@@ -493,23 +493,58 @@ int main(int argc, char **argv) {
493493 }
494494
495495 struct aws_tls_ctx * tls_ctx = NULL ;
496+ struct aws_tls_ctx_options tls_ctx_options ;
497+ AWS_ZERO_STRUCT (tls_ctx_options );
496498 struct aws_tls_connection_options tls_connection_options ;
497499 AWS_ZERO_STRUCT (tls_connection_options );
498500 struct aws_tls_connection_options * tls_options = NULL ;
499501
500502 if (use_tls ) {
501503 aws_tls_init_static_state (allocator );
502504
503- struct aws_tls_ctx_options tls_ctx_options = {
504- /* .alpn_list = "h2;http/1.1", add this back when we have h2 support */
505- .alpn_list = "http/1.1" ,
506- .minimum_tls_version = AWS_IO_TLS_VER_SYS_DEFAULTS ,
507- .verify_peer = !app_ctx .insecure ,
508- .ca_path = app_ctx .capath ,
509- .ca_file = app_ctx .cacert ,
510- .certificate_path = app_ctx .cert ,
511- .private_key_path = app_ctx .key ,
512- };
505+ if (app_ctx .cert && app_ctx .key ) {
506+ if (aws_tls_ctx_options_init_client_mtls_from_path (
507+ & tls_ctx_options , allocator , app_ctx .cert , app_ctx .key )) {
508+ fprintf (
509+ stderr ,
510+ "Failed to load %s and %s with error %s." ,
511+ app_ctx .cert ,
512+ app_ctx .key ,
513+ aws_error_debug_str (aws_last_error ()));
514+ exit (1 );
515+ }
516+ }
517+ #ifdef _WIN32
518+ else if (app_ctx .cert && !app_ctx .key ) {
519+ aws_tls_ctx_options_init_client_mtls_from_system_path (& tls_ctx_options , allocator , app_ctx .cert );
520+ }
521+ #endif
522+ else {
523+ aws_tls_ctx_options_init_default_client (& tls_ctx_options , allocator );
524+ }
525+
526+ if (app_ctx .capath || app_ctx .cacert ) {
527+ if (aws_tls_ctx_options_override_default_trust_store_from_path (
528+ & tls_ctx_options , app_ctx .capath , app_ctx .cacert )) {
529+ fprintf (
530+ stderr ,
531+ "Failed to load %s and %s with error %s" ,
532+ app_ctx .capath ,
533+ app_ctx .cacert ,
534+ aws_error_debug_str (aws_last_error ()));
535+ exit (1 );
536+ }
537+ }
538+
539+ if (app_ctx .insecure ) {
540+ aws_tls_ctx_options_set_verify_peer (& tls_ctx_options , false);
541+ }
542+
543+ /* "h2;http/1.1", add this back when we have h2 support */
544+ if (aws_tls_ctx_options_set_alpn_list (& tls_ctx_options , "http/1.1" )) {
545+ fprintf (stderr , "Failed to load alpn list with error %s." , aws_error_debug_str (aws_last_error ()));
546+ exit (1 );
547+ }
513548
514549 tls_ctx = aws_tls_client_ctx_new (allocator , & tls_ctx_options );
515550
@@ -519,16 +554,12 @@ int main(int argc, char **argv) {
519554 }
520555
521556 aws_tls_connection_options_init_from_ctx (& tls_connection_options , tls_ctx );
557+ if (aws_tls_connection_options_set_server_name (& tls_connection_options , allocator , & app_ctx .uri .host_name )) {
558+ fprintf (stderr , "Failed to set servername with error %s." , aws_error_debug_str (aws_last_error ()));
559+ exit (1 );
560+ }
522561 tls_options = & tls_connection_options ;
523562
524- /* TODO: move aws-c-io to running off of aws_byte_cursor so we don't have to do all these tmp copies. */
525- char host_name [256 ];
526- AWS_ZERO_ARRAY (host_name );
527- memcpy (host_name , app_ctx .uri .host_name .ptr , app_ctx .uri .host_name .len );
528-
529- memcpy (host_name , app_ctx .uri .host_name .ptr , app_ctx .uri .host_name .len );
530- aws_tls_connection_options_set_server_name (tls_options , host_name );
531-
532563 if (app_ctx .uri .port ) {
533564 port = app_ctx .uri .port ;
534565 }
@@ -567,15 +598,16 @@ int main(int argc, char **argv) {
567598
568599 struct aws_mutex semaphore_mutex = AWS_MUTEX_INIT ;
569600 aws_http_client_connect (& http_client_options );
570-
571601 aws_mutex_lock (& semaphore_mutex );
572602 aws_condition_variable_wait (& app_ctx .c_var , & semaphore_mutex );
573603
574604 aws_client_bootstrap_destroy (bootstrap );
575605 aws_event_loop_group_clean_up (& el_group );
576606
577607 if (tls_ctx ) {
608+ aws_tls_connection_options_clean_up (& tls_connection_options );
578609 aws_tls_ctx_destroy (tls_ctx );
610+ aws_tls_ctx_options_clean_up (& tls_ctx_options );
579611 }
580612
581613 aws_tls_clean_up_static_state ();
0 commit comments