524a74534f 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -64,19 +64,25 @@ class Callbacks : public Botan::TLS::Callbacks {
 
          auto ocsp_timeout = std::chrono::milliseconds(1000);
 
+         const std::string checked_name = flag_set("skip-hostname-check") ? "" : std::string(hostname);
+
          Botan::Path_Validation_Result result = Botan::x509_path_validate(
-            cert_chain, restrictions, trusted_roots, hostname, usage, tls_current_timestamp(), ocsp_timeout, ocsp);
+            cert_chain, restrictions, trusted_roots, checked_name, usage, tls_current_timestamp(), ocsp_timeout, ocsp);
 
-         output() << "Certificate validation status: " << result.result_string() << "\n";
          if(result.successful_validation()) {
+            output() << "Certificate validation status: " << result.result_string() << "\n";
             auto status = result.all_statuses();
 
             if(!status.empty() && status[0].contains(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)) {
                output() << "Valid OCSP response for this server\n";
             }
          } else {
-            throw Botan::TLS::TLS_Exception(Botan::TLS::Alert::BadCertificate,
-                                            "Certificate validation failure: " + result.result_string());
+            if(flag_set("ignore-cert-error")) {
+               output() << "Certificate validation status: " << result.result_string() << "\n";
+            } else {
+               throw Botan::TLS::TLS_Exception(Botan::TLS::Alert::BadCertificate,
+                                               "Certificate validation failure: " + result.result_string());
+            }
          }
       }
 
@@ -164,6 +170,7 @@ class TLS_Client final : public Command {
             Command(
                "tls_client host --port=443 --print-certs --policy=default "
                "--skip-system-cert-store --trusted-cas= --trusted-pubkey-sha256= "
+               "--skip-hostname-check --ignore-cert-error "
                "--tls-version=default --session-db= --session-db-pass= "
                "--next-protocols= --type=tcp --client-cert= --client-cert-key= "
                "--psk= --psk-identity= --psk-prf=SHA-256 --debug") {