| Index: openssl/apps/s_client.c
|
| ===================================================================
|
| --- openssl/apps/s_client.c (revision 105093)
|
| +++ openssl/apps/s_client.c (working copy)
|
| @@ -56,7 +56,7 @@
|
| * [including the GNU Public Licence.]
|
| */
|
| /* ====================================================================
|
| - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
| + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
| *
|
| * Redistribution and use in source and binary forms, with or without
|
| * modification, are permitted provided that the following conditions
|
| @@ -108,8 +108,35 @@
|
| * Hudson (tjh@cryptsoft.com).
|
| *
|
| */
|
| +/* ====================================================================
|
| + * Copyright 2005 Nokia. All rights reserved.
|
| + *
|
| + * The portions of the attached software ("Contribution") is developed by
|
| + * Nokia Corporation and is licensed pursuant to the OpenSSL open source
|
| + * license.
|
| + *
|
| + * The Contribution, originally written by Mika Kousa and Pasi Eronen of
|
| + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
|
| + * support (see RFC 4279) to OpenSSL.
|
| + *
|
| + * No patent licenses or other rights except those expressly stated in
|
| + * the OpenSSL open source license shall be deemed granted or received
|
| + * expressly, by implication, estoppel, or otherwise.
|
| + *
|
| + * No assurances are provided by Nokia that the Contribution does not
|
| + * infringe the patent or other intellectual property rights of any third
|
| + * party or that the license provides you with all the necessary rights
|
| + * to make use of the Contribution.
|
| + *
|
| + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
|
| + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
|
| + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
|
| + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
|
| + * OTHERWISE.
|
| + */
|
|
|
| #include <assert.h>
|
| +#include <ctype.h>
|
| #include <stdio.h>
|
| #include <stdlib.h>
|
| #include <string.h>
|
| @@ -135,23 +162,19 @@
|
| #include <openssl/pem.h>
|
| #include <openssl/rand.h>
|
| #include <openssl/ocsp.h>
|
| +#include <openssl/bn.h>
|
| #include "s_apps.h"
|
| #include "timeouts.h"
|
|
|
| -#ifdef OPENSSL_SYS_WINCE
|
| -/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
|
| -#ifdef fileno
|
| -#undef fileno
|
| -#endif
|
| -#define fileno(a) (int)_fileno(a)
|
| -#endif
|
| -
|
| -
|
| #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
|
| /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
|
| #undef FIONBIO
|
| #endif
|
|
|
| +#if defined(OPENSSL_SYS_BEOS_R5)
|
| +#include <fcntl.h>
|
| +#endif
|
| +
|
| #undef PROG
|
| #define PROG s_client_main
|
|
|
| @@ -166,6 +189,7 @@
|
|
|
| extern int verify_depth;
|
| extern int verify_error;
|
| +extern int verify_return_error;
|
|
|
| #ifdef FIONBIO
|
| static int c_nbio=0;
|
| @@ -188,6 +212,69 @@
|
| static int c_quiet=0;
|
| static int c_ign_eof=0;
|
|
|
| +#ifndef OPENSSL_NO_PSK
|
| +/* Default PSK identity and key */
|
| +static char *psk_identity="Client_identity";
|
| +/*char *psk_key=NULL; by default PSK is not used */
|
| +
|
| +static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
|
| + unsigned int max_identity_len, unsigned char *psk,
|
| + unsigned int max_psk_len)
|
| + {
|
| + unsigned int psk_len = 0;
|
| + int ret;
|
| + BIGNUM *bn=NULL;
|
| +
|
| + if (c_debug)
|
| + BIO_printf(bio_c_out, "psk_client_cb\n");
|
| + if (!hint)
|
| + {
|
| + /* no ServerKeyExchange message*/
|
| + if (c_debug)
|
| + BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n");
|
| + }
|
| + else if (c_debug)
|
| + BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
|
| +
|
| + /* lookup PSK identity and PSK key based on the given identity hint here */
|
| + ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
|
| + if (ret < 0 || (unsigned int)ret > max_identity_len)
|
| + goto out_err;
|
| + if (c_debug)
|
| + BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret);
|
| + ret=BN_hex2bn(&bn, psk_key);
|
| + if (!ret)
|
| + {
|
| + BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
|
| + if (bn)
|
| + BN_free(bn);
|
| + return 0;
|
| + }
|
| +
|
| + if ((unsigned int)BN_num_bytes(bn) > max_psk_len)
|
| + {
|
| + BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
|
| + max_psk_len, BN_num_bytes(bn));
|
| + BN_free(bn);
|
| + return 0;
|
| + }
|
| +
|
| + psk_len=BN_bn2bin(bn, psk);
|
| + BN_free(bn);
|
| + if (psk_len == 0)
|
| + goto out_err;
|
| +
|
| + if (c_debug)
|
| + BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
|
| +
|
| + return psk_len;
|
| + out_err:
|
| + if (c_debug)
|
| + BIO_printf(bio_err, "Error in PSK client callback\n");
|
| + return 0;
|
| + }
|
| +#endif
|
| +
|
| static void sc_usage(void)
|
| {
|
| BIO_printf(bio_err,"usage: s_client args\n");
|
| @@ -196,7 +283,7 @@
|
| BIO_printf(bio_err," -port port - use -connect instead\n");
|
| BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
|
|
|
| - BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
|
| + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
|
| BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
|
| BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
|
| BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
|
| @@ -222,6 +309,13 @@
|
| BIO_printf(bio_err," -quiet - no s_client output\n");
|
| BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
|
| BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
|
| +#ifndef OPENSSL_NO_PSK
|
| + BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
|
| + BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
|
| +# ifndef OPENSSL_NO_JPAKE
|
| + BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
|
| +# endif
|
| +#endif
|
| BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
|
| BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
|
| BIO_printf(bio_err," -tls1 - just use TLSv1\n");
|
| @@ -248,8 +342,10 @@
|
| BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
|
| BIO_printf(bio_err," -status - request certificate status from server\n");
|
| BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
|
| +# ifndef OPENSSL_NO_NEXTPROTONEG
|
| + BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
|
| +# endif
|
| BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n");
|
| - BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
|
| #endif
|
| BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
|
| }
|
| @@ -274,17 +370,8 @@
|
|
|
| return SSL_TLSEXT_ERR_OK;
|
| }
|
| -#endif
|
| -enum
|
| -{
|
| - PROTO_OFF = 0,
|
| - PROTO_SMTP,
|
| - PROTO_POP3,
|
| - PROTO_IMAP,
|
| - PROTO_FTP,
|
| - PROTO_XMPP
|
| -};
|
|
|
| +# ifndef OPENSSL_NO_NEXTPROTONEG
|
| /* This the context that we pass to next_proto_cb */
|
| typedef struct tlsextnextprotoctx_st {
|
| unsigned char *data;
|
| @@ -316,14 +403,25 @@
|
| ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
|
| return SSL_TLSEXT_ERR_OK;
|
| }
|
| +# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
|
| +#endif
|
|
|
| +enum
|
| +{
|
| + PROTO_OFF = 0,
|
| + PROTO_SMTP,
|
| + PROTO_POP3,
|
| + PROTO_IMAP,
|
| + PROTO_FTP,
|
| + PROTO_XMPP
|
| +};
|
| +
|
| int MAIN(int, char **);
|
|
|
| int MAIN(int argc, char **argv)
|
| {
|
| - int off=0, clr = 0;
|
| - SSL *con=NULL,*con2=NULL;
|
| - X509_STORE *store = NULL;
|
| + unsigned int off=0, clr=0;
|
| + SSL *con=NULL;
|
| int s,k,width,state=0;
|
| char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
|
| int cbuf_len,cbuf_off;
|
| @@ -345,12 +443,11 @@
|
| SSL_CTX *ctx=NULL;
|
| int ret=1,in_init=1,i,nbio_test=0;
|
| int starttls_proto = PROTO_OFF;
|
| - int prexit = 0, vflags = 0;
|
| - SSL_METHOD *meth=NULL;
|
| -#ifdef sock_type
|
| -#undef sock_type
|
| -#endif
|
| - int sock_type=SOCK_STREAM;
|
| + int prexit = 0;
|
| + X509_VERIFY_PARAM *vpm = NULL;
|
| + int badarg = 0;
|
| + const SSL_METHOD *meth=NULL;
|
| + int socket_type=SOCK_STREAM;
|
| BIO *sbio;
|
| char *inrand=NULL;
|
| int mbuf_len=0;
|
| @@ -361,15 +458,19 @@
|
| ENGINE *ssl_client_engine=NULL;
|
| #endif
|
| ENGINE *e=NULL;
|
| -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
|
| +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
|
| struct timeval tv;
|
| +#if defined(OPENSSL_SYS_BEOS_R5)
|
| + int stdin_set = 0;
|
| #endif
|
| -
|
| +#endif
|
| #ifndef OPENSSL_NO_TLSEXT
|
| char *servername = NULL;
|
| tlsextctx tlsextcbp =
|
| {NULL,0};
|
| +# ifndef OPENSSL_NO_NEXTPROTONEG
|
| const char *next_proto_neg_in = NULL;
|
| +# endif
|
| #endif
|
| char *sess_in = NULL;
|
| char *sess_out = NULL;
|
| @@ -465,10 +566,14 @@
|
| if (--argc < 1) goto bad;
|
| cert_format = str2fmt(*(++argv));
|
| }
|
| - else if (strcmp(*argv,"-crl_check") == 0)
|
| - vflags |= X509_V_FLAG_CRL_CHECK;
|
| - else if (strcmp(*argv,"-crl_check_all") == 0)
|
| - vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
| + else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
|
| + {
|
| + if (badarg)
|
| + goto bad;
|
| + continue;
|
| + }
|
| + else if (strcmp(*argv,"-verify_return_error") == 0)
|
| + verify_return_error = 1;
|
| else if (strcmp(*argv,"-prexit") == 0)
|
| prexit=1;
|
| else if (strcmp(*argv,"-crlf") == 0)
|
| @@ -504,6 +609,27 @@
|
| nbio_test=1;
|
| else if (strcmp(*argv,"-state") == 0)
|
| state=1;
|
| +#ifndef OPENSSL_NO_PSK
|
| + else if (strcmp(*argv,"-psk_identity") == 0)
|
| + {
|
| + if (--argc < 1) goto bad;
|
| + psk_identity=*(++argv);
|
| + }
|
| + else if (strcmp(*argv,"-psk") == 0)
|
| + {
|
| + size_t j;
|
| +
|
| + if (--argc < 1) goto bad;
|
| + psk_key=*(++argv);
|
| + for (j = 0; j < strlen(psk_key); j++)
|
| + {
|
| + if (isxdigit((int)psk_key[j]))
|
| + continue;
|
| + BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
|
| + goto bad;
|
| + }
|
| + }
|
| +#endif
|
| #ifndef OPENSSL_NO_SSL2
|
| else if (strcmp(*argv,"-ssl2") == 0)
|
| meth=SSLv2_client_method();
|
| @@ -520,7 +646,7 @@
|
| else if (strcmp(*argv,"-dtls1") == 0)
|
| {
|
| meth=DTLSv1_client_method();
|
| - sock_type=SOCK_DGRAM;
|
| + socket_type=SOCK_DGRAM;
|
| }
|
| else if (strcmp(*argv,"-timeout") == 0)
|
| enable_timeouts=1;
|
| @@ -567,14 +693,18 @@
|
| off|=SSL_OP_NO_SSLv3;
|
| else if (strcmp(*argv,"-no_ssl2") == 0)
|
| off|=SSL_OP_NO_SSLv2;
|
| + else if (strcmp(*argv,"-no_comp") == 0)
|
| + { off|=SSL_OP_NO_COMPRESSION; }
|
| #ifndef OPENSSL_NO_TLSEXT
|
| else if (strcmp(*argv,"-no_ticket") == 0)
|
| { off|=SSL_OP_NO_TICKET; }
|
| +# ifndef OPENSSL_NO_NEXTPROTONEG
|
| else if (strcmp(*argv,"-nextprotoneg") == 0)
|
| {
|
| if (--argc < 1) goto bad;
|
| next_proto_neg_in = *(++argv);
|
| }
|
| +# endif
|
| #endif
|
| else if (strcmp(*argv,"-cutthrough") == 0)
|
| cutthrough=1;
|
| @@ -660,10 +790,30 @@
|
| goto end;
|
| }
|
|
|
| +#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
|
| + if (jpake_secret)
|
| + {
|
| + if (psk_key)
|
| + {
|
| + BIO_printf(bio_err,
|
| + "Can't use JPAKE and PSK together\n");
|
| + goto end;
|
| + }
|
| + psk_identity = "JPAKE";
|
| + }
|
| +
|
| + if (cipher)
|
| + {
|
| + BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
|
| + goto end;
|
| + }
|
| + cipher = "PSK";
|
| +#endif
|
| +
|
| OpenSSL_add_ssl_algorithms();
|
| SSL_load_error_strings();
|
|
|
| -#ifndef OPENSSL_NO_TLSEXT
|
| +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
| next_proto.status = -1;
|
| if (next_proto_neg_in)
|
| {
|
| @@ -690,6 +840,7 @@
|
| goto end;
|
| }
|
| }
|
| +
|
| #endif
|
| if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
|
| {
|
| @@ -757,6 +908,9 @@
|
| goto end;
|
| }
|
|
|
| + if (vpm)
|
| + SSL_CTX_set1_param(ctx, vpm);
|
| +
|
| #ifndef OPENSSL_NO_ENGINE
|
| if (ssl_client_engine)
|
| {
|
| @@ -771,6 +925,18 @@
|
| }
|
| #endif
|
|
|
| +#ifndef OPENSSL_NO_PSK
|
| +#ifdef OPENSSL_NO_JPAKE
|
| + if (psk_key != NULL)
|
| +#else
|
| + if (psk_key != NULL || jpake_secret)
|
| +#endif
|
| + {
|
| + if (c_debug)
|
| + BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
|
| + SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
|
| + }
|
| +#endif
|
| if (bugs)
|
| SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
|
| else
|
| @@ -781,7 +947,7 @@
|
| /* DTLS: partial reads end up discarding unread UDP bytes :-(
|
| * Setting read ahead solves this problem.
|
| */
|
| - if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
|
| + if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
|
|
|
| /* Enable handshake cutthrough for client connections using
|
| * strong ciphers. */
|
| @@ -792,8 +958,10 @@
|
| SSL_CTX_set_mode(ctx, ssl_mode);
|
| }
|
|
|
| +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
| if (next_proto.data)
|
| SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
|
| +#endif
|
|
|
| if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
|
| if (cipher != NULL)
|
| @@ -819,8 +987,6 @@
|
| /* goto end; */
|
| }
|
|
|
| - store = SSL_CTX_get_cert_store(ctx);
|
| - X509_STORE_set_flags(store, vflags);
|
| #ifndef OPENSSL_NO_TLSEXT
|
| if (servername != NULL)
|
| {
|
| @@ -865,7 +1031,6 @@
|
| }
|
| }
|
| #endif
|
| -
|
| #ifndef OPENSSL_NO_KRB5
|
| if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
|
| {
|
| @@ -873,10 +1038,15 @@
|
| }
|
| #endif /* OPENSSL_NO_KRB5 */
|
| /* SSL_set_cipher_list(con,"RC4-MD5"); */
|
| +#if 0
|
| +#ifdef TLSEXT_TYPE_opaque_prf_input
|
| + SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
|
| +#endif
|
| +#endif
|
|
|
| re_start:
|
|
|
| - if (init_client(&s,host,port,sock_type) == 0)
|
| + if (init_client(&s,host,port,socket_type) == 0)
|
| {
|
| BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
| SHUTDOWN(s);
|
| @@ -912,7 +1082,7 @@
|
|
|
| (void)BIO_ctrl_set_connected(sbio, 1, &peer);
|
|
|
| - if ( enable_timeouts)
|
| + if (enable_timeouts)
|
| {
|
| timeout.tv_sec = 0;
|
| timeout.tv_usec = DGRAM_RCV_TIMEOUT;
|
| @@ -1133,6 +1303,14 @@
|
| if (in_init)
|
| {
|
| in_init=0;
|
| +#if 0 /* This test doesn't really work as intended (needs to be fixed) */
|
| +#ifndef OPENSSL_NO_TLSEXT
|
| + if (servername != NULL && !SSL_session_reused(con))
|
| + {
|
| + BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
|
| + }
|
| +#endif
|
| +#endif
|
| if (sess_out)
|
| {
|
| BIO *stmp = BIO_new_file(sess_out, "w");
|
| @@ -1170,22 +1348,22 @@
|
|
|
| if (!ssl_pending)
|
| {
|
| -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
|
| +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
|
| if (tty_on)
|
| {
|
| - if (read_tty) FD_SET(fileno(stdin),&readfds);
|
| - if (write_tty) FD_SET(fileno(stdout),&writefds);
|
| + if (read_tty) openssl_fdset(fileno(stdin),&readfds);
|
| + if (write_tty) openssl_fdset(fileno(stdout),&writefds);
|
| }
|
| if (read_ssl)
|
| - FD_SET(SSL_get_fd(con),&readfds);
|
| + openssl_fdset(SSL_get_fd(con),&readfds);
|
| if (write_ssl)
|
| - FD_SET(SSL_get_fd(con),&writefds);
|
| + openssl_fdset(SSL_get_fd(con),&writefds);
|
| #else
|
| if(!tty_on || !write_tty) {
|
| if (read_ssl)
|
| - FD_SET(SSL_get_fd(con),&readfds);
|
| + openssl_fdset(SSL_get_fd(con),&readfds);
|
| if (write_ssl)
|
| - FD_SET(SSL_get_fd(con),&writefds);
|
| + openssl_fdset(SSL_get_fd(con),&writefds);
|
| }
|
| #endif
|
| /* printf("mode tty(%d %d%d) ssl(%d%d)\n",
|
| @@ -1230,6 +1408,25 @@
|
| } else i=select(width,(void *)&readfds,(void *)&writefds,
|
| NULL,timeoutp);
|
| }
|
| +#elif defined(OPENSSL_SYS_BEOS_R5)
|
| + /* Under BeOS-R5 the situation is similar to DOS */
|
| + i=0;
|
| + stdin_set = 0;
|
| + (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
|
| + if(!write_tty) {
|
| + if(read_tty) {
|
| + tv.tv_sec = 1;
|
| + tv.tv_usec = 0;
|
| + i=select(width,(void *)&readfds,(void *)&writefds,
|
| + NULL,&tv);
|
| + if (read(fileno(stdin), sbuf, 0) >= 0)
|
| + stdin_set = 1;
|
| + if (!i && (stdin_set != 1 || !read_tty))
|
| + continue;
|
| + } else i=select(width,(void *)&readfds,(void *)&writefds,
|
| + NULL,timeoutp);
|
| + }
|
| + (void)fcntl(fileno(stdin), F_SETFL, 0);
|
| #else
|
| i=select(width,(void *)&readfds,(void *)&writefds,
|
| NULL,timeoutp);
|
| @@ -1288,6 +1485,7 @@
|
| if (cbuf_len != 0)
|
| {
|
| BIO_printf(bio_c_out,"shutdown\n");
|
| + ret = 0;
|
| goto shut;
|
| }
|
| else
|
| @@ -1315,8 +1513,8 @@
|
| goto shut;
|
| }
|
| }
|
| -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
|
| - /* Assume Windows/DOS can always write */
|
| +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
|
| + /* Assume Windows/DOS/BeOS can always write */
|
| else if (!ssl_pending && write_tty)
|
| #else
|
| else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
|
| @@ -1325,11 +1523,12 @@
|
| #ifdef CHARSET_EBCDIC
|
| ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
|
| #endif
|
| - i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
|
| + i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
|
|
|
| if (i <= 0)
|
| {
|
| BIO_printf(bio_c_out,"DONE\n");
|
| + ret = 0;
|
| goto shut;
|
| /* goto end; */
|
| }
|
| @@ -1384,10 +1583,12 @@
|
| BIO_printf(bio_c_out,"read X BLOCK\n");
|
| break;
|
| case SSL_ERROR_SYSCALL:
|
| - BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
|
| + ret=get_last_socket_error();
|
| + BIO_printf(bio_err,"read:errno=%d\n",ret);
|
| goto shut;
|
| case SSL_ERROR_ZERO_RETURN:
|
| BIO_printf(bio_c_out,"closed\n");
|
| + ret=0;
|
| goto shut;
|
| case SSL_ERROR_SSL:
|
| ERR_print_errors(bio_err);
|
| @@ -1403,7 +1604,9 @@
|
| else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
|
| #endif
|
| #elif defined (OPENSSL_SYS_NETWARE)
|
| - else if (_kbhit())
|
| + else if (_kbhit())
|
| +#elif defined(OPENSSL_SYS_BEOS_R5)
|
| + else if (stdin_set)
|
| #else
|
| else if (FD_ISSET(fileno(stdin),&readfds))
|
| #endif
|
| @@ -1412,7 +1615,7 @@
|
| {
|
| int j, lf_num;
|
|
|
| - i=read(fileno(stdin),cbuf,BUFSIZZ/2);
|
| + i=raw_read_stdin(cbuf,BUFSIZZ/2);
|
| lf_num = 0;
|
| /* both loops are skipped when i <= 0 */
|
| for (j = 0; j < i; j++)
|
| @@ -1431,11 +1634,12 @@
|
| assert(lf_num == 0);
|
| }
|
| else
|
| - i=read(fileno(stdin),cbuf,BUFSIZZ);
|
| + i=raw_read_stdin(cbuf,BUFSIZZ);
|
|
|
| if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
|
| {
|
| BIO_printf(bio_err,"DONE\n");
|
| + ret=0;
|
| goto shut;
|
| }
|
|
|
| @@ -1458,14 +1662,20 @@
|
| read_tty=0;
|
| }
|
| }
|
| +
|
| + ret=0;
|
| shut:
|
| + if (in_init)
|
| + print_stuff(bio_c_out,con,full_log);
|
| SSL_shutdown(con);
|
| SHUTDOWN(SSL_get_fd(con));
|
| - ret=0;
|
| end:
|
| - if(prexit) print_stuff(bio_c_out,con,1);
|
| - if (con != NULL) SSL_free(con);
|
| - if (con2 != NULL) SSL_free(con2);
|
| + if (con != NULL)
|
| + {
|
| + if (prexit != 0)
|
| + print_stuff(bio_c_out,con,1);
|
| + SSL_free(con);
|
| + }
|
| if (ctx != NULL) SSL_CTX_free(ctx);
|
| if (cert)
|
| X509_free(cert);
|
| @@ -1494,7 +1704,7 @@
|
| char buf[BUFSIZ];
|
| STACK_OF(X509) *sk;
|
| STACK_OF(X509_NAME) *sk2;
|
| - SSL_CIPHER *c;
|
| + const SSL_CIPHER *c;
|
| X509_NAME *xn;
|
| int j,i;
|
| #ifndef OPENSSL_NO_COMP
|
| @@ -1613,16 +1823,14 @@
|
| expansion ? SSL_COMP_get_name(expansion) : "NONE");
|
| #endif
|
|
|
| -#ifndef OPENSSL_NO_TLSEXT
|
| - {
|
| - if (next_proto.status != -1) {
|
| - const unsigned char *proto;
|
| - unsigned int proto_len;
|
| - SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
|
| - BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
|
| - BIO_write(bio, proto, proto_len);
|
| - BIO_write(bio, "\n", 1);
|
| - }
|
| +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
| + if (next_proto.status != -1) {
|
| + const unsigned char *proto;
|
| + unsigned int proto_len;
|
| + SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
|
| + BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
|
| + BIO_write(bio, proto, proto_len);
|
| + BIO_write(bio, "\n", 1);
|
| }
|
| #endif
|
|
|
| @@ -1661,4 +1869,5 @@
|
| OCSP_RESPONSE_free(rsp);
|
| return 1;
|
| }
|
| -#endif /* ndef OPENSSL_NO_TLSEXT */
|
| +
|
| +#endif
|
|
|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/