OLD | NEW |
1 /* apps/s_client.c */ | 1 /* apps/s_client.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 /* ==================================================================== | 58 /* ==================================================================== |
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
60 * | 60 * |
61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
63 * are met: | 63 * are met: |
64 * | 64 * |
65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
67 * | 67 * |
68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
103 * OF THE POSSIBILITY OF SUCH DAMAGE. | 103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
104 * ==================================================================== | 104 * ==================================================================== |
105 * | 105 * |
106 * This product includes cryptographic software written by Eric Young | 106 * This product includes cryptographic software written by Eric Young |
107 * (eay@cryptsoft.com). This product includes software written by Tim | 107 * (eay@cryptsoft.com). This product includes software written by Tim |
108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
109 * | 109 * |
110 */ | 110 */ |
| 111 /* ==================================================================== |
| 112 * Copyright 2005 Nokia. All rights reserved. |
| 113 * |
| 114 * The portions of the attached software ("Contribution") is developed by |
| 115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 116 * license. |
| 117 * |
| 118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 120 * support (see RFC 4279) to OpenSSL. |
| 121 * |
| 122 * No patent licenses or other rights except those expressly stated in |
| 123 * the OpenSSL open source license shall be deemed granted or received |
| 124 * expressly, by implication, estoppel, or otherwise. |
| 125 * |
| 126 * No assurances are provided by Nokia that the Contribution does not |
| 127 * infringe the patent or other intellectual property rights of any third |
| 128 * party or that the license provides you with all the necessary rights |
| 129 * to make use of the Contribution. |
| 130 * |
| 131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 135 * OTHERWISE. |
| 136 */ |
111 | 137 |
112 #include <assert.h> | 138 #include <assert.h> |
| 139 #include <ctype.h> |
113 #include <stdio.h> | 140 #include <stdio.h> |
114 #include <stdlib.h> | 141 #include <stdlib.h> |
115 #include <string.h> | 142 #include <string.h> |
116 #include <openssl/e_os2.h> | 143 #include <openssl/e_os2.h> |
117 #ifdef OPENSSL_NO_STDIO | 144 #ifdef OPENSSL_NO_STDIO |
118 #define APPS_WIN16 | 145 #define APPS_WIN16 |
119 #endif | 146 #endif |
120 | 147 |
121 /* With IPv6, it looks like Digital has mixed up the proper order of | 148 /* With IPv6, it looks like Digital has mixed up the proper order of |
122 recursive header file inclusion, resulting in the compiler complaining | 149 recursive header file inclusion, resulting in the compiler complaining |
123 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which | 150 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which |
124 is needed to have fileno() declared correctly... So let's define u_int */ | 151 is needed to have fileno() declared correctly... So let's define u_int */ |
125 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) | 152 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) |
126 #define __U_INT | 153 #define __U_INT |
127 typedef unsigned int u_int; | 154 typedef unsigned int u_int; |
128 #endif | 155 #endif |
129 | 156 |
130 #define USE_SOCKETS | 157 #define USE_SOCKETS |
131 #include "apps.h" | 158 #include "apps.h" |
132 #include <openssl/x509.h> | 159 #include <openssl/x509.h> |
133 #include <openssl/ssl.h> | 160 #include <openssl/ssl.h> |
134 #include <openssl/err.h> | 161 #include <openssl/err.h> |
135 #include <openssl/pem.h> | 162 #include <openssl/pem.h> |
136 #include <openssl/rand.h> | 163 #include <openssl/rand.h> |
137 #include <openssl/ocsp.h> | 164 #include <openssl/ocsp.h> |
| 165 #include <openssl/bn.h> |
138 #include "s_apps.h" | 166 #include "s_apps.h" |
139 #include "timeouts.h" | 167 #include "timeouts.h" |
140 | 168 |
141 #ifdef OPENSSL_SYS_WINCE | |
142 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problem
s below... */ | |
143 #ifdef fileno | |
144 #undef fileno | |
145 #endif | |
146 #define fileno(a) (int)_fileno(a) | |
147 #endif | |
148 | |
149 | |
150 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) | 169 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) |
151 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ | 170 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ |
152 #undef FIONBIO | 171 #undef FIONBIO |
153 #endif | 172 #endif |
154 | 173 |
| 174 #if defined(OPENSSL_SYS_BEOS_R5) |
| 175 #include <fcntl.h> |
| 176 #endif |
| 177 |
155 #undef PROG | 178 #undef PROG |
156 #define PROG s_client_main | 179 #define PROG s_client_main |
157 | 180 |
158 /*#define SSL_HOST_NAME "www.netscape.com" */ | 181 /*#define SSL_HOST_NAME "www.netscape.com" */ |
159 /*#define SSL_HOST_NAME "193.118.187.102" */ | 182 /*#define SSL_HOST_NAME "193.118.187.102" */ |
160 #define SSL_HOST_NAME "localhost" | 183 #define SSL_HOST_NAME "localhost" |
161 | 184 |
162 /*#define TEST_CERT "client.pem" */ /* no default cert. */ | 185 /*#define TEST_CERT "client.pem" */ /* no default cert. */ |
163 | 186 |
164 #undef BUFSIZZ | 187 #undef BUFSIZZ |
165 #define BUFSIZZ 1024*8 | 188 #define BUFSIZZ 1024*8 |
166 | 189 |
167 extern int verify_depth; | 190 extern int verify_depth; |
168 extern int verify_error; | 191 extern int verify_error; |
| 192 extern int verify_return_error; |
169 | 193 |
170 #ifdef FIONBIO | 194 #ifdef FIONBIO |
171 static int c_nbio=0; | 195 static int c_nbio=0; |
172 #endif | 196 #endif |
173 static int c_Pause=0; | 197 static int c_Pause=0; |
174 static int c_debug=0; | 198 static int c_debug=0; |
175 #ifndef OPENSSL_NO_TLSEXT | 199 #ifndef OPENSSL_NO_TLSEXT |
176 static int c_tlsextdebug=0; | 200 static int c_tlsextdebug=0; |
177 static int c_status_req=0; | 201 static int c_status_req=0; |
178 #endif | 202 #endif |
179 static int c_msg=0; | 203 static int c_msg=0; |
180 static int c_showcerts=0; | 204 static int c_showcerts=0; |
181 | 205 |
182 static void sc_usage(void); | 206 static void sc_usage(void); |
183 static void print_stuff(BIO *berr,SSL *con,int full); | 207 static void print_stuff(BIO *berr,SSL *con,int full); |
184 #ifndef OPENSSL_NO_TLSEXT | 208 #ifndef OPENSSL_NO_TLSEXT |
185 static int ocsp_resp_cb(SSL *s, void *arg); | 209 static int ocsp_resp_cb(SSL *s, void *arg); |
186 #endif | 210 #endif |
187 static BIO *bio_c_out=NULL; | 211 static BIO *bio_c_out=NULL; |
188 static int c_quiet=0; | 212 static int c_quiet=0; |
189 static int c_ign_eof=0; | 213 static int c_ign_eof=0; |
190 | 214 |
| 215 #ifndef OPENSSL_NO_PSK |
| 216 /* Default PSK identity and key */ |
| 217 static char *psk_identity="Client_identity"; |
| 218 /*char *psk_key=NULL; by default PSK is not used */ |
| 219 |
| 220 static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, |
| 221 unsigned int max_identity_len, unsigned char *psk, |
| 222 unsigned int max_psk_len) |
| 223 { |
| 224 unsigned int psk_len = 0; |
| 225 int ret; |
| 226 BIGNUM *bn=NULL; |
| 227 |
| 228 if (c_debug) |
| 229 BIO_printf(bio_c_out, "psk_client_cb\n"); |
| 230 if (!hint) |
| 231 { |
| 232 /* no ServerKeyExchange message*/ |
| 233 if (c_debug) |
| 234 BIO_printf(bio_c_out,"NULL received PSK identity hint, c
ontinuing anyway\n"); |
| 235 } |
| 236 else if (c_debug) |
| 237 BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint)
; |
| 238 |
| 239 /* lookup PSK identity and PSK key based on the given identity hint here
*/ |
| 240 ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); |
| 241 if (ret < 0 || (unsigned int)ret > max_identity_len) |
| 242 goto out_err; |
| 243 if (c_debug) |
| 244 BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity
, ret); |
| 245 ret=BN_hex2bn(&bn, psk_key); |
| 246 if (!ret) |
| 247 { |
| 248 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n",
psk_key); |
| 249 if (bn) |
| 250 BN_free(bn); |
| 251 return 0; |
| 252 } |
| 253 |
| 254 if ((unsigned int)BN_num_bytes(bn) > max_psk_len) |
| 255 { |
| 256 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for
key (%d)\n", |
| 257 max_psk_len, BN_num_bytes(bn)); |
| 258 BN_free(bn); |
| 259 return 0; |
| 260 } |
| 261 |
| 262 psk_len=BN_bn2bin(bn, psk); |
| 263 BN_free(bn); |
| 264 if (psk_len == 0) |
| 265 goto out_err; |
| 266 |
| 267 if (c_debug) |
| 268 BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); |
| 269 |
| 270 return psk_len; |
| 271 out_err: |
| 272 if (c_debug) |
| 273 BIO_printf(bio_err, "Error in PSK client callback\n"); |
| 274 return 0; |
| 275 } |
| 276 #endif |
| 277 |
191 static void sc_usage(void) | 278 static void sc_usage(void) |
192 { | 279 { |
193 BIO_printf(bio_err,"usage: s_client args\n"); | 280 BIO_printf(bio_err,"usage: s_client args\n"); |
194 BIO_printf(bio_err,"\n"); | 281 BIO_printf(bio_err,"\n"); |
195 BIO_printf(bio_err," -host host - use -connect instead\n"); | 282 BIO_printf(bio_err," -host host - use -connect instead\n"); |
196 BIO_printf(bio_err," -port port - use -connect instead\n"); | 283 BIO_printf(bio_err," -port port - use -connect instead\n"); |
197 BIO_printf(bio_err," -connect host:port - who to connect to (default is
%s:%s)\n",SSL_HOST_NAME,PORT_STR); | 284 BIO_printf(bio_err," -connect host:port - who to connect to (default is
%s:%s)\n",SSL_HOST_NAME,PORT_STR); |
198 | 285 |
199 » BIO_printf(bio_err," -verify depth - turn on peer certificate verificati
on\n"); | 286 » BIO_printf(bio_err," -verify arg - turn on peer certificate verificati
on\n"); |
200 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format
assumed\n"); | 287 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format
assumed\n"); |
201 BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM
default\n"); | 288 BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM
default\n"); |
202 BIO_printf(bio_err," -key arg - Private key file to use, in cert fi
le if\n"); | 289 BIO_printf(bio_err," -key arg - Private key file to use, in cert fi
le if\n"); |
203 BIO_printf(bio_err," not specified but cert file is.\n")
; | 290 BIO_printf(bio_err," not specified but cert file is.\n")
; |
204 BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default
\n"); | 291 BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default
\n"); |
205 BIO_printf(bio_err," -pass arg - private key file pass phrase source
\n"); | 292 BIO_printf(bio_err," -pass arg - private key file pass phrase source
\n"); |
206 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); | 293 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); |
207 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); | 294 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); |
208 BIO_printf(bio_err," -reconnect - Drop and re-make the connection wit
h the same Session-ID\n"); | 295 BIO_printf(bio_err," -reconnect - Drop and re-make the connection wit
h the same Session-ID\n"); |
209 BIO_printf(bio_err," -pause - sleep(1) after each read(2) and wri
te(2) system call\n"); | 296 BIO_printf(bio_err," -pause - sleep(1) after each read(2) and wri
te(2) system call\n"); |
210 BIO_printf(bio_err," -showcerts - show all certificates in the chain\
n"); | 297 BIO_printf(bio_err," -showcerts - show all certificates in the chain\
n"); |
211 BIO_printf(bio_err," -debug - extra output\n"); | 298 BIO_printf(bio_err," -debug - extra output\n"); |
212 #ifdef WATT32 | 299 #ifdef WATT32 |
213 BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); | 300 BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); |
214 #endif | 301 #endif |
215 BIO_printf(bio_err," -msg - Show protocol messages\n"); | 302 BIO_printf(bio_err," -msg - Show protocol messages\n"); |
216 BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); | 303 BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); |
217 BIO_printf(bio_err," -state - print the 'ssl' states\n"); | 304 BIO_printf(bio_err," -state - print the 'ssl' states\n"); |
218 #ifdef FIONBIO | 305 #ifdef FIONBIO |
219 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); | 306 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); |
220 #endif | 307 #endif |
221 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\
n"); | 308 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\
n"); |
222 BIO_printf(bio_err," -quiet - no s_client output\n"); | 309 BIO_printf(bio_err," -quiet - no s_client output\n"); |
223 BIO_printf(bio_err," -ign_eof - ignore input eof (default when -qui
et)\n"); | 310 BIO_printf(bio_err," -ign_eof - ignore input eof (default when -qui
et)\n"); |
224 BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); | 311 BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); |
| 312 #ifndef OPENSSL_NO_PSK |
| 313 BIO_printf(bio_err," -psk_identity arg - PSK identity\n"); |
| 314 BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); |
| 315 # ifndef OPENSSL_NO_JPAKE |
| 316 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); |
| 317 # endif |
| 318 #endif |
225 BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); | 319 BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); |
226 BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); | 320 BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); |
227 BIO_printf(bio_err," -tls1 - just use TLSv1\n"); | 321 BIO_printf(bio_err," -tls1 - just use TLSv1\n"); |
228 BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); | 322 BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); |
229 BIO_printf(bio_err," -mtu - set the link layer MTU\n"); | 323 BIO_printf(bio_err," -mtu - set the link layer MTU\n"); |
230 BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
\n"); | 324 BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
\n"); |
231 BIO_printf(bio_err," -bugs - Switch on all SSL implementation bu
g workarounds\n"); | 325 BIO_printf(bio_err," -bugs - Switch on all SSL implementation bu
g workarounds\n"); |
232 BIO_printf(bio_err," -serverpref - Use server's cipher preferences (on
ly SSLv2)\n"); | 326 BIO_printf(bio_err," -serverpref - Use server's cipher preferences (on
ly SSLv2)\n"); |
233 BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'o
penssl ciphers'\n"); | 327 BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'o
penssl ciphers'\n"); |
234 BIO_printf(bio_err," command to see what is available\n"
); | 328 BIO_printf(bio_err," command to see what is available\n"
); |
235 BIO_printf(bio_err," -starttls prot - use the STARTTLS command before st
arting TLS\n"); | 329 BIO_printf(bio_err," -starttls prot - use the STARTTLS command before st
arting TLS\n"); |
236 BIO_printf(bio_err," for those protocols that support it
, where\n"); | 330 BIO_printf(bio_err," for those protocols that support it
, where\n"); |
237 BIO_printf(bio_err," 'prot' defines which one to assume.
Currently,\n"); | 331 BIO_printf(bio_err," 'prot' defines which one to assume.
Currently,\n"); |
238 BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\",
\"ftp\" and \"xmpp\"\n"); | 332 BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\",
\"ftp\" and \"xmpp\"\n"); |
239 BIO_printf(bio_err," are supported.\n"); | 333 BIO_printf(bio_err," are supported.\n"); |
240 #ifndef OPENSSL_NO_ENGINE | 334 #ifndef OPENSSL_NO_ENGINE |
241 BIO_printf(bio_err," -engine id - Initialise and use the specified en
gine\n"); | 335 BIO_printf(bio_err," -engine id - Initialise and use the specified en
gine\n"); |
242 #endif | 336 #endif |
243 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST
_SEPARATOR_CHAR); | 337 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST
_SEPARATOR_CHAR); |
244 BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); | 338 BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); |
245 BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); | 339 BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); |
246 #ifndef OPENSSL_NO_TLSEXT | 340 #ifndef OPENSSL_NO_TLSEXT |
247 BIO_printf(bio_err," -servername host - Set TLS extension servername in
ClientHello\n"); | 341 BIO_printf(bio_err," -servername host - Set TLS extension servername in
ClientHello\n"); |
248 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions
received\n"); | 342 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions
received\n"); |
249 BIO_printf(bio_err," -status - request certificate status from
server\n"); | 343 BIO_printf(bio_err," -status - request certificate status from
server\n"); |
250 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis sessi
on tickets\n"); | 344 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis sessi
on tickets\n"); |
| 345 # ifndef OPENSSL_NO_NEXTPROTONEG |
| 346 BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, consideri
ng named protocols supported (comma-separated list)\n"); |
| 347 # endif |
251 BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for
strong ciphers\n"); | 348 BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for
strong ciphers\n"); |
252 BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, consideri
ng named protocols supported (comma-separated list)\n"); | |
253 #endif | 349 #endif |
254 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); | 350 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); |
255 } | 351 } |
256 | 352 |
257 #ifndef OPENSSL_NO_TLSEXT | 353 #ifndef OPENSSL_NO_TLSEXT |
258 | 354 |
259 /* This is a context that we pass to callbacks */ | 355 /* This is a context that we pass to callbacks */ |
260 typedef struct tlsextctx_st { | 356 typedef struct tlsextctx_st { |
261 BIO * biodebug; | 357 BIO * biodebug; |
262 int ack; | 358 int ack; |
263 } tlsextctx; | 359 } tlsextctx; |
264 | 360 |
265 | 361 |
266 static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) | 362 static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) |
267 { | 363 { |
268 tlsextctx * p = (tlsextctx *) arg; | 364 tlsextctx * p = (tlsextctx *) arg; |
269 const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); | 365 const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); |
270 if (SSL_get_servername_type(s) != -1) | 366 if (SSL_get_servername_type(s) != -1) |
271 p->ack = !SSL_session_reused(s) && hn != NULL; | 367 p->ack = !SSL_session_reused(s) && hn != NULL; |
272 else | 368 else |
273 BIO_printf(bio_err,"Can't use SSL_get_servername\n"); | 369 BIO_printf(bio_err,"Can't use SSL_get_servername\n"); |
274 | 370 |
275 return SSL_TLSEXT_ERR_OK; | 371 return SSL_TLSEXT_ERR_OK; |
276 } | 372 } |
277 #endif | |
278 enum | |
279 { | |
280 PROTO_OFF = 0, | |
281 PROTO_SMTP, | |
282 PROTO_POP3, | |
283 PROTO_IMAP, | |
284 PROTO_FTP, | |
285 PROTO_XMPP | |
286 }; | |
287 | 373 |
| 374 # ifndef OPENSSL_NO_NEXTPROTONEG |
288 /* This the context that we pass to next_proto_cb */ | 375 /* This the context that we pass to next_proto_cb */ |
289 typedef struct tlsextnextprotoctx_st { | 376 typedef struct tlsextnextprotoctx_st { |
290 unsigned char *data; | 377 unsigned char *data; |
291 unsigned short len; | 378 unsigned short len; |
292 int status; | 379 int status; |
293 } tlsextnextprotoctx; | 380 } tlsextnextprotoctx; |
294 | 381 |
295 static tlsextnextprotoctx next_proto; | 382 static tlsextnextprotoctx next_proto; |
296 | 383 |
297 static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
st unsigned char *in, unsigned int inlen, void *arg) | 384 static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
st unsigned char *in, unsigned int inlen, void *arg) |
(...skipping 11 matching lines...) Expand all Loading... |
309 BIO_write(bio_c_out, ", ", 2); | 396 BIO_write(bio_c_out, ", ", 2); |
310 BIO_write(bio_c_out, &in[i + 1], in[i]); | 397 BIO_write(bio_c_out, &in[i + 1], in[i]); |
311 i += in[i] + 1; | 398 i += in[i] + 1; |
312 } | 399 } |
313 BIO_write(bio_c_out, "\n", 1); | 400 BIO_write(bio_c_out, "\n", 1); |
314 } | 401 } |
315 | 402 |
316 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, c
tx->len); | 403 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, c
tx->len); |
317 return SSL_TLSEXT_ERR_OK; | 404 return SSL_TLSEXT_ERR_OK; |
318 } | 405 } |
| 406 # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ |
| 407 #endif |
| 408 |
| 409 enum |
| 410 { |
| 411 PROTO_OFF = 0, |
| 412 PROTO_SMTP, |
| 413 PROTO_POP3, |
| 414 PROTO_IMAP, |
| 415 PROTO_FTP, |
| 416 PROTO_XMPP |
| 417 }; |
319 | 418 |
320 int MAIN(int, char **); | 419 int MAIN(int, char **); |
321 | 420 |
322 int MAIN(int argc, char **argv) | 421 int MAIN(int argc, char **argv) |
323 { | 422 { |
324 » int off=0, clr = 0; | 423 » unsigned int off=0, clr=0; |
325 » SSL *con=NULL,*con2=NULL; | 424 » SSL *con=NULL; |
326 » X509_STORE *store = NULL; | |
327 int s,k,width,state=0; | 425 int s,k,width,state=0; |
328 char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; | 426 char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; |
329 int cbuf_len,cbuf_off; | 427 int cbuf_len,cbuf_off; |
330 int sbuf_len,sbuf_off; | 428 int sbuf_len,sbuf_off; |
331 fd_set readfds,writefds; | 429 fd_set readfds,writefds; |
332 short port=PORT; | 430 short port=PORT; |
333 int full_log=1; | 431 int full_log=1; |
334 char *host=SSL_HOST_NAME; | 432 char *host=SSL_HOST_NAME; |
335 char *cert_file=NULL,*key_file=NULL; | 433 char *cert_file=NULL,*key_file=NULL; |
336 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; | 434 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; |
337 char *passarg = NULL, *pass = NULL; | 435 char *passarg = NULL, *pass = NULL; |
338 X509 *cert = NULL; | 436 X509 *cert = NULL; |
339 EVP_PKEY *key = NULL; | 437 EVP_PKEY *key = NULL; |
340 char *CApath=NULL,*CAfile=NULL,*cipher=NULL; | 438 char *CApath=NULL,*CAfile=NULL,*cipher=NULL; |
341 int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; | 439 int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; |
342 int cutthrough=0; | 440 int cutthrough=0; |
343 int crlf=0; | 441 int crlf=0; |
344 int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; | 442 int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; |
345 SSL_CTX *ctx=NULL; | 443 SSL_CTX *ctx=NULL; |
346 int ret=1,in_init=1,i,nbio_test=0; | 444 int ret=1,in_init=1,i,nbio_test=0; |
347 int starttls_proto = PROTO_OFF; | 445 int starttls_proto = PROTO_OFF; |
348 » int prexit = 0, vflags = 0; | 446 » int prexit = 0; |
349 » SSL_METHOD *meth=NULL; | 447 » X509_VERIFY_PARAM *vpm = NULL; |
350 #ifdef sock_type | 448 » int badarg = 0; |
351 #undef sock_type | 449 » const SSL_METHOD *meth=NULL; |
352 #endif | 450 » int socket_type=SOCK_STREAM; |
353 » int sock_type=SOCK_STREAM; | |
354 BIO *sbio; | 451 BIO *sbio; |
355 char *inrand=NULL; | 452 char *inrand=NULL; |
356 int mbuf_len=0; | 453 int mbuf_len=0; |
357 struct timeval timeout, *timeoutp; | 454 struct timeval timeout, *timeoutp; |
358 #ifndef OPENSSL_NO_ENGINE | 455 #ifndef OPENSSL_NO_ENGINE |
359 char *engine_id=NULL; | 456 char *engine_id=NULL; |
360 char *ssl_client_engine_id=NULL; | 457 char *ssl_client_engine_id=NULL; |
361 ENGINE *ssl_client_engine=NULL; | 458 ENGINE *ssl_client_engine=NULL; |
362 #endif | 459 #endif |
363 ENGINE *e=NULL; | 460 ENGINE *e=NULL; |
364 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) | 461 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) |
365 struct timeval tv; | 462 struct timeval tv; |
| 463 #if defined(OPENSSL_SYS_BEOS_R5) |
| 464 int stdin_set = 0; |
366 #endif | 465 #endif |
367 | 466 #endif |
368 #ifndef OPENSSL_NO_TLSEXT | 467 #ifndef OPENSSL_NO_TLSEXT |
369 char *servername = NULL; | 468 char *servername = NULL; |
370 tlsextctx tlsextcbp = | 469 tlsextctx tlsextcbp = |
371 {NULL,0}; | 470 {NULL,0}; |
| 471 # ifndef OPENSSL_NO_NEXTPROTONEG |
372 const char *next_proto_neg_in = NULL; | 472 const char *next_proto_neg_in = NULL; |
| 473 # endif |
373 #endif | 474 #endif |
374 char *sess_in = NULL; | 475 char *sess_in = NULL; |
375 char *sess_out = NULL; | 476 char *sess_out = NULL; |
376 struct sockaddr peer; | 477 struct sockaddr peer; |
377 int peerlen = sizeof(peer); | 478 int peerlen = sizeof(peer); |
378 int enable_timeouts = 0 ; | 479 int enable_timeouts = 0 ; |
379 long socket_mtu = 0; | 480 long socket_mtu = 0; |
380 #ifndef OPENSSL_NO_JPAKE | 481 #ifndef OPENSSL_NO_JPAKE |
381 char *jpake_secret = NULL; | 482 char *jpake_secret = NULL; |
382 #endif | 483 #endif |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
458 else if (strcmp(*argv,"-sess_in") == 0) | 559 else if (strcmp(*argv,"-sess_in") == 0) |
459 { | 560 { |
460 if (--argc < 1) goto bad; | 561 if (--argc < 1) goto bad; |
461 sess_in = *(++argv); | 562 sess_in = *(++argv); |
462 } | 563 } |
463 else if (strcmp(*argv,"-certform") == 0) | 564 else if (strcmp(*argv,"-certform") == 0) |
464 { | 565 { |
465 if (--argc < 1) goto bad; | 566 if (--argc < 1) goto bad; |
466 cert_format = str2fmt(*(++argv)); | 567 cert_format = str2fmt(*(++argv)); |
467 } | 568 } |
468 » » else if»(strcmp(*argv,"-crl_check") == 0) | 569 » » else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) |
469 » » » vflags |= X509_V_FLAG_CRL_CHECK; | 570 » » » { |
470 » » else if»(strcmp(*argv,"-crl_check_all") == 0) | 571 » » » if (badarg) |
471 » » » vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_AL
L; | 572 » » » » goto bad; |
| 573 » » » continue; |
| 574 » » » } |
| 575 » » else if (strcmp(*argv,"-verify_return_error") == 0) |
| 576 » » » verify_return_error = 1; |
472 else if (strcmp(*argv,"-prexit") == 0) | 577 else if (strcmp(*argv,"-prexit") == 0) |
473 prexit=1; | 578 prexit=1; |
474 else if (strcmp(*argv,"-crlf") == 0) | 579 else if (strcmp(*argv,"-crlf") == 0) |
475 crlf=1; | 580 crlf=1; |
476 else if (strcmp(*argv,"-quiet") == 0) | 581 else if (strcmp(*argv,"-quiet") == 0) |
477 { | 582 { |
478 c_quiet=1; | 583 c_quiet=1; |
479 c_ign_eof=1; | 584 c_ign_eof=1; |
480 } | 585 } |
481 else if (strcmp(*argv,"-ign_eof") == 0) | 586 else if (strcmp(*argv,"-ign_eof") == 0) |
(...skipping 15 matching lines...) Expand all Loading... |
497 dbug_init(); | 602 dbug_init(); |
498 #endif | 603 #endif |
499 else if (strcmp(*argv,"-msg") == 0) | 604 else if (strcmp(*argv,"-msg") == 0) |
500 c_msg=1; | 605 c_msg=1; |
501 else if (strcmp(*argv,"-showcerts") == 0) | 606 else if (strcmp(*argv,"-showcerts") == 0) |
502 c_showcerts=1; | 607 c_showcerts=1; |
503 else if (strcmp(*argv,"-nbio_test") == 0) | 608 else if (strcmp(*argv,"-nbio_test") == 0) |
504 nbio_test=1; | 609 nbio_test=1; |
505 else if (strcmp(*argv,"-state") == 0) | 610 else if (strcmp(*argv,"-state") == 0) |
506 state=1; | 611 state=1; |
| 612 #ifndef OPENSSL_NO_PSK |
| 613 else if (strcmp(*argv,"-psk_identity") == 0) |
| 614 { |
| 615 if (--argc < 1) goto bad; |
| 616 psk_identity=*(++argv); |
| 617 } |
| 618 else if (strcmp(*argv,"-psk") == 0) |
| 619 { |
| 620 size_t j; |
| 621 |
| 622 if (--argc < 1) goto bad; |
| 623 psk_key=*(++argv); |
| 624 for (j = 0; j < strlen(psk_key); j++) |
| 625 { |
| 626 if (isxdigit((int)psk_key[j])) |
| 627 continue; |
| 628 BIO_printf(bio_err,"Not a hex number '%s'\n",*ar
gv); |
| 629 goto bad; |
| 630 } |
| 631 } |
| 632 #endif |
507 #ifndef OPENSSL_NO_SSL2 | 633 #ifndef OPENSSL_NO_SSL2 |
508 else if (strcmp(*argv,"-ssl2") == 0) | 634 else if (strcmp(*argv,"-ssl2") == 0) |
509 meth=SSLv2_client_method(); | 635 meth=SSLv2_client_method(); |
510 #endif | 636 #endif |
511 #ifndef OPENSSL_NO_SSL3 | 637 #ifndef OPENSSL_NO_SSL3 |
512 else if (strcmp(*argv,"-ssl3") == 0) | 638 else if (strcmp(*argv,"-ssl3") == 0) |
513 meth=SSLv3_client_method(); | 639 meth=SSLv3_client_method(); |
514 #endif | 640 #endif |
515 #ifndef OPENSSL_NO_TLS1 | 641 #ifndef OPENSSL_NO_TLS1 |
516 else if (strcmp(*argv,"-tls1") == 0) | 642 else if (strcmp(*argv,"-tls1") == 0) |
517 meth=TLSv1_client_method(); | 643 meth=TLSv1_client_method(); |
518 #endif | 644 #endif |
519 #ifndef OPENSSL_NO_DTLS1 | 645 #ifndef OPENSSL_NO_DTLS1 |
520 else if (strcmp(*argv,"-dtls1") == 0) | 646 else if (strcmp(*argv,"-dtls1") == 0) |
521 { | 647 { |
522 meth=DTLSv1_client_method(); | 648 meth=DTLSv1_client_method(); |
523 » » » sock_type=SOCK_DGRAM; | 649 » » » socket_type=SOCK_DGRAM; |
524 } | 650 } |
525 else if (strcmp(*argv,"-timeout") == 0) | 651 else if (strcmp(*argv,"-timeout") == 0) |
526 enable_timeouts=1; | 652 enable_timeouts=1; |
527 else if (strcmp(*argv,"-mtu") == 0) | 653 else if (strcmp(*argv,"-mtu") == 0) |
528 { | 654 { |
529 if (--argc < 1) goto bad; | 655 if (--argc < 1) goto bad; |
530 socket_mtu = atol(*(++argv)); | 656 socket_mtu = atol(*(++argv)); |
531 } | 657 } |
532 #endif | 658 #endif |
533 else if (strcmp(*argv,"-bugs") == 0) | 659 else if (strcmp(*argv,"-bugs") == 0) |
(...skipping 26 matching lines...) Expand all Loading... |
560 { | 686 { |
561 if (--argc < 1) goto bad; | 687 if (--argc < 1) goto bad; |
562 CAfile= *(++argv); | 688 CAfile= *(++argv); |
563 } | 689 } |
564 else if (strcmp(*argv,"-no_tls1") == 0) | 690 else if (strcmp(*argv,"-no_tls1") == 0) |
565 off|=SSL_OP_NO_TLSv1; | 691 off|=SSL_OP_NO_TLSv1; |
566 else if (strcmp(*argv,"-no_ssl3") == 0) | 692 else if (strcmp(*argv,"-no_ssl3") == 0) |
567 off|=SSL_OP_NO_SSLv3; | 693 off|=SSL_OP_NO_SSLv3; |
568 else if (strcmp(*argv,"-no_ssl2") == 0) | 694 else if (strcmp(*argv,"-no_ssl2") == 0) |
569 off|=SSL_OP_NO_SSLv2; | 695 off|=SSL_OP_NO_SSLv2; |
| 696 else if (strcmp(*argv,"-no_comp") == 0) |
| 697 { off|=SSL_OP_NO_COMPRESSION; } |
570 #ifndef OPENSSL_NO_TLSEXT | 698 #ifndef OPENSSL_NO_TLSEXT |
571 else if (strcmp(*argv,"-no_ticket") == 0) | 699 else if (strcmp(*argv,"-no_ticket") == 0) |
572 { off|=SSL_OP_NO_TICKET; } | 700 { off|=SSL_OP_NO_TICKET; } |
| 701 # ifndef OPENSSL_NO_NEXTPROTONEG |
573 else if (strcmp(*argv,"-nextprotoneg") == 0) | 702 else if (strcmp(*argv,"-nextprotoneg") == 0) |
574 { | 703 { |
575 if (--argc < 1) goto bad; | 704 if (--argc < 1) goto bad; |
576 next_proto_neg_in = *(++argv); | 705 next_proto_neg_in = *(++argv); |
577 } | 706 } |
| 707 # endif |
578 #endif | 708 #endif |
579 else if (strcmp(*argv,"-cutthrough") == 0) | 709 else if (strcmp(*argv,"-cutthrough") == 0) |
580 cutthrough=1; | 710 cutthrough=1; |
581 else if (strcmp(*argv,"-serverpref") == 0) | 711 else if (strcmp(*argv,"-serverpref") == 0) |
582 off|=SSL_OP_CIPHER_SERVER_PREFERENCE; | 712 off|=SSL_OP_CIPHER_SERVER_PREFERENCE; |
583 else if (strcmp(*argv,"-legacy_renegotiation") == 0) | 713 else if (strcmp(*argv,"-legacy_renegotiation") == 0) |
584 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; | 714 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; |
585 else if (strcmp(*argv,"-legacy_server_connect") == 0) | 715 else if (strcmp(*argv,"-legacy_server_connect") == 0) |
586 { off|=SSL_OP_LEGACY_SERVER_CONNECT; } | 716 { off|=SSL_OP_LEGACY_SERVER_CONNECT; } |
587 else if (strcmp(*argv,"-no_legacy_server_connect") == 0) | 717 else if (strcmp(*argv,"-no_legacy_server_connect") == 0) |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
653 argc--; | 783 argc--; |
654 argv++; | 784 argv++; |
655 } | 785 } |
656 if (badop) | 786 if (badop) |
657 { | 787 { |
658 bad: | 788 bad: |
659 sc_usage(); | 789 sc_usage(); |
660 goto end; | 790 goto end; |
661 } | 791 } |
662 | 792 |
| 793 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) |
| 794 if (jpake_secret) |
| 795 { |
| 796 if (psk_key) |
| 797 { |
| 798 BIO_printf(bio_err, |
| 799 "Can't use JPAKE and PSK together\n"); |
| 800 goto end; |
| 801 } |
| 802 psk_identity = "JPAKE"; |
| 803 } |
| 804 |
| 805 if (cipher) |
| 806 { |
| 807 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); |
| 808 goto end; |
| 809 } |
| 810 cipher = "PSK"; |
| 811 #endif |
| 812 |
663 OpenSSL_add_ssl_algorithms(); | 813 OpenSSL_add_ssl_algorithms(); |
664 SSL_load_error_strings(); | 814 SSL_load_error_strings(); |
665 | 815 |
666 #ifndef OPENSSL_NO_TLSEXT | 816 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
667 next_proto.status = -1; | 817 next_proto.status = -1; |
668 if (next_proto_neg_in) | 818 if (next_proto_neg_in) |
669 { | 819 { |
670 next_proto.data = next_protos_parse(&next_proto.len, next_proto_
neg_in); | 820 next_proto.data = next_protos_parse(&next_proto.len, next_proto_
neg_in); |
671 if (next_proto.data == NULL) | 821 if (next_proto.data == NULL) |
672 { | 822 { |
673 BIO_printf(bio_err, "Error parsing -nextprotoneg argumen
t\n"); | 823 BIO_printf(bio_err, "Error parsing -nextprotoneg argumen
t\n"); |
674 goto end; | 824 goto end; |
675 } | 825 } |
676 } | 826 } |
677 else | 827 else |
678 next_proto.data = NULL; | 828 next_proto.data = NULL; |
679 #endif | 829 #endif |
680 | 830 |
681 #ifndef OPENSSL_NO_ENGINE | 831 #ifndef OPENSSL_NO_ENGINE |
682 e = setup_engine(bio_err, engine_id, 1); | 832 e = setup_engine(bio_err, engine_id, 1); |
683 if (ssl_client_engine_id) | 833 if (ssl_client_engine_id) |
684 { | 834 { |
685 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); | 835 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); |
686 if (!ssl_client_engine) | 836 if (!ssl_client_engine) |
687 { | 837 { |
688 BIO_printf(bio_err, | 838 BIO_printf(bio_err, |
689 "Error getting client auth engine\n"); | 839 "Error getting client auth engine\n"); |
690 goto end; | 840 goto end; |
691 } | 841 } |
692 } | 842 } |
| 843 |
693 #endif | 844 #endif |
694 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) | 845 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) |
695 { | 846 { |
696 BIO_printf(bio_err, "Error getting password\n"); | 847 BIO_printf(bio_err, "Error getting password\n"); |
697 goto end; | 848 goto end; |
698 } | 849 } |
699 | 850 |
700 if (key_file == NULL) | 851 if (key_file == NULL) |
701 key_file = cert_file; | 852 key_file = cert_file; |
702 | 853 |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
750 } | 901 } |
751 } | 902 } |
752 | 903 |
753 ctx=SSL_CTX_new(meth); | 904 ctx=SSL_CTX_new(meth); |
754 if (ctx == NULL) | 905 if (ctx == NULL) |
755 { | 906 { |
756 ERR_print_errors(bio_err); | 907 ERR_print_errors(bio_err); |
757 goto end; | 908 goto end; |
758 } | 909 } |
759 | 910 |
| 911 if (vpm) |
| 912 SSL_CTX_set1_param(ctx, vpm); |
| 913 |
760 #ifndef OPENSSL_NO_ENGINE | 914 #ifndef OPENSSL_NO_ENGINE |
761 if (ssl_client_engine) | 915 if (ssl_client_engine) |
762 { | 916 { |
763 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) | 917 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) |
764 { | 918 { |
765 BIO_puts(bio_err, "Error setting client auth engine\n"); | 919 BIO_puts(bio_err, "Error setting client auth engine\n"); |
766 ERR_print_errors(bio_err); | 920 ERR_print_errors(bio_err); |
767 ENGINE_free(ssl_client_engine); | 921 ENGINE_free(ssl_client_engine); |
768 goto end; | 922 goto end; |
769 } | 923 } |
770 ENGINE_free(ssl_client_engine); | 924 ENGINE_free(ssl_client_engine); |
771 } | 925 } |
772 #endif | 926 #endif |
773 | 927 |
| 928 #ifndef OPENSSL_NO_PSK |
| 929 #ifdef OPENSSL_NO_JPAKE |
| 930 if (psk_key != NULL) |
| 931 #else |
| 932 if (psk_key != NULL || jpake_secret) |
| 933 #endif |
| 934 { |
| 935 if (c_debug) |
| 936 BIO_printf(bio_c_out, "PSK key given or JPAKE in use, se
tting client callback\n"); |
| 937 SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); |
| 938 } |
| 939 #endif |
774 if (bugs) | 940 if (bugs) |
775 SSL_CTX_set_options(ctx,SSL_OP_ALL|off); | 941 SSL_CTX_set_options(ctx,SSL_OP_ALL|off); |
776 else | 942 else |
777 SSL_CTX_set_options(ctx,off); | 943 SSL_CTX_set_options(ctx,off); |
778 | 944 |
779 if (clr) | 945 if (clr) |
780 SSL_CTX_clear_options(ctx, clr); | 946 SSL_CTX_clear_options(ctx, clr); |
781 /* DTLS: partial reads end up discarding unread UDP bytes :-( | 947 /* DTLS: partial reads end up discarding unread UDP bytes :-( |
782 * Setting read ahead solves this problem. | 948 * Setting read ahead solves this problem. |
783 */ | 949 */ |
784 » if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); | 950 » if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); |
785 | 951 |
786 /* Enable handshake cutthrough for client connections using | 952 /* Enable handshake cutthrough for client connections using |
787 * strong ciphers. */ | 953 * strong ciphers. */ |
788 if (cutthrough) | 954 if (cutthrough) |
789 { | 955 { |
790 int ssl_mode = SSL_CTX_get_mode(ctx); | 956 int ssl_mode = SSL_CTX_get_mode(ctx); |
791 ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH; | 957 ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH; |
792 SSL_CTX_set_mode(ctx, ssl_mode); | 958 SSL_CTX_set_mode(ctx, ssl_mode); |
793 } | 959 } |
794 | 960 |
| 961 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
795 if (next_proto.data) | 962 if (next_proto.data) |
796 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto
); | 963 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto
); |
| 964 #endif |
797 | 965 |
798 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); | 966 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); |
799 if (cipher != NULL) | 967 if (cipher != NULL) |
800 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { | 968 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { |
801 BIO_printf(bio_err,"error setting cipher list\n"); | 969 BIO_printf(bio_err,"error setting cipher list\n"); |
802 ERR_print_errors(bio_err); | 970 ERR_print_errors(bio_err); |
803 goto end; | 971 goto end; |
804 } | 972 } |
805 #if 0 | 973 #if 0 |
806 else | 974 else |
807 SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); | 975 SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); |
808 #endif | 976 #endif |
809 | 977 |
810 SSL_CTX_set_verify(ctx,verify,verify_callback); | 978 SSL_CTX_set_verify(ctx,verify,verify_callback); |
811 if (!set_cert_key_stuff(ctx,cert,key)) | 979 if (!set_cert_key_stuff(ctx,cert,key)) |
812 goto end; | 980 goto end; |
813 | 981 |
814 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || | 982 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || |
815 (!SSL_CTX_set_default_verify_paths(ctx))) | 983 (!SSL_CTX_set_default_verify_paths(ctx))) |
816 { | 984 { |
817 /* BIO_printf(bio_err,"error setting default verify locations\n"
); */ | 985 /* BIO_printf(bio_err,"error setting default verify locations\n"
); */ |
818 ERR_print_errors(bio_err); | 986 ERR_print_errors(bio_err); |
819 /* goto end; */ | 987 /* goto end; */ |
820 } | 988 } |
821 | 989 |
822 store = SSL_CTX_get_cert_store(ctx); | |
823 X509_STORE_set_flags(store, vflags); | |
824 #ifndef OPENSSL_NO_TLSEXT | 990 #ifndef OPENSSL_NO_TLSEXT |
825 if (servername != NULL) | 991 if (servername != NULL) |
826 { | 992 { |
827 tlsextcbp.biodebug = bio_err; | 993 tlsextcbp.biodebug = bio_err; |
828 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | 994 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
829 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); | 995 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); |
830 } | 996 } |
831 #endif | 997 #endif |
832 | 998 |
833 con=SSL_new(ctx); | 999 con=SSL_new(ctx); |
(...skipping 24 matching lines...) Expand all Loading... |
858 if (servername != NULL) | 1024 if (servername != NULL) |
859 { | 1025 { |
860 if (!SSL_set_tlsext_host_name(con,servername)) | 1026 if (!SSL_set_tlsext_host_name(con,servername)) |
861 { | 1027 { |
862 BIO_printf(bio_err,"Unable to set TLS servername extensi
on.\n"); | 1028 BIO_printf(bio_err,"Unable to set TLS servername extensi
on.\n"); |
863 ERR_print_errors(bio_err); | 1029 ERR_print_errors(bio_err); |
864 goto end; | 1030 goto end; |
865 } | 1031 } |
866 } | 1032 } |
867 #endif | 1033 #endif |
868 | |
869 #ifndef OPENSSL_NO_KRB5 | 1034 #ifndef OPENSSL_NO_KRB5 |
870 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) | 1035 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) |
871 { | 1036 { |
872 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); | 1037 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); |
873 } | 1038 } |
874 #endif /* OPENSSL_NO_KRB5 */ | 1039 #endif /* OPENSSL_NO_KRB5 */ |
875 /* SSL_set_cipher_list(con,"RC4-MD5"); */ | 1040 /* SSL_set_cipher_list(con,"RC4-MD5"); */ |
| 1041 #if 0 |
| 1042 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 1043 SSL_set_tlsext_opaque_prf_input(con, "Test client", 11); |
| 1044 #endif |
| 1045 #endif |
876 | 1046 |
877 re_start: | 1047 re_start: |
878 | 1048 |
879 » if (init_client(&s,host,port,sock_type) == 0) | 1049 » if (init_client(&s,host,port,socket_type) == 0) |
880 { | 1050 { |
881 BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error())
; | 1051 BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error())
; |
882 SHUTDOWN(s); | 1052 SHUTDOWN(s); |
883 goto end; | 1053 goto end; |
884 } | 1054 } |
885 BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); | 1055 BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); |
886 | 1056 |
887 #ifdef FIONBIO | 1057 #ifdef FIONBIO |
888 if (c_nbio) | 1058 if (c_nbio) |
889 { | 1059 { |
(...skipping 15 matching lines...) Expand all Loading... |
905 if (getsockname(s, &peer, (void *)&peerlen) < 0) | 1075 if (getsockname(s, &peer, (void *)&peerlen) < 0) |
906 { | 1076 { |
907 BIO_printf(bio_err, "getsockname:errno=%d\n", | 1077 BIO_printf(bio_err, "getsockname:errno=%d\n", |
908 get_last_socket_error()); | 1078 get_last_socket_error()); |
909 SHUTDOWN(s); | 1079 SHUTDOWN(s); |
910 goto end; | 1080 goto end; |
911 } | 1081 } |
912 | 1082 |
913 (void)BIO_ctrl_set_connected(sbio, 1, &peer); | 1083 (void)BIO_ctrl_set_connected(sbio, 1, &peer); |
914 | 1084 |
915 » » if ( enable_timeouts) | 1085 » » if (enable_timeouts) |
916 { | 1086 { |
917 timeout.tv_sec = 0; | 1087 timeout.tv_sec = 0; |
918 timeout.tv_usec = DGRAM_RCV_TIMEOUT; | 1088 timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
919 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &time
out); | 1089 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &time
out); |
920 | 1090 |
921 timeout.tv_sec = 0; | 1091 timeout.tv_sec = 0; |
922 timeout.tv_usec = DGRAM_SND_TIMEOUT; | 1092 timeout.tv_usec = DGRAM_SND_TIMEOUT; |
923 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &time
out); | 1093 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &time
out); |
924 } | 1094 } |
925 | 1095 |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1126 { | 1296 { |
1127 in_init=1; | 1297 in_init=1; |
1128 tty_on=0; | 1298 tty_on=0; |
1129 } | 1299 } |
1130 else | 1300 else |
1131 { | 1301 { |
1132 tty_on=1; | 1302 tty_on=1; |
1133 if (in_init) | 1303 if (in_init) |
1134 { | 1304 { |
1135 in_init=0; | 1305 in_init=0; |
| 1306 #if 0 /* This test doesn't really work as intended (needs to be fixed) */ |
| 1307 #ifndef OPENSSL_NO_TLSEXT |
| 1308 if (servername != NULL && !SSL_session_reused(co
n)) |
| 1309 { |
| 1310 BIO_printf(bio_c_out,"Server did %sackno
wledge servername extension.\n",tlsextcbp.ack?"":"not "); |
| 1311 } |
| 1312 #endif |
| 1313 #endif |
1136 if (sess_out) | 1314 if (sess_out) |
1137 { | 1315 { |
1138 BIO *stmp = BIO_new_file(sess_out, "w"); | 1316 BIO *stmp = BIO_new_file(sess_out, "w"); |
1139 if (stmp) | 1317 if (stmp) |
1140 { | 1318 { |
1141 PEM_write_bio_SSL_SESSION(stmp,
SSL_get_session(con)); | 1319 PEM_write_bio_SSL_SESSION(stmp,
SSL_get_session(con)); |
1142 BIO_free(stmp); | 1320 BIO_free(stmp); |
1143 } | 1321 } |
1144 else | 1322 else |
1145 BIO_printf(bio_err, "Error writi
ng session file %s\n", sess_out); | 1323 BIO_printf(bio_err, "Error writi
ng session file %s\n", sess_out); |
(...skipping 17 matching lines...) Expand all Loading... |
1163 SHUTDOWN(SSL_get_fd(con)); | 1341 SHUTDOWN(SSL_get_fd(con)); |
1164 goto re_start; | 1342 goto re_start; |
1165 } | 1343 } |
1166 } | 1344 } |
1167 } | 1345 } |
1168 | 1346 |
1169 ssl_pending = read_ssl && SSL_pending(con); | 1347 ssl_pending = read_ssl && SSL_pending(con); |
1170 | 1348 |
1171 if (!ssl_pending) | 1349 if (!ssl_pending) |
1172 { | 1350 { |
1173 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPE
NSSL_SYS_NETWARE) | 1351 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPE
NSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5) |
1174 if (tty_on) | 1352 if (tty_on) |
1175 { | 1353 { |
1176 » » » » if (read_tty) FD_SET(fileno(stdin),&readfds); | 1354 » » » » if (read_tty) openssl_fdset(fileno(stdin),&read
fds); |
1177 » » » » if (write_tty) FD_SET(fileno(stdout),&writefds); | 1355 » » » » if (write_tty) openssl_fdset(fileno(stdout),&wri
tefds); |
1178 } | 1356 } |
1179 if (read_ssl) | 1357 if (read_ssl) |
1180 » » » » FD_SET(SSL_get_fd(con),&readfds); | 1358 » » » » openssl_fdset(SSL_get_fd(con),&readfds); |
1181 if (write_ssl) | 1359 if (write_ssl) |
1182 » » » » FD_SET(SSL_get_fd(con),&writefds); | 1360 » » » » openssl_fdset(SSL_get_fd(con),&writefds); |
1183 #else | 1361 #else |
1184 if(!tty_on || !write_tty) { | 1362 if(!tty_on || !write_tty) { |
1185 if (read_ssl) | 1363 if (read_ssl) |
1186 » » » » » FD_SET(SSL_get_fd(con),&readfds); | 1364 » » » » » openssl_fdset(SSL_get_fd(con),&readfds); |
1187 if (write_ssl) | 1365 if (write_ssl) |
1188 » » » » » FD_SET(SSL_get_fd(con),&writefds); | 1366 » » » » » openssl_fdset(SSL_get_fd(con),&writefds)
; |
1189 } | 1367 } |
1190 #endif | 1368 #endif |
1191 /* printf("mode tty(%d %d%d) ssl(%d%d)\n", | 1369 /* printf("mode tty(%d %d%d) ssl(%d%d)\n", |
1192 tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ | 1370 tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ |
1193 | 1371 |
1194 /* Note: under VMS with SOCKETSHR the second parameter | 1372 /* Note: under VMS with SOCKETSHR the second parameter |
1195 * is currently of type (int *) whereas under other | 1373 * is currently of type (int *) whereas under other |
1196 * systems it is (void *) if you don't have a cast it | 1374 * systems it is (void *) if you don't have a cast it |
1197 * will choke the compiler: if you do have a cast then | 1375 * will choke the compiler: if you do have a cast then |
1198 * you can either go for (int *) or (void *). | 1376 * you can either go for (int *) or (void *). |
(...skipping 24 matching lines...) Expand all Loading... |
1223 #elif defined(OPENSSL_SYS_NETWARE) | 1401 #elif defined(OPENSSL_SYS_NETWARE) |
1224 if(!write_tty) { | 1402 if(!write_tty) { |
1225 if(read_tty) { | 1403 if(read_tty) { |
1226 tv.tv_sec = 1; | 1404 tv.tv_sec = 1; |
1227 tv.tv_usec = 0; | 1405 tv.tv_usec = 0; |
1228 i=select(width,(void *)&readfds,(void *)
&writefds, | 1406 i=select(width,(void *)&readfds,(void *)
&writefds, |
1229 NULL,&tv); | 1407 NULL,&tv); |
1230 } else i=select(width,(void *)&readfds,(void *)
&writefds, | 1408 } else i=select(width,(void *)&readfds,(void *)
&writefds, |
1231 NULL,timeoutp); | 1409 NULL,timeoutp); |
1232 } | 1410 } |
| 1411 #elif defined(OPENSSL_SYS_BEOS_R5) |
| 1412 /* Under BeOS-R5 the situation is similar to DOS */ |
| 1413 i=0; |
| 1414 stdin_set = 0; |
| 1415 (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); |
| 1416 if(!write_tty) { |
| 1417 if(read_tty) { |
| 1418 tv.tv_sec = 1; |
| 1419 tv.tv_usec = 0; |
| 1420 i=select(width,(void *)&readfds,(void *)
&writefds, |
| 1421 NULL,&tv); |
| 1422 if (read(fileno(stdin), sbuf, 0) >= 0) |
| 1423 stdin_set = 1; |
| 1424 if (!i && (stdin_set != 1 || !read_tty)) |
| 1425 continue; |
| 1426 } else i=select(width,(void *)&readfds,(void *)
&writefds, |
| 1427 NULL,timeoutp); |
| 1428 } |
| 1429 (void)fcntl(fileno(stdin), F_SETFL, 0); |
1233 #else | 1430 #else |
1234 i=select(width,(void *)&readfds,(void *)&writefds, | 1431 i=select(width,(void *)&readfds,(void *)&writefds, |
1235 NULL,timeoutp); | 1432 NULL,timeoutp); |
1236 #endif | 1433 #endif |
1237 if ( i < 0) | 1434 if ( i < 0) |
1238 { | 1435 { |
1239 BIO_printf(bio_err,"bad select %d\n", | 1436 BIO_printf(bio_err,"bad select %d\n", |
1240 get_last_socket_error()); | 1437 get_last_socket_error()); |
1241 goto shut; | 1438 goto shut; |
1242 /* goto end; */ | 1439 /* goto end; */ |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1281 read_ssl=1; | 1478 read_ssl=1; |
1282 write_ssl=0; | 1479 write_ssl=0; |
1283 break; | 1480 break; |
1284 case SSL_ERROR_WANT_X509_LOOKUP: | 1481 case SSL_ERROR_WANT_X509_LOOKUP: |
1285 BIO_printf(bio_c_out,"write X BLOCK\n"); | 1482 BIO_printf(bio_c_out,"write X BLOCK\n"); |
1286 break; | 1483 break; |
1287 case SSL_ERROR_ZERO_RETURN: | 1484 case SSL_ERROR_ZERO_RETURN: |
1288 if (cbuf_len != 0) | 1485 if (cbuf_len != 0) |
1289 { | 1486 { |
1290 BIO_printf(bio_c_out,"shutdown\n"); | 1487 BIO_printf(bio_c_out,"shutdown\n"); |
| 1488 ret = 0; |
1291 goto shut; | 1489 goto shut; |
1292 } | 1490 } |
1293 else | 1491 else |
1294 { | 1492 { |
1295 read_tty=1; | 1493 read_tty=1; |
1296 write_ssl=0; | 1494 write_ssl=0; |
1297 break; | 1495 break; |
1298 } | 1496 } |
1299 | 1497 |
1300 case SSL_ERROR_SYSCALL: | 1498 case SSL_ERROR_SYSCALL: |
1301 if ((k != 0) || (cbuf_len != 0)) | 1499 if ((k != 0) || (cbuf_len != 0)) |
1302 { | 1500 { |
1303 BIO_printf(bio_err,"write:errno=%d\n", | 1501 BIO_printf(bio_err,"write:errno=%d\n", |
1304 get_last_socket_error()); | 1502 get_last_socket_error()); |
1305 goto shut; | 1503 goto shut; |
1306 } | 1504 } |
1307 else | 1505 else |
1308 { | 1506 { |
1309 read_tty=1; | 1507 read_tty=1; |
1310 write_ssl=0; | 1508 write_ssl=0; |
1311 } | 1509 } |
1312 break; | 1510 break; |
1313 case SSL_ERROR_SSL: | 1511 case SSL_ERROR_SSL: |
1314 ERR_print_errors(bio_err); | 1512 ERR_print_errors(bio_err); |
1315 goto shut; | 1513 goto shut; |
1316 } | 1514 } |
1317 } | 1515 } |
1318 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) | 1516 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) |
1319 » » /* Assume Windows/DOS can always write */ | 1517 » » /* Assume Windows/DOS/BeOS can always write */ |
1320 else if (!ssl_pending && write_tty) | 1518 else if (!ssl_pending && write_tty) |
1321 #else | 1519 #else |
1322 else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) | 1520 else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) |
1323 #endif | 1521 #endif |
1324 { | 1522 { |
1325 #ifdef CHARSET_EBCDIC | 1523 #ifdef CHARSET_EBCDIC |
1326 ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_le
n); | 1524 ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_le
n); |
1327 #endif | 1525 #endif |
1328 » » » i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); | 1526 » » » i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len); |
1329 | 1527 |
1330 if (i <= 0) | 1528 if (i <= 0) |
1331 { | 1529 { |
1332 BIO_printf(bio_c_out,"DONE\n"); | 1530 BIO_printf(bio_c_out,"DONE\n"); |
| 1531 ret = 0; |
1333 goto shut; | 1532 goto shut; |
1334 /* goto end; */ | 1533 /* goto end; */ |
1335 } | 1534 } |
1336 | 1535 |
1337 sbuf_len-=i;; | 1536 sbuf_len-=i;; |
1338 sbuf_off+=i; | 1537 sbuf_off+=i; |
1339 if (sbuf_len <= 0) | 1538 if (sbuf_len <= 0) |
1340 { | 1539 { |
1341 read_ssl=1; | 1540 read_ssl=1; |
1342 write_tty=0; | 1541 write_tty=0; |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1377 BIO_printf(bio_c_out,"read R BLOCK\n"); | 1576 BIO_printf(bio_c_out,"read R BLOCK\n"); |
1378 write_tty=0; | 1577 write_tty=0; |
1379 read_ssl=1; | 1578 read_ssl=1; |
1380 if ((read_tty == 0) && (write_ssl == 0)) | 1579 if ((read_tty == 0) && (write_ssl == 0)) |
1381 write_ssl=1; | 1580 write_ssl=1; |
1382 break; | 1581 break; |
1383 case SSL_ERROR_WANT_X509_LOOKUP: | 1582 case SSL_ERROR_WANT_X509_LOOKUP: |
1384 BIO_printf(bio_c_out,"read X BLOCK\n"); | 1583 BIO_printf(bio_c_out,"read X BLOCK\n"); |
1385 break; | 1584 break; |
1386 case SSL_ERROR_SYSCALL: | 1585 case SSL_ERROR_SYSCALL: |
1387 » » » » BIO_printf(bio_err,"read:errno=%d\n",get_last_so
cket_error()); | 1586 » » » » ret=get_last_socket_error(); |
| 1587 » » » » BIO_printf(bio_err,"read:errno=%d\n",ret); |
1388 goto shut; | 1588 goto shut; |
1389 case SSL_ERROR_ZERO_RETURN: | 1589 case SSL_ERROR_ZERO_RETURN: |
1390 BIO_printf(bio_c_out,"closed\n"); | 1590 BIO_printf(bio_c_out,"closed\n"); |
| 1591 ret=0; |
1391 goto shut; | 1592 goto shut; |
1392 case SSL_ERROR_SSL: | 1593 case SSL_ERROR_SSL: |
1393 ERR_print_errors(bio_err); | 1594 ERR_print_errors(bio_err); |
1394 goto shut; | 1595 goto shut; |
1395 /* break; */ | 1596 /* break; */ |
1396 } | 1597 } |
1397 } | 1598 } |
1398 | 1599 |
1399 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) | 1600 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) |
1400 #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) | 1601 #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) |
1401 else if (_kbhit()) | 1602 else if (_kbhit()) |
1402 #else | 1603 #else |
1403 else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(Get
StdHandle(STD_INPUT_HANDLE), 0))) | 1604 else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(Get
StdHandle(STD_INPUT_HANDLE), 0))) |
1404 #endif | 1605 #endif |
1405 #elif defined (OPENSSL_SYS_NETWARE) | 1606 #elif defined (OPENSSL_SYS_NETWARE) |
1406 else if (_kbhit()) | 1607 » » else if (_kbhit()) |
| 1608 #elif defined(OPENSSL_SYS_BEOS_R5) |
| 1609 » » else if (stdin_set) |
1407 #else | 1610 #else |
1408 else if (FD_ISSET(fileno(stdin),&readfds)) | 1611 else if (FD_ISSET(fileno(stdin),&readfds)) |
1409 #endif | 1612 #endif |
1410 { | 1613 { |
1411 if (crlf) | 1614 if (crlf) |
1412 { | 1615 { |
1413 int j, lf_num; | 1616 int j, lf_num; |
1414 | 1617 |
1415 » » » » i=read(fileno(stdin),cbuf,BUFSIZZ/2); | 1618 » » » » i=raw_read_stdin(cbuf,BUFSIZZ/2); |
1416 lf_num = 0; | 1619 lf_num = 0; |
1417 /* both loops are skipped when i <= 0 */ | 1620 /* both loops are skipped when i <= 0 */ |
1418 for (j = 0; j < i; j++) | 1621 for (j = 0; j < i; j++) |
1419 if (cbuf[j] == '\n') | 1622 if (cbuf[j] == '\n') |
1420 lf_num++; | 1623 lf_num++; |
1421 for (j = i-1; j >= 0; j--) | 1624 for (j = i-1; j >= 0; j--) |
1422 { | 1625 { |
1423 cbuf[j+lf_num] = cbuf[j]; | 1626 cbuf[j+lf_num] = cbuf[j]; |
1424 if (cbuf[j] == '\n') | 1627 if (cbuf[j] == '\n') |
1425 { | 1628 { |
1426 lf_num--; | 1629 lf_num--; |
1427 i++; | 1630 i++; |
1428 cbuf[j+lf_num] = '\r'; | 1631 cbuf[j+lf_num] = '\r'; |
1429 } | 1632 } |
1430 } | 1633 } |
1431 assert(lf_num == 0); | 1634 assert(lf_num == 0); |
1432 } | 1635 } |
1433 else | 1636 else |
1434 » » » » i=read(fileno(stdin),cbuf,BUFSIZZ); | 1637 » » » » i=raw_read_stdin(cbuf,BUFSIZZ); |
1435 | 1638 |
1436 if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) | 1639 if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) |
1437 { | 1640 { |
1438 BIO_printf(bio_err,"DONE\n"); | 1641 BIO_printf(bio_err,"DONE\n"); |
| 1642 ret=0; |
1439 goto shut; | 1643 goto shut; |
1440 } | 1644 } |
1441 | 1645 |
1442 if ((!c_ign_eof) && (cbuf[0] == 'R')) | 1646 if ((!c_ign_eof) && (cbuf[0] == 'R')) |
1443 { | 1647 { |
1444 BIO_printf(bio_err,"RENEGOTIATING\n"); | 1648 BIO_printf(bio_err,"RENEGOTIATING\n"); |
1445 SSL_renegotiate(con); | 1649 SSL_renegotiate(con); |
1446 cbuf_len=0; | 1650 cbuf_len=0; |
1447 } | 1651 } |
1448 else | 1652 else |
1449 { | 1653 { |
1450 cbuf_len=i; | 1654 cbuf_len=i; |
1451 cbuf_off=0; | 1655 cbuf_off=0; |
1452 #ifdef CHARSET_EBCDIC | 1656 #ifdef CHARSET_EBCDIC |
1453 ebcdic2ascii(cbuf, cbuf, i); | 1657 ebcdic2ascii(cbuf, cbuf, i); |
1454 #endif | 1658 #endif |
1455 } | 1659 } |
1456 | 1660 |
1457 write_ssl=1; | 1661 write_ssl=1; |
1458 read_tty=0; | 1662 read_tty=0; |
1459 } | 1663 } |
1460 } | 1664 } |
| 1665 |
| 1666 ret=0; |
1461 shut: | 1667 shut: |
| 1668 if (in_init) |
| 1669 print_stuff(bio_c_out,con,full_log); |
1462 SSL_shutdown(con); | 1670 SSL_shutdown(con); |
1463 SHUTDOWN(SSL_get_fd(con)); | 1671 SHUTDOWN(SSL_get_fd(con)); |
1464 ret=0; | |
1465 end: | 1672 end: |
1466 » if(prexit) print_stuff(bio_c_out,con,1); | 1673 » if (con != NULL) |
1467 » if (con != NULL) SSL_free(con); | 1674 » » { |
1468 » if (con2 != NULL) SSL_free(con2); | 1675 » » if (prexit != 0) |
| 1676 » » » print_stuff(bio_c_out,con,1); |
| 1677 » » SSL_free(con); |
| 1678 » » } |
1469 if (ctx != NULL) SSL_CTX_free(ctx); | 1679 if (ctx != NULL) SSL_CTX_free(ctx); |
1470 if (cert) | 1680 if (cert) |
1471 X509_free(cert); | 1681 X509_free(cert); |
1472 if (key) | 1682 if (key) |
1473 EVP_PKEY_free(key); | 1683 EVP_PKEY_free(key); |
1474 if (pass) | 1684 if (pass) |
1475 OPENSSL_free(pass); | 1685 OPENSSL_free(pass); |
1476 if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } | 1686 if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } |
1477 if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } | 1687 if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } |
1478 if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } | 1688 if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } |
1479 if (bio_c_out != NULL) | 1689 if (bio_c_out != NULL) |
1480 { | 1690 { |
1481 BIO_free(bio_c_out); | 1691 BIO_free(bio_c_out); |
1482 bio_c_out=NULL; | 1692 bio_c_out=NULL; |
1483 } | 1693 } |
1484 apps_shutdown(); | 1694 apps_shutdown(); |
1485 OPENSSL_EXIT(ret); | 1695 OPENSSL_EXIT(ret); |
1486 } | 1696 } |
1487 | 1697 |
1488 | 1698 |
1489 static void print_stuff(BIO *bio, SSL *s, int full) | 1699 static void print_stuff(BIO *bio, SSL *s, int full) |
1490 { | 1700 { |
1491 X509 *peer=NULL; | 1701 X509 *peer=NULL; |
1492 char *p; | 1702 char *p; |
1493 static const char *space=" "; | 1703 static const char *space=" "; |
1494 char buf[BUFSIZ]; | 1704 char buf[BUFSIZ]; |
1495 STACK_OF(X509) *sk; | 1705 STACK_OF(X509) *sk; |
1496 STACK_OF(X509_NAME) *sk2; | 1706 STACK_OF(X509_NAME) *sk2; |
1497 » SSL_CIPHER *c; | 1707 » const SSL_CIPHER *c; |
1498 X509_NAME *xn; | 1708 X509_NAME *xn; |
1499 int j,i; | 1709 int j,i; |
1500 #ifndef OPENSSL_NO_COMP | 1710 #ifndef OPENSSL_NO_COMP |
1501 const COMP_METHOD *comp, *expansion; | 1711 const COMP_METHOD *comp, *expansion; |
1502 #endif | 1712 #endif |
1503 | 1713 |
1504 if (full) | 1714 if (full) |
1505 { | 1715 { |
1506 int got_a_chain = 0; | 1716 int got_a_chain = 0; |
1507 | 1717 |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1606 SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); | 1816 SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); |
1607 #ifndef OPENSSL_NO_COMP | 1817 #ifndef OPENSSL_NO_COMP |
1608 comp=SSL_get_current_compression(s); | 1818 comp=SSL_get_current_compression(s); |
1609 expansion=SSL_get_current_expansion(s); | 1819 expansion=SSL_get_current_expansion(s); |
1610 BIO_printf(bio,"Compression: %s\n", | 1820 BIO_printf(bio,"Compression: %s\n", |
1611 comp ? SSL_COMP_get_name(comp) : "NONE"); | 1821 comp ? SSL_COMP_get_name(comp) : "NONE"); |
1612 BIO_printf(bio,"Expansion: %s\n", | 1822 BIO_printf(bio,"Expansion: %s\n", |
1613 expansion ? SSL_COMP_get_name(expansion) : "NONE"); | 1823 expansion ? SSL_COMP_get_name(expansion) : "NONE"); |
1614 #endif | 1824 #endif |
1615 | 1825 |
1616 #ifndef OPENSSL_NO_TLSEXT | 1826 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
1617 » { | 1827 » if (next_proto.status != -1) { |
1618 » » if (next_proto.status != -1) { | 1828 » » const unsigned char *proto; |
1619 » » » const unsigned char *proto; | 1829 » » unsigned int proto_len; |
1620 » » » unsigned int proto_len; | 1830 » » SSL_get0_next_proto_negotiated(s, &proto, &proto_len); |
1621 » » » SSL_get0_next_proto_negotiated(s, &proto, &proto_len); | 1831 » » BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); |
1622 » » » BIO_printf(bio, "Next protocol: (%d) ", next_proto.statu
s); | 1832 » » BIO_write(bio, proto, proto_len); |
1623 » » » BIO_write(bio, proto, proto_len); | 1833 » » BIO_write(bio, "\n", 1); |
1624 » » » BIO_write(bio, "\n", 1); | |
1625 » » } | |
1626 } | 1834 } |
1627 #endif | 1835 #endif |
1628 | 1836 |
1629 SSL_SESSION_print(bio,SSL_get_session(s)); | 1837 SSL_SESSION_print(bio,SSL_get_session(s)); |
1630 BIO_printf(bio,"---\n"); | 1838 BIO_printf(bio,"---\n"); |
1631 if (peer != NULL) | 1839 if (peer != NULL) |
1632 X509_free(peer); | 1840 X509_free(peer); |
1633 /* flush, or debugging output gets mixed with http response */ | 1841 /* flush, or debugging output gets mixed with http response */ |
1634 (void)BIO_flush(bio); | 1842 (void)BIO_flush(bio); |
1635 } | 1843 } |
(...skipping 18 matching lines...) Expand all Loading... |
1654 BIO_puts(arg, "response parse error\n"); | 1862 BIO_puts(arg, "response parse error\n"); |
1655 BIO_dump_indent(arg, (char *)p, len, 4); | 1863 BIO_dump_indent(arg, (char *)p, len, 4); |
1656 return 0; | 1864 return 0; |
1657 } | 1865 } |
1658 BIO_puts(arg, "\n======================================\n"); | 1866 BIO_puts(arg, "\n======================================\n"); |
1659 OCSP_RESPONSE_print(arg, rsp, 0); | 1867 OCSP_RESPONSE_print(arg, rsp, 0); |
1660 BIO_puts(arg, "======================================\n"); | 1868 BIO_puts(arg, "======================================\n"); |
1661 OCSP_RESPONSE_free(rsp); | 1869 OCSP_RESPONSE_free(rsp); |
1662 return 1; | 1870 return 1; |
1663 } | 1871 } |
1664 #endif /* ndef OPENSSL_NO_TLSEXT */ | 1872 |
| 1873 #endif |
OLD | NEW |