Lines Matching +full:pull +full:- +full:up +full:- +full:adv
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
24 * With IPv6, it looks like Digital has mixed up the proper order of
224 /* We default to SHA-256 */ in psk_use_session_cb()
276 if (SSL_get_servername_type(s) != -1) in ssl_servername_cb()
277 p->ack = !SSL_session_reused(s) && hn != NULL; in ssl_servername_cb()
313 ctx->status = in next_proto_cb()
314 SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); in next_proto_cb()
354 return -1; in hexdecode()
380 return cp - (*out = ret); in hexdecode()
402 return -1; in checked_uint8()
419 /* Not necessary to re-init these values; the "parsers" do that. */ in tlsa_import_rr()
436 for (f = tlsa_fields; f->var; ++f) { in tlsa_import_rr()
438 if ((len = f->parser(&cp, f->var)) <= 0) { in tlsa_import_rr()
440 prog, f->name, rrdata); in tlsa_import_rr()
524 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [host:port]\n"},
527 {"help", OPT_HELP, '-', "Display this summary"},
535 {"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"},
536 {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
541 {"host", OPT_HOST, 's', "Use -connect instead"},
542 {"port", OPT_PORT, 'p', "Use -connect instead"},
551 {"unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket"},
553 {"4", OPT_4, '-', "Use IPv4 only"},
555 {"6", OPT_6, '-', "Use IPv6 only"},
566 {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
574 {"build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain"},
575 {"key", OPT_KEY, 's', "Private key file to use; default: -cert file"},
583 {"no-CAfile", OPT_NOCAFILE, '-',
585 {"no-CApath", OPT_NOCAPATH, '-',
587 {"no-CAstore", OPT_NOCASTORE, '-',
592 {"tfo", OPT_TFO, '-', "Connect using TCP Fast Open"},
597 {"dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-',
598 "Disable name checks when matching DANE-EE(3) TLSA records"},
603 "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""},
606 {"reconnect", OPT_RECONNECT, '-',
607 "Drop and re-make the connection with the same Session-ID"},
612 {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
613 {"quiet", OPT_QUIET, '-', "No s_client output"},
614 {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
615 {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
619 "Alias of -name option for \"-starttls xmpp[-server]\""},
620 {"brief", OPT_BRIEF, '-',
622 {"prexit", OPT_PREXIT, '-',
624 {"no-interactive", OPT_NO_INTERACTIVE, '-',
628 {"showcerts", OPT_SHOWCERTS, '-',
630 {"debug", OPT_DEBUG, '-', "Extra output"},
631 {"msg", OPT_MSG, '-', "Show protocol messages"},
633 "File to send output of -msg or -trace, instead of stdout"},
634 {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"},
635 {"state", OPT_STATE, '-', "Print the ssl states"},
640 {"security_debug", OPT_SECURITY_DEBUG, '-',
642 {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
645 {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
648 {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
651 {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
652 {"adv", OPT_ADV, '-', "Advanced command mode"},
655 {"noservername", OPT_NOSERVERNAME, '-',
657 {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
659 {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-',
662 {"status", OPT_STATUS, '-', "Request certificate status from server"},
665 "types Send empty ClientHello extensions (comma-separated numbers)"},
667 "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
668 {"async", OPT_ASYNC, '-', "Support asynchronous operation"},
669 {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
673 {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
676 {"tls1", OPT_TLS1, '-', "Just use TLSv1"},
679 {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
682 {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
685 {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
688 {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
689 {"quic", OPT_QUIC, '-', "Use QUIC"},
690 {"timeout", OPT_TIMEOUT, '-',
695 {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
698 {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"},
701 {"sctp", OPT_SCTP, '-', "Use SCTP"},
702 {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
706 "Enable NPN extension, considering named protocols supported (comma-separated list)"},
709 {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"},
710 …{"enable_server_rpk", OPT_ENABLE_SERVER_RPK, '-', "Enable raw public keys (RFC7250) from the serve…
711 …{"enable_client_rpk", OPT_ENABLE_CLIENT_RPK, '-', "Enable raw public keys (RFC7250) from the clien…
714 "Offer SRTP key management with a colon-separated profile list"},
719 {"srp_lateuser", OPT_SRP_LATEUSER, '-',
721 {"srp_moregroups", OPT_SRP_MOREGROUPS, '-',
727 {"ktls", OPT_KTLS, '-', "Enable Kernel TLS for sending and receiving"},
734 {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"},
736 {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
738 {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"},
755 {"host:port", 0, 0, "Where to connect; same as -connect option"},
783 {"xmpp-server", PROTO_XMPP_SERVER},
833 "---\nPost-Handshake New Session Ticket arrived:\n"); in new_session_cb()
835 BIO_printf(bio_c_out, "---\n"); in new_session_cb()
887 int ret = 1, in_init = 1, i, nbio_test = 0, sock = -1, k, width, state = 0; in s_client_main()
966 /* Known false-positive of MemorySanitizer. */ in s_client_main()
1017 "Cannot supply both a protocol flag and '-no_<prot>'\n"); in s_client_main()
1025 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); in s_client_main()
1579 /* Optional argument is connect string if -connect not used. */ in s_client_main()
1581 /* Don't allow -connect and a separate argument. */ in s_client_main()
1584 "%s: cannot provide both -connect option and target parameter\n", in s_client_main()
1600 BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog); in s_client_main()
1606 "%s: Can't use -servername and -noservername together\n", in s_client_main()
1612 "%s: Can't use -dane_tlsa_domain and -noservername together\n", in s_client_main()
1620 BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); in s_client_main()
1636 "%s: -connect argument or target parameter malformed or ambiguous\n", in s_client_main()
1648 BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog); in s_client_main()
1675 "%s: -proxy argument malformed or ambiguous\n", prog); in s_client_main()
1680 "%s: -proxy not supported in no-http build\n", prog); in s_client_main()
1692 "%s: -bind argument parameter malformed or ambiguous\n", in s_client_main()
1709 BIO_printf(bio_err, "Can't use -sctp without DTLS\n"); in s_client_main()
1718 next_proto.status = -1; in s_client_main()
1723 BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); in s_client_main()
1975 BIO_printf(bio_err, "Error parsing -alpn argument\n"); in s_client_main()
2137 "least one -dane_tlsa_rrdata option.\n", prog); in s_client_main()
2149 "-dane_tlsa_domain option.\n", prog); in s_client_main()
2154 BIO_printf(bio_err, "%s: DTLS does not support the -tfo option\n", prog); in s_client_main()
2160 BIO_printf(bio_err, "%s: QUIC does not support the -tfo option\n", prog); in s_client_main()
2164 …r, "%s: QUIC requires ALPN to be specified (e.g. \"h3\" for HTTP/3) via the -alpn option\n", prog); in s_client_main()
2184 * QUIC always uses a non-blocking socket - and we have to switch on in s_client_main()
2185 * non-blocking mode at the SSL level in s_client_main()
2357 * have to handle multi-line responses which may come in a single in s_client_main()
2371 /* Wait for multi-line response to end from LMTP or SMTP */ in s_client_main()
2374 } while (mbuf_len > 3 && mbuf[3] == '-'); in s_client_main()
2383 * Wait for multi-line response to end LHLO LMTP or EHLO SMTP in s_client_main()
2390 } while (mbuf_len > 3 && mbuf[3] == '-'); in s_client_main()
2427 /* wait for multi-line CAPABILITY response */ in s_client_main()
2454 /* wait for multi-line response to end from FTP */ in s_client_main()
2482 (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") in s_client_main()
2484 "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"")) in s_client_main()
2494 "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); in s_client_main()
2526 /* Agree to issue START_TLS and send the FOLLOWS sub-command */ in s_client_main()
2530 /* Telnet server also sent the FOLLOWS sub-command */ in s_client_main()
2611 /* max-packet size */ in s_client_main()
2717 /* wait for multi-line CAPABILITIES response */ in s_client_main()
2754 /* wait for multi-line response to end from Sieve */ in s_client_main()
2759 * is case-insensitive, make it uppercase in s_client_main()
2786 * According to RFC 5804 § 2.2, response codes are case- in s_client_main()
2805 long errline = -1; in s_client_main()
2807 int result = -1; in s_client_main()
2845 BIO_write(sbio, atyp->value.sequence->data, in s_client_main()
2846 atyp->value.sequence->length); in s_client_main()
2892 /* Just keep trying - busy waiting */ in s_client_main()
2933 full_log--; in s_client_main()
2943 reconnect--; in s_client_main()
2993 * and EOF satisfies that. To avoid a CPU-hogging loop, in s_client_main()
3006 * underlying network fds. We just rely on select waking up when in s_client_main()
3081 cbuf_len -= k; in s_client_main()
3139 /* This shouldn't ever happen in s_client - treat as an error */ in s_client_main()
3163 sbuf_len -= i; in s_client_main()
3234 /* don't wait for client input in the non-interactive mode */ in s_client_main()
3256 for (j = i - 1; j >= 0; j--) { in s_client_main()
3259 lf_num--; in s_client_main()
3295 * result in a TCP-RST being sent. On some platforms (notably in s_client_main()
3299 * and then closing the socket sends TCP-FIN first followed by in s_client_main()
3300 * TCP-RST. This seems to allow the peer to read the alert data. in s_client_main()
3309 timeout.tv_usec = 500000; /* some extreme round-trip */ in s_client_main()
3425 BIO_printf(bio, "---\nCertificate chain\n"); in print_stuff()
3446 BIO_printf(bio, "---\n"); in print_stuff()
3461 BIO_printf(bio, "Client-to-server raw public key negotiated\n"); in print_stuff()
3463 BIO_printf(bio, "Server-to-client raw public key negotiated\n"); in print_stuff()
3494 BIO_printf(bio, "---\nSCTs present (%i)\n", sct_count); in print_stuff()
3498 BIO_printf(bio, "---\n"); in print_stuff()
3505 if (i < sct_count - 1) in print_stuff()
3506 BIO_printf(bio, "\n---\n"); in print_stuff()
3514 "---\nSSL handshake has read %ju bytes " in print_stuff()
3520 BIO_printf(bio, (SSL_session_reused(s) ? "---\nReused, " : "---\nNew, ")); in print_stuff()
3565 if (next_proto.status != -1) { in print_stuff()
3593 srtp_profile->name); in print_stuff()
3645 BIO_printf(bio, "---\n"); in print_stuff()
3680 int tag, xclass, inf, ret = -1; in ldap_ExtendedResponse_parse()
3712 /* pull SEQUENCE */ in ldap_ExtendedResponse_parse()
3715 (rem = end - cur, len > rem)) { in ldap_ExtendedResponse_parse()
3722 /* pull MessageID */ in ldap_ExtendedResponse_parse()
3725 (rem = end - cur, len > rem)) { in ldap_ExtendedResponse_parse()
3732 /* pull [APPLICATION 24] */ in ldap_ExtendedResponse_parse()
3733 rem = end - cur; in ldap_ExtendedResponse_parse()
3741 /* pull resultCode */ in ldap_ExtendedResponse_parse()
3742 rem = end - cur; in ldap_ExtendedResponse_parse()
3745 (rem = end - cur, len > rem)) { in ldap_ExtendedResponse_parse()
3775 * Check DNS name syntax, any '-' or '.' must be internal, in is_dNS_name()
3776 * and on either side of each '.' we can't have a '-' or '.'. in is_dNS_name()
3797 if (i > 0 && i < length - 1) { in is_dNS_name()
3798 if (c == '-') { in is_dNS_name()
3809 && host[i - 1] != '-' in is_dNS_name()
3810 && host[i + 1] != '-') { in is_dNS_name()
3829 user_data->con = con; in user_data_init()
3830 user_data->buf = buf; in user_data_init()
3831 user_data->bufmax = bufmax; in user_data_init()
3832 user_data->buflen = 0; in user_data_init()
3833 user_data->bufoff = 0; in user_data_init()
3834 user_data->mode = mode; in user_data_init()
3835 user_data->isfin = 0; in user_data_init()
3840 if (user_data->buflen != 0 || i > user_data->bufmax) in user_data_add()
3843 user_data->buflen = i; in user_data_add()
3844 user_data->bufoff = 0; in user_data_add()
3868 if (SSL_is_quic(user_data->con)) { in user_data_execute()
3870 } else if(SSL_version(user_data->con) == TLS1_3_VERSION) { in user_data_execute()
3887 do_ssl_shutdown(user_data->con); in user_data_execute()
3888 SSL_set_connect_state(user_data->con); in user_data_execute()
3889 BIO_closesocket(SSL_get_fd(user_data->con)); in user_data_execute()
3894 if (!SSL_renegotiate(user_data->con)) in user_data_execute()
3908 if (!SSL_key_update(user_data->con, updatetype)) in user_data_execute()
3914 if (!SSL_stream_conclude(user_data->con, 0)) in user_data_execute()
3916 user_data->isfin = 1; in user_data_execute()
3932 char *buf_start = user_data->buf + user_data->bufoff; in user_data_process()
3933 size_t outlen = user_data->buflen; in user_data_process()
3935 if (user_data->buflen == 0) { in user_data_process()
3941 if (user_data->mode == USER_DATA_MODE_BASIC) { in user_data_process()
3944 user_data->buflen = user_data->bufoff = *len = *off = 0; in user_data_process()
3948 user_data->buflen = user_data->bufoff = *len = *off = 0; in user_data_process()
3952 user_data->buflen = user_data->bufoff = *len = *off = 0; in user_data_process()
3957 user_data->buflen = user_data->bufoff = *len = *off = 0; in user_data_process()
3963 } else if (user_data->mode == USER_DATA_MODE_ADVANCED) { in user_data_process()
3973 user_data->bufoff++; in user_data_process()
3974 user_data->buflen--; in user_data_process()
3975 outlen--; in user_data_process()
3985 int cmd = -1, ret = USER_DATA_PROCESS_NO_DATA; in user_data_process()
3990 cmd_start[outlen - 1] = '\0'; in user_data_process()
3994 user_data->buflen = user_data->bufoff = *len = *off = 0; in user_data_process()
4016 } else if(SSL_is_quic(user_data->con)) { in user_data_process()
4019 } if (SSL_version(user_data->con) == TLS1_3_VERSION) { in user_data_process()
4030 if (cmd == -1) { in user_data_process()
4041 oldoff = user_data->bufoff; in user_data_process()
4042 user_data->bufoff = (cmd_end - user_data->buf) + 1; in user_data_process()
4043 user_data->buflen -= user_data->bufoff - oldoff; in user_data_process()
4044 if (user_data->buf + 1 == cmd_start in user_data_process()
4045 && user_data->buflen == 1 in user_data_process()
4046 && user_data->buf[user_data->bufoff] == '\n') { in user_data_process()
4051 user_data->bufoff = 0; in user_data_process()
4052 user_data->buflen = 0; in user_data_process()
4062 outlen = cmd_start - buf_start; in user_data_process()
4066 if (user_data->isfin) { in user_data_process()
4067 user_data->buflen = user_data->bufoff = *len = *off = 0; in user_data_process()
4075 *off = user_data->bufoff; in user_data_process()
4076 user_data->buflen -= outlen; in user_data_process()
4077 if (user_data->buflen == 0) in user_data_process()
4078 user_data->bufoff = 0; in user_data_process()
4080 user_data->bufoff += outlen; in user_data_process()
4086 return user_data->buflen > 0; in user_data_has_data()