174664626SKris Kennaway /* apps/s_client.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 585c87c606SMark Murray /* ==================================================================== 591f13597dSJung-uk Kim * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 605c87c606SMark Murray * 615c87c606SMark Murray * Redistribution and use in source and binary forms, with or without 625c87c606SMark Murray * modification, are permitted provided that the following conditions 635c87c606SMark Murray * are met: 645c87c606SMark Murray * 655c87c606SMark Murray * 1. Redistributions of source code must retain the above copyright 665c87c606SMark Murray * notice, this list of conditions and the following disclaimer. 675c87c606SMark Murray * 685c87c606SMark Murray * 2. Redistributions in binary form must reproduce the above copyright 695c87c606SMark Murray * notice, this list of conditions and the following disclaimer in 705c87c606SMark Murray * the documentation and/or other materials provided with the 715c87c606SMark Murray * distribution. 725c87c606SMark Murray * 735c87c606SMark Murray * 3. All advertising materials mentioning features or use of this 745c87c606SMark Murray * software must display the following acknowledgment: 755c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 765c87c606SMark Murray * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 775c87c606SMark Murray * 785c87c606SMark Murray * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 795c87c606SMark Murray * endorse or promote products derived from this software without 805c87c606SMark Murray * prior written permission. For written permission, please contact 815c87c606SMark Murray * openssl-core@openssl.org. 825c87c606SMark Murray * 835c87c606SMark Murray * 5. Products derived from this software may not be called "OpenSSL" 845c87c606SMark Murray * nor may "OpenSSL" appear in their names without prior written 855c87c606SMark Murray * permission of the OpenSSL Project. 865c87c606SMark Murray * 875c87c606SMark Murray * 6. Redistributions of any form whatsoever must retain the following 885c87c606SMark Murray * acknowledgment: 895c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 905c87c606SMark Murray * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 915c87c606SMark Murray * 925c87c606SMark Murray * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 935c87c606SMark Murray * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 945c87c606SMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 955c87c606SMark Murray * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 965c87c606SMark Murray * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 975c87c606SMark Murray * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 985c87c606SMark Murray * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 995c87c606SMark Murray * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1005c87c606SMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1015c87c606SMark Murray * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 1025c87c606SMark Murray * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 1035c87c606SMark Murray * OF THE POSSIBILITY OF SUCH DAMAGE. 1045c87c606SMark Murray * ==================================================================== 1055c87c606SMark Murray * 1065c87c606SMark Murray * This product includes cryptographic software written by Eric Young 1075c87c606SMark Murray * (eay@cryptsoft.com). This product includes software written by Tim 1085c87c606SMark Murray * Hudson (tjh@cryptsoft.com). 1095c87c606SMark Murray * 1105c87c606SMark Murray */ 1111f13597dSJung-uk Kim /* ==================================================================== 1121f13597dSJung-uk Kim * Copyright 2005 Nokia. All rights reserved. 1131f13597dSJung-uk Kim * 1141f13597dSJung-uk Kim * The portions of the attached software ("Contribution") is developed by 1151f13597dSJung-uk Kim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 1161f13597dSJung-uk Kim * license. 1171f13597dSJung-uk Kim * 1181f13597dSJung-uk Kim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 1191f13597dSJung-uk Kim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 1201f13597dSJung-uk Kim * support (see RFC 4279) to OpenSSL. 1211f13597dSJung-uk Kim * 1221f13597dSJung-uk Kim * No patent licenses or other rights except those expressly stated in 1231f13597dSJung-uk Kim * the OpenSSL open source license shall be deemed granted or received 1241f13597dSJung-uk Kim * expressly, by implication, estoppel, or otherwise. 1251f13597dSJung-uk Kim * 1261f13597dSJung-uk Kim * No assurances are provided by Nokia that the Contribution does not 1271f13597dSJung-uk Kim * infringe the patent or other intellectual property rights of any third 1281f13597dSJung-uk Kim * party or that the license provides you with all the necessary rights 1291f13597dSJung-uk Kim * to make use of the Contribution. 1301f13597dSJung-uk Kim * 1311f13597dSJung-uk Kim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 1321f13597dSJung-uk Kim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 1331f13597dSJung-uk Kim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 1341f13597dSJung-uk Kim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 1351f13597dSJung-uk Kim * OTHERWISE. 1361f13597dSJung-uk Kim */ 13774664626SKris Kennaway 13874664626SKris Kennaway #include <assert.h> 1391f13597dSJung-uk Kim #include <ctype.h> 14074664626SKris Kennaway #include <stdio.h> 14174664626SKris Kennaway #include <stdlib.h> 14274664626SKris Kennaway #include <string.h> 1435c87c606SMark Murray #include <openssl/e_os2.h> 1445c87c606SMark Murray #ifdef OPENSSL_NO_STDIO 14574664626SKris Kennaway # define APPS_WIN16 14674664626SKris Kennaway #endif 14774664626SKris Kennaway 1486f9291ceSJung-uk Kim /* 1496f9291ceSJung-uk Kim * With IPv6, it looks like Digital has mixed up the proper order of 1506f9291ceSJung-uk Kim * recursive header file inclusion, resulting in the compiler complaining 1516f9291ceSJung-uk Kim * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is 1526f9291ceSJung-uk Kim * needed to have fileno() declared correctly... So let's define u_int 1536f9291ceSJung-uk Kim */ 1545c87c606SMark Murray #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 15574664626SKris Kennaway # define __U_INT 15674664626SKris Kennaway typedef unsigned int u_int; 15774664626SKris Kennaway #endif 15874664626SKris Kennaway 15974664626SKris Kennaway #define USE_SOCKETS 16074664626SKris Kennaway #include "apps.h" 16174664626SKris Kennaway #include <openssl/x509.h> 16274664626SKris Kennaway #include <openssl/ssl.h> 16374664626SKris Kennaway #include <openssl/err.h> 16474664626SKris Kennaway #include <openssl/pem.h> 1655740a5e3SKris Kennaway #include <openssl/rand.h> 166db522d3aSSimon L. B. Nielsen #include <openssl/ocsp.h> 1671f13597dSJung-uk Kim #include <openssl/bn.h> 1681f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 1691f13597dSJung-uk Kim # include <openssl/srp.h> 1701f13597dSJung-uk Kim #endif 17174664626SKris Kennaway #include "s_apps.h" 1723b4e3dcbSSimon L. B. Nielsen #include "timeouts.h" 17374664626SKris Kennaway 1745c87c606SMark Murray #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) 17574664626SKris Kennaway /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 17674664626SKris Kennaway # undef FIONBIO 17774664626SKris Kennaway #endif 17874664626SKris Kennaway 1791f13597dSJung-uk Kim #if defined(OPENSSL_SYS_BEOS_R5) 1801f13597dSJung-uk Kim # include <fcntl.h> 1811f13597dSJung-uk Kim #endif 1821f13597dSJung-uk Kim 18374664626SKris Kennaway #undef PROG 18474664626SKris Kennaway #define PROG s_client_main 18574664626SKris Kennaway 1866f9291ceSJung-uk Kim /* 1876f9291ceSJung-uk Kim * #define SSL_HOST_NAME "www.netscape.com" 1886f9291ceSJung-uk Kim */ 1896f9291ceSJung-uk Kim /* 1906f9291ceSJung-uk Kim * #define SSL_HOST_NAME "193.118.187.102" 1916f9291ceSJung-uk Kim */ 19274664626SKris Kennaway #define SSL_HOST_NAME "localhost" 19374664626SKris Kennaway 1946f9291ceSJung-uk Kim /* no default cert. */ 1956f9291ceSJung-uk Kim /* 1966f9291ceSJung-uk Kim * #define TEST_CERT "client.pem" 1976f9291ceSJung-uk Kim */ 19874664626SKris Kennaway 19974664626SKris Kennaway #undef BUFSIZZ 20074664626SKris Kennaway #define BUFSIZZ 1024*8 20174664626SKris Kennaway 20274664626SKris Kennaway extern int verify_depth; 20374664626SKris Kennaway extern int verify_error; 2041f13597dSJung-uk Kim extern int verify_return_error; 2057bded2dbSJung-uk Kim extern int verify_quiet; 20674664626SKris Kennaway 20774664626SKris Kennaway #ifdef FIONBIO 20874664626SKris Kennaway static int c_nbio = 0; 20974664626SKris Kennaway #endif 21074664626SKris Kennaway static int c_Pause = 0; 21174664626SKris Kennaway static int c_debug = 0; 212db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 213db522d3aSSimon L. B. Nielsen static int c_tlsextdebug = 0; 214db522d3aSSimon L. B. Nielsen static int c_status_req = 0; 215db522d3aSSimon L. B. Nielsen #endif 2165c87c606SMark Murray static int c_msg = 0; 21774664626SKris Kennaway static int c_showcerts = 0; 21874664626SKris Kennaway 2191f13597dSJung-uk Kim static char *keymatexportlabel = NULL; 2201f13597dSJung-uk Kim static int keymatexportlen = 20; 2211f13597dSJung-uk Kim 22274664626SKris Kennaway static void sc_usage(void); 22374664626SKris Kennaway static void print_stuff(BIO *berr, SSL *con, int full); 224db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 225db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg); 226db522d3aSSimon L. B. Nielsen #endif 22774664626SKris Kennaway static BIO *bio_c_out = NULL; 2287bded2dbSJung-uk Kim static BIO *bio_c_msg = NULL; 22974664626SKris Kennaway static int c_quiet = 0; 230f579bf8eSKris Kennaway static int c_ign_eof = 0; 2317bded2dbSJung-uk Kim static int c_brief = 0; 23274664626SKris Kennaway 2331f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 2341f13597dSJung-uk Kim /* Default PSK identity and key */ 2351f13597dSJung-uk Kim static char *psk_identity = "Client_identity"; 2366f9291ceSJung-uk Kim /* 2376f9291ceSJung-uk Kim * char *psk_key=NULL; by default PSK is not used 2386f9291ceSJung-uk Kim */ 2391f13597dSJung-uk Kim 2401f13597dSJung-uk Kim static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, 2416f9291ceSJung-uk Kim unsigned int max_identity_len, 2426f9291ceSJung-uk Kim unsigned char *psk, 2431f13597dSJung-uk Kim unsigned int max_psk_len) 2441f13597dSJung-uk Kim { 2451f13597dSJung-uk Kim int ret; 246aeb5019cSJung-uk Kim long key_len; 247aeb5019cSJung-uk Kim unsigned char *key; 2481f13597dSJung-uk Kim 2491f13597dSJung-uk Kim if (c_debug) 2501f13597dSJung-uk Kim BIO_printf(bio_c_out, "psk_client_cb\n"); 2516f9291ceSJung-uk Kim if (!hint) { 2521f13597dSJung-uk Kim /* no ServerKeyExchange message */ 2531f13597dSJung-uk Kim if (c_debug) 2546f9291ceSJung-uk Kim BIO_printf(bio_c_out, 2556f9291ceSJung-uk Kim "NULL received PSK identity hint, continuing anyway\n"); 2566f9291ceSJung-uk Kim } else if (c_debug) 2571f13597dSJung-uk Kim BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); 2581f13597dSJung-uk Kim 2596f9291ceSJung-uk Kim /* 2606f9291ceSJung-uk Kim * lookup PSK identity and PSK key based on the given identity hint here 2616f9291ceSJung-uk Kim */ 2621f13597dSJung-uk Kim ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); 2631f13597dSJung-uk Kim if (ret < 0 || (unsigned int)ret > max_identity_len) 2641f13597dSJung-uk Kim goto out_err; 2651f13597dSJung-uk Kim if (c_debug) 2666f9291ceSJung-uk Kim BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, 2676f9291ceSJung-uk Kim ret); 268aeb5019cSJung-uk Kim 269aeb5019cSJung-uk Kim /* convert the PSK key to binary */ 270aeb5019cSJung-uk Kim key = string_to_hex(psk_key, &key_len); 271aeb5019cSJung-uk Kim if (key == NULL) { 272aeb5019cSJung-uk Kim BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", 2736f9291ceSJung-uk Kim psk_key); 2741f13597dSJung-uk Kim return 0; 2751f13597dSJung-uk Kim } 276aeb5019cSJung-uk Kim if ((unsigned long)key_len > (unsigned long)max_psk_len) { 2776f9291ceSJung-uk Kim BIO_printf(bio_err, 278aeb5019cSJung-uk Kim "psk buffer of callback is too small (%d) for key (%ld)\n", 279aeb5019cSJung-uk Kim max_psk_len, key_len); 280aeb5019cSJung-uk Kim OPENSSL_free(key); 2811f13597dSJung-uk Kim return 0; 2821f13597dSJung-uk Kim } 2831f13597dSJung-uk Kim 284aeb5019cSJung-uk Kim memcpy(psk, key, key_len); 285aeb5019cSJung-uk Kim OPENSSL_free(key); 2861f13597dSJung-uk Kim 2871f13597dSJung-uk Kim if (c_debug) 288aeb5019cSJung-uk Kim BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len); 2891f13597dSJung-uk Kim 290aeb5019cSJung-uk Kim return key_len; 2911f13597dSJung-uk Kim out_err: 2921f13597dSJung-uk Kim if (c_debug) 2931f13597dSJung-uk Kim BIO_printf(bio_err, "Error in PSK client callback\n"); 2941f13597dSJung-uk Kim return 0; 2951f13597dSJung-uk Kim } 2961f13597dSJung-uk Kim #endif 2971f13597dSJung-uk Kim 29874664626SKris Kennaway static void sc_usage(void) 29974664626SKris Kennaway { 30074664626SKris Kennaway BIO_printf(bio_err, "usage: s_client args\n"); 30174664626SKris Kennaway BIO_printf(bio_err, "\n"); 30274664626SKris Kennaway BIO_printf(bio_err, " -host host - use -connect instead\n"); 30374664626SKris Kennaway BIO_printf(bio_err, " -port port - use -connect instead\n"); 3046f9291ceSJung-uk Kim BIO_printf(bio_err, 3056f9291ceSJung-uk Kim " -connect host:port - who to connect to (default is %s:%s)\n", 3066f9291ceSJung-uk Kim SSL_HOST_NAME, PORT_STR); 3077bded2dbSJung-uk Kim BIO_printf(bio_err, 3088180e704SJung-uk Kim " -verify_hostname host - check peer certificate matches \"host\"\n"); 3097bded2dbSJung-uk Kim BIO_printf(bio_err, 3107bded2dbSJung-uk Kim " -verify_email email - check peer certificate matches \"email\"\n"); 3117bded2dbSJung-uk Kim BIO_printf(bio_err, 3127bded2dbSJung-uk Kim " -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n"); 31374664626SKris Kennaway 3146f9291ceSJung-uk Kim BIO_printf(bio_err, 3156f9291ceSJung-uk Kim " -verify arg - turn on peer certificate verification\n"); 3166f9291ceSJung-uk Kim BIO_printf(bio_err, 3176f9291ceSJung-uk Kim " -verify_return_error - return verification errors\n"); 3186f9291ceSJung-uk Kim BIO_printf(bio_err, 3196f9291ceSJung-uk Kim " -cert arg - certificate file to use, PEM format assumed\n"); 3206f9291ceSJung-uk Kim BIO_printf(bio_err, 3216f9291ceSJung-uk Kim " -certform arg - certificate format (PEM or DER) PEM default\n"); 3226f9291ceSJung-uk Kim BIO_printf(bio_err, 3236f9291ceSJung-uk Kim " -key arg - Private key file to use, in cert file if\n"); 32474664626SKris Kennaway BIO_printf(bio_err, " not specified but cert file is.\n"); 3256f9291ceSJung-uk Kim BIO_printf(bio_err, 3266f9291ceSJung-uk Kim " -keyform arg - key format (PEM or DER) PEM default\n"); 3276f9291ceSJung-uk Kim BIO_printf(bio_err, 3286f9291ceSJung-uk Kim " -pass arg - private key file pass phrase source\n"); 32974664626SKris Kennaway BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); 33074664626SKris Kennaway BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); 3316f9291ceSJung-uk Kim BIO_printf(bio_err, 332ed6b93beSJung-uk Kim " -no_alt_chains - only ever use the first certificate chain found\n"); 333ed6b93beSJung-uk Kim BIO_printf(bio_err, 3346f9291ceSJung-uk Kim " -reconnect - Drop and re-make the connection with the same Session-ID\n"); 3356f9291ceSJung-uk Kim BIO_printf(bio_err, 3366f9291ceSJung-uk Kim " -pause - sleep(1) after each read(2) and write(2) system call\n"); 3376f9291ceSJung-uk Kim BIO_printf(bio_err, 3386f9291ceSJung-uk Kim " -prexit - print session information even on connection failure\n"); 3396f9291ceSJung-uk Kim BIO_printf(bio_err, 3406f9291ceSJung-uk Kim " -showcerts - show all certificates in the chain\n"); 34174664626SKris Kennaway BIO_printf(bio_err, " -debug - extra output\n"); 3423b4e3dcbSSimon L. B. Nielsen #ifdef WATT32 3433b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); 3443b4e3dcbSSimon L. B. Nielsen #endif 3455c87c606SMark Murray BIO_printf(bio_err, " -msg - Show protocol messages\n"); 34674664626SKris Kennaway BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); 34774664626SKris Kennaway BIO_printf(bio_err, " -state - print the 'ssl' states\n"); 34874664626SKris Kennaway #ifdef FIONBIO 34974664626SKris Kennaway BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); 35074664626SKris Kennaway #endif 3516f9291ceSJung-uk Kim BIO_printf(bio_err, 3526f9291ceSJung-uk Kim " -crlf - convert LF from terminal into CRLF\n"); 35374664626SKris Kennaway BIO_printf(bio_err, " -quiet - no s_client output\n"); 3546f9291ceSJung-uk Kim BIO_printf(bio_err, 3556f9291ceSJung-uk Kim " -ign_eof - ignore input eof (default when -quiet)\n"); 356db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); 3571f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 3581f13597dSJung-uk Kim BIO_printf(bio_err, " -psk_identity arg - PSK identity\n"); 3591f13597dSJung-uk Kim BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); 3601f13597dSJung-uk Kim # ifndef OPENSSL_NO_JPAKE 3611f13597dSJung-uk Kim BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); 3621f13597dSJung-uk Kim # endif 3631f13597dSJung-uk Kim #endif 3641f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 3656f9291ceSJung-uk Kim BIO_printf(bio_err, 3666f9291ceSJung-uk Kim " -srpuser user - SRP authentification for 'user'\n"); 3671f13597dSJung-uk Kim BIO_printf(bio_err, " -srppass arg - password for 'user'\n"); 3686f9291ceSJung-uk Kim BIO_printf(bio_err, 3696f9291ceSJung-uk Kim " -srp_lateuser - SRP username into second ClientHello message\n"); 3706f9291ceSJung-uk Kim BIO_printf(bio_err, 3716f9291ceSJung-uk Kim " -srp_moregroups - Tolerate other than the known g N values.\n"); 3726f9291ceSJung-uk Kim BIO_printf(bio_err, 3736f9291ceSJung-uk Kim " -srp_strength int - minimal length in bits for N (default %d).\n", 3746f9291ceSJung-uk Kim SRP_MINIMAL_N); 3751f13597dSJung-uk Kim #endif 37674664626SKris Kennaway BIO_printf(bio_err, " -ssl2 - just use SSLv2\n"); 377751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 37874664626SKris Kennaway BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); 379751d2991SJung-uk Kim #endif 3801f13597dSJung-uk Kim BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); 3811f13597dSJung-uk Kim BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); 38274664626SKris Kennaway BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); 3833b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); 384fa5fddf1SJung-uk Kim BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n"); 3856a599222SSimon L. B. Nielsen BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); 3866f9291ceSJung-uk Kim BIO_printf(bio_err, 3876f9291ceSJung-uk Kim " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); 3886f9291ceSJung-uk Kim BIO_printf(bio_err, 3896f9291ceSJung-uk Kim " -bugs - Switch on all SSL implementation bug workarounds\n"); 3906f9291ceSJung-uk Kim BIO_printf(bio_err, 3916f9291ceSJung-uk Kim " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); 3926f9291ceSJung-uk Kim BIO_printf(bio_err, 3936f9291ceSJung-uk Kim " command to see what is available\n"); 3946f9291ceSJung-uk Kim BIO_printf(bio_err, 3956f9291ceSJung-uk Kim " -starttls prot - use the STARTTLS command before starting TLS\n"); 3966f9291ceSJung-uk Kim BIO_printf(bio_err, 3976f9291ceSJung-uk Kim " for those protocols that support it, where\n"); 3986f9291ceSJung-uk Kim BIO_printf(bio_err, 3996f9291ceSJung-uk Kim " 'prot' defines which one to assume. Currently,\n"); 4006f9291ceSJung-uk Kim BIO_printf(bio_err, 4016f9291ceSJung-uk Kim " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); 402db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " are supported.\n"); 403fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 4046f9291ceSJung-uk Kim BIO_printf(bio_err, 4056f9291ceSJung-uk Kim " -engine id - Initialise and use the specified engine\n"); 406fceca8a3SJacques Vidrine #endif 4076f9291ceSJung-uk Kim BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, 4086f9291ceSJung-uk Kim LIST_SEPARATOR_CHAR); 409db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); 410db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); 411db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 4126f9291ceSJung-uk Kim BIO_printf(bio_err, 4136f9291ceSJung-uk Kim " -servername host - Set TLS extension servername in ClientHello\n"); 4146f9291ceSJung-uk Kim BIO_printf(bio_err, 4156f9291ceSJung-uk Kim " -tlsextdebug - hex dump of all TLS extensions received\n"); 4166f9291ceSJung-uk Kim BIO_printf(bio_err, 4176f9291ceSJung-uk Kim " -status - request certificate status from server\n"); 4186f9291ceSJung-uk Kim BIO_printf(bio_err, 4196f9291ceSJung-uk Kim " -no_ticket - disable use of RFC4507bis session tickets\n"); 4207bded2dbSJung-uk Kim BIO_printf(bio_err, 4217bded2dbSJung-uk Kim " -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); 42280815a77SJung-uk Kim BIO_printf(bio_err, 42380815a77SJung-uk Kim " -curves arg - Elliptic curves to advertise (colon-separated list)\n"); 42480815a77SJung-uk Kim BIO_printf(bio_err, 42580815a77SJung-uk Kim " -sigalgs arg - Signature algorithms to support (colon-separated list)\n"); 42680815a77SJung-uk Kim BIO_printf(bio_err, 42780815a77SJung-uk Kim " -client_sigalgs arg - Signature algorithms to support for client\n"); 42880815a77SJung-uk Kim BIO_printf(bio_err, 42980815a77SJung-uk Kim " certificate authentication (colon-separated list)\n"); 4307bded2dbSJung-uk Kim #endif 43109286989SJung-uk Kim #ifndef OPENSSL_NO_NEXTPROTONEG 4326f9291ceSJung-uk Kim BIO_printf(bio_err, 4336f9291ceSJung-uk Kim " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); 4341f13597dSJung-uk Kim #endif 4357bded2dbSJung-uk Kim BIO_printf(bio_err, 4367bded2dbSJung-uk Kim " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); 4376f9291ceSJung-uk Kim BIO_printf(bio_err, 4386f9291ceSJung-uk Kim " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 43909286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 4406f9291ceSJung-uk Kim BIO_printf(bio_err, 4416f9291ceSJung-uk Kim " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 44209286989SJung-uk Kim #endif 4436f9291ceSJung-uk Kim BIO_printf(bio_err, 4446f9291ceSJung-uk Kim " -keymatexport label - Export keying material using label\n"); 4456f9291ceSJung-uk Kim BIO_printf(bio_err, 4466f9291ceSJung-uk Kim " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 44774664626SKris Kennaway } 44874664626SKris Kennaway 449db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 450db522d3aSSimon L. B. Nielsen 451db522d3aSSimon L. B. Nielsen /* This is a context that we pass to callbacks */ 452db522d3aSSimon L. B. Nielsen typedef struct tlsextctx_st { 453db522d3aSSimon L. B. Nielsen BIO *biodebug; 454db522d3aSSimon L. B. Nielsen int ack; 455db522d3aSSimon L. B. Nielsen } tlsextctx; 456db522d3aSSimon L. B. Nielsen 457db522d3aSSimon L. B. Nielsen static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) 458db522d3aSSimon L. B. Nielsen { 459db522d3aSSimon L. B. Nielsen tlsextctx *p = (tlsextctx *) arg; 460db522d3aSSimon L. B. Nielsen const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 461db522d3aSSimon L. B. Nielsen if (SSL_get_servername_type(s) != -1) 462db522d3aSSimon L. B. Nielsen p->ack = !SSL_session_reused(s) && hn != NULL; 463db522d3aSSimon L. B. Nielsen else 464db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Can't use SSL_get_servername\n"); 465db522d3aSSimon L. B. Nielsen 466db522d3aSSimon L. B. Nielsen return SSL_TLSEXT_ERR_OK; 467db522d3aSSimon L. B. Nielsen } 4681f13597dSJung-uk Kim 4691f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP 4701f13597dSJung-uk Kim 4711f13597dSJung-uk Kim /* This is a context that we pass to all callbacks */ 4726f9291ceSJung-uk Kim typedef struct srp_arg_st { 4731f13597dSJung-uk Kim char *srppassin; 4741f13597dSJung-uk Kim char *srplogin; 4751f13597dSJung-uk Kim int msg; /* copy from c_msg */ 4761f13597dSJung-uk Kim int debug; /* copy from c_debug */ 4771f13597dSJung-uk Kim int amp; /* allow more groups */ 4781f13597dSJung-uk Kim int strength /* minimal size for N */ ; 4791f13597dSJung-uk Kim } SRP_ARG; 4801f13597dSJung-uk Kim 4811f13597dSJung-uk Kim # define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 4821f13597dSJung-uk Kim 4831f13597dSJung-uk Kim static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g) 4841f13597dSJung-uk Kim { 4851f13597dSJung-uk Kim BN_CTX *bn_ctx = BN_CTX_new(); 4861f13597dSJung-uk Kim BIGNUM *p = BN_new(); 4871f13597dSJung-uk Kim BIGNUM *r = BN_new(); 4881f13597dSJung-uk Kim int ret = 4891f13597dSJung-uk Kim g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && 4901f13597dSJung-uk Kim BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 4911f13597dSJung-uk Kim p != NULL && BN_rshift1(p, N) && 4921f13597dSJung-uk Kim /* p = (N-1)/2 */ 4931f13597dSJung-uk Kim BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 4941f13597dSJung-uk Kim r != NULL && 4951f13597dSJung-uk Kim /* verify g^((N-1)/2) == -1 (mod N) */ 4961f13597dSJung-uk Kim BN_mod_exp(r, g, p, N, bn_ctx) && 4976f9291ceSJung-uk Kim BN_add_word(r, 1) && BN_cmp(r, N) == 0; 4981f13597dSJung-uk Kim 4991f13597dSJung-uk Kim if (r) 5001f13597dSJung-uk Kim BN_free(r); 5011f13597dSJung-uk Kim if (p) 5021f13597dSJung-uk Kim BN_free(p); 5031f13597dSJung-uk Kim if (bn_ctx) 5041f13597dSJung-uk Kim BN_CTX_free(bn_ctx); 5051f13597dSJung-uk Kim return ret; 5061f13597dSJung-uk Kim } 5071f13597dSJung-uk Kim 5086f9291ceSJung-uk Kim /*- 5096f9291ceSJung-uk Kim * This callback is used here for two purposes: 5106f9291ceSJung-uk Kim * - extended debugging 5116f9291ceSJung-uk Kim * - making some primality tests for unknown groups 5126f9291ceSJung-uk Kim * The callback is only called for a non default group. 5136f9291ceSJung-uk Kim * 5146f9291ceSJung-uk Kim * An application does not need the call back at all if 5156f9291ceSJung-uk Kim * only the stanard groups are used. In real life situations, 5166f9291ceSJung-uk Kim * client and server already share well known groups, 5176f9291ceSJung-uk Kim * thus there is no need to verify them. 5186f9291ceSJung-uk Kim * Furthermore, in case that a server actually proposes a group that 5196f9291ceSJung-uk Kim * is not one of those defined in RFC 5054, it is more appropriate 5206f9291ceSJung-uk Kim * to add the group to a static list and then compare since 5216f9291ceSJung-uk Kim * primality tests are rather cpu consuming. 5221f13597dSJung-uk Kim */ 5231f13597dSJung-uk Kim 5241f13597dSJung-uk Kim static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg) 5251f13597dSJung-uk Kim { 5261f13597dSJung-uk Kim SRP_ARG *srp_arg = (SRP_ARG *)arg; 5271f13597dSJung-uk Kim BIGNUM *N = NULL, *g = NULL; 5281f13597dSJung-uk Kim if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s))) 5291f13597dSJung-uk Kim return 0; 5306f9291ceSJung-uk Kim if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) { 5311f13597dSJung-uk Kim BIO_printf(bio_err, "SRP parameters:\n"); 5326f9291ceSJung-uk Kim BIO_printf(bio_err, "\tN="); 5336f9291ceSJung-uk Kim BN_print(bio_err, N); 5346f9291ceSJung-uk Kim BIO_printf(bio_err, "\n\tg="); 5356f9291ceSJung-uk Kim BN_print(bio_err, g); 5361f13597dSJung-uk Kim BIO_printf(bio_err, "\n"); 5371f13597dSJung-uk Kim } 5381f13597dSJung-uk Kim 5391f13597dSJung-uk Kim if (SRP_check_known_gN_param(g, N)) 5401f13597dSJung-uk Kim return 1; 5411f13597dSJung-uk Kim 5426f9291ceSJung-uk Kim if (srp_arg->amp == 1) { 5431f13597dSJung-uk Kim if (srp_arg->debug) 5446f9291ceSJung-uk Kim BIO_printf(bio_err, 5456f9291ceSJung-uk Kim "SRP param N and g are not known params, going to check deeper.\n"); 5461f13597dSJung-uk Kim 5476f9291ceSJung-uk Kim /* 5486f9291ceSJung-uk Kim * The srp_moregroups is a real debugging feature. Implementors 5496f9291ceSJung-uk Kim * should rather add the value to the known ones. The minimal size 5506f9291ceSJung-uk Kim * has already been tested. 5511f13597dSJung-uk Kim */ 5521f13597dSJung-uk Kim if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g)) 5531f13597dSJung-uk Kim return 1; 5541f13597dSJung-uk Kim } 5551f13597dSJung-uk Kim BIO_printf(bio_err, "SRP param N and g rejected.\n"); 5561f13597dSJung-uk Kim return 0; 5571f13597dSJung-uk Kim } 5581f13597dSJung-uk Kim 5591f13597dSJung-uk Kim # define PWD_STRLEN 1024 5601f13597dSJung-uk Kim 5611f13597dSJung-uk Kim static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) 5621f13597dSJung-uk Kim { 5631f13597dSJung-uk Kim SRP_ARG *srp_arg = (SRP_ARG *)arg; 5641f13597dSJung-uk Kim char *pass = (char *)OPENSSL_malloc(PWD_STRLEN + 1); 5651f13597dSJung-uk Kim PW_CB_DATA cb_tmp; 5661f13597dSJung-uk Kim int l; 5671f13597dSJung-uk Kim 5686f9291ceSJung-uk Kim if (!pass) { 5696f9291ceSJung-uk Kim BIO_printf(bio_err, "Malloc failure\n"); 5706f9291ceSJung-uk Kim return NULL; 5716f9291ceSJung-uk Kim } 5726f9291ceSJung-uk Kim 5731f13597dSJung-uk Kim cb_tmp.password = (char *)srp_arg->srppassin; 5741f13597dSJung-uk Kim cb_tmp.prompt_info = "SRP user"; 5756f9291ceSJung-uk Kim if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { 5761f13597dSJung-uk Kim BIO_printf(bio_err, "Can't read Password\n"); 5771f13597dSJung-uk Kim OPENSSL_free(pass); 5781f13597dSJung-uk Kim return NULL; 5791f13597dSJung-uk Kim } 5801f13597dSJung-uk Kim *(pass + l) = '\0'; 5811f13597dSJung-uk Kim 5821f13597dSJung-uk Kim return pass; 5831f13597dSJung-uk Kim } 5841f13597dSJung-uk Kim 585db522d3aSSimon L. B. Nielsen # endif 58609286989SJung-uk Kim # ifndef OPENSSL_NO_SRTP 5871f13597dSJung-uk Kim char *srtp_profiles = NULL; 58809286989SJung-uk Kim # endif 5891f13597dSJung-uk Kim 5901f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 5911f13597dSJung-uk Kim /* This the context that we pass to next_proto_cb */ 5921f13597dSJung-uk Kim typedef struct tlsextnextprotoctx_st { 5931f13597dSJung-uk Kim unsigned char *data; 5941f13597dSJung-uk Kim unsigned short len; 5951f13597dSJung-uk Kim int status; 5961f13597dSJung-uk Kim } tlsextnextprotoctx; 5971f13597dSJung-uk Kim 5981f13597dSJung-uk Kim static tlsextnextprotoctx next_proto; 5991f13597dSJung-uk Kim 6006f9291ceSJung-uk Kim static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, 6016f9291ceSJung-uk Kim const unsigned char *in, unsigned int inlen, 6026f9291ceSJung-uk Kim void *arg) 6031f13597dSJung-uk Kim { 6041f13597dSJung-uk Kim tlsextnextprotoctx *ctx = arg; 6051f13597dSJung-uk Kim 6066f9291ceSJung-uk Kim if (!c_quiet) { 6071f13597dSJung-uk Kim /* We can assume that |in| is syntactically valid. */ 6081f13597dSJung-uk Kim unsigned i; 6091f13597dSJung-uk Kim BIO_printf(bio_c_out, "Protocols advertised by server: "); 6106f9291ceSJung-uk Kim for (i = 0; i < inlen;) { 6111f13597dSJung-uk Kim if (i) 6121f13597dSJung-uk Kim BIO_write(bio_c_out, ", ", 2); 6131f13597dSJung-uk Kim BIO_write(bio_c_out, &in[i + 1], in[i]); 6141f13597dSJung-uk Kim i += in[i] + 1; 6151f13597dSJung-uk Kim } 6161f13597dSJung-uk Kim BIO_write(bio_c_out, "\n", 1); 6171f13597dSJung-uk Kim } 6181f13597dSJung-uk Kim 6196f9291ceSJung-uk Kim ctx->status = 6206f9291ceSJung-uk Kim SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); 6211f13597dSJung-uk Kim return SSL_TLSEXT_ERR_OK; 6221f13597dSJung-uk Kim } 62309286989SJung-uk Kim # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 6247bded2dbSJung-uk Kim 6257bded2dbSJung-uk Kim static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, 6267bded2dbSJung-uk Kim const unsigned char *in, size_t inlen, 6277bded2dbSJung-uk Kim int *al, void *arg) 6287bded2dbSJung-uk Kim { 6297bded2dbSJung-uk Kim char pem_name[100]; 6307bded2dbSJung-uk Kim unsigned char ext_buf[4 + 65536]; 6317bded2dbSJung-uk Kim 6327bded2dbSJung-uk Kim /* Reconstruct the type/len fields prior to extension data */ 6337bded2dbSJung-uk Kim ext_buf[0] = ext_type >> 8; 6347bded2dbSJung-uk Kim ext_buf[1] = ext_type & 0xFF; 6357bded2dbSJung-uk Kim ext_buf[2] = inlen >> 8; 6367bded2dbSJung-uk Kim ext_buf[3] = inlen & 0xFF; 6377bded2dbSJung-uk Kim memcpy(ext_buf + 4, in, inlen); 6387bded2dbSJung-uk Kim 6397bded2dbSJung-uk Kim BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d", 6407bded2dbSJung-uk Kim ext_type); 6417bded2dbSJung-uk Kim PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen); 6427bded2dbSJung-uk Kim return 1; 6437bded2dbSJung-uk Kim } 6447bded2dbSJung-uk Kim 6451f13597dSJung-uk Kim #endif 6461f13597dSJung-uk Kim 6476f9291ceSJung-uk Kim enum { 6485471f83eSSimon L. B. Nielsen PROTO_OFF = 0, 6495471f83eSSimon L. B. Nielsen PROTO_SMTP, 6505471f83eSSimon L. B. Nielsen PROTO_POP3, 6515471f83eSSimon L. B. Nielsen PROTO_IMAP, 652db522d3aSSimon L. B. Nielsen PROTO_FTP, 653db522d3aSSimon L. B. Nielsen PROTO_XMPP 6545471f83eSSimon L. B. Nielsen }; 6555471f83eSSimon L. B. Nielsen 656f579bf8eSKris Kennaway int MAIN(int, char **); 657f579bf8eSKris Kennaway 65874664626SKris Kennaway int MAIN(int argc, char **argv) 65974664626SKris Kennaway { 6607bded2dbSJung-uk Kim int build_chain = 0; 6611f13597dSJung-uk Kim SSL *con = NULL; 6621f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5 6631f13597dSJung-uk Kim KSSL_CTX *kctx; 6641f13597dSJung-uk Kim #endif 66574664626SKris Kennaway int s, k, width, state = 0; 6665c87c606SMark Murray char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; 66774664626SKris Kennaway int cbuf_len, cbuf_off; 66874664626SKris Kennaway int sbuf_len, sbuf_off; 66974664626SKris Kennaway fd_set readfds, writefds; 67074664626SKris Kennaway short port = PORT; 67174664626SKris Kennaway int full_log = 1; 67274664626SKris Kennaway char *host = SSL_HOST_NAME; 6737bded2dbSJung-uk Kim char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; 6743b4e3dcbSSimon L. B. Nielsen int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; 6753b4e3dcbSSimon L. B. Nielsen char *passarg = NULL, *pass = NULL; 6763b4e3dcbSSimon L. B. Nielsen X509 *cert = NULL; 6773b4e3dcbSSimon L. B. Nielsen EVP_PKEY *key = NULL; 6787bded2dbSJung-uk Kim STACK_OF(X509) *chain = NULL; 6797bded2dbSJung-uk Kim char *CApath = NULL, *CAfile = NULL; 6807bded2dbSJung-uk Kim char *chCApath = NULL, *chCAfile = NULL; 6817bded2dbSJung-uk Kim char *vfyCApath = NULL, *vfyCAfile = NULL; 6827bded2dbSJung-uk Kim int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE; 68374664626SKris Kennaway int crlf = 0; 68474664626SKris Kennaway int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; 68574664626SKris Kennaway SSL_CTX *ctx = NULL; 68674664626SKris Kennaway int ret = 1, in_init = 1, i, nbio_test = 0; 6875471f83eSSimon L. B. Nielsen int starttls_proto = PROTO_OFF; 6881f13597dSJung-uk Kim int prexit = 0; 6891f13597dSJung-uk Kim X509_VERIFY_PARAM *vpm = NULL; 6901f13597dSJung-uk Kim int badarg = 0; 6911f13597dSJung-uk Kim const SSL_METHOD *meth = NULL; 6921f13597dSJung-uk Kim int socket_type = SOCK_STREAM; 69374664626SKris Kennaway BIO *sbio; 6945740a5e3SKris Kennaway char *inrand = NULL; 6955471f83eSSimon L. B. Nielsen int mbuf_len = 0; 6966a599222SSimon L. B. Nielsen struct timeval timeout, *timeoutp; 6975c87c606SMark Murray char *engine_id = NULL; 698*6cf8931aSJung-uk Kim ENGINE *e = NULL; 699*6cf8931aSJung-uk Kim #ifndef OPENSSL_NO_ENGINE 700db522d3aSSimon L. B. Nielsen char *ssl_client_engine_id = NULL; 701db522d3aSSimon L. B. Nielsen ENGINE *ssl_client_engine = NULL; 702fceca8a3SJacques Vidrine #endif 7031f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 704f579bf8eSKris Kennaway struct timeval tv; 7051f13597dSJung-uk Kim # if defined(OPENSSL_SYS_BEOS_R5) 7061f13597dSJung-uk Kim int stdin_set = 0; 707f579bf8eSKris Kennaway # endif 7081f13597dSJung-uk Kim #endif 709db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 710db522d3aSSimon L. B. Nielsen char *servername = NULL; 7116f9291ceSJung-uk Kim tlsextctx tlsextcbp = { NULL, 0 }; 7121f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 7131f13597dSJung-uk Kim const char *next_proto_neg_in = NULL; 7141f13597dSJung-uk Kim # endif 7157bded2dbSJung-uk Kim const char *alpn_in = NULL; 7167bded2dbSJung-uk Kim # define MAX_SI_TYPES 100 7177bded2dbSJung-uk Kim unsigned short serverinfo_types[MAX_SI_TYPES]; 7187bded2dbSJung-uk Kim int serverinfo_types_count = 0; 719db522d3aSSimon L. B. Nielsen #endif 720db522d3aSSimon L. B. Nielsen char *sess_in = NULL; 721db522d3aSSimon L. B. Nielsen char *sess_out = NULL; 7223b4e3dcbSSimon L. B. Nielsen struct sockaddr peer; 7233b4e3dcbSSimon L. B. Nielsen int peerlen = sizeof(peer); 724fa5fddf1SJung-uk Kim int fallback_scsv = 0; 7253b4e3dcbSSimon L. B. Nielsen int enable_timeouts = 0; 7266a599222SSimon L. B. Nielsen long socket_mtu = 0; 727db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 7287bded2dbSJung-uk Kim static char *jpake_secret = NULL; 7297bded2dbSJung-uk Kim # define no_jpake !jpake_secret 7307bded2dbSJung-uk Kim #else 7317bded2dbSJung-uk Kim # define no_jpake 1 732db522d3aSSimon L. B. Nielsen #endif 7331f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 7341f13597dSJung-uk Kim char *srppass = NULL; 7351f13597dSJung-uk Kim int srp_lateuser = 0; 7361f13597dSJung-uk Kim SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; 7371f13597dSJung-uk Kim #endif 7387bded2dbSJung-uk Kim SSL_EXCERT *exc = NULL; 7397bded2dbSJung-uk Kim 7407bded2dbSJung-uk Kim SSL_CONF_CTX *cctx = NULL; 7417bded2dbSJung-uk Kim STACK_OF(OPENSSL_STRING) *ssl_args = NULL; 7427bded2dbSJung-uk Kim 7437bded2dbSJung-uk Kim char *crl_file = NULL; 7447bded2dbSJung-uk Kim int crl_format = FORMAT_PEM; 7457bded2dbSJung-uk Kim int crl_download = 0; 7467bded2dbSJung-uk Kim STACK_OF(X509_CRL) *crls = NULL; 747aeb5019cSJung-uk Kim int prot_opt = 0, no_prot_opt = 0; 7483b4e3dcbSSimon L. B. Nielsen 74974664626SKris Kennaway meth = SSLv23_client_method(); 75074664626SKris Kennaway 75174664626SKris Kennaway apps_startup(); 75274664626SKris Kennaway c_Pause = 0; 75374664626SKris Kennaway c_quiet = 0; 754f579bf8eSKris Kennaway c_ign_eof = 0; 75574664626SKris Kennaway c_debug = 0; 7565c87c606SMark Murray c_msg = 0; 75774664626SKris Kennaway c_showcerts = 0; 75874664626SKris Kennaway 75974664626SKris Kennaway if (bio_err == NULL) 76074664626SKris Kennaway bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 76174664626SKris Kennaway 7625c87c606SMark Murray if (!load_config(bio_err, NULL)) 7635c87c606SMark Murray goto end; 7645c87c606SMark Murray 7657bded2dbSJung-uk Kim cctx = SSL_CONF_CTX_new(); 7667bded2dbSJung-uk Kim if (!cctx) 7677bded2dbSJung-uk Kim goto end; 7687bded2dbSJung-uk Kim SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); 7697bded2dbSJung-uk Kim SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE); 7707bded2dbSJung-uk Kim 771ddd58736SKris Kennaway if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || 7725c87c606SMark Murray ((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || 7736f9291ceSJung-uk Kim ((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) { 77474664626SKris Kennaway BIO_printf(bio_err, "out of memory\n"); 77574664626SKris Kennaway goto end; 77674664626SKris Kennaway } 77774664626SKris Kennaway 77874664626SKris Kennaway verify_depth = 0; 77974664626SKris Kennaway verify_error = X509_V_OK; 78074664626SKris Kennaway #ifdef FIONBIO 78174664626SKris Kennaway c_nbio = 0; 78274664626SKris Kennaway #endif 78374664626SKris Kennaway 78474664626SKris Kennaway argc--; 78574664626SKris Kennaway argv++; 7866f9291ceSJung-uk Kim while (argc >= 1) { 7876f9291ceSJung-uk Kim if (strcmp(*argv, "-host") == 0) { 7886f9291ceSJung-uk Kim if (--argc < 1) 7896f9291ceSJung-uk Kim goto bad; 79074664626SKris Kennaway host = *(++argv); 7916f9291ceSJung-uk Kim } else if (strcmp(*argv, "-port") == 0) { 7926f9291ceSJung-uk Kim if (--argc < 1) 7936f9291ceSJung-uk Kim goto bad; 79474664626SKris Kennaway port = atoi(*(++argv)); 7956f9291ceSJung-uk Kim if (port == 0) 7966f9291ceSJung-uk Kim goto bad; 7976f9291ceSJung-uk Kim } else if (strcmp(*argv, "-connect") == 0) { 7986f9291ceSJung-uk Kim if (--argc < 1) 7996f9291ceSJung-uk Kim goto bad; 80074664626SKris Kennaway if (!extract_host_port(*(++argv), &host, NULL, &port)) 80174664626SKris Kennaway goto bad; 8026f9291ceSJung-uk Kim } else if (strcmp(*argv, "-verify") == 0) { 80374664626SKris Kennaway verify = SSL_VERIFY_PEER; 8046f9291ceSJung-uk Kim if (--argc < 1) 8056f9291ceSJung-uk Kim goto bad; 80674664626SKris Kennaway verify_depth = atoi(*(++argv)); 8077bded2dbSJung-uk Kim if (!c_quiet) 80874664626SKris Kennaway BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 8096f9291ceSJung-uk Kim } else if (strcmp(*argv, "-cert") == 0) { 8106f9291ceSJung-uk Kim if (--argc < 1) 8116f9291ceSJung-uk Kim goto bad; 81274664626SKris Kennaway cert_file = *(++argv); 8137bded2dbSJung-uk Kim } else if (strcmp(*argv, "-CRL") == 0) { 8147bded2dbSJung-uk Kim if (--argc < 1) 8157bded2dbSJung-uk Kim goto bad; 8167bded2dbSJung-uk Kim crl_file = *(++argv); 8177bded2dbSJung-uk Kim } else if (strcmp(*argv, "-crl_download") == 0) 8187bded2dbSJung-uk Kim crl_download = 1; 8197bded2dbSJung-uk Kim else if (strcmp(*argv, "-sess_out") == 0) { 8206f9291ceSJung-uk Kim if (--argc < 1) 8216f9291ceSJung-uk Kim goto bad; 822db522d3aSSimon L. B. Nielsen sess_out = *(++argv); 8236f9291ceSJung-uk Kim } else if (strcmp(*argv, "-sess_in") == 0) { 8246f9291ceSJung-uk Kim if (--argc < 1) 8256f9291ceSJung-uk Kim goto bad; 826db522d3aSSimon L. B. Nielsen sess_in = *(++argv); 8276f9291ceSJung-uk Kim } else if (strcmp(*argv, "-certform") == 0) { 8286f9291ceSJung-uk Kim if (--argc < 1) 8296f9291ceSJung-uk Kim goto bad; 8303b4e3dcbSSimon L. B. Nielsen cert_format = str2fmt(*(++argv)); 8317bded2dbSJung-uk Kim } else if (strcmp(*argv, "-CRLform") == 0) { 8327bded2dbSJung-uk Kim if (--argc < 1) 8337bded2dbSJung-uk Kim goto bad; 8347bded2dbSJung-uk Kim crl_format = str2fmt(*(++argv)); 8356f9291ceSJung-uk Kim } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { 8361f13597dSJung-uk Kim if (badarg) 8371f13597dSJung-uk Kim goto bad; 8381f13597dSJung-uk Kim continue; 8396f9291ceSJung-uk Kim } else if (strcmp(*argv, "-verify_return_error") == 0) 8401f13597dSJung-uk Kim verify_return_error = 1; 8417bded2dbSJung-uk Kim else if (strcmp(*argv, "-verify_quiet") == 0) 8427bded2dbSJung-uk Kim verify_quiet = 1; 8437bded2dbSJung-uk Kim else if (strcmp(*argv, "-brief") == 0) { 8447bded2dbSJung-uk Kim c_brief = 1; 8457bded2dbSJung-uk Kim verify_quiet = 1; 8467bded2dbSJung-uk Kim c_quiet = 1; 8477bded2dbSJung-uk Kim } else if (args_excert(&argv, &argc, &badarg, bio_err, &exc)) { 8487bded2dbSJung-uk Kim if (badarg) 8497bded2dbSJung-uk Kim goto bad; 8507bded2dbSJung-uk Kim continue; 851aeb5019cSJung-uk Kim } else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args, 852aeb5019cSJung-uk Kim &no_prot_opt)) { 8537bded2dbSJung-uk Kim if (badarg) 8547bded2dbSJung-uk Kim goto bad; 8557bded2dbSJung-uk Kim continue; 8567bded2dbSJung-uk Kim } else if (strcmp(*argv, "-prexit") == 0) 857f579bf8eSKris Kennaway prexit = 1; 85874664626SKris Kennaway else if (strcmp(*argv, "-crlf") == 0) 85974664626SKris Kennaway crlf = 1; 8606f9291ceSJung-uk Kim else if (strcmp(*argv, "-quiet") == 0) { 86174664626SKris Kennaway c_quiet = 1; 862f579bf8eSKris Kennaway c_ign_eof = 1; 8636f9291ceSJung-uk Kim } else if (strcmp(*argv, "-ign_eof") == 0) 864f579bf8eSKris Kennaway c_ign_eof = 1; 865db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-no_ign_eof") == 0) 866db522d3aSSimon L. B. Nielsen c_ign_eof = 0; 86774664626SKris Kennaway else if (strcmp(*argv, "-pause") == 0) 86874664626SKris Kennaway c_Pause = 1; 86974664626SKris Kennaway else if (strcmp(*argv, "-debug") == 0) 87074664626SKris Kennaway c_debug = 1; 871db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 872db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-tlsextdebug") == 0) 873db522d3aSSimon L. B. Nielsen c_tlsextdebug = 1; 874db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-status") == 0) 875db522d3aSSimon L. B. Nielsen c_status_req = 1; 876db522d3aSSimon L. B. Nielsen #endif 8773b4e3dcbSSimon L. B. Nielsen #ifdef WATT32 8783b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv, "-wdebug") == 0) 8793b4e3dcbSSimon L. B. Nielsen dbug_init(); 8803b4e3dcbSSimon L. B. Nielsen #endif 8815c87c606SMark Murray else if (strcmp(*argv, "-msg") == 0) 8825c87c606SMark Murray c_msg = 1; 8837bded2dbSJung-uk Kim else if (strcmp(*argv, "-msgfile") == 0) { 8847bded2dbSJung-uk Kim if (--argc < 1) 8857bded2dbSJung-uk Kim goto bad; 8867bded2dbSJung-uk Kim bio_c_msg = BIO_new_file(*(++argv), "w"); 8877bded2dbSJung-uk Kim } 8887bded2dbSJung-uk Kim #ifndef OPENSSL_NO_SSL_TRACE 8897bded2dbSJung-uk Kim else if (strcmp(*argv, "-trace") == 0) 8907bded2dbSJung-uk Kim c_msg = 2; 8917bded2dbSJung-uk Kim #endif 89274664626SKris Kennaway else if (strcmp(*argv, "-showcerts") == 0) 89374664626SKris Kennaway c_showcerts = 1; 89474664626SKris Kennaway else if (strcmp(*argv, "-nbio_test") == 0) 89574664626SKris Kennaway nbio_test = 1; 89674664626SKris Kennaway else if (strcmp(*argv, "-state") == 0) 89774664626SKris Kennaway state = 1; 8981f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 8996f9291ceSJung-uk Kim else if (strcmp(*argv, "-psk_identity") == 0) { 9006f9291ceSJung-uk Kim if (--argc < 1) 9016f9291ceSJung-uk Kim goto bad; 9021f13597dSJung-uk Kim psk_identity = *(++argv); 9036f9291ceSJung-uk Kim } else if (strcmp(*argv, "-psk") == 0) { 9041f13597dSJung-uk Kim size_t j; 9051f13597dSJung-uk Kim 9066f9291ceSJung-uk Kim if (--argc < 1) 9076f9291ceSJung-uk Kim goto bad; 9081f13597dSJung-uk Kim psk_key = *(++argv); 9096f9291ceSJung-uk Kim for (j = 0; j < strlen(psk_key); j++) { 9101f13597dSJung-uk Kim if (isxdigit((unsigned char)psk_key[j])) 9111f13597dSJung-uk Kim continue; 9121f13597dSJung-uk Kim BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); 9131f13597dSJung-uk Kim goto bad; 9141f13597dSJung-uk Kim } 9151f13597dSJung-uk Kim } 9161f13597dSJung-uk Kim #endif 9171f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 9186f9291ceSJung-uk Kim else if (strcmp(*argv, "-srpuser") == 0) { 9196f9291ceSJung-uk Kim if (--argc < 1) 9206f9291ceSJung-uk Kim goto bad; 9211f13597dSJung-uk Kim srp_arg.srplogin = *(++argv); 9221f13597dSJung-uk Kim meth = TLSv1_client_method(); 9236f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srppass") == 0) { 9246f9291ceSJung-uk Kim if (--argc < 1) 9256f9291ceSJung-uk Kim goto bad; 9261f13597dSJung-uk Kim srppass = *(++argv); 9271f13597dSJung-uk Kim meth = TLSv1_client_method(); 9286f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_strength") == 0) { 9296f9291ceSJung-uk Kim if (--argc < 1) 9306f9291ceSJung-uk Kim goto bad; 9311f13597dSJung-uk Kim srp_arg.strength = atoi(*(++argv)); 9326f9291ceSJung-uk Kim BIO_printf(bio_err, "SRP minimal length for N is %d\n", 9336f9291ceSJung-uk Kim srp_arg.strength); 9341f13597dSJung-uk Kim meth = TLSv1_client_method(); 9356f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_lateuser") == 0) { 9361f13597dSJung-uk Kim srp_lateuser = 1; 9371f13597dSJung-uk Kim meth = TLSv1_client_method(); 9386f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_moregroups") == 0) { 9391f13597dSJung-uk Kim srp_arg.amp = 1; 9401f13597dSJung-uk Kim meth = TLSv1_client_method(); 9411f13597dSJung-uk Kim } 9421f13597dSJung-uk Kim #endif 9435c87c606SMark Murray #ifndef OPENSSL_NO_SSL2 944aeb5019cSJung-uk Kim else if (strcmp(*argv, "-ssl2") == 0) { 94574664626SKris Kennaway meth = SSLv2_client_method(); 946aeb5019cSJung-uk Kim prot_opt++; 947aeb5019cSJung-uk Kim } 94874664626SKris Kennaway #endif 949751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 950aeb5019cSJung-uk Kim else if (strcmp(*argv, "-ssl3") == 0) { 95174664626SKris Kennaway meth = SSLv3_client_method(); 952aeb5019cSJung-uk Kim prot_opt++; 953aeb5019cSJung-uk Kim } 95474664626SKris Kennaway #endif 9555c87c606SMark Murray #ifndef OPENSSL_NO_TLS1 956aeb5019cSJung-uk Kim else if (strcmp(*argv, "-tls1_2") == 0) { 9571f13597dSJung-uk Kim meth = TLSv1_2_client_method(); 958aeb5019cSJung-uk Kim prot_opt++; 959aeb5019cSJung-uk Kim } else if (strcmp(*argv, "-tls1_1") == 0) { 9601f13597dSJung-uk Kim meth = TLSv1_1_client_method(); 961aeb5019cSJung-uk Kim prot_opt++; 962aeb5019cSJung-uk Kim } else if (strcmp(*argv, "-tls1") == 0) { 96374664626SKris Kennaway meth = TLSv1_client_method(); 964aeb5019cSJung-uk Kim prot_opt++; 965aeb5019cSJung-uk Kim } 96674664626SKris Kennaway #endif 9673b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_DTLS1 9687bded2dbSJung-uk Kim else if (strcmp(*argv, "-dtls") == 0) { 9697bded2dbSJung-uk Kim meth = DTLS_client_method(); 9707bded2dbSJung-uk Kim socket_type = SOCK_DGRAM; 971aeb5019cSJung-uk Kim prot_opt++; 9727bded2dbSJung-uk Kim } else if (strcmp(*argv, "-dtls1") == 0) { 9733b4e3dcbSSimon L. B. Nielsen meth = DTLSv1_client_method(); 9741f13597dSJung-uk Kim socket_type = SOCK_DGRAM; 975aeb5019cSJung-uk Kim prot_opt++; 9767bded2dbSJung-uk Kim } else if (strcmp(*argv, "-dtls1_2") == 0) { 9777bded2dbSJung-uk Kim meth = DTLSv1_2_client_method(); 9787bded2dbSJung-uk Kim socket_type = SOCK_DGRAM; 979aeb5019cSJung-uk Kim prot_opt++; 9806f9291ceSJung-uk Kim } else if (strcmp(*argv, "-timeout") == 0) 9813b4e3dcbSSimon L. B. Nielsen enable_timeouts = 1; 9826f9291ceSJung-uk Kim else if (strcmp(*argv, "-mtu") == 0) { 9836f9291ceSJung-uk Kim if (--argc < 1) 9846f9291ceSJung-uk Kim goto bad; 9856a599222SSimon L. B. Nielsen socket_mtu = atol(*(++argv)); 9863b4e3dcbSSimon L. B. Nielsen } 9873b4e3dcbSSimon L. B. Nielsen #endif 9887bded2dbSJung-uk Kim else if (strcmp(*argv, "-fallback_scsv") == 0) { 9897bded2dbSJung-uk Kim fallback_scsv = 1; 9907bded2dbSJung-uk Kim } else if (strcmp(*argv, "-keyform") == 0) { 9916f9291ceSJung-uk Kim if (--argc < 1) 9926f9291ceSJung-uk Kim goto bad; 9933b4e3dcbSSimon L. B. Nielsen key_format = str2fmt(*(++argv)); 9946f9291ceSJung-uk Kim } else if (strcmp(*argv, "-pass") == 0) { 9956f9291ceSJung-uk Kim if (--argc < 1) 9966f9291ceSJung-uk Kim goto bad; 9973b4e3dcbSSimon L. B. Nielsen passarg = *(++argv); 9987bded2dbSJung-uk Kim } else if (strcmp(*argv, "-cert_chain") == 0) { 9997bded2dbSJung-uk Kim if (--argc < 1) 10007bded2dbSJung-uk Kim goto bad; 10017bded2dbSJung-uk Kim chain_file = *(++argv); 10026f9291ceSJung-uk Kim } else if (strcmp(*argv, "-key") == 0) { 10036f9291ceSJung-uk Kim if (--argc < 1) 10046f9291ceSJung-uk Kim goto bad; 100574664626SKris Kennaway key_file = *(++argv); 10066f9291ceSJung-uk Kim } else if (strcmp(*argv, "-reconnect") == 0) { 100774664626SKris Kennaway reconnect = 5; 10086f9291ceSJung-uk Kim } else if (strcmp(*argv, "-CApath") == 0) { 10096f9291ceSJung-uk Kim if (--argc < 1) 10106f9291ceSJung-uk Kim goto bad; 101174664626SKris Kennaway CApath = *(++argv); 10127bded2dbSJung-uk Kim } else if (strcmp(*argv, "-chainCApath") == 0) { 10137bded2dbSJung-uk Kim if (--argc < 1) 10147bded2dbSJung-uk Kim goto bad; 10157bded2dbSJung-uk Kim chCApath = *(++argv); 10167bded2dbSJung-uk Kim } else if (strcmp(*argv, "-verifyCApath") == 0) { 10177bded2dbSJung-uk Kim if (--argc < 1) 10187bded2dbSJung-uk Kim goto bad; 10197bded2dbSJung-uk Kim vfyCApath = *(++argv); 10207bded2dbSJung-uk Kim } else if (strcmp(*argv, "-build_chain") == 0) 10217bded2dbSJung-uk Kim build_chain = 1; 10227bded2dbSJung-uk Kim else if (strcmp(*argv, "-CAfile") == 0) { 10236f9291ceSJung-uk Kim if (--argc < 1) 10246f9291ceSJung-uk Kim goto bad; 102574664626SKris Kennaway CAfile = *(++argv); 10267bded2dbSJung-uk Kim } else if (strcmp(*argv, "-chainCAfile") == 0) { 10277bded2dbSJung-uk Kim if (--argc < 1) 10287bded2dbSJung-uk Kim goto bad; 10297bded2dbSJung-uk Kim chCAfile = *(++argv); 10307bded2dbSJung-uk Kim } else if (strcmp(*argv, "-verifyCAfile") == 0) { 10317bded2dbSJung-uk Kim if (--argc < 1) 10327bded2dbSJung-uk Kim goto bad; 10337bded2dbSJung-uk Kim vfyCAfile = *(++argv); 10346f9291ceSJung-uk Kim } 1035db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 10361f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 10376f9291ceSJung-uk Kim else if (strcmp(*argv, "-nextprotoneg") == 0) { 10386f9291ceSJung-uk Kim if (--argc < 1) 10396f9291ceSJung-uk Kim goto bad; 10401f13597dSJung-uk Kim next_proto_neg_in = *(++argv); 10411f13597dSJung-uk Kim } 10421f13597dSJung-uk Kim # endif 10437bded2dbSJung-uk Kim else if (strcmp(*argv, "-alpn") == 0) { 10446f9291ceSJung-uk Kim if (--argc < 1) 10456f9291ceSJung-uk Kim goto bad; 10467bded2dbSJung-uk Kim alpn_in = *(++argv); 10477bded2dbSJung-uk Kim } else if (strcmp(*argv, "-serverinfo") == 0) { 10487bded2dbSJung-uk Kim char *c; 10497bded2dbSJung-uk Kim int start = 0; 10507bded2dbSJung-uk Kim int len; 10517bded2dbSJung-uk Kim 10527bded2dbSJung-uk Kim if (--argc < 1) 10537bded2dbSJung-uk Kim goto bad; 10547bded2dbSJung-uk Kim c = *(++argv); 10557bded2dbSJung-uk Kim serverinfo_types_count = 0; 10567bded2dbSJung-uk Kim len = strlen(c); 10577bded2dbSJung-uk Kim for (i = 0; i <= len; ++i) { 10587bded2dbSJung-uk Kim if (i == len || c[i] == ',') { 10597bded2dbSJung-uk Kim serverinfo_types[serverinfo_types_count] 10607bded2dbSJung-uk Kim = atoi(c + start); 10617bded2dbSJung-uk Kim serverinfo_types_count++; 10627bded2dbSJung-uk Kim start = i + 1; 106374664626SKris Kennaway } 10647bded2dbSJung-uk Kim if (serverinfo_types_count == MAX_SI_TYPES) 10657bded2dbSJung-uk Kim break; 10667bded2dbSJung-uk Kim } 10677bded2dbSJung-uk Kim } 10687bded2dbSJung-uk Kim #endif 106974664626SKris Kennaway #ifdef FIONBIO 10706f9291ceSJung-uk Kim else if (strcmp(*argv, "-nbio") == 0) { 10716f9291ceSJung-uk Kim c_nbio = 1; 10726f9291ceSJung-uk Kim } 107374664626SKris Kennaway #endif 10746f9291ceSJung-uk Kim else if (strcmp(*argv, "-starttls") == 0) { 10756f9291ceSJung-uk Kim if (--argc < 1) 10766f9291ceSJung-uk Kim goto bad; 10775c87c606SMark Murray ++argv; 10785c87c606SMark Murray if (strcmp(*argv, "smtp") == 0) 10795471f83eSSimon L. B. Nielsen starttls_proto = PROTO_SMTP; 108050ef0093SJacques Vidrine else if (strcmp(*argv, "pop3") == 0) 10815471f83eSSimon L. B. Nielsen starttls_proto = PROTO_POP3; 10825471f83eSSimon L. B. Nielsen else if (strcmp(*argv, "imap") == 0) 10835471f83eSSimon L. B. Nielsen starttls_proto = PROTO_IMAP; 10845471f83eSSimon L. B. Nielsen else if (strcmp(*argv, "ftp") == 0) 10855471f83eSSimon L. B. Nielsen starttls_proto = PROTO_FTP; 1086db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "xmpp") == 0) 1087db522d3aSSimon L. B. Nielsen starttls_proto = PROTO_XMPP; 10885c87c606SMark Murray else 10895c87c606SMark Murray goto bad; 10905c87c606SMark Murray } 1091fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 10926f9291ceSJung-uk Kim else if (strcmp(*argv, "-engine") == 0) { 10936f9291ceSJung-uk Kim if (--argc < 1) 10946f9291ceSJung-uk Kim goto bad; 10955c87c606SMark Murray engine_id = *(++argv); 10966f9291ceSJung-uk Kim } else if (strcmp(*argv, "-ssl_client_engine") == 0) { 10976f9291ceSJung-uk Kim if (--argc < 1) 10986f9291ceSJung-uk Kim goto bad; 1099db522d3aSSimon L. B. Nielsen ssl_client_engine_id = *(++argv); 1100db522d3aSSimon L. B. Nielsen } 1101fceca8a3SJacques Vidrine #endif 11026f9291ceSJung-uk Kim else if (strcmp(*argv, "-rand") == 0) { 11036f9291ceSJung-uk Kim if (--argc < 1) 11046f9291ceSJung-uk Kim goto bad; 11055740a5e3SKris Kennaway inrand = *(++argv); 11065740a5e3SKris Kennaway } 1107db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 11086f9291ceSJung-uk Kim else if (strcmp(*argv, "-servername") == 0) { 11096f9291ceSJung-uk Kim if (--argc < 1) 11106f9291ceSJung-uk Kim goto bad; 1111db522d3aSSimon L. B. Nielsen servername = *(++argv); 1112db522d3aSSimon L. B. Nielsen /* meth=TLSv1_client_method(); */ 1113db522d3aSSimon L. B. Nielsen } 1114db522d3aSSimon L. B. Nielsen #endif 1115db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 11166f9291ceSJung-uk Kim else if (strcmp(*argv, "-jpake") == 0) { 11176f9291ceSJung-uk Kim if (--argc < 1) 11186f9291ceSJung-uk Kim goto bad; 1119db522d3aSSimon L. B. Nielsen jpake_secret = *++argv; 1120db522d3aSSimon L. B. Nielsen } 1121db522d3aSSimon L. B. Nielsen #endif 112209286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 11236f9291ceSJung-uk Kim else if (strcmp(*argv, "-use_srtp") == 0) { 11246f9291ceSJung-uk Kim if (--argc < 1) 11256f9291ceSJung-uk Kim goto bad; 11261f13597dSJung-uk Kim srtp_profiles = *(++argv); 11271f13597dSJung-uk Kim } 112809286989SJung-uk Kim #endif 11296f9291ceSJung-uk Kim else if (strcmp(*argv, "-keymatexport") == 0) { 11306f9291ceSJung-uk Kim if (--argc < 1) 11316f9291ceSJung-uk Kim goto bad; 11321f13597dSJung-uk Kim keymatexportlabel = *(++argv); 11336f9291ceSJung-uk Kim } else if (strcmp(*argv, "-keymatexportlen") == 0) { 11346f9291ceSJung-uk Kim if (--argc < 1) 11356f9291ceSJung-uk Kim goto bad; 11361f13597dSJung-uk Kim keymatexportlen = atoi(*(++argv)); 11376f9291ceSJung-uk Kim if (keymatexportlen == 0) 11386f9291ceSJung-uk Kim goto bad; 11396f9291ceSJung-uk Kim } else { 114074664626SKris Kennaway BIO_printf(bio_err, "unknown option %s\n", *argv); 114174664626SKris Kennaway badop = 1; 114274664626SKris Kennaway break; 114374664626SKris Kennaway } 114474664626SKris Kennaway argc--; 114574664626SKris Kennaway argv++; 114674664626SKris Kennaway } 11476f9291ceSJung-uk Kim if (badop) { 114874664626SKris Kennaway bad: 114974664626SKris Kennaway sc_usage(); 115074664626SKris Kennaway goto end; 115174664626SKris Kennaway } 11521f13597dSJung-uk Kim #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 11536f9291ceSJung-uk Kim if (jpake_secret) { 11546f9291ceSJung-uk Kim if (psk_key) { 11556f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't use JPAKE and PSK together\n"); 11561f13597dSJung-uk Kim goto end; 11571f13597dSJung-uk Kim } 11581f13597dSJung-uk Kim psk_identity = "JPAKE"; 11591f13597dSJung-uk Kim } 11601f13597dSJung-uk Kim #endif 11611f13597dSJung-uk Kim 1162aeb5019cSJung-uk Kim if (prot_opt > 1) { 1163aeb5019cSJung-uk Kim BIO_printf(bio_err, "Cannot supply multiple protocol flags\n"); 1164aeb5019cSJung-uk Kim goto end; 1165aeb5019cSJung-uk Kim } 1166aeb5019cSJung-uk Kim 1167aeb5019cSJung-uk Kim if (prot_opt == 1 && no_prot_opt) { 1168aeb5019cSJung-uk Kim BIO_printf(bio_err, "Cannot supply both a protocol flag and " 1169aeb5019cSJung-uk Kim "\"-no_<prot>\"\n"); 1170aeb5019cSJung-uk Kim goto end; 1171aeb5019cSJung-uk Kim } 1172aeb5019cSJung-uk Kim 11735c87c606SMark Murray OpenSSL_add_ssl_algorithms(); 11745c87c606SMark Murray SSL_load_error_strings(); 11755c87c606SMark Murray 11761f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 11771f13597dSJung-uk Kim next_proto.status = -1; 11786f9291ceSJung-uk Kim if (next_proto_neg_in) { 11796f9291ceSJung-uk Kim next_proto.data = 11806f9291ceSJung-uk Kim next_protos_parse(&next_proto.len, next_proto_neg_in); 11816f9291ceSJung-uk Kim if (next_proto.data == NULL) { 11821f13597dSJung-uk Kim BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); 11831f13597dSJung-uk Kim goto end; 11841f13597dSJung-uk Kim } 11856f9291ceSJung-uk Kim } else 11861f13597dSJung-uk Kim next_proto.data = NULL; 11871f13597dSJung-uk Kim #endif 11881f13597dSJung-uk Kim 11895c87c606SMark Murray e = setup_engine(bio_err, engine_id, 1); 1190*6cf8931aSJung-uk Kim #ifndef OPENSSL_NO_ENGINE 11916f9291ceSJung-uk Kim if (ssl_client_engine_id) { 1192db522d3aSSimon L. B. Nielsen ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); 11936f9291ceSJung-uk Kim if (!ssl_client_engine) { 11946f9291ceSJung-uk Kim BIO_printf(bio_err, "Error getting client auth engine\n"); 1195db522d3aSSimon L. B. Nielsen goto end; 1196db522d3aSSimon L. B. Nielsen } 1197db522d3aSSimon L. B. Nielsen } 1198fceca8a3SJacques Vidrine #endif 11996f9291ceSJung-uk Kim if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { 12003b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "Error getting password\n"); 12013b4e3dcbSSimon L. B. Nielsen goto end; 12023b4e3dcbSSimon L. B. Nielsen } 12033b4e3dcbSSimon L. B. Nielsen 12043b4e3dcbSSimon L. B. Nielsen if (key_file == NULL) 12053b4e3dcbSSimon L. B. Nielsen key_file = cert_file; 12063b4e3dcbSSimon L. B. Nielsen 12076f9291ceSJung-uk Kim if (key_file) { 12083b4e3dcbSSimon L. B. Nielsen 12093b4e3dcbSSimon L. B. Nielsen key = load_key(bio_err, key_file, key_format, 0, pass, e, 12103b4e3dcbSSimon L. B. Nielsen "client certificate private key file"); 12116f9291ceSJung-uk Kim if (!key) { 12123b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 12133b4e3dcbSSimon L. B. Nielsen goto end; 12143b4e3dcbSSimon L. B. Nielsen } 12153b4e3dcbSSimon L. B. Nielsen 12163b4e3dcbSSimon L. B. Nielsen } 12173b4e3dcbSSimon L. B. Nielsen 12186f9291ceSJung-uk Kim if (cert_file) { 12193b4e3dcbSSimon L. B. Nielsen cert = load_cert(bio_err, cert_file, cert_format, 12203b4e3dcbSSimon L. B. Nielsen NULL, e, "client certificate file"); 12213b4e3dcbSSimon L. B. Nielsen 12226f9291ceSJung-uk Kim if (!cert) { 12233b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 12243b4e3dcbSSimon L. B. Nielsen goto end; 12253b4e3dcbSSimon L. B. Nielsen } 12263b4e3dcbSSimon L. B. Nielsen } 12275c87c606SMark Murray 12287bded2dbSJung-uk Kim if (chain_file) { 12297bded2dbSJung-uk Kim chain = load_certs(bio_err, chain_file, FORMAT_PEM, 12307bded2dbSJung-uk Kim NULL, e, "client certificate chain"); 12317bded2dbSJung-uk Kim if (!chain) 12327bded2dbSJung-uk Kim goto end; 12337bded2dbSJung-uk Kim } 12347bded2dbSJung-uk Kim 12357bded2dbSJung-uk Kim if (crl_file) { 12367bded2dbSJung-uk Kim X509_CRL *crl; 12377bded2dbSJung-uk Kim crl = load_crl(crl_file, crl_format); 12387bded2dbSJung-uk Kim if (!crl) { 12397bded2dbSJung-uk Kim BIO_puts(bio_err, "Error loading CRL\n"); 12407bded2dbSJung-uk Kim ERR_print_errors(bio_err); 12417bded2dbSJung-uk Kim goto end; 12427bded2dbSJung-uk Kim } 12437bded2dbSJung-uk Kim crls = sk_X509_CRL_new_null(); 12447bded2dbSJung-uk Kim if (!crls || !sk_X509_CRL_push(crls, crl)) { 12457bded2dbSJung-uk Kim BIO_puts(bio_err, "Error adding CRL\n"); 12467bded2dbSJung-uk Kim ERR_print_errors(bio_err); 12477bded2dbSJung-uk Kim X509_CRL_free(crl); 12487bded2dbSJung-uk Kim goto end; 12497bded2dbSJung-uk Kim } 12507bded2dbSJung-uk Kim } 12517bded2dbSJung-uk Kim 12527bded2dbSJung-uk Kim if (!load_excert(&exc, bio_err)) 12537bded2dbSJung-uk Kim goto end; 12547bded2dbSJung-uk Kim 12555740a5e3SKris Kennaway if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 12566f9291ceSJung-uk Kim && !RAND_status()) { 12576f9291ceSJung-uk Kim BIO_printf(bio_err, 12586f9291ceSJung-uk Kim "warning, not much extra random data, consider using the -rand option\n"); 12595740a5e3SKris Kennaway } 12605740a5e3SKris Kennaway if (inrand != NULL) 12615740a5e3SKris Kennaway BIO_printf(bio_err, "%ld semi-random bytes loaded\n", 12625740a5e3SKris Kennaway app_RAND_load_files(inrand)); 1263f579bf8eSKris Kennaway 12646f9291ceSJung-uk Kim if (bio_c_out == NULL) { 12657bded2dbSJung-uk Kim if (c_quiet && !c_debug) { 126674664626SKris Kennaway bio_c_out = BIO_new(BIO_s_null()); 12677bded2dbSJung-uk Kim if (c_msg && !bio_c_msg) 12687bded2dbSJung-uk Kim bio_c_msg = BIO_new_fp(stdout, BIO_NOCLOSE); 12696f9291ceSJung-uk Kim } else { 127074664626SKris Kennaway if (bio_c_out == NULL) 127174664626SKris Kennaway bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE); 127274664626SKris Kennaway } 127374664626SKris Kennaway } 12741f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 12756f9291ceSJung-uk Kim if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) { 12761f13597dSJung-uk Kim BIO_printf(bio_err, "Error getting password\n"); 12771f13597dSJung-uk Kim goto end; 12781f13597dSJung-uk Kim } 12791f13597dSJung-uk Kim #endif 12801f13597dSJung-uk Kim 128174664626SKris Kennaway ctx = SSL_CTX_new(meth); 12826f9291ceSJung-uk Kim if (ctx == NULL) { 128374664626SKris Kennaway ERR_print_errors(bio_err); 128474664626SKris Kennaway goto end; 128574664626SKris Kennaway } 128674664626SKris Kennaway 12871f13597dSJung-uk Kim if (vpm) 12881f13597dSJung-uk Kim SSL_CTX_set1_param(ctx, vpm); 12891f13597dSJung-uk Kim 12907bded2dbSJung-uk Kim if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake)) { 12917bded2dbSJung-uk Kim ERR_print_errors(bio_err); 12927bded2dbSJung-uk Kim goto end; 12937bded2dbSJung-uk Kim } 12947bded2dbSJung-uk Kim 12957bded2dbSJung-uk Kim if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, 12967bded2dbSJung-uk Kim crls, crl_download)) { 12977bded2dbSJung-uk Kim BIO_printf(bio_err, "Error loading store locations\n"); 12987bded2dbSJung-uk Kim ERR_print_errors(bio_err); 12997bded2dbSJung-uk Kim goto end; 13007bded2dbSJung-uk Kim } 1301db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_ENGINE 13026f9291ceSJung-uk Kim if (ssl_client_engine) { 13036f9291ceSJung-uk Kim if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) { 1304db522d3aSSimon L. B. Nielsen BIO_puts(bio_err, "Error setting client auth engine\n"); 1305db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1306db522d3aSSimon L. B. Nielsen ENGINE_free(ssl_client_engine); 1307db522d3aSSimon L. B. Nielsen goto end; 1308db522d3aSSimon L. B. Nielsen } 1309db522d3aSSimon L. B. Nielsen ENGINE_free(ssl_client_engine); 1310db522d3aSSimon L. B. Nielsen } 1311db522d3aSSimon L. B. Nielsen #endif 1312db522d3aSSimon L. B. Nielsen 13131f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 13141f13597dSJung-uk Kim # ifdef OPENSSL_NO_JPAKE 13151f13597dSJung-uk Kim if (psk_key != NULL) 13161f13597dSJung-uk Kim # else 13171f13597dSJung-uk Kim if (psk_key != NULL || jpake_secret) 13181f13597dSJung-uk Kim # endif 13191f13597dSJung-uk Kim { 13201f13597dSJung-uk Kim if (c_debug) 13216f9291ceSJung-uk Kim BIO_printf(bio_c_out, 13226f9291ceSJung-uk Kim "PSK key given or JPAKE in use, setting client callback\n"); 13231f13597dSJung-uk Kim SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); 13241f13597dSJung-uk Kim } 132509286989SJung-uk Kim #endif 132609286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 13271f13597dSJung-uk Kim if (srtp_profiles != NULL) 13281f13597dSJung-uk Kim SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); 13291f13597dSJung-uk Kim #endif 13307bded2dbSJung-uk Kim if (exc) 13317bded2dbSJung-uk Kim ssl_ctx_set_excert(ctx, exc); 13326a599222SSimon L. B. Nielsen 13337bded2dbSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) 13347bded2dbSJung-uk Kim # if !defined(OPENSSL_NO_NEXTPROTONEG) 13351f13597dSJung-uk Kim if (next_proto.data) 13361f13597dSJung-uk Kim SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); 13371f13597dSJung-uk Kim # endif 13387bded2dbSJung-uk Kim if (alpn_in) { 13397bded2dbSJung-uk Kim unsigned short alpn_len; 13407bded2dbSJung-uk Kim unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); 13417bded2dbSJung-uk Kim 13427bded2dbSJung-uk Kim if (alpn == NULL) { 13437bded2dbSJung-uk Kim BIO_printf(bio_err, "Error parsing -alpn argument\n"); 13447bded2dbSJung-uk Kim goto end; 13457bded2dbSJung-uk Kim } 13467bded2dbSJung-uk Kim SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); 13477bded2dbSJung-uk Kim OPENSSL_free(alpn); 13487bded2dbSJung-uk Kim } 13497bded2dbSJung-uk Kim #endif 13507bded2dbSJung-uk Kim #ifndef OPENSSL_NO_TLSEXT 13517bded2dbSJung-uk Kim for (i = 0; i < serverinfo_types_count; i++) { 13527bded2dbSJung-uk Kim SSL_CTX_add_client_custom_ext(ctx, 13537bded2dbSJung-uk Kim serverinfo_types[i], 13547bded2dbSJung-uk Kim NULL, NULL, NULL, 13557bded2dbSJung-uk Kim serverinfo_cli_parse_cb, NULL); 13567bded2dbSJung-uk Kim } 13577bded2dbSJung-uk Kim #endif 135874664626SKris Kennaway 13596f9291ceSJung-uk Kim if (state) 13606f9291ceSJung-uk Kim SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 136174664626SKris Kennaway #if 0 136274664626SKris Kennaway else 136374664626SKris Kennaway SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER")); 136474664626SKris Kennaway #endif 136574664626SKris Kennaway 136674664626SKris Kennaway SSL_CTX_set_verify(ctx, verify, verify_callback); 136774664626SKris Kennaway 1368ed6b93beSJung-uk Kim if ((CAfile || CApath) 1369ed6b93beSJung-uk Kim && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { 137074664626SKris Kennaway ERR_print_errors(bio_err); 1371ed6b93beSJung-uk Kim } 1372ed6b93beSJung-uk Kim if (!SSL_CTX_set_default_verify_paths(ctx)) { 1373ed6b93beSJung-uk Kim ERR_print_errors(bio_err); 137474664626SKris Kennaway } 13757bded2dbSJung-uk Kim 13767bded2dbSJung-uk Kim ssl_ctx_add_crls(ctx, crls, crl_download); 13777bded2dbSJung-uk Kim if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) 13787bded2dbSJung-uk Kim goto end; 13797bded2dbSJung-uk Kim 1380db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 13816f9291ceSJung-uk Kim if (servername != NULL) { 1382db522d3aSSimon L. B. Nielsen tlsextcbp.biodebug = bio_err; 1383db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1384db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1385db522d3aSSimon L. B. Nielsen } 13861f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP 13876f9291ceSJung-uk Kim if (srp_arg.srplogin) { 13886f9291ceSJung-uk Kim if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) { 13891f13597dSJung-uk Kim BIO_printf(bio_err, "Unable to set SRP username\n"); 13901f13597dSJung-uk Kim goto end; 13911f13597dSJung-uk Kim } 13921f13597dSJung-uk Kim srp_arg.msg = c_msg; 13931f13597dSJung-uk Kim srp_arg.debug = c_debug; 13941f13597dSJung-uk Kim SSL_CTX_set_srp_cb_arg(ctx, &srp_arg); 13951f13597dSJung-uk Kim SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb); 13961f13597dSJung-uk Kim SSL_CTX_set_srp_strength(ctx, srp_arg.strength); 13971f13597dSJung-uk Kim if (c_msg || c_debug || srp_arg.amp == 0) 13986f9291ceSJung-uk Kim SSL_CTX_set_srp_verify_param_callback(ctx, 13996f9291ceSJung-uk Kim ssl_srp_verify_param_cb); 14001f13597dSJung-uk Kim } 14011f13597dSJung-uk Kim # endif 1402db522d3aSSimon L. B. Nielsen #endif 140374664626SKris Kennaway 1404f579bf8eSKris Kennaway con = SSL_new(ctx); 14056f9291ceSJung-uk Kim if (sess_in) { 1406db522d3aSSimon L. B. Nielsen SSL_SESSION *sess; 1407db522d3aSSimon L. B. Nielsen BIO *stmp = BIO_new_file(sess_in, "r"); 14086f9291ceSJung-uk Kim if (!stmp) { 14096f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't open session file %s\n", sess_in); 1410db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1411db522d3aSSimon L. B. Nielsen goto end; 1412db522d3aSSimon L. B. Nielsen } 1413db522d3aSSimon L. B. Nielsen sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); 1414db522d3aSSimon L. B. Nielsen BIO_free(stmp); 14156f9291ceSJung-uk Kim if (!sess) { 14166f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't open session file %s\n", sess_in); 1417db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1418db522d3aSSimon L. B. Nielsen goto end; 1419db522d3aSSimon L. B. Nielsen } 1420db522d3aSSimon L. B. Nielsen SSL_set_session(con, sess); 1421db522d3aSSimon L. B. Nielsen SSL_SESSION_free(sess); 1422db522d3aSSimon L. B. Nielsen } 1423fa5fddf1SJung-uk Kim 1424fa5fddf1SJung-uk Kim if (fallback_scsv) 1425fa5fddf1SJung-uk Kim SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); 1426fa5fddf1SJung-uk Kim 1427db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 14286f9291ceSJung-uk Kim if (servername != NULL) { 14296f9291ceSJung-uk Kim if (!SSL_set_tlsext_host_name(con, servername)) { 1430db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); 1431db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1432db522d3aSSimon L. B. Nielsen goto end; 1433db522d3aSSimon L. B. Nielsen } 1434db522d3aSSimon L. B. Nielsen } 1435db522d3aSSimon L. B. Nielsen #endif 14365c87c606SMark Murray #ifndef OPENSSL_NO_KRB5 14376f9291ceSJung-uk Kim if (con && (kctx = kssl_ctx_new()) != NULL) { 14381f13597dSJung-uk Kim SSL_set0_kssl_ctx(con, kctx); 14391f13597dSJung-uk Kim kssl_ctx_setstring(kctx, KSSL_SERVER, host); 14405c87c606SMark Murray } 14415c87c606SMark Murray #endif /* OPENSSL_NO_KRB5 */ 144274664626SKris Kennaway /* SSL_set_cipher_list(con,"RC4-MD5"); */ 14431f13597dSJung-uk Kim #if 0 14441f13597dSJung-uk Kim # ifdef TLSEXT_TYPE_opaque_prf_input 14451f13597dSJung-uk Kim SSL_set_tlsext_opaque_prf_input(con, "Test client", 11); 14461f13597dSJung-uk Kim # endif 14471f13597dSJung-uk Kim #endif 144874664626SKris Kennaway 144974664626SKris Kennaway re_start: 145074664626SKris Kennaway 14516f9291ceSJung-uk Kim if (init_client(&s, host, port, socket_type) == 0) { 145274664626SKris Kennaway BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); 145374664626SKris Kennaway SHUTDOWN(s); 145474664626SKris Kennaway goto end; 145574664626SKris Kennaway } 145674664626SKris Kennaway BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); 145774664626SKris Kennaway 145874664626SKris Kennaway #ifdef FIONBIO 14596f9291ceSJung-uk Kim if (c_nbio) { 146074664626SKris Kennaway unsigned long l = 1; 146174664626SKris Kennaway BIO_printf(bio_c_out, "turning on non blocking io\n"); 14626f9291ceSJung-uk Kim if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) { 146374664626SKris Kennaway ERR_print_errors(bio_err); 146474664626SKris Kennaway goto end; 146574664626SKris Kennaway } 146674664626SKris Kennaway } 146774664626SKris Kennaway #endif 14686f9291ceSJung-uk Kim if (c_Pause & 0x01) 14696f9291ceSJung-uk Kim SSL_set_debug(con, 1); 14703b4e3dcbSSimon L. B. Nielsen 14717bded2dbSJung-uk Kim if (socket_type == SOCK_DGRAM) { 14723b4e3dcbSSimon L. B. Nielsen 14733b4e3dcbSSimon L. B. Nielsen sbio = BIO_new_dgram(s, BIO_NOCLOSE); 14746f9291ceSJung-uk Kim if (getsockname(s, &peer, (void *)&peerlen) < 0) { 14753b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "getsockname:errno=%d\n", 14763b4e3dcbSSimon L. B. Nielsen get_last_socket_error()); 14773b4e3dcbSSimon L. B. Nielsen SHUTDOWN(s); 14783b4e3dcbSSimon L. B. Nielsen goto end; 14793b4e3dcbSSimon L. B. Nielsen } 14803b4e3dcbSSimon L. B. Nielsen 1481db522d3aSSimon L. B. Nielsen (void)BIO_ctrl_set_connected(sbio, 1, &peer); 14823b4e3dcbSSimon L. B. Nielsen 14836f9291ceSJung-uk Kim if (enable_timeouts) { 14843b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 14853b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_RCV_TIMEOUT; 14863b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 14873b4e3dcbSSimon L. B. Nielsen 14883b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 14893b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_SND_TIMEOUT; 14903b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 14913b4e3dcbSSimon L. B. Nielsen } 14923b4e3dcbSSimon L. B. Nielsen 14936f9291ceSJung-uk Kim if (socket_mtu) { 14946f9291ceSJung-uk Kim if (socket_mtu < DTLS_get_link_min_mtu(con)) { 1495751d2991SJung-uk Kim BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", 1496751d2991SJung-uk Kim DTLS_get_link_min_mtu(con)); 1497751d2991SJung-uk Kim BIO_free(sbio); 1498751d2991SJung-uk Kim goto shut; 1499751d2991SJung-uk Kim } 15003b4e3dcbSSimon L. B. Nielsen SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 15016f9291ceSJung-uk Kim if (!DTLS_set_link_mtu(con, socket_mtu)) { 1502751d2991SJung-uk Kim BIO_printf(bio_err, "Failed to set MTU\n"); 1503751d2991SJung-uk Kim BIO_free(sbio); 1504751d2991SJung-uk Kim goto shut; 1505751d2991SJung-uk Kim } 15066f9291ceSJung-uk Kim } else 15073b4e3dcbSSimon L. B. Nielsen /* want to do MTU discovery */ 15083b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 15096f9291ceSJung-uk Kim } else 151074664626SKris Kennaway sbio = BIO_new_socket(s, BIO_NOCLOSE); 151174664626SKris Kennaway 15126f9291ceSJung-uk Kim if (nbio_test) { 151374664626SKris Kennaway BIO *test; 151474664626SKris Kennaway 151574664626SKris Kennaway test = BIO_new(BIO_f_nbio_test()); 151674664626SKris Kennaway sbio = BIO_push(test, sbio); 151774664626SKris Kennaway } 151874664626SKris Kennaway 15196f9291ceSJung-uk Kim if (c_debug) { 15201f13597dSJung-uk Kim SSL_set_debug(con, 1); 15213b4e3dcbSSimon L. B. Nielsen BIO_set_callback(sbio, bio_dump_callback); 15225471f83eSSimon L. B. Nielsen BIO_set_callback_arg(sbio, (char *)bio_c_out); 152374664626SKris Kennaway } 15246f9291ceSJung-uk Kim if (c_msg) { 15257bded2dbSJung-uk Kim #ifndef OPENSSL_NO_SSL_TRACE 15267bded2dbSJung-uk Kim if (c_msg == 2) 15277bded2dbSJung-uk Kim SSL_set_msg_callback(con, SSL_trace); 15287bded2dbSJung-uk Kim else 15297bded2dbSJung-uk Kim #endif 15305c87c606SMark Murray SSL_set_msg_callback(con, msg_cb); 15317bded2dbSJung-uk Kim SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out); 15325c87c606SMark Murray } 1533db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 15346f9291ceSJung-uk Kim if (c_tlsextdebug) { 1535db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_callback(con, tlsext_cb); 1536db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_arg(con, bio_c_out); 1537db522d3aSSimon L. B. Nielsen } 15386f9291ceSJung-uk Kim if (c_status_req) { 1539db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); 1540db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); 1541db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); 1542db522d3aSSimon L. B. Nielsen # if 0 1543db522d3aSSimon L. B. Nielsen { 1544db522d3aSSimon L. B. Nielsen STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); 1545db522d3aSSimon L. B. Nielsen OCSP_RESPID *id = OCSP_RESPID_new(); 1546db522d3aSSimon L. B. Nielsen id->value.byKey = ASN1_OCTET_STRING_new(); 1547db522d3aSSimon L. B. Nielsen id->type = V_OCSP_RESPID_KEY; 1548db522d3aSSimon L. B. Nielsen ASN1_STRING_set(id->value.byKey, "Hello World", -1); 1549db522d3aSSimon L. B. Nielsen sk_OCSP_RESPID_push(ids, id); 1550db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_ids(con, ids); 1551db522d3aSSimon L. B. Nielsen } 1552db522d3aSSimon L. B. Nielsen # endif 1553db522d3aSSimon L. B. Nielsen } 1554db522d3aSSimon L. B. Nielsen #endif 1555db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 1556db522d3aSSimon L. B. Nielsen if (jpake_secret) 1557db522d3aSSimon L. B. Nielsen jpake_client_auth(bio_c_out, sbio, jpake_secret); 1558db522d3aSSimon L. B. Nielsen #endif 155974664626SKris Kennaway 156074664626SKris Kennaway SSL_set_bio(con, sbio, sbio); 156174664626SKris Kennaway SSL_set_connect_state(con); 156274664626SKris Kennaway 156374664626SKris Kennaway /* ok, lets connect */ 1564aeb5019cSJung-uk Kim if (fileno_stdin() > SSL_get_fd(con)) 1565aeb5019cSJung-uk Kim width = fileno_stdin() + 1; 1566aeb5019cSJung-uk Kim else 156774664626SKris Kennaway width = SSL_get_fd(con) + 1; 156874664626SKris Kennaway 156974664626SKris Kennaway read_tty = 1; 157074664626SKris Kennaway write_tty = 0; 157174664626SKris Kennaway tty_on = 0; 157274664626SKris Kennaway read_ssl = 1; 157374664626SKris Kennaway write_ssl = 1; 157474664626SKris Kennaway 157574664626SKris Kennaway cbuf_len = 0; 157674664626SKris Kennaway cbuf_off = 0; 157774664626SKris Kennaway sbuf_len = 0; 157874664626SKris Kennaway sbuf_off = 0; 157974664626SKris Kennaway 15805c87c606SMark Murray /* This is an ugly hack that does a lot of assumptions */ 15816f9291ceSJung-uk Kim /* 15826f9291ceSJung-uk Kim * We do have to handle multi-line responses which may come in a single 15836f9291ceSJung-uk Kim * packet or not. We therefore have to use BIO_gets() which does need a 15846f9291ceSJung-uk Kim * buffering BIO. So during the initial chitchat we do push a buffering 15856f9291ceSJung-uk Kim * BIO into the chain that is removed again later on to not disturb the 15866f9291ceSJung-uk Kim * rest of the s_client operation. 15876f9291ceSJung-uk Kim */ 15886f9291ceSJung-uk Kim if (starttls_proto == PROTO_SMTP) { 15895471f83eSSimon L. B. Nielsen int foundit = 0; 15905471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 15915471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 15925471f83eSSimon L. B. Nielsen /* wait for multi-line response to end from SMTP */ 15936f9291ceSJung-uk Kim do { 15945471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 15955471f83eSSimon L. B. Nielsen } 15965471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 15975471f83eSSimon L. B. Nielsen /* STARTTLS command requires EHLO... */ 15985471f83eSSimon L. B. Nielsen BIO_printf(fbio, "EHLO openssl.client.net\r\n"); 1599db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16005471f83eSSimon L. B. Nielsen /* wait for multi-line response to end EHLO SMTP response */ 16016f9291ceSJung-uk Kim do { 16025471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 16035471f83eSSimon L. B. Nielsen if (strstr(mbuf, "STARTTLS")) 16045471f83eSSimon L. B. Nielsen foundit = 1; 16055471f83eSSimon L. B. Nielsen } 16065471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 1607db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16085471f83eSSimon L. B. Nielsen BIO_pop(fbio); 16095471f83eSSimon L. B. Nielsen BIO_free(fbio); 16105471f83eSSimon L. B. Nielsen if (!foundit) 16115471f83eSSimon L. B. Nielsen BIO_printf(bio_err, 16125471f83eSSimon L. B. Nielsen "didn't found starttls in server response," 16135471f83eSSimon L. B. Nielsen " try anyway...\n"); 16145c87c606SMark Murray BIO_printf(sbio, "STARTTLS\r\n"); 16155c87c606SMark Murray BIO_read(sbio, sbuf, BUFSIZZ); 16166f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_POP3) { 161750ef0093SJacques Vidrine BIO_read(sbio, mbuf, BUFSIZZ); 161850ef0093SJacques Vidrine BIO_printf(sbio, "STLS\r\n"); 161950ef0093SJacques Vidrine BIO_read(sbio, sbuf, BUFSIZZ); 16206f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_IMAP) { 16215471f83eSSimon L. B. Nielsen int foundit = 0; 16225471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 16235471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 16245471f83eSSimon L. B. Nielsen BIO_gets(fbio, mbuf, BUFSIZZ); 16255471f83eSSimon L. B. Nielsen /* STARTTLS command requires CAPABILITY... */ 16265471f83eSSimon L. B. Nielsen BIO_printf(fbio, ". CAPABILITY\r\n"); 1627db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16285471f83eSSimon L. B. Nielsen /* wait for multi-line CAPABILITY response */ 16296f9291ceSJung-uk Kim do { 16305471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 16315471f83eSSimon L. B. Nielsen if (strstr(mbuf, "STARTTLS")) 16325471f83eSSimon L. B. Nielsen foundit = 1; 16335471f83eSSimon L. B. Nielsen } 16345471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[0] != '.'); 1635db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16365471f83eSSimon L. B. Nielsen BIO_pop(fbio); 16375471f83eSSimon L. B. Nielsen BIO_free(fbio); 16385471f83eSSimon L. B. Nielsen if (!foundit) 16395471f83eSSimon L. B. Nielsen BIO_printf(bio_err, 16405471f83eSSimon L. B. Nielsen "didn't found STARTTLS in server response," 16415471f83eSSimon L. B. Nielsen " try anyway...\n"); 16425471f83eSSimon L. B. Nielsen BIO_printf(sbio, ". STARTTLS\r\n"); 16435471f83eSSimon L. B. Nielsen BIO_read(sbio, sbuf, BUFSIZZ); 16446f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_FTP) { 16455471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 16465471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 16475471f83eSSimon L. B. Nielsen /* wait for multi-line response to end from FTP */ 16486f9291ceSJung-uk Kim do { 16495471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 16505471f83eSSimon L. B. Nielsen } 16515471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 1652db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16535471f83eSSimon L. B. Nielsen BIO_pop(fbio); 16545471f83eSSimon L. B. Nielsen BIO_free(fbio); 16555471f83eSSimon L. B. Nielsen BIO_printf(sbio, "AUTH TLS\r\n"); 16565471f83eSSimon L. B. Nielsen BIO_read(sbio, sbuf, BUFSIZZ); 16575471f83eSSimon L. B. Nielsen } 16586f9291ceSJung-uk Kim if (starttls_proto == PROTO_XMPP) { 1659db522d3aSSimon L. B. Nielsen int seen = 0; 1660db522d3aSSimon L. B. Nielsen BIO_printf(sbio, "<stream:stream " 1661db522d3aSSimon L. B. Nielsen "xmlns:stream='http://etherx.jabber.org/streams' " 1662db522d3aSSimon L. B. Nielsen "xmlns='jabber:client' to='%s' version='1.0'>", host); 1663db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, mbuf, BUFSIZZ); 1664db522d3aSSimon L. B. Nielsen mbuf[seen] = 0; 16656f9291ceSJung-uk Kim while (!strstr 16666f9291ceSJung-uk Kim (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) { 1667db522d3aSSimon L. B. Nielsen if (strstr(mbuf, "/stream:features>")) 1668db522d3aSSimon L. B. Nielsen goto shut; 1669db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, mbuf, BUFSIZZ); 1670db522d3aSSimon L. B. Nielsen mbuf[seen] = 0; 1671db522d3aSSimon L. B. Nielsen } 16726f9291ceSJung-uk Kim BIO_printf(sbio, 16736f9291ceSJung-uk Kim "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); 1674db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, sbuf, BUFSIZZ); 1675db522d3aSSimon L. B. Nielsen sbuf[seen] = 0; 1676db522d3aSSimon L. B. Nielsen if (!strstr(sbuf, "<proceed")) 1677db522d3aSSimon L. B. Nielsen goto shut; 1678db522d3aSSimon L. B. Nielsen mbuf[0] = 0; 1679db522d3aSSimon L. B. Nielsen } 16805c87c606SMark Murray 16816f9291ceSJung-uk Kim for (;;) { 168274664626SKris Kennaway FD_ZERO(&readfds); 168374664626SKris Kennaway FD_ZERO(&writefds); 168474664626SKris Kennaway 16856a599222SSimon L. B. Nielsen if ((SSL_version(con) == DTLS1_VERSION) && 16866a599222SSimon L. B. Nielsen DTLSv1_get_timeout(con, &timeout)) 16876a599222SSimon L. B. Nielsen timeoutp = &timeout; 16886a599222SSimon L. B. Nielsen else 16896a599222SSimon L. B. Nielsen timeoutp = NULL; 16906a599222SSimon L. B. Nielsen 16916f9291ceSJung-uk Kim if (SSL_in_init(con) && !SSL_total_renegotiations(con)) { 169274664626SKris Kennaway in_init = 1; 169374664626SKris Kennaway tty_on = 0; 16946f9291ceSJung-uk Kim } else { 169574664626SKris Kennaway tty_on = 1; 16966f9291ceSJung-uk Kim if (in_init) { 169774664626SKris Kennaway in_init = 0; 16986f9291ceSJung-uk Kim #if 0 /* This test doesn't really work as intended 16996f9291ceSJung-uk Kim * (needs to be fixed) */ 17001f13597dSJung-uk Kim # ifndef OPENSSL_NO_TLSEXT 17016f9291ceSJung-uk Kim if (servername != NULL && !SSL_session_reused(con)) { 17026f9291ceSJung-uk Kim BIO_printf(bio_c_out, 17036f9291ceSJung-uk Kim "Server did %sacknowledge servername extension.\n", 17046f9291ceSJung-uk Kim tlsextcbp.ack ? "" : "not "); 17051f13597dSJung-uk Kim } 17061f13597dSJung-uk Kim # endif 17071f13597dSJung-uk Kim #endif 17086f9291ceSJung-uk Kim if (sess_out) { 1709db522d3aSSimon L. B. Nielsen BIO *stmp = BIO_new_file(sess_out, "w"); 17106f9291ceSJung-uk Kim if (stmp) { 1711db522d3aSSimon L. B. Nielsen PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); 1712db522d3aSSimon L. B. Nielsen BIO_free(stmp); 17136f9291ceSJung-uk Kim } else 17146f9291ceSJung-uk Kim BIO_printf(bio_err, "Error writing session file %s\n", 17156f9291ceSJung-uk Kim sess_out); 1716db522d3aSSimon L. B. Nielsen } 17177bded2dbSJung-uk Kim if (c_brief) { 17187bded2dbSJung-uk Kim BIO_puts(bio_err, "CONNECTION ESTABLISHED\n"); 17197bded2dbSJung-uk Kim print_ssl_summary(bio_err, con); 17207bded2dbSJung-uk Kim } 17217bded2dbSJung-uk Kim 172274664626SKris Kennaway print_stuff(bio_c_out, con, full_log); 17236f9291ceSJung-uk Kim if (full_log > 0) 17246f9291ceSJung-uk Kim full_log--; 172574664626SKris Kennaway 17266f9291ceSJung-uk Kim if (starttls_proto) { 17275c87c606SMark Murray BIO_printf(bio_err, "%s", mbuf); 17285c87c606SMark Murray /* We don't need to know any more */ 17295471f83eSSimon L. B. Nielsen starttls_proto = PROTO_OFF; 17305c87c606SMark Murray } 17315c87c606SMark Murray 17326f9291ceSJung-uk Kim if (reconnect) { 173374664626SKris Kennaway reconnect--; 17346f9291ceSJung-uk Kim BIO_printf(bio_c_out, 17356f9291ceSJung-uk Kim "drop connection and then reconnect\n"); 173674664626SKris Kennaway SSL_shutdown(con); 173774664626SKris Kennaway SSL_set_connect_state(con); 173874664626SKris Kennaway SHUTDOWN(SSL_get_fd(con)); 173974664626SKris Kennaway goto re_start; 174074664626SKris Kennaway } 174174664626SKris Kennaway } 174274664626SKris Kennaway } 174374664626SKris Kennaway 174474664626SKris Kennaway ssl_pending = read_ssl && SSL_pending(con); 174574664626SKris Kennaway 17466f9291ceSJung-uk Kim if (!ssl_pending) { 17471f13597dSJung-uk Kim #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5) 17486f9291ceSJung-uk Kim if (tty_on) { 17496f9291ceSJung-uk Kim if (read_tty) 1750aeb5019cSJung-uk Kim openssl_fdset(fileno_stdin(), &readfds); 1751aeb5019cSJung-uk Kim #if !defined(OPENSSL_SYS_VMS) 17526f9291ceSJung-uk Kim if (write_tty) 1753aeb5019cSJung-uk Kim openssl_fdset(fileno_stdout(), &writefds); 1754aeb5019cSJung-uk Kim #endif 175574664626SKris Kennaway } 175674664626SKris Kennaway if (read_ssl) 17571f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &readfds); 175874664626SKris Kennaway if (write_ssl) 17591f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &writefds); 1760f579bf8eSKris Kennaway #else 1761f579bf8eSKris Kennaway if (!tty_on || !write_tty) { 1762f579bf8eSKris Kennaway if (read_ssl) 17631f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &readfds); 1764f579bf8eSKris Kennaway if (write_ssl) 17651f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &writefds); 1766f579bf8eSKris Kennaway } 1767f579bf8eSKris Kennaway #endif 17686f9291ceSJung-uk Kim /*- printf("mode tty(%d %d%d) ssl(%d%d)\n", 176974664626SKris Kennaway tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ 177074664626SKris Kennaway 17716f9291ceSJung-uk Kim /* 17726f9291ceSJung-uk Kim * Note: under VMS with SOCKETSHR the second parameter is 17736f9291ceSJung-uk Kim * currently of type (int *) whereas under other systems it is 17746f9291ceSJung-uk Kim * (void *) if you don't have a cast it will choke the compiler: 17756f9291ceSJung-uk Kim * if you do have a cast then you can either go for (int *) or 17766f9291ceSJung-uk Kim * (void *). 177774664626SKris Kennaway */ 177850ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 17796f9291ceSJung-uk Kim /* 17806f9291ceSJung-uk Kim * Under Windows/DOS we make the assumption that we can always 17816f9291ceSJung-uk Kim * write to the tty: therefore if we need to write to the tty we 17826f9291ceSJung-uk Kim * just fall through. Otherwise we timeout the select every 17836f9291ceSJung-uk Kim * second and see if there are any keypresses. Note: this is a 17846f9291ceSJung-uk Kim * hack, in a proper Windows application we wouldn't do this. 1785f579bf8eSKris Kennaway */ 1786f579bf8eSKris Kennaway i = 0; 1787f579bf8eSKris Kennaway if (!write_tty) { 1788f579bf8eSKris Kennaway if (read_tty) { 1789f579bf8eSKris Kennaway tv.tv_sec = 1; 1790f579bf8eSKris Kennaway tv.tv_usec = 0; 1791f579bf8eSKris Kennaway i = select(width, (void *)&readfds, (void *)&writefds, 1792f579bf8eSKris Kennaway NULL, &tv); 179350ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) 17946f9291ceSJung-uk Kim if (!i && (!_kbhit() || !read_tty)) 17956f9291ceSJung-uk Kim continue; 17965c87c606SMark Murray # else 17976f9291ceSJung-uk Kim if (!i && (!((_kbhit()) 17986f9291ceSJung-uk Kim || (WAIT_OBJECT_0 == 17996f9291ceSJung-uk Kim WaitForSingleObject(GetStdHandle 18006f9291ceSJung-uk Kim (STD_INPUT_HANDLE), 18016f9291ceSJung-uk Kim 0))) 18026f9291ceSJung-uk Kim || !read_tty)) 18036f9291ceSJung-uk Kim continue; 18045c87c606SMark Murray # endif 18056f9291ceSJung-uk Kim } else 18066f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 18076a599222SSimon L. B. Nielsen NULL, timeoutp); 1808f579bf8eSKris Kennaway } 18093b4e3dcbSSimon L. B. Nielsen #elif defined(OPENSSL_SYS_NETWARE) 18103b4e3dcbSSimon L. B. Nielsen if (!write_tty) { 18113b4e3dcbSSimon L. B. Nielsen if (read_tty) { 18123b4e3dcbSSimon L. B. Nielsen tv.tv_sec = 1; 18133b4e3dcbSSimon L. B. Nielsen tv.tv_usec = 0; 18143b4e3dcbSSimon L. B. Nielsen i = select(width, (void *)&readfds, (void *)&writefds, 18153b4e3dcbSSimon L. B. Nielsen NULL, &tv); 18166f9291ceSJung-uk Kim } else 18176f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 18186a599222SSimon L. B. Nielsen NULL, timeoutp); 18193b4e3dcbSSimon L. B. Nielsen } 18201f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 18211f13597dSJung-uk Kim /* Under BeOS-R5 the situation is similar to DOS */ 18221f13597dSJung-uk Kim i = 0; 18231f13597dSJung-uk Kim stdin_set = 0; 1824aeb5019cSJung-uk Kim (void)fcntl(fileno_stdin(), F_SETFL, O_NONBLOCK); 18251f13597dSJung-uk Kim if (!write_tty) { 18261f13597dSJung-uk Kim if (read_tty) { 18271f13597dSJung-uk Kim tv.tv_sec = 1; 18281f13597dSJung-uk Kim tv.tv_usec = 0; 18291f13597dSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 18301f13597dSJung-uk Kim NULL, &tv); 1831aeb5019cSJung-uk Kim if (read(fileno_stdin(), sbuf, 0) >= 0) 18321f13597dSJung-uk Kim stdin_set = 1; 18331f13597dSJung-uk Kim if (!i && (stdin_set != 1 || !read_tty)) 18341f13597dSJung-uk Kim continue; 18356f9291ceSJung-uk Kim } else 18366f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 18371f13597dSJung-uk Kim NULL, timeoutp); 18381f13597dSJung-uk Kim } 1839aeb5019cSJung-uk Kim (void)fcntl(fileno_stdin(), F_SETFL, 0); 1840f579bf8eSKris Kennaway #else 184174664626SKris Kennaway i = select(width, (void *)&readfds, (void *)&writefds, 18426a599222SSimon L. B. Nielsen NULL, timeoutp); 1843f579bf8eSKris Kennaway #endif 18446f9291ceSJung-uk Kim if (i < 0) { 184574664626SKris Kennaway BIO_printf(bio_err, "bad select %d\n", 184674664626SKris Kennaway get_last_socket_error()); 184774664626SKris Kennaway goto shut; 184874664626SKris Kennaway /* goto end; */ 184974664626SKris Kennaway } 185074664626SKris Kennaway } 185174664626SKris Kennaway 18526f9291ceSJung-uk Kim if ((SSL_version(con) == DTLS1_VERSION) 18536f9291ceSJung-uk Kim && DTLSv1_handle_timeout(con) > 0) { 18546a599222SSimon L. B. Nielsen BIO_printf(bio_err, "TIMEOUT occured\n"); 18556a599222SSimon L. B. Nielsen } 18566a599222SSimon L. B. Nielsen 18576f9291ceSJung-uk Kim if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { 18586f9291ceSJung-uk Kim k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); 18596f9291ceSJung-uk Kim switch (SSL_get_error(con, k)) { 186074664626SKris Kennaway case SSL_ERROR_NONE: 186174664626SKris Kennaway cbuf_off += k; 186274664626SKris Kennaway cbuf_len -= k; 18636f9291ceSJung-uk Kim if (k <= 0) 18646f9291ceSJung-uk Kim goto end; 186574664626SKris Kennaway /* we have done a write(con,NULL,0); */ 18666f9291ceSJung-uk Kim if (cbuf_len <= 0) { 186774664626SKris Kennaway read_tty = 1; 186874664626SKris Kennaway write_ssl = 0; 18696f9291ceSJung-uk Kim } else { /* if (cbuf_len > 0) */ 18706f9291ceSJung-uk Kim 187174664626SKris Kennaway read_tty = 0; 187274664626SKris Kennaway write_ssl = 1; 187374664626SKris Kennaway } 187474664626SKris Kennaway break; 187574664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 187674664626SKris Kennaway BIO_printf(bio_c_out, "write W BLOCK\n"); 187774664626SKris Kennaway write_ssl = 1; 187874664626SKris Kennaway read_tty = 0; 187974664626SKris Kennaway break; 188074664626SKris Kennaway case SSL_ERROR_WANT_READ: 188174664626SKris Kennaway BIO_printf(bio_c_out, "write R BLOCK\n"); 188274664626SKris Kennaway write_tty = 0; 188374664626SKris Kennaway read_ssl = 1; 188474664626SKris Kennaway write_ssl = 0; 188574664626SKris Kennaway break; 188674664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 188774664626SKris Kennaway BIO_printf(bio_c_out, "write X BLOCK\n"); 188874664626SKris Kennaway break; 188974664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 18906f9291ceSJung-uk Kim if (cbuf_len != 0) { 189174664626SKris Kennaway BIO_printf(bio_c_out, "shutdown\n"); 18921f13597dSJung-uk Kim ret = 0; 189374664626SKris Kennaway goto shut; 18946f9291ceSJung-uk Kim } else { 189574664626SKris Kennaway read_tty = 1; 189674664626SKris Kennaway write_ssl = 0; 189774664626SKris Kennaway break; 189874664626SKris Kennaway } 189974664626SKris Kennaway 190074664626SKris Kennaway case SSL_ERROR_SYSCALL: 19016f9291ceSJung-uk Kim if ((k != 0) || (cbuf_len != 0)) { 190274664626SKris Kennaway BIO_printf(bio_err, "write:errno=%d\n", 190374664626SKris Kennaway get_last_socket_error()); 190474664626SKris Kennaway goto shut; 19056f9291ceSJung-uk Kim } else { 190674664626SKris Kennaway read_tty = 1; 190774664626SKris Kennaway write_ssl = 0; 190874664626SKris Kennaway } 190974664626SKris Kennaway break; 191074664626SKris Kennaway case SSL_ERROR_SSL: 191174664626SKris Kennaway ERR_print_errors(bio_err); 191274664626SKris Kennaway goto shut; 191374664626SKris Kennaway } 191474664626SKris Kennaway } 1915aeb5019cSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) || defined(OPENSSL_SYS_VMS) 19161f13597dSJung-uk Kim /* Assume Windows/DOS/BeOS can always write */ 1917f579bf8eSKris Kennaway else if (!ssl_pending && write_tty) 1918f579bf8eSKris Kennaway #else 1919aeb5019cSJung-uk Kim else if (!ssl_pending && FD_ISSET(fileno_stdout(), &writefds)) 1920f579bf8eSKris Kennaway #endif 192174664626SKris Kennaway { 192274664626SKris Kennaway #ifdef CHARSET_EBCDIC 192374664626SKris Kennaway ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len); 192474664626SKris Kennaway #endif 19251f13597dSJung-uk Kim i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len); 192674664626SKris Kennaway 19276f9291ceSJung-uk Kim if (i <= 0) { 192874664626SKris Kennaway BIO_printf(bio_c_out, "DONE\n"); 19291f13597dSJung-uk Kim ret = 0; 193074664626SKris Kennaway goto shut; 193174664626SKris Kennaway /* goto end; */ 193274664626SKris Kennaway } 193374664626SKris Kennaway 193474664626SKris Kennaway sbuf_len -= i;; 193574664626SKris Kennaway sbuf_off += i; 19366f9291ceSJung-uk Kim if (sbuf_len <= 0) { 193774664626SKris Kennaway read_ssl = 1; 193874664626SKris Kennaway write_tty = 0; 193974664626SKris Kennaway } 19406f9291ceSJung-uk Kim } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) { 194174664626SKris Kennaway #ifdef RENEG 19426f9291ceSJung-uk Kim { 19436f9291ceSJung-uk Kim static int iiii; 19446f9291ceSJung-uk Kim if (++iiii == 52) { 19456f9291ceSJung-uk Kim SSL_renegotiate(con); 19466f9291ceSJung-uk Kim iiii = 0; 19476f9291ceSJung-uk Kim } 19486f9291ceSJung-uk Kim } 194974664626SKris Kennaway #endif 195074664626SKris Kennaway #if 1 195174664626SKris Kennaway k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); 195274664626SKris Kennaway #else 195374664626SKris Kennaway /* Demo for pending and peek :-) */ 195474664626SKris Kennaway k = SSL_read(con, sbuf, 16); 19556f9291ceSJung-uk Kim { 19566f9291ceSJung-uk Kim char zbuf[10240]; 19576f9291ceSJung-uk Kim printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), 19586f9291ceSJung-uk Kim SSL_peek(con, zbuf, 10240)); 195974664626SKris Kennaway } 196074664626SKris Kennaway #endif 196174664626SKris Kennaway 19626f9291ceSJung-uk Kim switch (SSL_get_error(con, k)) { 196374664626SKris Kennaway case SSL_ERROR_NONE: 196474664626SKris Kennaway if (k <= 0) 196574664626SKris Kennaway goto end; 196674664626SKris Kennaway sbuf_off = 0; 196774664626SKris Kennaway sbuf_len = k; 196874664626SKris Kennaway 196974664626SKris Kennaway read_ssl = 0; 197074664626SKris Kennaway write_tty = 1; 197174664626SKris Kennaway break; 197274664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 197374664626SKris Kennaway BIO_printf(bio_c_out, "read W BLOCK\n"); 197474664626SKris Kennaway write_ssl = 1; 197574664626SKris Kennaway read_tty = 0; 197674664626SKris Kennaway break; 197774664626SKris Kennaway case SSL_ERROR_WANT_READ: 197874664626SKris Kennaway BIO_printf(bio_c_out, "read R BLOCK\n"); 197974664626SKris Kennaway write_tty = 0; 198074664626SKris Kennaway read_ssl = 1; 198174664626SKris Kennaway if ((read_tty == 0) && (write_ssl == 0)) 198274664626SKris Kennaway write_ssl = 1; 198374664626SKris Kennaway break; 198474664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 198574664626SKris Kennaway BIO_printf(bio_c_out, "read X BLOCK\n"); 198674664626SKris Kennaway break; 198774664626SKris Kennaway case SSL_ERROR_SYSCALL: 19881f13597dSJung-uk Kim ret = get_last_socket_error(); 19897bded2dbSJung-uk Kim if (c_brief) 19907bded2dbSJung-uk Kim BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n"); 19917bded2dbSJung-uk Kim else 19921f13597dSJung-uk Kim BIO_printf(bio_err, "read:errno=%d\n", ret); 199374664626SKris Kennaway goto shut; 199474664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 199574664626SKris Kennaway BIO_printf(bio_c_out, "closed\n"); 19961f13597dSJung-uk Kim ret = 0; 199774664626SKris Kennaway goto shut; 199874664626SKris Kennaway case SSL_ERROR_SSL: 199974664626SKris Kennaway ERR_print_errors(bio_err); 200074664626SKris Kennaway goto shut; 200174664626SKris Kennaway /* break; */ 200274664626SKris Kennaway } 200374664626SKris Kennaway } 200450ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 200550ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) 20065c87c606SMark Murray else if (_kbhit()) 20075c87c606SMark Murray # else 20086f9291ceSJung-uk Kim else if ((_kbhit()) 20096f9291ceSJung-uk Kim || (WAIT_OBJECT_0 == 20106f9291ceSJung-uk Kim WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) 20115c87c606SMark Murray # endif 20123b4e3dcbSSimon L. B. Nielsen #elif defined (OPENSSL_SYS_NETWARE) 20133b4e3dcbSSimon L. B. Nielsen else if (_kbhit()) 20141f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 20151f13597dSJung-uk Kim else if (stdin_set) 2016f579bf8eSKris Kennaway #else 2017aeb5019cSJung-uk Kim else if (FD_ISSET(fileno_stdin(), &readfds)) 2018f579bf8eSKris Kennaway #endif 201974664626SKris Kennaway { 20206f9291ceSJung-uk Kim if (crlf) { 202174664626SKris Kennaway int j, lf_num; 202274664626SKris Kennaway 20231f13597dSJung-uk Kim i = raw_read_stdin(cbuf, BUFSIZZ / 2); 202474664626SKris Kennaway lf_num = 0; 202574664626SKris Kennaway /* both loops are skipped when i <= 0 */ 202674664626SKris Kennaway for (j = 0; j < i; j++) 202774664626SKris Kennaway if (cbuf[j] == '\n') 202874664626SKris Kennaway lf_num++; 20296f9291ceSJung-uk Kim for (j = i - 1; j >= 0; j--) { 203074664626SKris Kennaway cbuf[j + lf_num] = cbuf[j]; 20316f9291ceSJung-uk Kim if (cbuf[j] == '\n') { 203274664626SKris Kennaway lf_num--; 203374664626SKris Kennaway i++; 203474664626SKris Kennaway cbuf[j + lf_num] = '\r'; 203574664626SKris Kennaway } 203674664626SKris Kennaway } 203774664626SKris Kennaway assert(lf_num == 0); 20386f9291ceSJung-uk Kim } else 20391f13597dSJung-uk Kim i = raw_read_stdin(cbuf, BUFSIZZ); 204074664626SKris Kennaway 20416f9291ceSJung-uk Kim if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { 204274664626SKris Kennaway BIO_printf(bio_err, "DONE\n"); 20431f13597dSJung-uk Kim ret = 0; 204474664626SKris Kennaway goto shut; 204574664626SKris Kennaway } 204674664626SKris Kennaway 20476f9291ceSJung-uk Kim if ((!c_ign_eof) && (cbuf[0] == 'R')) { 204874664626SKris Kennaway BIO_printf(bio_err, "RENEGOTIATING\n"); 204974664626SKris Kennaway SSL_renegotiate(con); 205074664626SKris Kennaway cbuf_len = 0; 205174664626SKris Kennaway } 20521f13597dSJung-uk Kim #ifndef OPENSSL_NO_HEARTBEATS 20536f9291ceSJung-uk Kim else if ((!c_ign_eof) && (cbuf[0] == 'B')) { 20541f13597dSJung-uk Kim BIO_printf(bio_err, "HEARTBEATING\n"); 20551f13597dSJung-uk Kim SSL_heartbeat(con); 20561f13597dSJung-uk Kim cbuf_len = 0; 20571f13597dSJung-uk Kim } 20581f13597dSJung-uk Kim #endif 20596f9291ceSJung-uk Kim else { 206074664626SKris Kennaway cbuf_len = i; 206174664626SKris Kennaway cbuf_off = 0; 206274664626SKris Kennaway #ifdef CHARSET_EBCDIC 206374664626SKris Kennaway ebcdic2ascii(cbuf, cbuf, i); 206474664626SKris Kennaway #endif 206574664626SKris Kennaway } 206674664626SKris Kennaway 206774664626SKris Kennaway write_ssl = 1; 206874664626SKris Kennaway read_tty = 0; 206974664626SKris Kennaway } 207074664626SKris Kennaway } 20711f13597dSJung-uk Kim 20721f13597dSJung-uk Kim ret = 0; 207374664626SKris Kennaway shut: 20741f13597dSJung-uk Kim if (in_init) 20751f13597dSJung-uk Kim print_stuff(bio_c_out, con, full_log); 207674664626SKris Kennaway SSL_shutdown(con); 207774664626SKris Kennaway SHUTDOWN(SSL_get_fd(con)); 207874664626SKris Kennaway end: 20796f9291ceSJung-uk Kim if (con != NULL) { 20801f13597dSJung-uk Kim if (prexit != 0) 20811f13597dSJung-uk Kim print_stuff(bio_c_out, con, 1); 20821f13597dSJung-uk Kim SSL_free(con); 20831f13597dSJung-uk Kim } 208409286989SJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 208509286989SJung-uk Kim if (next_proto.data) 208609286989SJung-uk Kim OPENSSL_free(next_proto.data); 208709286989SJung-uk Kim #endif 20886f9291ceSJung-uk Kim if (ctx != NULL) 20896f9291ceSJung-uk Kim SSL_CTX_free(ctx); 20903b4e3dcbSSimon L. B. Nielsen if (cert) 20913b4e3dcbSSimon L. B. Nielsen X509_free(cert); 20927bded2dbSJung-uk Kim if (crls) 20937bded2dbSJung-uk Kim sk_X509_CRL_pop_free(crls, X509_CRL_free); 20943b4e3dcbSSimon L. B. Nielsen if (key) 20953b4e3dcbSSimon L. B. Nielsen EVP_PKEY_free(key); 20967bded2dbSJung-uk Kim if (chain) 20977bded2dbSJung-uk Kim sk_X509_pop_free(chain, X509_free); 20983b4e3dcbSSimon L. B. Nielsen if (pass) 20993b4e3dcbSSimon L. B. Nielsen OPENSSL_free(pass); 210080815a77SJung-uk Kim #ifndef OPENSSL_NO_SRP 210180815a77SJung-uk Kim OPENSSL_free(srp_arg.srppassin); 210280815a77SJung-uk Kim #endif 210309286989SJung-uk Kim if (vpm) 210409286989SJung-uk Kim X509_VERIFY_PARAM_free(vpm); 21057bded2dbSJung-uk Kim ssl_excert_free(exc); 21067bded2dbSJung-uk Kim if (ssl_args) 21077bded2dbSJung-uk Kim sk_OPENSSL_STRING_free(ssl_args); 21087bded2dbSJung-uk Kim if (cctx) 21097bded2dbSJung-uk Kim SSL_CONF_CTX_free(cctx); 21107bded2dbSJung-uk Kim #ifndef OPENSSL_NO_JPAKE 21117bded2dbSJung-uk Kim if (jpake_secret && psk_key) 21127bded2dbSJung-uk Kim OPENSSL_free(psk_key); 21137bded2dbSJung-uk Kim #endif 21146f9291ceSJung-uk Kim if (cbuf != NULL) { 21156f9291ceSJung-uk Kim OPENSSL_cleanse(cbuf, BUFSIZZ); 21166f9291ceSJung-uk Kim OPENSSL_free(cbuf); 21176f9291ceSJung-uk Kim } 21186f9291ceSJung-uk Kim if (sbuf != NULL) { 21196f9291ceSJung-uk Kim OPENSSL_cleanse(sbuf, BUFSIZZ); 21206f9291ceSJung-uk Kim OPENSSL_free(sbuf); 21216f9291ceSJung-uk Kim } 21226f9291ceSJung-uk Kim if (mbuf != NULL) { 21236f9291ceSJung-uk Kim OPENSSL_cleanse(mbuf, BUFSIZZ); 21246f9291ceSJung-uk Kim OPENSSL_free(mbuf); 21256f9291ceSJung-uk Kim } 2126*6cf8931aSJung-uk Kim release_engine(e); 21276f9291ceSJung-uk Kim if (bio_c_out != NULL) { 212874664626SKris Kennaway BIO_free(bio_c_out); 212974664626SKris Kennaway bio_c_out = NULL; 213074664626SKris Kennaway } 21317bded2dbSJung-uk Kim if (bio_c_msg != NULL) { 21327bded2dbSJung-uk Kim BIO_free(bio_c_msg); 21337bded2dbSJung-uk Kim bio_c_msg = NULL; 21347bded2dbSJung-uk Kim } 21355c87c606SMark Murray apps_shutdown(); 21365c87c606SMark Murray OPENSSL_EXIT(ret); 213774664626SKris Kennaway } 213874664626SKris Kennaway 213974664626SKris Kennaway static void print_stuff(BIO *bio, SSL *s, int full) 214074664626SKris Kennaway { 214174664626SKris Kennaway X509 *peer = NULL; 214274664626SKris Kennaway char *p; 21433b4e3dcbSSimon L. B. Nielsen static const char *space = " "; 214474664626SKris Kennaway char buf[BUFSIZ]; 214574664626SKris Kennaway STACK_OF(X509) *sk; 214674664626SKris Kennaway STACK_OF(X509_NAME) *sk2; 21471f13597dSJung-uk Kim const SSL_CIPHER *c; 214874664626SKris Kennaway X509_NAME *xn; 214974664626SKris Kennaway int j, i; 21503b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 21513b4e3dcbSSimon L. B. Nielsen const COMP_METHOD *comp, *expansion; 21523b4e3dcbSSimon L. B. Nielsen #endif 21531f13597dSJung-uk Kim unsigned char *exportedkeymat; 215474664626SKris Kennaway 21556f9291ceSJung-uk Kim if (full) { 215674664626SKris Kennaway int got_a_chain = 0; 215774664626SKris Kennaway 215874664626SKris Kennaway sk = SSL_get_peer_cert_chain(s); 21596f9291ceSJung-uk Kim if (sk != NULL) { 216074664626SKris Kennaway got_a_chain = 1; /* we don't have it for SSL2 (yet) */ 216174664626SKris Kennaway 216274664626SKris Kennaway BIO_printf(bio, "---\nCertificate chain\n"); 21636f9291ceSJung-uk Kim for (i = 0; i < sk_X509_num(sk); i++) { 21646f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), 21656f9291ceSJung-uk Kim buf, sizeof buf); 216674664626SKris Kennaway BIO_printf(bio, "%2d s:%s\n", i, buf); 21676f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), 21686f9291ceSJung-uk Kim buf, sizeof buf); 216974664626SKris Kennaway BIO_printf(bio, " i:%s\n", buf); 217074664626SKris Kennaway if (c_showcerts) 217174664626SKris Kennaway PEM_write_bio_X509(bio, sk_X509_value(sk, i)); 217274664626SKris Kennaway } 217374664626SKris Kennaway } 217474664626SKris Kennaway 217574664626SKris Kennaway BIO_printf(bio, "---\n"); 217674664626SKris Kennaway peer = SSL_get_peer_certificate(s); 21776f9291ceSJung-uk Kim if (peer != NULL) { 217874664626SKris Kennaway BIO_printf(bio, "Server certificate\n"); 21796f9291ceSJung-uk Kim 21806f9291ceSJung-uk Kim /* Redundant if we showed the whole chain */ 21816f9291ceSJung-uk Kim if (!(c_showcerts && got_a_chain)) 218274664626SKris Kennaway PEM_write_bio_X509(bio, peer); 21836f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); 218474664626SKris Kennaway BIO_printf(bio, "subject=%s\n", buf); 21856f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); 218674664626SKris Kennaway BIO_printf(bio, "issuer=%s\n", buf); 21876f9291ceSJung-uk Kim } else 218874664626SKris Kennaway BIO_printf(bio, "no peer certificate available\n"); 218974664626SKris Kennaway 219074664626SKris Kennaway sk2 = SSL_get_client_CA_list(s); 21916f9291ceSJung-uk Kim if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) { 219274664626SKris Kennaway BIO_printf(bio, "---\nAcceptable client certificate CA names\n"); 21936f9291ceSJung-uk Kim for (i = 0; i < sk_X509_NAME_num(sk2); i++) { 219474664626SKris Kennaway xn = sk_X509_NAME_value(sk2, i); 219574664626SKris Kennaway X509_NAME_oneline(xn, buf, sizeof(buf)); 219674664626SKris Kennaway BIO_write(bio, buf, strlen(buf)); 219774664626SKris Kennaway BIO_write(bio, "\n", 1); 219874664626SKris Kennaway } 21996f9291ceSJung-uk Kim } else { 220074664626SKris Kennaway BIO_printf(bio, "---\nNo client certificate CA names sent\n"); 220174664626SKris Kennaway } 22025c87c606SMark Murray p = SSL_get_shared_ciphers(s, buf, sizeof buf); 22036f9291ceSJung-uk Kim if (p != NULL) { 22046f9291ceSJung-uk Kim /* 22056f9291ceSJung-uk Kim * This works only for SSL 2. In later protocol versions, the 22066f9291ceSJung-uk Kim * client does not know what other ciphers (in addition to the 22076f9291ceSJung-uk Kim * one to be used in the current connection) the server supports. 22086f9291ceSJung-uk Kim */ 220974664626SKris Kennaway 22106f9291ceSJung-uk Kim BIO_printf(bio, 22116f9291ceSJung-uk Kim "---\nCiphers common between both SSL endpoints:\n"); 221274664626SKris Kennaway j = i = 0; 22136f9291ceSJung-uk Kim while (*p) { 22146f9291ceSJung-uk Kim if (*p == ':') { 221574664626SKris Kennaway BIO_write(bio, space, 15 - j % 25); 221674664626SKris Kennaway i++; 221774664626SKris Kennaway j = 0; 221874664626SKris Kennaway BIO_write(bio, ((i % 3) ? " " : "\n"), 1); 22196f9291ceSJung-uk Kim } else { 222074664626SKris Kennaway BIO_write(bio, p, 1); 222174664626SKris Kennaway j++; 222274664626SKris Kennaway } 222374664626SKris Kennaway p++; 222474664626SKris Kennaway } 222574664626SKris Kennaway BIO_write(bio, "\n", 1); 222674664626SKris Kennaway } 222774664626SKris Kennaway 22287bded2dbSJung-uk Kim ssl_print_sigalgs(bio, s); 22297bded2dbSJung-uk Kim ssl_print_tmp_key(bio, s); 22307bded2dbSJung-uk Kim 22316f9291ceSJung-uk Kim BIO_printf(bio, 22326f9291ceSJung-uk Kim "---\nSSL handshake has read %ld bytes and written %ld bytes\n", 223374664626SKris Kennaway BIO_number_read(SSL_get_rbio(s)), 223474664626SKris Kennaway BIO_number_written(SSL_get_wbio(s))); 223574664626SKris Kennaway } 22361f13597dSJung-uk Kim BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, ")); 223774664626SKris Kennaway c = SSL_get_current_cipher(s); 223874664626SKris Kennaway BIO_printf(bio, "%s, Cipher is %s\n", 22396f9291ceSJung-uk Kim SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); 224074664626SKris Kennaway if (peer != NULL) { 224174664626SKris Kennaway EVP_PKEY *pktmp; 224274664626SKris Kennaway pktmp = X509_get_pubkey(peer); 224374664626SKris Kennaway BIO_printf(bio, "Server public key is %d bit\n", 224474664626SKris Kennaway EVP_PKEY_bits(pktmp)); 224574664626SKris Kennaway EVP_PKEY_free(pktmp); 224674664626SKris Kennaway } 22476a599222SSimon L. B. Nielsen BIO_printf(bio, "Secure Renegotiation IS%s supported\n", 22486a599222SSimon L. B. Nielsen SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); 22493b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 22503b4e3dcbSSimon L. B. Nielsen comp = SSL_get_current_compression(s); 22513b4e3dcbSSimon L. B. Nielsen expansion = SSL_get_current_expansion(s); 22523b4e3dcbSSimon L. B. Nielsen BIO_printf(bio, "Compression: %s\n", 22533b4e3dcbSSimon L. B. Nielsen comp ? SSL_COMP_get_name(comp) : "NONE"); 22543b4e3dcbSSimon L. B. Nielsen BIO_printf(bio, "Expansion: %s\n", 22553b4e3dcbSSimon L. B. Nielsen expansion ? SSL_COMP_get_name(expansion) : "NONE"); 22563b4e3dcbSSimon L. B. Nielsen #endif 22571f13597dSJung-uk Kim 22581f13597dSJung-uk Kim #ifdef SSL_DEBUG 22591f13597dSJung-uk Kim { 22601f13597dSJung-uk Kim /* Print out local port of connection: useful for debugging */ 22611f13597dSJung-uk Kim int sock; 22621f13597dSJung-uk Kim struct sockaddr_in ladd; 22631f13597dSJung-uk Kim socklen_t ladd_size = sizeof(ladd); 22641f13597dSJung-uk Kim sock = SSL_get_fd(s); 22651f13597dSJung-uk Kim getsockname(sock, (struct sockaddr *)&ladd, &ladd_size); 22661f13597dSJung-uk Kim BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); 22671f13597dSJung-uk Kim } 22681f13597dSJung-uk Kim #endif 22691f13597dSJung-uk Kim 22707bded2dbSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) 22717bded2dbSJung-uk Kim # if !defined(OPENSSL_NO_NEXTPROTONEG) 22721f13597dSJung-uk Kim if (next_proto.status != -1) { 22731f13597dSJung-uk Kim const unsigned char *proto; 22741f13597dSJung-uk Kim unsigned int proto_len; 22751f13597dSJung-uk Kim SSL_get0_next_proto_negotiated(s, &proto, &proto_len); 22761f13597dSJung-uk Kim BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); 22771f13597dSJung-uk Kim BIO_write(bio, proto, proto_len); 22781f13597dSJung-uk Kim BIO_write(bio, "\n", 1); 22791f13597dSJung-uk Kim } 22801f13597dSJung-uk Kim # endif 22817bded2dbSJung-uk Kim { 22827bded2dbSJung-uk Kim const unsigned char *proto; 22837bded2dbSJung-uk Kim unsigned int proto_len; 22847bded2dbSJung-uk Kim SSL_get0_alpn_selected(s, &proto, &proto_len); 22857bded2dbSJung-uk Kim if (proto_len > 0) { 22867bded2dbSJung-uk Kim BIO_printf(bio, "ALPN protocol: "); 22877bded2dbSJung-uk Kim BIO_write(bio, proto, proto_len); 22887bded2dbSJung-uk Kim BIO_write(bio, "\n", 1); 22897bded2dbSJung-uk Kim } else 22907bded2dbSJung-uk Kim BIO_printf(bio, "No ALPN negotiated\n"); 22917bded2dbSJung-uk Kim } 22927bded2dbSJung-uk Kim #endif 22931f13597dSJung-uk Kim 229409286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 22951f13597dSJung-uk Kim { 22966f9291ceSJung-uk Kim SRTP_PROTECTION_PROFILE *srtp_profile = 22976f9291ceSJung-uk Kim SSL_get_selected_srtp_profile(s); 22981f13597dSJung-uk Kim 22991f13597dSJung-uk Kim if (srtp_profile) 23001f13597dSJung-uk Kim BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n", 23011f13597dSJung-uk Kim srtp_profile->name); 23021f13597dSJung-uk Kim } 230309286989SJung-uk Kim #endif 23041f13597dSJung-uk Kim 230574664626SKris Kennaway SSL_SESSION_print(bio, SSL_get_session(s)); 23066f9291ceSJung-uk Kim if (keymatexportlabel != NULL) { 23071f13597dSJung-uk Kim BIO_printf(bio, "Keying material exporter:\n"); 23081f13597dSJung-uk Kim BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); 23091f13597dSJung-uk Kim BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); 23101f13597dSJung-uk Kim exportedkeymat = OPENSSL_malloc(keymatexportlen); 23116f9291ceSJung-uk Kim if (exportedkeymat != NULL) { 23121f13597dSJung-uk Kim if (!SSL_export_keying_material(s, exportedkeymat, 23131f13597dSJung-uk Kim keymatexportlen, 23141f13597dSJung-uk Kim keymatexportlabel, 23151f13597dSJung-uk Kim strlen(keymatexportlabel), 23166f9291ceSJung-uk Kim NULL, 0, 0)) { 23171f13597dSJung-uk Kim BIO_printf(bio, " Error\n"); 23186f9291ceSJung-uk Kim } else { 23191f13597dSJung-uk Kim BIO_printf(bio, " Keying material: "); 23201f13597dSJung-uk Kim for (i = 0; i < keymatexportlen; i++) 23216f9291ceSJung-uk Kim BIO_printf(bio, "%02X", exportedkeymat[i]); 23221f13597dSJung-uk Kim BIO_printf(bio, "\n"); 23231f13597dSJung-uk Kim } 23241f13597dSJung-uk Kim OPENSSL_free(exportedkeymat); 23251f13597dSJung-uk Kim } 23261f13597dSJung-uk Kim } 232774664626SKris Kennaway BIO_printf(bio, "---\n"); 232874664626SKris Kennaway if (peer != NULL) 232974664626SKris Kennaway X509_free(peer); 2330a21b1b38SKris Kennaway /* flush, or debugging output gets mixed with http response */ 2331db522d3aSSimon L. B. Nielsen (void)BIO_flush(bio); 233274664626SKris Kennaway } 233374664626SKris Kennaway 2334db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 2335db522d3aSSimon L. B. Nielsen 2336db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg) 2337db522d3aSSimon L. B. Nielsen { 2338db522d3aSSimon L. B. Nielsen const unsigned char *p; 2339db522d3aSSimon L. B. Nielsen int len; 2340db522d3aSSimon L. B. Nielsen OCSP_RESPONSE *rsp; 2341db522d3aSSimon L. B. Nielsen len = SSL_get_tlsext_status_ocsp_resp(s, &p); 2342db522d3aSSimon L. B. Nielsen BIO_puts(arg, "OCSP response: "); 23436f9291ceSJung-uk Kim if (!p) { 2344db522d3aSSimon L. B. Nielsen BIO_puts(arg, "no response sent\n"); 2345db522d3aSSimon L. B. Nielsen return 1; 2346db522d3aSSimon L. B. Nielsen } 2347db522d3aSSimon L. B. Nielsen rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 23486f9291ceSJung-uk Kim if (!rsp) { 2349db522d3aSSimon L. B. Nielsen BIO_puts(arg, "response parse error\n"); 2350db522d3aSSimon L. B. Nielsen BIO_dump_indent(arg, (char *)p, len, 4); 2351db522d3aSSimon L. B. Nielsen return 0; 2352db522d3aSSimon L. B. Nielsen } 2353db522d3aSSimon L. B. Nielsen BIO_puts(arg, "\n======================================\n"); 2354db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_print(arg, rsp, 0); 2355db522d3aSSimon L. B. Nielsen BIO_puts(arg, "======================================\n"); 2356db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_free(rsp); 2357db522d3aSSimon L. B. Nielsen return 1; 2358db522d3aSSimon L. B. Nielsen } 23591f13597dSJung-uk Kim 23601f13597dSJung-uk Kim #endif 2361