| OLD | NEW |
|---|
| 1 /* apps/s_client.c */ | 1 /* apps/s_client.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
| 52 * | 52 * |
| 53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
| 54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
| 56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
| 57 */ | 57 */ |
| 58 /* ==================================================================== | 58 /* ==================================================================== |
| 59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 * | 60 * |
| 61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
| 62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
| 63 * are met: | 63 * are met: |
| 64 * | 64 * |
| 65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
| 66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
| 67 * | 67 * |
| 68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
| 69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 103 * OF THE POSSIBILITY OF SUCH DAMAGE. | 103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 104 * ==================================================================== | 104 * ==================================================================== |
| 105 * | 105 * |
| 106 * This product includes cryptographic software written by Eric Young | 106 * This product includes cryptographic software written by Eric Young |
| 107 * (eay@cryptsoft.com). This product includes software written by Tim | 107 * (eay@cryptsoft.com). This product includes software written by Tim |
| 108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
| 109 * | 109 * |
| 110 */ | 110 */ |
| 111 /* ==================================================================== |
| 112 * Copyright 2005 Nokia. All rights reserved. |
| 113 * |
| 114 * The portions of the attached software ("Contribution") is developed by |
| 115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 116 * license. |
| 117 * |
| 118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 120 * support (see RFC 4279) to OpenSSL. |
| 121 * |
| 122 * No patent licenses or other rights except those expressly stated in |
| 123 * the OpenSSL open source license shall be deemed granted or received |
| 124 * expressly, by implication, estoppel, or otherwise. |
| 125 * |
| 126 * No assurances are provided by Nokia that the Contribution does not |
| 127 * infringe the patent or other intellectual property rights of any third |
| 128 * party or that the license provides you with all the necessary rights |
| 129 * to make use of the Contribution. |
| 130 * |
| 131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 135 * OTHERWISE. |
| 136 */ |
| 111 | 137 |
| 112 #include <assert.h> | 138 #include <assert.h> |
| 139 #include <ctype.h> |
| 113 #include <stdio.h> | 140 #include <stdio.h> |
| 114 #include <stdlib.h> | 141 #include <stdlib.h> |
| 115 #include <string.h> | 142 #include <string.h> |
| 116 #include <openssl/e_os2.h> | 143 #include <openssl/e_os2.h> |
| 117 #ifdef OPENSSL_NO_STDIO | 144 #ifdef OPENSSL_NO_STDIO |
| 118 #define APPS_WIN16 | 145 #define APPS_WIN16 |
| 119 #endif | 146 #endif |
| 120 | 147 |
| 121 /* With IPv6, it looks like Digital has mixed up the proper order of | 148 /* With IPv6, it looks like Digital has mixed up the proper order of |
| 122 recursive header file inclusion, resulting in the compiler complaining | 149 recursive header file inclusion, resulting in the compiler complaining |
| 123 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which | 150 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which |
| 124 is needed to have fileno() declared correctly... So let's define u_int */ | 151 is needed to have fileno() declared correctly... So let's define u_int */ |
| 125 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) | 152 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) |
| 126 #define __U_INT | 153 #define __U_INT |
| 127 typedef unsigned int u_int; | 154 typedef unsigned int u_int; |
| 128 #endif | 155 #endif |
| 129 | 156 |
| 130 #define USE_SOCKETS | 157 #define USE_SOCKETS |
| 131 #include "apps.h" | 158 #include "apps.h" |
| 132 #include <openssl/x509.h> | 159 #include <openssl/x509.h> |
| 133 #include <openssl/ssl.h> | 160 #include <openssl/ssl.h> |
| 134 #include <openssl/err.h> | 161 #include <openssl/err.h> |
| 135 #include <openssl/pem.h> | 162 #include <openssl/pem.h> |
| 136 #include <openssl/rand.h> | 163 #include <openssl/rand.h> |
| 137 #include <openssl/ocsp.h> | 164 #include <openssl/ocsp.h> |
| 165 #include <openssl/bn.h> |
| 138 #include "s_apps.h" | 166 #include "s_apps.h" |
| 139 #include "timeouts.h" | 167 #include "timeouts.h" |
| 140 | 168 |
| 141 #ifdef OPENSSL_SYS_WINCE | |
| 142 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problem
s below... */ | |
| 143 #ifdef fileno | |
| 144 #undef fileno | |
| 145 #endif | |
| 146 #define fileno(a) (int)_fileno(a) | |
| 147 #endif | |
| 148 | |
| 149 | |
| 150 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) | 169 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) |
| 151 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ | 170 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ |
| 152 #undef FIONBIO | 171 #undef FIONBIO |
| 153 #endif | 172 #endif |
| 154 | 173 |
| 174 #if defined(OPENSSL_SYS_BEOS_R5) |
| 175 #include <fcntl.h> |
| 176 #endif |
| 177 |
| 155 #undef PROG | 178 #undef PROG |
| 156 #define PROG s_client_main | 179 #define PROG s_client_main |
| 157 | 180 |
| 158 /*#define SSL_HOST_NAME "www.netscape.com" */ | 181 /*#define SSL_HOST_NAME "www.netscape.com" */ |
| 159 /*#define SSL_HOST_NAME "193.118.187.102" */ | 182 /*#define SSL_HOST_NAME "193.118.187.102" */ |
| 160 #define SSL_HOST_NAME "localhost" | 183 #define SSL_HOST_NAME "localhost" |
| 161 | 184 |
| 162 /*#define TEST_CERT "client.pem" */ /* no default cert. */ | 185 /*#define TEST_CERT "client.pem" */ /* no default cert. */ |
| 163 | 186 |
| 164 #undef BUFSIZZ | 187 #undef BUFSIZZ |
| 165 #define BUFSIZZ 1024*8 | 188 #define BUFSIZZ 1024*8 |
| 166 | 189 |
| 167 extern int verify_depth; | 190 extern int verify_depth; |
| 168 extern int verify_error; | 191 extern int verify_error; |
| 192 extern int verify_return_error; |
| 169 | 193 |
| 170 #ifdef FIONBIO | 194 #ifdef FIONBIO |
| 171 static int c_nbio=0; | 195 static int c_nbio=0; |
| 172 #endif | 196 #endif |
| 173 static int c_Pause=0; | 197 static int c_Pause=0; |
| 174 static int c_debug=0; | 198 static int c_debug=0; |
| 175 #ifndef OPENSSL_NO_TLSEXT | 199 #ifndef OPENSSL_NO_TLSEXT |
| 176 static int c_tlsextdebug=0; | 200 static int c_tlsextdebug=0; |
| 177 static int c_status_req=0; | 201 static int c_status_req=0; |
| 178 #endif | 202 #endif |
| 179 static int c_msg=0; | 203 static int c_msg=0; |
| 180 static int c_showcerts=0; | 204 static int c_showcerts=0; |
| 181 | 205 |
| 182 static void sc_usage(void); | 206 static void sc_usage(void); |
| 183 static void print_stuff(BIO *berr,SSL *con,int full); | 207 static void print_stuff(BIO *berr,SSL *con,int full); |
| 184 #ifndef OPENSSL_NO_TLSEXT | 208 #ifndef OPENSSL_NO_TLSEXT |
| 185 static int ocsp_resp_cb(SSL *s, void *arg); | 209 static int ocsp_resp_cb(SSL *s, void *arg); |
| 186 #endif | 210 #endif |
| 187 static BIO *bio_c_out=NULL; | 211 static BIO *bio_c_out=NULL; |
| 188 static int c_quiet=0; | 212 static int c_quiet=0; |
| 189 static int c_ign_eof=0; | 213 static int c_ign_eof=0; |
| 190 | 214 |
| 215 #ifndef OPENSSL_NO_PSK |
| 216 /* Default PSK identity and key */ |
| 217 static char *psk_identity="Client_identity"; |
| 218 /*char *psk_key=NULL; by default PSK is not used */ |
| 219 |
| 220 static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, |
| 221 unsigned int max_identity_len, unsigned char *psk, |
| 222 unsigned int max_psk_len) |
| 223 { |
| 224 unsigned int psk_len = 0; |
| 225 int ret; |
| 226 BIGNUM *bn=NULL; |
| 227 |
| 228 if (c_debug) |
| 229 BIO_printf(bio_c_out, "psk_client_cb\n"); |
| 230 if (!hint) |
| 231 { |
| 232 /* no ServerKeyExchange message*/ |
| 233 if (c_debug) |
| 234 BIO_printf(bio_c_out,"NULL received PSK identity hint, c
ontinuing anyway\n"); |
| 235 } |
| 236 else if (c_debug) |
| 237 BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint)
; |
| 238 |
| 239 /* lookup PSK identity and PSK key based on the given identity hint here
*/ |
| 240 ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); |
| 241 if (ret < 0 || (unsigned int)ret > max_identity_len) |
| 242 goto out_err; |
| 243 if (c_debug) |
| 244 BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity
, ret); |
| 245 ret=BN_hex2bn(&bn, psk_key); |
| 246 if (!ret) |
| 247 { |
| 248 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n",
psk_key); |
| 249 if (bn) |
| 250 BN_free(bn); |
| 251 return 0; |
| 252 } |
| 253 |
| 254 if ((unsigned int)BN_num_bytes(bn) > max_psk_len) |
| 255 { |
| 256 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for
key (%d)\n", |
| 257 max_psk_len, BN_num_bytes(bn)); |
| 258 BN_free(bn); |
| 259 return 0; |
| 260 } |
| 261 |
| 262 psk_len=BN_bn2bin(bn, psk); |
| 263 BN_free(bn); |
| 264 if (psk_len == 0) |
| 265 goto out_err; |
| 266 |
| 267 if (c_debug) |
| 268 BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); |
| 269 |
| 270 return psk_len; |
| 271 out_err: |
| 272 if (c_debug) |
| 273 BIO_printf(bio_err, "Error in PSK client callback\n"); |
| 274 return 0; |
| 275 } |
| 276 #endif |
| 277 |
| 191 static void sc_usage(void) | 278 static void sc_usage(void) |
| 192 { | 279 { |
| 193 BIO_printf(bio_err,"usage: s_client args\n"); | 280 BIO_printf(bio_err,"usage: s_client args\n"); |
| 194 BIO_printf(bio_err,"\n"); | 281 BIO_printf(bio_err,"\n"); |
| 195 BIO_printf(bio_err," -host host - use -connect instead\n"); | 282 BIO_printf(bio_err," -host host - use -connect instead\n"); |
| 196 BIO_printf(bio_err," -port port - use -connect instead\n"); | 283 BIO_printf(bio_err," -port port - use -connect instead\n"); |
| 197 BIO_printf(bio_err," -connect host:port - who to connect to (default is
%s:%s)\n",SSL_HOST_NAME,PORT_STR); | 284 BIO_printf(bio_err," -connect host:port - who to connect to (default is
%s:%s)\n",SSL_HOST_NAME,PORT_STR); |
| 198 | 285 |
| 199 » BIO_printf(bio_err," -verify depth - turn on peer certificate verificati
on\n"); | 286 » BIO_printf(bio_err," -verify arg - turn on peer certificate verificati
on\n"); |
| 200 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format
assumed\n"); | 287 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format
assumed\n"); |
| 201 BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM
default\n"); | 288 BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM
default\n"); |
| 202 BIO_printf(bio_err," -key arg - Private key file to use, in cert fi
le if\n"); | 289 BIO_printf(bio_err," -key arg - Private key file to use, in cert fi
le if\n"); |
| 203 BIO_printf(bio_err," not specified but cert file is.\n")
; | 290 BIO_printf(bio_err," not specified but cert file is.\n")
; |
| 204 BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default
\n"); | 291 BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default
\n"); |
| 205 BIO_printf(bio_err," -pass arg - private key file pass phrase source
\n"); | 292 BIO_printf(bio_err," -pass arg - private key file pass phrase source
\n"); |
| 206 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); | 293 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); |
| 207 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); | 294 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); |
| 208 BIO_printf(bio_err," -reconnect - Drop and re-make the connection wit
h the same Session-ID\n"); | 295 BIO_printf(bio_err," -reconnect - Drop and re-make the connection wit
h the same Session-ID\n"); |
| 209 BIO_printf(bio_err," -pause - sleep(1) after each read(2) and wri
te(2) system call\n"); | 296 BIO_printf(bio_err," -pause - sleep(1) after each read(2) and wri
te(2) system call\n"); |
| 210 BIO_printf(bio_err," -showcerts - show all certificates in the chain\
n"); | 297 BIO_printf(bio_err," -showcerts - show all certificates in the chain\
n"); |
| 211 BIO_printf(bio_err," -debug - extra output\n"); | 298 BIO_printf(bio_err," -debug - extra output\n"); |
| 212 #ifdef WATT32 | 299 #ifdef WATT32 |
| 213 BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); | 300 BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); |
| 214 #endif | 301 #endif |
| 215 BIO_printf(bio_err," -msg - Show protocol messages\n"); | 302 BIO_printf(bio_err," -msg - Show protocol messages\n"); |
| 216 BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); | 303 BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); |
| 217 BIO_printf(bio_err," -state - print the 'ssl' states\n"); | 304 BIO_printf(bio_err," -state - print the 'ssl' states\n"); |
| 218 #ifdef FIONBIO | 305 #ifdef FIONBIO |
| 219 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); | 306 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); |
| 220 #endif | 307 #endif |
| 221 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\
n"); | 308 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\
n"); |
| 222 BIO_printf(bio_err," -quiet - no s_client output\n"); | 309 BIO_printf(bio_err," -quiet - no s_client output\n"); |
| 223 BIO_printf(bio_err," -ign_eof - ignore input eof (default when -qui
et)\n"); | 310 BIO_printf(bio_err," -ign_eof - ignore input eof (default when -qui
et)\n"); |
| 224 BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); | 311 BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); |
| 312 #ifndef OPENSSL_NO_PSK |
| 313 BIO_printf(bio_err," -psk_identity arg - PSK identity\n"); |
| 314 BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); |
| 315 # ifndef OPENSSL_NO_JPAKE |
| 316 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); |
| 317 # endif |
| 318 #endif |
| 225 BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); | 319 BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); |
| 226 BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); | 320 BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); |
| 227 BIO_printf(bio_err," -tls1 - just use TLSv1\n"); | 321 BIO_printf(bio_err," -tls1 - just use TLSv1\n"); |
| 228 BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); | 322 BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); |
| 229 BIO_printf(bio_err," -mtu - set the link layer MTU\n"); | 323 BIO_printf(bio_err," -mtu - set the link layer MTU\n"); |
| 230 BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
\n"); | 324 BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
\n"); |
| 231 BIO_printf(bio_err," -bugs - Switch on all SSL implementation bu
g workarounds\n"); | 325 BIO_printf(bio_err," -bugs - Switch on all SSL implementation bu
g workarounds\n"); |
| 232 BIO_printf(bio_err," -serverpref - Use server's cipher preferences (on
ly SSLv2)\n"); | 326 BIO_printf(bio_err," -serverpref - Use server's cipher preferences (on
ly SSLv2)\n"); |
| 233 BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'o
penssl ciphers'\n"); | 327 BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'o
penssl ciphers'\n"); |
| 234 BIO_printf(bio_err," command to see what is available\n"
); | 328 BIO_printf(bio_err," command to see what is available\n"
); |
| 235 BIO_printf(bio_err," -starttls prot - use the STARTTLS command before st
arting TLS\n"); | 329 BIO_printf(bio_err," -starttls prot - use the STARTTLS command before st
arting TLS\n"); |
| 236 BIO_printf(bio_err," for those protocols that support it
, where\n"); | 330 BIO_printf(bio_err," for those protocols that support it
, where\n"); |
| 237 BIO_printf(bio_err," 'prot' defines which one to assume.
Currently,\n"); | 331 BIO_printf(bio_err," 'prot' defines which one to assume.
Currently,\n"); |
| 238 BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\",
\"ftp\" and \"xmpp\"\n"); | 332 BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\",
\"ftp\" and \"xmpp\"\n"); |
| 239 BIO_printf(bio_err," are supported.\n"); | 333 BIO_printf(bio_err," are supported.\n"); |
| 240 #ifndef OPENSSL_NO_ENGINE | 334 #ifndef OPENSSL_NO_ENGINE |
| 241 BIO_printf(bio_err," -engine id - Initialise and use the specified en
gine\n"); | 335 BIO_printf(bio_err," -engine id - Initialise and use the specified en
gine\n"); |
| 242 #endif | 336 #endif |
| 243 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST
_SEPARATOR_CHAR); | 337 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST
_SEPARATOR_CHAR); |
| 244 BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); | 338 BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); |
| 245 BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); | 339 BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); |
| 246 #ifndef OPENSSL_NO_TLSEXT | 340 #ifndef OPENSSL_NO_TLSEXT |
| 247 BIO_printf(bio_err," -servername host - Set TLS extension servername in
ClientHello\n"); | 341 BIO_printf(bio_err," -servername host - Set TLS extension servername in
ClientHello\n"); |
| 248 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions
received\n"); | 342 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions
received\n"); |
| 249 BIO_printf(bio_err," -status - request certificate status from
server\n"); | 343 BIO_printf(bio_err," -status - request certificate status from
server\n"); |
| 250 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis sessi
on tickets\n"); | 344 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis sessi
on tickets\n"); |
| 345 # ifndef OPENSSL_NO_NEXTPROTONEG |
| 346 BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, consideri
ng named protocols supported (comma-separated list)\n"); |
| 347 # endif |
| 251 BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for
strong ciphers\n"); | 348 BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for
strong ciphers\n"); |
| 252 BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, consideri
ng named protocols supported (comma-separated list)\n"); | |
| 253 #endif | 349 #endif |
| 254 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); | 350 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); |
| 255 } | 351 } |
| 256 | 352 |
| 257 #ifndef OPENSSL_NO_TLSEXT | 353 #ifndef OPENSSL_NO_TLSEXT |
| 258 | 354 |
| 259 /* This is a context that we pass to callbacks */ | 355 /* This is a context that we pass to callbacks */ |
| 260 typedef struct tlsextctx_st { | 356 typedef struct tlsextctx_st { |
| 261 BIO * biodebug; | 357 BIO * biodebug; |
| 262 int ack; | 358 int ack; |
| 263 } tlsextctx; | 359 } tlsextctx; |
| 264 | 360 |
| 265 | 361 |
| 266 static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) | 362 static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) |
| 267 { | 363 { |
| 268 tlsextctx * p = (tlsextctx *) arg; | 364 tlsextctx * p = (tlsextctx *) arg; |
| 269 const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); | 365 const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); |
| 270 if (SSL_get_servername_type(s) != -1) | 366 if (SSL_get_servername_type(s) != -1) |
| 271 p->ack = !SSL_session_reused(s) && hn != NULL; | 367 p->ack = !SSL_session_reused(s) && hn != NULL; |
| 272 else | 368 else |
| 273 BIO_printf(bio_err,"Can't use SSL_get_servername\n"); | 369 BIO_printf(bio_err,"Can't use SSL_get_servername\n"); |
| 274 | 370 |
| 275 return SSL_TLSEXT_ERR_OK; | 371 return SSL_TLSEXT_ERR_OK; |
| 276 } | 372 } |
| 277 #endif | |
| 278 enum | |
| 279 { | |
| 280 PROTO_OFF = 0, | |
| 281 PROTO_SMTP, | |
| 282 PROTO_POP3, | |
| 283 PROTO_IMAP, | |
| 284 PROTO_FTP, | |
| 285 PROTO_XMPP | |
| 286 }; | |
| 287 | 373 |
| 374 # ifndef OPENSSL_NO_NEXTPROTONEG |
| 288 /* This the context that we pass to next_proto_cb */ | 375 /* This the context that we pass to next_proto_cb */ |
| 289 typedef struct tlsextnextprotoctx_st { | 376 typedef struct tlsextnextprotoctx_st { |
| 290 unsigned char *data; | 377 unsigned char *data; |
| 291 unsigned short len; | 378 unsigned short len; |
| 292 int status; | 379 int status; |
| 293 } tlsextnextprotoctx; | 380 } tlsextnextprotoctx; |
| 294 | 381 |
| 295 static tlsextnextprotoctx next_proto; | 382 static tlsextnextprotoctx next_proto; |
| 296 | 383 |
| 297 static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
st unsigned char *in, unsigned int inlen, void *arg) | 384 static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
st unsigned char *in, unsigned int inlen, void *arg) |
| (...skipping 11 matching lines...) Expand all Loading... |
| 309 BIO_write(bio_c_out, ", ", 2); | 396 BIO_write(bio_c_out, ", ", 2); |
| 310 BIO_write(bio_c_out, &in[i + 1], in[i]); | 397 BIO_write(bio_c_out, &in[i + 1], in[i]); |
| 311 i += in[i] + 1; | 398 i += in[i] + 1; |
| 312 } | 399 } |
| 313 BIO_write(bio_c_out, "\n", 1); | 400 BIO_write(bio_c_out, "\n", 1); |
| 314 } | 401 } |
| 315 | 402 |
| 316 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, c
tx->len); | 403 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, c
tx->len); |
| 317 return SSL_TLSEXT_ERR_OK; | 404 return SSL_TLSEXT_ERR_OK; |
| 318 } | 405 } |
| 406 # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ |
| 407 #endif |
| 408 |
| 409 enum |
| 410 { |
| 411 PROTO_OFF = 0, |
| 412 PROTO_SMTP, |
| 413 PROTO_POP3, |
| 414 PROTO_IMAP, |
| 415 PROTO_FTP, |
| 416 PROTO_XMPP |
| 417 }; |
| 319 | 418 |
| 320 int MAIN(int, char **); | 419 int MAIN(int, char **); |
| 321 | 420 |
| 322 int MAIN(int argc, char **argv) | 421 int MAIN(int argc, char **argv) |
| 323 { | 422 { |
| 324 » int off=0, clr = 0; | 423 » unsigned int off=0, clr=0; |
| 325 » SSL *con=NULL,*con2=NULL; | 424 » SSL *con=NULL; |
| 326 » X509_STORE *store = NULL; | |
| 327 int s,k,width,state=0; | 425 int s,k,width,state=0; |
| 328 char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; | 426 char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; |
| 329 int cbuf_len,cbuf_off; | 427 int cbuf_len,cbuf_off; |
| 330 int sbuf_len,sbuf_off; | 428 int sbuf_len,sbuf_off; |
| 331 fd_set readfds,writefds; | 429 fd_set readfds,writefds; |
| 332 short port=PORT; | 430 short port=PORT; |
| 333 int full_log=1; | 431 int full_log=1; |
| 334 char *host=SSL_HOST_NAME; | 432 char *host=SSL_HOST_NAME; |
| 335 char *cert_file=NULL,*key_file=NULL; | 433 char *cert_file=NULL,*key_file=NULL; |
| 336 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; | 434 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; |
| 337 char *passarg = NULL, *pass = NULL; | 435 char *passarg = NULL, *pass = NULL; |
| 338 X509 *cert = NULL; | 436 X509 *cert = NULL; |
| 339 EVP_PKEY *key = NULL; | 437 EVP_PKEY *key = NULL; |
| 340 char *CApath=NULL,*CAfile=NULL,*cipher=NULL; | 438 char *CApath=NULL,*CAfile=NULL,*cipher=NULL; |
| 341 int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; | 439 int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; |
| 342 int cutthrough=0; | 440 int cutthrough=0; |
| 343 int crlf=0; | 441 int crlf=0; |
| 344 int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; | 442 int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; |
| 345 SSL_CTX *ctx=NULL; | 443 SSL_CTX *ctx=NULL; |
| 346 int ret=1,in_init=1,i,nbio_test=0; | 444 int ret=1,in_init=1,i,nbio_test=0; |
| 347 int starttls_proto = PROTO_OFF; | 445 int starttls_proto = PROTO_OFF; |
| 348 » int prexit = 0, vflags = 0; | 446 » int prexit = 0; |
| 349 » SSL_METHOD *meth=NULL; | 447 » X509_VERIFY_PARAM *vpm = NULL; |
| 350 #ifdef sock_type | 448 » int badarg = 0; |
| 351 #undef sock_type | 449 » const SSL_METHOD *meth=NULL; |
| 352 #endif | 450 » int socket_type=SOCK_STREAM; |
| 353 » int sock_type=SOCK_STREAM; | |
| 354 BIO *sbio; | 451 BIO *sbio; |
| 355 char *inrand=NULL; | 452 char *inrand=NULL; |
| 356 int mbuf_len=0; | 453 int mbuf_len=0; |
| 357 struct timeval timeout, *timeoutp; | 454 struct timeval timeout, *timeoutp; |
| 358 #ifndef OPENSSL_NO_ENGINE | 455 #ifndef OPENSSL_NO_ENGINE |
| 359 char *engine_id=NULL; | 456 char *engine_id=NULL; |
| 360 char *ssl_client_engine_id=NULL; | 457 char *ssl_client_engine_id=NULL; |
| 361 ENGINE *ssl_client_engine=NULL; | 458 ENGINE *ssl_client_engine=NULL; |
| 362 #endif | 459 #endif |
| 363 ENGINE *e=NULL; | 460 ENGINE *e=NULL; |
| 364 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) | 461 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) |
| 365 struct timeval tv; | 462 struct timeval tv; |
| 463 #if defined(OPENSSL_SYS_BEOS_R5) |
| 464 int stdin_set = 0; |
| 366 #endif | 465 #endif |
| 367 | 466 #endif |
| 368 #ifndef OPENSSL_NO_TLSEXT | 467 #ifndef OPENSSL_NO_TLSEXT |
| 369 char *servername = NULL; | 468 char *servername = NULL; |
| 370 tlsextctx tlsextcbp = | 469 tlsextctx tlsextcbp = |
| 371 {NULL,0}; | 470 {NULL,0}; |
| 471 # ifndef OPENSSL_NO_NEXTPROTONEG |
| 372 const char *next_proto_neg_in = NULL; | 472 const char *next_proto_neg_in = NULL; |
| 473 # endif |
| 373 #endif | 474 #endif |
| 374 char *sess_in = NULL; | 475 char *sess_in = NULL; |
| 375 char *sess_out = NULL; | 476 char *sess_out = NULL; |
| 376 struct sockaddr peer; | 477 struct sockaddr peer; |
| 377 int peerlen = sizeof(peer); | 478 int peerlen = sizeof(peer); |
| 378 int enable_timeouts = 0 ; | 479 int enable_timeouts = 0 ; |
| 379 long socket_mtu = 0; | 480 long socket_mtu = 0; |
| 380 #ifndef OPENSSL_NO_JPAKE | 481 #ifndef OPENSSL_NO_JPAKE |
| 381 char *jpake_secret = NULL; | 482 char *jpake_secret = NULL; |
| 382 #endif | 483 #endif |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 458 else if (strcmp(*argv,"-sess_in") == 0) | 559 else if (strcmp(*argv,"-sess_in") == 0) |
| 459 { | 560 { |
| 460 if (--argc < 1) goto bad; | 561 if (--argc < 1) goto bad; |
| 461 sess_in = *(++argv); | 562 sess_in = *(++argv); |
| 462 } | 563 } |
| 463 else if (strcmp(*argv,"-certform") == 0) | 564 else if (strcmp(*argv,"-certform") == 0) |
| 464 { | 565 { |
| 465 if (--argc < 1) goto bad; | 566 if (--argc < 1) goto bad; |
| 466 cert_format = str2fmt(*(++argv)); | 567 cert_format = str2fmt(*(++argv)); |
| 467 } | 568 } |
| 468 » » else if»(strcmp(*argv,"-crl_check") == 0) | 569 » » else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) |
| 469 » » » vflags |= X509_V_FLAG_CRL_CHECK; | 570 » » » { |
| 470 » » else if»(strcmp(*argv,"-crl_check_all") == 0) | 571 » » » if (badarg) |
| 471 » » » vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_AL
L; | 572 » » » » goto bad; |
| 573 » » » continue; |
| 574 » » » } |
| 575 » » else if (strcmp(*argv,"-verify_return_error") == 0) |
| 576 » » » verify_return_error = 1; |
| 472 else if (strcmp(*argv,"-prexit") == 0) | 577 else if (strcmp(*argv,"-prexit") == 0) |
| 473 prexit=1; | 578 prexit=1; |
| 474 else if (strcmp(*argv,"-crlf") == 0) | 579 else if (strcmp(*argv,"-crlf") == 0) |
| 475 crlf=1; | 580 crlf=1; |
| 476 else if (strcmp(*argv,"-quiet") == 0) | 581 else if (strcmp(*argv,"-quiet") == 0) |
| 477 { | 582 { |
| 478 c_quiet=1; | 583 c_quiet=1; |
| 479 c_ign_eof=1; | 584 c_ign_eof=1; |
| 480 } | 585 } |
| 481 else if (strcmp(*argv,"-ign_eof") == 0) | 586 else if (strcmp(*argv,"-ign_eof") == 0) |
| (...skipping 15 matching lines...) Expand all Loading... |
| 497 dbug_init(); | 602 dbug_init(); |
| 498 #endif | 603 #endif |
| 499 else if (strcmp(*argv,"-msg") == 0) | 604 else if (strcmp(*argv,"-msg") == 0) |
| 500 c_msg=1; | 605 c_msg=1; |
| 501 else if (strcmp(*argv,"-showcerts") == 0) | 606 else if (strcmp(*argv,"-showcerts") == 0) |
| 502 c_showcerts=1; | 607 c_showcerts=1; |
| 503 else if (strcmp(*argv,"-nbio_test") == 0) | 608 else if (strcmp(*argv,"-nbio_test") == 0) |
| 504 nbio_test=1; | 609 nbio_test=1; |
| 505 else if (strcmp(*argv,"-state") == 0) | 610 else if (strcmp(*argv,"-state") == 0) |
| 506 state=1; | 611 state=1; |
| 612 #ifndef OPENSSL_NO_PSK |
| 613 else if (strcmp(*argv,"-psk_identity") == 0) |
| 614 { |
| 615 if (--argc < 1) goto bad; |
| 616 psk_identity=*(++argv); |
| 617 } |
| 618 else if (strcmp(*argv,"-psk") == 0) |
| 619 { |
| 620 size_t j; |
| 621 |
| 622 if (--argc < 1) goto bad; |
| 623 psk_key=*(++argv); |
| 624 for (j = 0; j < strlen(psk_key); j++) |
| 625 { |
| 626 if (isxdigit((int)psk_key[j])) |
| 627 continue; |
| 628 BIO_printf(bio_err,"Not a hex number '%s'\n",*ar
gv); |
| 629 goto bad; |
| 630 } |
| 631 } |
| 632 #endif |
| 507 #ifndef OPENSSL_NO_SSL2 | 633 #ifndef OPENSSL_NO_SSL2 |
| 508 else if (strcmp(*argv,"-ssl2") == 0) | 634 else if (strcmp(*argv,"-ssl2") == 0) |
| 509 meth=SSLv2_client_method(); | 635 meth=SSLv2_client_method(); |
| 510 #endif | 636 #endif |
| 511 #ifndef OPENSSL_NO_SSL3 | 637 #ifndef OPENSSL_NO_SSL3 |
| 512 else if (strcmp(*argv,"-ssl3") == 0) | 638 else if (strcmp(*argv,"-ssl3") == 0) |
| 513 meth=SSLv3_client_method(); | 639 meth=SSLv3_client_method(); |
| 514 #endif | 640 #endif |
| 515 #ifndef OPENSSL_NO_TLS1 | 641 #ifndef OPENSSL_NO_TLS1 |
| 516 else if (strcmp(*argv,"-tls1") == 0) | 642 else if (strcmp(*argv,"-tls1") == 0) |
| 517 meth=TLSv1_client_method(); | 643 meth=TLSv1_client_method(); |
| 518 #endif | 644 #endif |
| 519 #ifndef OPENSSL_NO_DTLS1 | 645 #ifndef OPENSSL_NO_DTLS1 |
| 520 else if (strcmp(*argv,"-dtls1") == 0) | 646 else if (strcmp(*argv,"-dtls1") == 0) |
| 521 { | 647 { |
| 522 meth=DTLSv1_client_method(); | 648 meth=DTLSv1_client_method(); |
| 523 » » » sock_type=SOCK_DGRAM; | 649 » » » socket_type=SOCK_DGRAM; |
| 524 } | 650 } |
| 525 else if (strcmp(*argv,"-timeout") == 0) | 651 else if (strcmp(*argv,"-timeout") == 0) |
| 526 enable_timeouts=1; | 652 enable_timeouts=1; |
| 527 else if (strcmp(*argv,"-mtu") == 0) | 653 else if (strcmp(*argv,"-mtu") == 0) |
| 528 { | 654 { |
| 529 if (--argc < 1) goto bad; | 655 if (--argc < 1) goto bad; |
| 530 socket_mtu = atol(*(++argv)); | 656 socket_mtu = atol(*(++argv)); |
| 531 } | 657 } |
| 532 #endif | 658 #endif |
| 533 else if (strcmp(*argv,"-bugs") == 0) | 659 else if (strcmp(*argv,"-bugs") == 0) |
| (...skipping 26 matching lines...) Expand all Loading... |
| 560 { | 686 { |
| 561 if (--argc < 1) goto bad; | 687 if (--argc < 1) goto bad; |
| 562 CAfile= *(++argv); | 688 CAfile= *(++argv); |
| 563 } | 689 } |
| 564 else if (strcmp(*argv,"-no_tls1") == 0) | 690 else if (strcmp(*argv,"-no_tls1") == 0) |
| 565 off|=SSL_OP_NO_TLSv1; | 691 off|=SSL_OP_NO_TLSv1; |
| 566 else if (strcmp(*argv,"-no_ssl3") == 0) | 692 else if (strcmp(*argv,"-no_ssl3") == 0) |
| 567 off|=SSL_OP_NO_SSLv3; | 693 off|=SSL_OP_NO_SSLv3; |
| 568 else if (strcmp(*argv,"-no_ssl2") == 0) | 694 else if (strcmp(*argv,"-no_ssl2") == 0) |
| 569 off|=SSL_OP_NO_SSLv2; | 695 off|=SSL_OP_NO_SSLv2; |
| 696 else if (strcmp(*argv,"-no_comp") == 0) |
| 697 { off|=SSL_OP_NO_COMPRESSION; } |
| 570 #ifndef OPENSSL_NO_TLSEXT | 698 #ifndef OPENSSL_NO_TLSEXT |
| 571 else if (strcmp(*argv,"-no_ticket") == 0) | 699 else if (strcmp(*argv,"-no_ticket") == 0) |
| 572 { off|=SSL_OP_NO_TICKET; } | 700 { off|=SSL_OP_NO_TICKET; } |
| 701 # ifndef OPENSSL_NO_NEXTPROTONEG |
| 573 else if (strcmp(*argv,"-nextprotoneg") == 0) | 702 else if (strcmp(*argv,"-nextprotoneg") == 0) |
| 574 { | 703 { |
| 575 if (--argc < 1) goto bad; | 704 if (--argc < 1) goto bad; |
| 576 next_proto_neg_in = *(++argv); | 705 next_proto_neg_in = *(++argv); |
| 577 } | 706 } |
| 707 # endif |
| 578 #endif | 708 #endif |
| 579 else if (strcmp(*argv,"-cutthrough") == 0) | 709 else if (strcmp(*argv,"-cutthrough") == 0) |
| 580 cutthrough=1; | 710 cutthrough=1; |
| 581 else if (strcmp(*argv,"-serverpref") == 0) | 711 else if (strcmp(*argv,"-serverpref") == 0) |
| 582 off|=SSL_OP_CIPHER_SERVER_PREFERENCE; | 712 off|=SSL_OP_CIPHER_SERVER_PREFERENCE; |
| 583 else if (strcmp(*argv,"-legacy_renegotiation") == 0) | 713 else if (strcmp(*argv,"-legacy_renegotiation") == 0) |
| 584 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; | 714 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; |
| 585 else if (strcmp(*argv,"-legacy_server_connect") == 0) | 715 else if (strcmp(*argv,"-legacy_server_connect") == 0) |
| 586 { off|=SSL_OP_LEGACY_SERVER_CONNECT; } | 716 { off|=SSL_OP_LEGACY_SERVER_CONNECT; } |
| 587 else if (strcmp(*argv,"-no_legacy_server_connect") == 0) | 717 else if (strcmp(*argv,"-no_legacy_server_connect") == 0) |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 653 argc--; | 783 argc--; |
| 654 argv++; | 784 argv++; |
| 655 } | 785 } |
| 656 if (badop) | 786 if (badop) |
| 657 { | 787 { |
| 658 bad: | 788 bad: |
| 659 sc_usage(); | 789 sc_usage(); |
| 660 goto end; | 790 goto end; |
| 661 } | 791 } |
| 662 | 792 |
| 793 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) |
| 794 if (jpake_secret) |
| 795 { |
| 796 if (psk_key) |
| 797 { |
| 798 BIO_printf(bio_err, |
| 799 "Can't use JPAKE and PSK together\n"); |
| 800 goto end; |
| 801 } |
| 802 psk_identity = "JPAKE"; |
| 803 } |
| 804 |
| 805 if (cipher) |
| 806 { |
| 807 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); |
| 808 goto end; |
| 809 } |
| 810 cipher = "PSK"; |
| 811 #endif |
| 812 |
| 663 OpenSSL_add_ssl_algorithms(); | 813 OpenSSL_add_ssl_algorithms(); |
| 664 SSL_load_error_strings(); | 814 SSL_load_error_strings(); |
| 665 | 815 |
| 666 #ifndef OPENSSL_NO_TLSEXT | 816 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 667 next_proto.status = -1; | 817 next_proto.status = -1; |
| 668 if (next_proto_neg_in) | 818 if (next_proto_neg_in) |
| 669 { | 819 { |
| 670 next_proto.data = next_protos_parse(&next_proto.len, next_proto_
neg_in); | 820 next_proto.data = next_protos_parse(&next_proto.len, next_proto_
neg_in); |
| 671 if (next_proto.data == NULL) | 821 if (next_proto.data == NULL) |
| 672 { | 822 { |
| 673 BIO_printf(bio_err, "Error parsing -nextprotoneg argumen
t\n"); | 823 BIO_printf(bio_err, "Error parsing -nextprotoneg argumen
t\n"); |
| 674 goto end; | 824 goto end; |
| 675 } | 825 } |
| 676 } | 826 } |
| 677 else | 827 else |
| 678 next_proto.data = NULL; | 828 next_proto.data = NULL; |
| 679 #endif | 829 #endif |
| 680 | 830 |
| 681 #ifndef OPENSSL_NO_ENGINE | 831 #ifndef OPENSSL_NO_ENGINE |
| 682 e = setup_engine(bio_err, engine_id, 1); | 832 e = setup_engine(bio_err, engine_id, 1); |
| 683 if (ssl_client_engine_id) | 833 if (ssl_client_engine_id) |
| 684 { | 834 { |
| 685 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); | 835 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); |
| 686 if (!ssl_client_engine) | 836 if (!ssl_client_engine) |
| 687 { | 837 { |
| 688 BIO_printf(bio_err, | 838 BIO_printf(bio_err, |
| 689 "Error getting client auth engine\n"); | 839 "Error getting client auth engine\n"); |
| 690 goto end; | 840 goto end; |
| 691 } | 841 } |
| 692 } | 842 } |
| 843 |
| 693 #endif | 844 #endif |
| 694 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) | 845 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) |
| 695 { | 846 { |
| 696 BIO_printf(bio_err, "Error getting password\n"); | 847 BIO_printf(bio_err, "Error getting password\n"); |
| 697 goto end; | 848 goto end; |
| 698 } | 849 } |
| 699 | 850 |
| 700 if (key_file == NULL) | 851 if (key_file == NULL) |
| 701 key_file = cert_file; | 852 key_file = cert_file; |
| 702 | 853 |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 750 } | 901 } |
| 751 } | 902 } |
| 752 | 903 |
| 753 ctx=SSL_CTX_new(meth); | 904 ctx=SSL_CTX_new(meth); |
| 754 if (ctx == NULL) | 905 if (ctx == NULL) |
| 755 { | 906 { |
| 756 ERR_print_errors(bio_err); | 907 ERR_print_errors(bio_err); |
| 757 goto end; | 908 goto end; |
| 758 } | 909 } |
| 759 | 910 |
| 911 if (vpm) |
| 912 SSL_CTX_set1_param(ctx, vpm); |
| 913 |
| 760 #ifndef OPENSSL_NO_ENGINE | 914 #ifndef OPENSSL_NO_ENGINE |
| 761 if (ssl_client_engine) | 915 if (ssl_client_engine) |
| 762 { | 916 { |
| 763 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) | 917 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) |
| 764 { | 918 { |
| 765 BIO_puts(bio_err, "Error setting client auth engine\n"); | 919 BIO_puts(bio_err, "Error setting client auth engine\n"); |
| 766 ERR_print_errors(bio_err); | 920 ERR_print_errors(bio_err); |
| 767 ENGINE_free(ssl_client_engine); | 921 ENGINE_free(ssl_client_engine); |
| 768 goto end; | 922 goto end; |
| 769 } | 923 } |
| 770 ENGINE_free(ssl_client_engine); | 924 ENGINE_free(ssl_client_engine); |
| 771 } | 925 } |
| 772 #endif | 926 #endif |
| 773 | 927 |
| 928 #ifndef OPENSSL_NO_PSK |
| 929 #ifdef OPENSSL_NO_JPAKE |
| 930 if (psk_key != NULL) |
| 931 #else |
| 932 if (psk_key != NULL || jpake_secret) |
| 933 #endif |
| 934 { |
| 935 if (c_debug) |
| 936 BIO_printf(bio_c_out, "PSK key given or JPAKE in use, se
tting client callback\n"); |
| 937 SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); |
| 938 } |
| 939 #endif |
| 774 if (bugs) | 940 if (bugs) |
| 775 SSL_CTX_set_options(ctx,SSL_OP_ALL|off); | 941 SSL_CTX_set_options(ctx,SSL_OP_ALL|off); |
| 776 else | 942 else |
| 777 SSL_CTX_set_options(ctx,off); | 943 SSL_CTX_set_options(ctx,off); |
| 778 | 944 |
| 779 if (clr) | 945 if (clr) |
| 780 SSL_CTX_clear_options(ctx, clr); | 946 SSL_CTX_clear_options(ctx, clr); |
| 781 /* DTLS: partial reads end up discarding unread UDP bytes :-( | 947 /* DTLS: partial reads end up discarding unread UDP bytes :-( |
| 782 * Setting read ahead solves this problem. | 948 * Setting read ahead solves this problem. |
| 783 */ | 949 */ |
| 784 » if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); | 950 » if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); |
| 785 | 951 |
| 786 /* Enable handshake cutthrough for client connections using | 952 /* Enable handshake cutthrough for client connections using |
| 787 * strong ciphers. */ | 953 * strong ciphers. */ |
| 788 if (cutthrough) | 954 if (cutthrough) |
| 789 { | 955 { |
| 790 int ssl_mode = SSL_CTX_get_mode(ctx); | 956 int ssl_mode = SSL_CTX_get_mode(ctx); |
| 791 ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH; | 957 ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH; |
| 792 SSL_CTX_set_mode(ctx, ssl_mode); | 958 SSL_CTX_set_mode(ctx, ssl_mode); |
| 793 } | 959 } |
| 794 | 960 |
| 961 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 795 if (next_proto.data) | 962 if (next_proto.data) |
| 796 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto
); | 963 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto
); |
| 964 #endif |
| 797 | 965 |
| 798 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); | 966 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); |
| 799 if (cipher != NULL) | 967 if (cipher != NULL) |
| 800 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { | 968 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { |
| 801 BIO_printf(bio_err,"error setting cipher list\n"); | 969 BIO_printf(bio_err,"error setting cipher list\n"); |
| 802 ERR_print_errors(bio_err); | 970 ERR_print_errors(bio_err); |
| 803 goto end; | 971 goto end; |
| 804 } | 972 } |
| 805 #if 0 | 973 #if 0 |
| 806 else | 974 else |
| 807 SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); | 975 SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); |
| 808 #endif | 976 #endif |
| 809 | 977 |
| 810 SSL_CTX_set_verify(ctx,verify,verify_callback); | 978 SSL_CTX_set_verify(ctx,verify,verify_callback); |
| 811 if (!set_cert_key_stuff(ctx,cert,key)) | 979 if (!set_cert_key_stuff(ctx,cert,key)) |
| 812 goto end; | 980 goto end; |
| 813 | 981 |
| 814 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || | 982 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || |
| 815 (!SSL_CTX_set_default_verify_paths(ctx))) | 983 (!SSL_CTX_set_default_verify_paths(ctx))) |
| 816 { | 984 { |
| 817 /* BIO_printf(bio_err,"error setting default verify locations\n"
); */ | 985 /* BIO_printf(bio_err,"error setting default verify locations\n"
); */ |
| 818 ERR_print_errors(bio_err); | 986 ERR_print_errors(bio_err); |
| 819 /* goto end; */ | 987 /* goto end; */ |
| 820 } | 988 } |
| 821 | 989 |
| 822 store = SSL_CTX_get_cert_store(ctx); | |
| 823 X509_STORE_set_flags(store, vflags); | |
| 824 #ifndef OPENSSL_NO_TLSEXT | 990 #ifndef OPENSSL_NO_TLSEXT |
| 825 if (servername != NULL) | 991 if (servername != NULL) |
| 826 { | 992 { |
| 827 tlsextcbp.biodebug = bio_err; | 993 tlsextcbp.biodebug = bio_err; |
| 828 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | 994 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
| 829 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); | 995 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); |
| 830 } | 996 } |
| 831 #endif | 997 #endif |
| 832 | 998 |
| 833 con=SSL_new(ctx); | 999 con=SSL_new(ctx); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 858 if (servername != NULL) | 1024 if (servername != NULL) |
| 859 { | 1025 { |
| 860 if (!SSL_set_tlsext_host_name(con,servername)) | 1026 if (!SSL_set_tlsext_host_name(con,servername)) |
| 861 { | 1027 { |
| 862 BIO_printf(bio_err,"Unable to set TLS servername extensi
on.\n"); | 1028 BIO_printf(bio_err,"Unable to set TLS servername extensi
on.\n"); |
| 863 ERR_print_errors(bio_err); | 1029 ERR_print_errors(bio_err); |
| 864 goto end; | 1030 goto end; |
| 865 } | 1031 } |
| 866 } | 1032 } |
| 867 #endif | 1033 #endif |
| 868 | |
| 869 #ifndef OPENSSL_NO_KRB5 | 1034 #ifndef OPENSSL_NO_KRB5 |
| 870 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) | 1035 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) |
| 871 { | 1036 { |
| 872 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); | 1037 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); |
| 873 } | 1038 } |
| 874 #endif /* OPENSSL_NO_KRB5 */ | 1039 #endif /* OPENSSL_NO_KRB5 */ |
| 875 /* SSL_set_cipher_list(con,"RC4-MD5"); */ | 1040 /* SSL_set_cipher_list(con,"RC4-MD5"); */ |
| 1041 #if 0 |
| 1042 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 1043 SSL_set_tlsext_opaque_prf_input(con, "Test client", 11); |
| 1044 #endif |
| 1045 #endif |
| 876 | 1046 |
| 877 re_start: | 1047 re_start: |
| 878 | 1048 |
| 879 » if (init_client(&s,host,port,sock_type) == 0) | 1049 » if (init_client(&s,host,port,socket_type) == 0) |
| 880 { | 1050 { |
| 881 BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error())
; | 1051 BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error())
; |
| 882 SHUTDOWN(s); | 1052 SHUTDOWN(s); |
| 883 goto end; | 1053 goto end; |
| 884 } | 1054 } |
| 885 BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); | 1055 BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); |
| 886 | 1056 |
| 887 #ifdef FIONBIO | 1057 #ifdef FIONBIO |
| 888 if (c_nbio) | 1058 if (c_nbio) |
| 889 { | 1059 { |
| (...skipping 15 matching lines...) Expand all Loading... |
| 905 if (getsockname(s, &peer, (void *)&peerlen) < 0) | 1075 if (getsockname(s, &peer, (void *)&peerlen) < 0) |
| 906 { | 1076 { |
| 907 BIO_printf(bio_err, "getsockname:errno=%d\n", | 1077 BIO_printf(bio_err, "getsockname:errno=%d\n", |
| 908 get_last_socket_error()); | 1078 get_last_socket_error()); |
| 909 SHUTDOWN(s); | 1079 SHUTDOWN(s); |
| 910 goto end; | 1080 goto end; |
| 911 } | 1081 } |
| 912 | 1082 |
| 913 (void)BIO_ctrl_set_connected(sbio, 1, &peer); | 1083 (void)BIO_ctrl_set_connected(sbio, 1, &peer); |
| 914 | 1084 |
| 915 » » if ( enable_timeouts) | 1085 » » if (enable_timeouts) |
| 916 { | 1086 { |
| 917 timeout.tv_sec = 0; | 1087 timeout.tv_sec = 0; |
| 918 timeout.tv_usec = DGRAM_RCV_TIMEOUT; | 1088 timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
| 919 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &time
out); | 1089 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &time
out); |
| 920 | 1090 |
| 921 timeout.tv_sec = 0; | 1091 timeout.tv_sec = 0; |
| 922 timeout.tv_usec = DGRAM_SND_TIMEOUT; | 1092 timeout.tv_usec = DGRAM_SND_TIMEOUT; |
| 923 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &time
out); | 1093 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &time
out); |
| 924 } | 1094 } |
| 925 | 1095 |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1126 { | 1296 { |
| 1127 in_init=1; | 1297 in_init=1; |
| 1128 tty_on=0; | 1298 tty_on=0; |
| 1129 } | 1299 } |
| 1130 else | 1300 else |
| 1131 { | 1301 { |
| 1132 tty_on=1; | 1302 tty_on=1; |
| 1133 if (in_init) | 1303 if (in_init) |
| 1134 { | 1304 { |
| 1135 in_init=0; | 1305 in_init=0; |
| 1306 #if 0 /* This test doesn't really work as intended (needs to be fixed) */ |
| 1307 #ifndef OPENSSL_NO_TLSEXT |
| 1308 if (servername != NULL && !SSL_session_reused(co
n)) |
| 1309 { |
| 1310 BIO_printf(bio_c_out,"Server did %sackno
wledge servername extension.\n",tlsextcbp.ack?"":"not "); |
| 1311 } |
| 1312 #endif |
| 1313 #endif |
| 1136 if (sess_out) | 1314 if (sess_out) |
| 1137 { | 1315 { |
| 1138 BIO *stmp = BIO_new_file(sess_out, "w"); | 1316 BIO *stmp = BIO_new_file(sess_out, "w"); |
| 1139 if (stmp) | 1317 if (stmp) |
| 1140 { | 1318 { |
| 1141 PEM_write_bio_SSL_SESSION(stmp,
SSL_get_session(con)); | 1319 PEM_write_bio_SSL_SESSION(stmp,
SSL_get_session(con)); |
| 1142 BIO_free(stmp); | 1320 BIO_free(stmp); |
| 1143 } | 1321 } |
| 1144 else | 1322 else |
| 1145 BIO_printf(bio_err, "Error writi
ng session file %s\n", sess_out); | 1323 BIO_printf(bio_err, "Error writi
ng session file %s\n", sess_out); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 1163 SHUTDOWN(SSL_get_fd(con)); | 1341 SHUTDOWN(SSL_get_fd(con)); |
| 1164 goto re_start; | 1342 goto re_start; |
| 1165 } | 1343 } |
| 1166 } | 1344 } |
| 1167 } | 1345 } |
| 1168 | 1346 |
| 1169 ssl_pending = read_ssl && SSL_pending(con); | 1347 ssl_pending = read_ssl && SSL_pending(con); |
| 1170 | 1348 |
| 1171 if (!ssl_pending) | 1349 if (!ssl_pending) |
| 1172 { | 1350 { |
| 1173 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPE
NSSL_SYS_NETWARE) | 1351 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPE
NSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5) |
| 1174 if (tty_on) | 1352 if (tty_on) |
| 1175 { | 1353 { |
| 1176 » » » » if (read_tty) FD_SET(fileno(stdin),&readfds); | 1354 » » » » if (read_tty) openssl_fdset(fileno(stdin),&read
fds); |
| 1177 » » » » if (write_tty) FD_SET(fileno(stdout),&writefds); | 1355 » » » » if (write_tty) openssl_fdset(fileno(stdout),&wri
tefds); |
| 1178 } | 1356 } |
| 1179 if (read_ssl) | 1357 if (read_ssl) |
| 1180 » » » » FD_SET(SSL_get_fd(con),&readfds); | 1358 » » » » openssl_fdset(SSL_get_fd(con),&readfds); |
| 1181 if (write_ssl) | 1359 if (write_ssl) |
| 1182 » » » » FD_SET(SSL_get_fd(con),&writefds); | 1360 » » » » openssl_fdset(SSL_get_fd(con),&writefds); |
| 1183 #else | 1361 #else |
| 1184 if(!tty_on || !write_tty) { | 1362 if(!tty_on || !write_tty) { |
| 1185 if (read_ssl) | 1363 if (read_ssl) |
| 1186 » » » » » FD_SET(SSL_get_fd(con),&readfds); | 1364 » » » » » openssl_fdset(SSL_get_fd(con),&readfds); |
| 1187 if (write_ssl) | 1365 if (write_ssl) |
| 1188 » » » » » FD_SET(SSL_get_fd(con),&writefds); | 1366 » » » » » openssl_fdset(SSL_get_fd(con),&writefds)
; |
| 1189 } | 1367 } |
| 1190 #endif | 1368 #endif |
| 1191 /* printf("mode tty(%d %d%d) ssl(%d%d)\n", | 1369 /* printf("mode tty(%d %d%d) ssl(%d%d)\n", |
| 1192 tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ | 1370 tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ |
| 1193 | 1371 |
| 1194 /* Note: under VMS with SOCKETSHR the second parameter | 1372 /* Note: under VMS with SOCKETSHR the second parameter |
| 1195 * is currently of type (int *) whereas under other | 1373 * is currently of type (int *) whereas under other |
| 1196 * systems it is (void *) if you don't have a cast it | 1374 * systems it is (void *) if you don't have a cast it |
| 1197 * will choke the compiler: if you do have a cast then | 1375 * will choke the compiler: if you do have a cast then |
| 1198 * you can either go for (int *) or (void *). | 1376 * you can either go for (int *) or (void *). |
| (...skipping 24 matching lines...) Expand all Loading... |
| 1223 #elif defined(OPENSSL_SYS_NETWARE) | 1401 #elif defined(OPENSSL_SYS_NETWARE) |
| 1224 if(!write_tty) { | 1402 if(!write_tty) { |
| 1225 if(read_tty) { | 1403 if(read_tty) { |
| 1226 tv.tv_sec = 1; | 1404 tv.tv_sec = 1; |
| 1227 tv.tv_usec = 0; | 1405 tv.tv_usec = 0; |
| 1228 i=select(width,(void *)&readfds,(void *)
&writefds, | 1406 i=select(width,(void *)&readfds,(void *)
&writefds, |
| 1229 NULL,&tv); | 1407 NULL,&tv); |
| 1230 } else i=select(width,(void *)&readfds,(void *)
&writefds, | 1408 } else i=select(width,(void *)&readfds,(void *)
&writefds, |
| 1231 NULL,timeoutp); | 1409 NULL,timeoutp); |
| 1232 } | 1410 } |
| 1411 #elif defined(OPENSSL_SYS_BEOS_R5) |
| 1412 /* Under BeOS-R5 the situation is similar to DOS */ |
| 1413 i=0; |
| 1414 stdin_set = 0; |
| 1415 (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); |
| 1416 if(!write_tty) { |
| 1417 if(read_tty) { |
| 1418 tv.tv_sec = 1; |
| 1419 tv.tv_usec = 0; |
| 1420 i=select(width,(void *)&readfds,(void *)
&writefds, |
| 1421 NULL,&tv); |
| 1422 if (read(fileno(stdin), sbuf, 0) >= 0) |
| 1423 stdin_set = 1; |
| 1424 if (!i && (stdin_set != 1 || !read_tty)) |
| 1425 continue; |
| 1426 } else i=select(width,(void *)&readfds,(void *)
&writefds, |
| 1427 NULL,timeoutp); |
| 1428 } |
| 1429 (void)fcntl(fileno(stdin), F_SETFL, 0); |
| 1233 #else | 1430 #else |
| 1234 i=select(width,(void *)&readfds,(void *)&writefds, | 1431 i=select(width,(void *)&readfds,(void *)&writefds, |
| 1235 NULL,timeoutp); | 1432 NULL,timeoutp); |
| 1236 #endif | 1433 #endif |
| 1237 if ( i < 0) | 1434 if ( i < 0) |
| 1238 { | 1435 { |
| 1239 BIO_printf(bio_err,"bad select %d\n", | 1436 BIO_printf(bio_err,"bad select %d\n", |
| 1240 get_last_socket_error()); | 1437 get_last_socket_error()); |
| 1241 goto shut; | 1438 goto shut; |
| 1242 /* goto end; */ | 1439 /* goto end; */ |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1281 read_ssl=1; | 1478 read_ssl=1; |
| 1282 write_ssl=0; | 1479 write_ssl=0; |
| 1283 break; | 1480 break; |
| 1284 case SSL_ERROR_WANT_X509_LOOKUP: | 1481 case SSL_ERROR_WANT_X509_LOOKUP: |
| 1285 BIO_printf(bio_c_out,"write X BLOCK\n"); | 1482 BIO_printf(bio_c_out,"write X BLOCK\n"); |
| 1286 break; | 1483 break; |
| 1287 case SSL_ERROR_ZERO_RETURN: | 1484 case SSL_ERROR_ZERO_RETURN: |
| 1288 if (cbuf_len != 0) | 1485 if (cbuf_len != 0) |
| 1289 { | 1486 { |
| 1290 BIO_printf(bio_c_out,"shutdown\n"); | 1487 BIO_printf(bio_c_out,"shutdown\n"); |
| 1488 ret = 0; |
| 1291 goto shut; | 1489 goto shut; |
| 1292 } | 1490 } |
| 1293 else | 1491 else |
| 1294 { | 1492 { |
| 1295 read_tty=1; | 1493 read_tty=1; |
| 1296 write_ssl=0; | 1494 write_ssl=0; |
| 1297 break; | 1495 break; |
| 1298 } | 1496 } |
| 1299 | 1497 |
| 1300 case SSL_ERROR_SYSCALL: | 1498 case SSL_ERROR_SYSCALL: |
| 1301 if ((k != 0) || (cbuf_len != 0)) | 1499 if ((k != 0) || (cbuf_len != 0)) |
| 1302 { | 1500 { |
| 1303 BIO_printf(bio_err,"write:errno=%d\n", | 1501 BIO_printf(bio_err,"write:errno=%d\n", |
| 1304 get_last_socket_error()); | 1502 get_last_socket_error()); |
| 1305 goto shut; | 1503 goto shut; |
| 1306 } | 1504 } |
| 1307 else | 1505 else |
| 1308 { | 1506 { |
| 1309 read_tty=1; | 1507 read_tty=1; |
| 1310 write_ssl=0; | 1508 write_ssl=0; |
| 1311 } | 1509 } |
| 1312 break; | 1510 break; |
| 1313 case SSL_ERROR_SSL: | 1511 case SSL_ERROR_SSL: |
| 1314 ERR_print_errors(bio_err); | 1512 ERR_print_errors(bio_err); |
| 1315 goto shut; | 1513 goto shut; |
| 1316 } | 1514 } |
| 1317 } | 1515 } |
| 1318 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) | 1516 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) |
| 1319 » » /* Assume Windows/DOS can always write */ | 1517 » » /* Assume Windows/DOS/BeOS can always write */ |
| 1320 else if (!ssl_pending && write_tty) | 1518 else if (!ssl_pending && write_tty) |
| 1321 #else | 1519 #else |
| 1322 else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) | 1520 else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) |
| 1323 #endif | 1521 #endif |
| 1324 { | 1522 { |
| 1325 #ifdef CHARSET_EBCDIC | 1523 #ifdef CHARSET_EBCDIC |
| 1326 ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_le
n); | 1524 ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_le
n); |
| 1327 #endif | 1525 #endif |
| 1328 » » » i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); | 1526 » » » i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len); |
| 1329 | 1527 |
| 1330 if (i <= 0) | 1528 if (i <= 0) |
| 1331 { | 1529 { |
| 1332 BIO_printf(bio_c_out,"DONE\n"); | 1530 BIO_printf(bio_c_out,"DONE\n"); |
| 1531 ret = 0; |
| 1333 goto shut; | 1532 goto shut; |
| 1334 /* goto end; */ | 1533 /* goto end; */ |
| 1335 } | 1534 } |
| 1336 | 1535 |
| 1337 sbuf_len-=i;; | 1536 sbuf_len-=i;; |
| 1338 sbuf_off+=i; | 1537 sbuf_off+=i; |
| 1339 if (sbuf_len <= 0) | 1538 if (sbuf_len <= 0) |
| 1340 { | 1539 { |
| 1341 read_ssl=1; | 1540 read_ssl=1; |
| 1342 write_tty=0; | 1541 write_tty=0; |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1377 BIO_printf(bio_c_out,"read R BLOCK\n"); | 1576 BIO_printf(bio_c_out,"read R BLOCK\n"); |
| 1378 write_tty=0; | 1577 write_tty=0; |
| 1379 read_ssl=1; | 1578 read_ssl=1; |
| 1380 if ((read_tty == 0) && (write_ssl == 0)) | 1579 if ((read_tty == 0) && (write_ssl == 0)) |
| 1381 write_ssl=1; | 1580 write_ssl=1; |
| 1382 break; | 1581 break; |
| 1383 case SSL_ERROR_WANT_X509_LOOKUP: | 1582 case SSL_ERROR_WANT_X509_LOOKUP: |
| 1384 BIO_printf(bio_c_out,"read X BLOCK\n"); | 1583 BIO_printf(bio_c_out,"read X BLOCK\n"); |
| 1385 break; | 1584 break; |
| 1386 case SSL_ERROR_SYSCALL: | 1585 case SSL_ERROR_SYSCALL: |
| 1387 » » » » BIO_printf(bio_err,"read:errno=%d\n",get_last_so
cket_error()); | 1586 » » » » ret=get_last_socket_error(); |
| 1587 » » » » BIO_printf(bio_err,"read:errno=%d\n",ret); |
| 1388 goto shut; | 1588 goto shut; |
| 1389 case SSL_ERROR_ZERO_RETURN: | 1589 case SSL_ERROR_ZERO_RETURN: |
| 1390 BIO_printf(bio_c_out,"closed\n"); | 1590 BIO_printf(bio_c_out,"closed\n"); |
| 1591 ret=0; |
| 1391 goto shut; | 1592 goto shut; |
| 1392 case SSL_ERROR_SSL: | 1593 case SSL_ERROR_SSL: |
| 1393 ERR_print_errors(bio_err); | 1594 ERR_print_errors(bio_err); |
| 1394 goto shut; | 1595 goto shut; |
| 1395 /* break; */ | 1596 /* break; */ |
| 1396 } | 1597 } |
| 1397 } | 1598 } |
| 1398 | 1599 |
| 1399 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) | 1600 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) |
| 1400 #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) | 1601 #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) |
| 1401 else if (_kbhit()) | 1602 else if (_kbhit()) |
| 1402 #else | 1603 #else |
| 1403 else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(Get
StdHandle(STD_INPUT_HANDLE), 0))) | 1604 else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(Get
StdHandle(STD_INPUT_HANDLE), 0))) |
| 1404 #endif | 1605 #endif |
| 1405 #elif defined (OPENSSL_SYS_NETWARE) | 1606 #elif defined (OPENSSL_SYS_NETWARE) |
| 1406 else if (_kbhit()) | 1607 » » else if (_kbhit()) |
| 1608 #elif defined(OPENSSL_SYS_BEOS_R5) |
| 1609 » » else if (stdin_set) |
| 1407 #else | 1610 #else |
| 1408 else if (FD_ISSET(fileno(stdin),&readfds)) | 1611 else if (FD_ISSET(fileno(stdin),&readfds)) |
| 1409 #endif | 1612 #endif |
| 1410 { | 1613 { |
| 1411 if (crlf) | 1614 if (crlf) |
| 1412 { | 1615 { |
| 1413 int j, lf_num; | 1616 int j, lf_num; |
| 1414 | 1617 |
| 1415 » » » » i=read(fileno(stdin),cbuf,BUFSIZZ/2); | 1618 » » » » i=raw_read_stdin(cbuf,BUFSIZZ/2); |
| 1416 lf_num = 0; | 1619 lf_num = 0; |
| 1417 /* both loops are skipped when i <= 0 */ | 1620 /* both loops are skipped when i <= 0 */ |
| 1418 for (j = 0; j < i; j++) | 1621 for (j = 0; j < i; j++) |
| 1419 if (cbuf[j] == '\n') | 1622 if (cbuf[j] == '\n') |
| 1420 lf_num++; | 1623 lf_num++; |
| 1421 for (j = i-1; j >= 0; j--) | 1624 for (j = i-1; j >= 0; j--) |
| 1422 { | 1625 { |
| 1423 cbuf[j+lf_num] = cbuf[j]; | 1626 cbuf[j+lf_num] = cbuf[j]; |
| 1424 if (cbuf[j] == '\n') | 1627 if (cbuf[j] == '\n') |
| 1425 { | 1628 { |
| 1426 lf_num--; | 1629 lf_num--; |
| 1427 i++; | 1630 i++; |
| 1428 cbuf[j+lf_num] = '\r'; | 1631 cbuf[j+lf_num] = '\r'; |
| 1429 } | 1632 } |
| 1430 } | 1633 } |
| 1431 assert(lf_num == 0); | 1634 assert(lf_num == 0); |
| 1432 } | 1635 } |
| 1433 else | 1636 else |
| 1434 » » » » i=read(fileno(stdin),cbuf,BUFSIZZ); | 1637 » » » » i=raw_read_stdin(cbuf,BUFSIZZ); |
| 1435 | 1638 |
| 1436 if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) | 1639 if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) |
| 1437 { | 1640 { |
| 1438 BIO_printf(bio_err,"DONE\n"); | 1641 BIO_printf(bio_err,"DONE\n"); |
| 1642 ret=0; |
| 1439 goto shut; | 1643 goto shut; |
| 1440 } | 1644 } |
| 1441 | 1645 |
| 1442 if ((!c_ign_eof) && (cbuf[0] == 'R')) | 1646 if ((!c_ign_eof) && (cbuf[0] == 'R')) |
| 1443 { | 1647 { |
| 1444 BIO_printf(bio_err,"RENEGOTIATING\n"); | 1648 BIO_printf(bio_err,"RENEGOTIATING\n"); |
| 1445 SSL_renegotiate(con); | 1649 SSL_renegotiate(con); |
| 1446 cbuf_len=0; | 1650 cbuf_len=0; |
| 1447 } | 1651 } |
| 1448 else | 1652 else |
| 1449 { | 1653 { |
| 1450 cbuf_len=i; | 1654 cbuf_len=i; |
| 1451 cbuf_off=0; | 1655 cbuf_off=0; |
| 1452 #ifdef CHARSET_EBCDIC | 1656 #ifdef CHARSET_EBCDIC |
| 1453 ebcdic2ascii(cbuf, cbuf, i); | 1657 ebcdic2ascii(cbuf, cbuf, i); |
| 1454 #endif | 1658 #endif |
| 1455 } | 1659 } |
| 1456 | 1660 |
| 1457 write_ssl=1; | 1661 write_ssl=1; |
| 1458 read_tty=0; | 1662 read_tty=0; |
| 1459 } | 1663 } |
| 1460 } | 1664 } |
| 1665 |
| 1666 ret=0; |
| 1461 shut: | 1667 shut: |
| 1668 if (in_init) |
| 1669 print_stuff(bio_c_out,con,full_log); |
| 1462 SSL_shutdown(con); | 1670 SSL_shutdown(con); |
| 1463 SHUTDOWN(SSL_get_fd(con)); | 1671 SHUTDOWN(SSL_get_fd(con)); |
| 1464 ret=0; | |
| 1465 end: | 1672 end: |
| 1466 » if(prexit) print_stuff(bio_c_out,con,1); | 1673 » if (con != NULL) |
| 1467 » if (con != NULL) SSL_free(con); | 1674 » » { |
| 1468 » if (con2 != NULL) SSL_free(con2); | 1675 » » if (prexit != 0) |
| 1676 » » » print_stuff(bio_c_out,con,1); |
| 1677 » » SSL_free(con); |
| 1678 » » } |
| 1469 if (ctx != NULL) SSL_CTX_free(ctx); | 1679 if (ctx != NULL) SSL_CTX_free(ctx); |
| 1470 if (cert) | 1680 if (cert) |
| 1471 X509_free(cert); | 1681 X509_free(cert); |
| 1472 if (key) | 1682 if (key) |
| 1473 EVP_PKEY_free(key); | 1683 EVP_PKEY_free(key); |
| 1474 if (pass) | 1684 if (pass) |
| 1475 OPENSSL_free(pass); | 1685 OPENSSL_free(pass); |
| 1476 if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } | 1686 if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } |
| 1477 if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } | 1687 if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } |
| 1478 if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } | 1688 if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } |
| 1479 if (bio_c_out != NULL) | 1689 if (bio_c_out != NULL) |
| 1480 { | 1690 { |
| 1481 BIO_free(bio_c_out); | 1691 BIO_free(bio_c_out); |
| 1482 bio_c_out=NULL; | 1692 bio_c_out=NULL; |
| 1483 } | 1693 } |
| 1484 apps_shutdown(); | 1694 apps_shutdown(); |
| 1485 OPENSSL_EXIT(ret); | 1695 OPENSSL_EXIT(ret); |
| 1486 } | 1696 } |
| 1487 | 1697 |
| 1488 | 1698 |
| 1489 static void print_stuff(BIO *bio, SSL *s, int full) | 1699 static void print_stuff(BIO *bio, SSL *s, int full) |
| 1490 { | 1700 { |
| 1491 X509 *peer=NULL; | 1701 X509 *peer=NULL; |
| 1492 char *p; | 1702 char *p; |
| 1493 static const char *space=" "; | 1703 static const char *space=" "; |
| 1494 char buf[BUFSIZ]; | 1704 char buf[BUFSIZ]; |
| 1495 STACK_OF(X509) *sk; | 1705 STACK_OF(X509) *sk; |
| 1496 STACK_OF(X509_NAME) *sk2; | 1706 STACK_OF(X509_NAME) *sk2; |
| 1497 » SSL_CIPHER *c; | 1707 » const SSL_CIPHER *c; |
| 1498 X509_NAME *xn; | 1708 X509_NAME *xn; |
| 1499 int j,i; | 1709 int j,i; |
| 1500 #ifndef OPENSSL_NO_COMP | 1710 #ifndef OPENSSL_NO_COMP |
| 1501 const COMP_METHOD *comp, *expansion; | 1711 const COMP_METHOD *comp, *expansion; |
| 1502 #endif | 1712 #endif |
| 1503 | 1713 |
| 1504 if (full) | 1714 if (full) |
| 1505 { | 1715 { |
| 1506 int got_a_chain = 0; | 1716 int got_a_chain = 0; |
| 1507 | 1717 |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1606 SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); | 1816 SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); |
| 1607 #ifndef OPENSSL_NO_COMP | 1817 #ifndef OPENSSL_NO_COMP |
| 1608 comp=SSL_get_current_compression(s); | 1818 comp=SSL_get_current_compression(s); |
| 1609 expansion=SSL_get_current_expansion(s); | 1819 expansion=SSL_get_current_expansion(s); |
| 1610 BIO_printf(bio,"Compression: %s\n", | 1820 BIO_printf(bio,"Compression: %s\n", |
| 1611 comp ? SSL_COMP_get_name(comp) : "NONE"); | 1821 comp ? SSL_COMP_get_name(comp) : "NONE"); |
| 1612 BIO_printf(bio,"Expansion: %s\n", | 1822 BIO_printf(bio,"Expansion: %s\n", |
| 1613 expansion ? SSL_COMP_get_name(expansion) : "NONE"); | 1823 expansion ? SSL_COMP_get_name(expansion) : "NONE"); |
| 1614 #endif | 1824 #endif |
| 1615 | 1825 |
| 1616 #ifndef OPENSSL_NO_TLSEXT | 1826 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 1617 » { | 1827 » if (next_proto.status != -1) { |
| 1618 » » if (next_proto.status != -1) { | 1828 » » const unsigned char *proto; |
| 1619 » » » const unsigned char *proto; | 1829 » » unsigned int proto_len; |
| 1620 » » » unsigned int proto_len; | 1830 » » SSL_get0_next_proto_negotiated(s, &proto, &proto_len); |
| 1621 » » » SSL_get0_next_proto_negotiated(s, &proto, &proto_len); | 1831 » » BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); |
| 1622 » » » BIO_printf(bio, "Next protocol: (%d) ", next_proto.statu
s); | 1832 » » BIO_write(bio, proto, proto_len); |
| 1623 » » » BIO_write(bio, proto, proto_len); | 1833 » » BIO_write(bio, "\n", 1); |
| 1624 » » » BIO_write(bio, "\n", 1); | |
| 1625 » » } | |
| 1626 } | 1834 } |
| 1627 #endif | 1835 #endif |
| 1628 | 1836 |
| 1629 SSL_SESSION_print(bio,SSL_get_session(s)); | 1837 SSL_SESSION_print(bio,SSL_get_session(s)); |
| 1630 BIO_printf(bio,"---\n"); | 1838 BIO_printf(bio,"---\n"); |
| 1631 if (peer != NULL) | 1839 if (peer != NULL) |
| 1632 X509_free(peer); | 1840 X509_free(peer); |
| 1633 /* flush, or debugging output gets mixed with http response */ | 1841 /* flush, or debugging output gets mixed with http response */ |
| 1634 (void)BIO_flush(bio); | 1842 (void)BIO_flush(bio); |
| 1635 } | 1843 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 1654 BIO_puts(arg, "response parse error\n"); | 1862 BIO_puts(arg, "response parse error\n"); |
| 1655 BIO_dump_indent(arg, (char *)p, len, 4); | 1863 BIO_dump_indent(arg, (char *)p, len, 4); |
| 1656 return 0; | 1864 return 0; |
| 1657 } | 1865 } |
| 1658 BIO_puts(arg, "\n======================================\n"); | 1866 BIO_puts(arg, "\n======================================\n"); |
| 1659 OCSP_RESPONSE_print(arg, rsp, 0); | 1867 OCSP_RESPONSE_print(arg, rsp, 0); |
| 1660 BIO_puts(arg, "======================================\n"); | 1868 BIO_puts(arg, "======================================\n"); |
| 1661 OCSP_RESPONSE_free(rsp); | 1869 OCSP_RESPONSE_free(rsp); |
| 1662 return 1; | 1870 return 1; |
| 1663 } | 1871 } |
| 1664 #endif /* ndef OPENSSL_NO_TLSEXT */ | 1872 |
| 1873 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/