The attached patch allows swaks to use a custom cert + key (provided as PEM encoded files) for SSL Context. This allows testing of authorization schemes depending on the client certificate being presented.
Andreas: Being that swaks seems to be stable since a long time, could you consider adding this patch to the Debian package? Best regards. -lem
This patch adds support for specifying custom certificates and keys for TLS negotiation, which is helpful for testing setups that employ this as an authentication mechanism. This patch is subject to the same licensing terms as swaks itself. © 2009, Itverx, C.A. - Luis E. Muñoz, All Rights Reserved. Index: swaks/swaks =================================================================== --- swaks.orig/swaks 2009-12-01 13:41:52.302849926 -0430 +++ swaks/swaks 2009-12-01 14:21:12.507848671 -0430 @@ -4,13 +4,17 @@ # if you want to be notified about future releases of this program, # please send an email to [email protected] +# This program was modified by [email protected] to add support for +# custom certificate / key pairs for testing. + use strict; my($p_name) = $0 =~ m|/?([^/]+)$|; -my $p_version = "20061116.0"; +my $p_version = "20061116.0+itverx-tls"; my $p_usage = "Usage: $p_name [--help|--version] (see --help for details)"; my $p_cp = <<EOM; Copyright (c) 2003-2006 John Jetmore <[email protected]> + This versions contain changes made by <[email protected]> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -68,6 +72,8 @@ 'tls' => \$O{tls}, # use TLS 'tlso|tls-optional' => \$O{tls_optional}, # use tls if available 'tlsc|tls-on-connect' => \$O{tls_on_connect}, # use tls if available + 'tlscert=s' => \$O{tlscert}, # TLS certificate to use + 'tlskey=s' => \$O{tlskey}, # TLS key to use 'S|silent+' => \$O{silent}, # suppress output to varying degrees 'nsf|no-strip-from' => \$O{no_strip_from}, # Don't strip From_ line from DATA 'nth|no-hints' => \$O{no_hints}, # Don't show transaction hints @@ -334,6 +340,23 @@ Net::SSLeay::randomize(); $t{con} = Net::SSLeay::CTX_new() || return(0); Net::SSLeay::CTX_set_options($t{con}, &Net::SSLeay::OP_ALL); # error check + + # We need to specify a certificate and key if asked to do so. + + if ($O{tlscert}) + { + ptrans(11, "Trying to use SSL cert $O{tlscert}"); + Net::SSLeay::CTX_use_certificate_file($t{con}, $O{tlscert}, + &Net::SSLeay::FILETYPE_PEM); + } + + if ($O{tlskey}) + { + ptrans(11, "Trying to use SSL key $O{tlskey}"); + Net::SSLeay::CTX_use_PrivateKey_file($t{con}, $O{tlskey}, + &Net::SSLeay::FILETYPE_PEM); + } + $t{ssl} = Net::SSLeay::new($t{con}) || return(0); if ($G::link{type} eq 'pipe') { Net::SSLeay::set_wfd($t{ssl}, fileno($G::link{sock}{wr})); # error check? @@ -1767,6 +1790,10 @@ Initiate a TLS connection immediately on connection. Use to test smtps/ssmtp servers. If this options is specified, the default port changes from 25 to 465, though this can still be overridden with the -p option. +=item --tlscert, --tlskey + +Specify the filename of the certificate and key files to use. + =item -a, --auth Require authentication. If Authentication fails or is unavailable, stop transaction. -a can take an argument specifying which type(s) of authentication to try. If multiple, comma-delimited arguments are given, each specified auth type is tried in order until one succeeds or they all fail. swaks currently supports PLAIN, LOGIN, and CRAM-MD5. If no argument is given any available authentication type is used. If neither password (-ap) or username (-au) is supplied on command line, swaks will prompt on STDIN. @@ -1905,6 +1932,8 @@ TLS functionality requires the Net::SSLeay perl module. If this module is not available and TLS was required (using the --tls-on-connect or --tls options), the session will error out. If TLS was requested but not required (using the --tls-optional option), swaks will continue but not attempt a TLS session. +When TLS is available, options --tlscert and --tlskey can be used to specify which certificate and key files to use. + =back =head1 PORTABILITY
