+ default:
+ meth = SSLv23_client_method ();
+ break;
+ case 1 :
+ meth = SSLv2_client_method ();
+ break;
+ case 2 :
+ meth = SSLv3_client_method ();
+ break;
+ case 3 :
+ meth = TLSv1_client_method ();
+ break;
+ }
+ if (meth == NULL)
+ {
+ ssl_print_errors ();
+ return SSLERRCTXCREATE;
+ }
+
+ ssl_ctx = SSL_CTX_new (meth);
+ if (meth == NULL)
+ {
+ ssl_print_errors ();
+ return SSLERRCTXCREATE;
+ }
+ /* Can we validate the server Cert ? */
+ if (opt.sslcadir != NULL || opt.sslcafile != NULL)
+ {
+ SSL_CTX_load_verify_locations (ssl_ctx, opt.sslcafile, opt.sslcadir);
+ can_validate = 1;
+ }
+ else
+ {
+ can_validate = 0;
+ }
+
+ if (!opt.sslcheckcert)
+ {
+ /* check cert but ignore error, do not break handshake on error */
+ verify = SSL_VERIFY_NONE;
+ }
+ else
+ {
+ if (!can_validate)
+ {
+ logprintf (LOG_NOTQUIET, "Warrining validation of Server Cert not possible!\n");
+ verify = SSL_VERIFY_NONE;
+ }
+ else
+ {
+ /* break handshake if server cert is not valid but allow NO-Cert mode */
+ verify = SSL_VERIFY_PEER;
+ }
+ }
+
+ SSL_CTX_set_verify (ssl_ctx, verify, verify_callback);
+
+ if (opt.sslcertfile != NULL || opt.sslcertkey != NULL)
+ {
+ int ssl_cert_type;
+ if (!opt.sslcerttype)
+ ssl_cert_type = SSL_FILETYPE_PEM;
+ else
+ ssl_cert_type = SSL_FILETYPE_ASN1;
+