xref: /freebsd/crypto/openssl/apps/s_client.c (revision 6f9291cea8b06d251243fd47a7234018541832a3)
174664626SKris Kennaway /* apps/s_client.c */
274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
374664626SKris Kennaway  * All rights reserved.
474664626SKris Kennaway  *
574664626SKris Kennaway  * This package is an SSL implementation written
674664626SKris Kennaway  * by Eric Young (eay@cryptsoft.com).
774664626SKris Kennaway  * The implementation was written so as to conform with Netscapes SSL.
874664626SKris Kennaway  *
974664626SKris Kennaway  * This library is free for commercial and non-commercial use as long as
1074664626SKris Kennaway  * the following conditions are aheared to.  The following conditions
1174664626SKris Kennaway  * apply to all code found in this distribution, be it the RC4, RSA,
1274664626SKris Kennaway  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
1374664626SKris Kennaway  * included with this distribution is covered by the same copyright terms
1474664626SKris Kennaway  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1574664626SKris Kennaway  *
1674664626SKris Kennaway  * Copyright remains Eric Young's, and as such any Copyright notices in
1774664626SKris Kennaway  * the code are not to be removed.
1874664626SKris Kennaway  * If this package is used in a product, Eric Young should be given attribution
1974664626SKris Kennaway  * as the author of the parts of the library used.
2074664626SKris Kennaway  * This can be in the form of a textual message at program startup or
2174664626SKris Kennaway  * in documentation (online or textual) provided with the package.
2274664626SKris Kennaway  *
2374664626SKris Kennaway  * Redistribution and use in source and binary forms, with or without
2474664626SKris Kennaway  * modification, are permitted provided that the following conditions
2574664626SKris Kennaway  * are met:
2674664626SKris Kennaway  * 1. Redistributions of source code must retain the copyright
2774664626SKris Kennaway  *    notice, this list of conditions and the following disclaimer.
2874664626SKris Kennaway  * 2. Redistributions in binary form must reproduce the above copyright
2974664626SKris Kennaway  *    notice, this list of conditions and the following disclaimer in the
3074664626SKris Kennaway  *    documentation and/or other materials provided with the distribution.
3174664626SKris Kennaway  * 3. All advertising materials mentioning features or use of this software
3274664626SKris Kennaway  *    must display the following acknowledgement:
3374664626SKris Kennaway  *    "This product includes cryptographic software written by
3474664626SKris Kennaway  *     Eric Young (eay@cryptsoft.com)"
3574664626SKris Kennaway  *    The word 'cryptographic' can be left out if the rouines from the library
3674664626SKris Kennaway  *    being used are not cryptographic related :-).
3774664626SKris Kennaway  * 4. If you include any Windows specific code (or a derivative thereof) from
3874664626SKris Kennaway  *    the apps directory (application code) you must include an acknowledgement:
3974664626SKris Kennaway  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
4074664626SKris Kennaway  *
4174664626SKris Kennaway  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
4274664626SKris Kennaway  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4374664626SKris Kennaway  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
4474664626SKris Kennaway  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
4574664626SKris Kennaway  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
4674664626SKris Kennaway  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
4774664626SKris Kennaway  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4874664626SKris Kennaway  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
4974664626SKris Kennaway  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5074664626SKris Kennaway  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5174664626SKris Kennaway  * SUCH DAMAGE.
5274664626SKris Kennaway  *
5374664626SKris Kennaway  * The licence and distribution terms for any publically available version or
5474664626SKris Kennaway  * derivative of this code cannot be changed.  i.e. this code cannot simply be
5574664626SKris Kennaway  * copied and put under another distribution licence
5674664626SKris Kennaway  * [including the GNU Public Licence.]
5774664626SKris Kennaway  */
585c87c606SMark Murray /* ====================================================================
591f13597dSJung-uk Kim  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
605c87c606SMark Murray  *
615c87c606SMark Murray  * Redistribution and use in source and binary forms, with or without
625c87c606SMark Murray  * modification, are permitted provided that the following conditions
635c87c606SMark Murray  * are met:
645c87c606SMark Murray  *
655c87c606SMark Murray  * 1. Redistributions of source code must retain the above copyright
665c87c606SMark Murray  *    notice, this list of conditions and the following disclaimer.
675c87c606SMark Murray  *
685c87c606SMark Murray  * 2. Redistributions in binary form must reproduce the above copyright
695c87c606SMark Murray  *    notice, this list of conditions and the following disclaimer in
705c87c606SMark Murray  *    the documentation and/or other materials provided with the
715c87c606SMark Murray  *    distribution.
725c87c606SMark Murray  *
735c87c606SMark Murray  * 3. All advertising materials mentioning features or use of this
745c87c606SMark Murray  *    software must display the following acknowledgment:
755c87c606SMark Murray  *    "This product includes software developed by the OpenSSL Project
765c87c606SMark Murray  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
775c87c606SMark Murray  *
785c87c606SMark Murray  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
795c87c606SMark Murray  *    endorse or promote products derived from this software without
805c87c606SMark Murray  *    prior written permission. For written permission, please contact
815c87c606SMark Murray  *    openssl-core@openssl.org.
825c87c606SMark Murray  *
835c87c606SMark Murray  * 5. Products derived from this software may not be called "OpenSSL"
845c87c606SMark Murray  *    nor may "OpenSSL" appear in their names without prior written
855c87c606SMark Murray  *    permission of the OpenSSL Project.
865c87c606SMark Murray  *
875c87c606SMark Murray  * 6. Redistributions of any form whatsoever must retain the following
885c87c606SMark Murray  *    acknowledgment:
895c87c606SMark Murray  *    "This product includes software developed by the OpenSSL Project
905c87c606SMark Murray  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
915c87c606SMark Murray  *
925c87c606SMark Murray  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
935c87c606SMark Murray  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
945c87c606SMark Murray  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
955c87c606SMark Murray  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
965c87c606SMark Murray  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
975c87c606SMark Murray  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
985c87c606SMark Murray  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
995c87c606SMark Murray  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1005c87c606SMark Murray  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1015c87c606SMark Murray  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1025c87c606SMark Murray  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1035c87c606SMark Murray  * OF THE POSSIBILITY OF SUCH DAMAGE.
1045c87c606SMark Murray  * ====================================================================
1055c87c606SMark Murray  *
1065c87c606SMark Murray  * This product includes cryptographic software written by Eric Young
1075c87c606SMark Murray  * (eay@cryptsoft.com).  This product includes software written by Tim
1085c87c606SMark Murray  * Hudson (tjh@cryptsoft.com).
1095c87c606SMark Murray  *
1105c87c606SMark Murray  */
1111f13597dSJung-uk Kim /* ====================================================================
1121f13597dSJung-uk Kim  * Copyright 2005 Nokia. All rights reserved.
1131f13597dSJung-uk Kim  *
1141f13597dSJung-uk Kim  * The portions of the attached software ("Contribution") is developed by
1151f13597dSJung-uk Kim  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
1161f13597dSJung-uk Kim  * license.
1171f13597dSJung-uk Kim  *
1181f13597dSJung-uk Kim  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
1191f13597dSJung-uk Kim  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
1201f13597dSJung-uk Kim  * support (see RFC 4279) to OpenSSL.
1211f13597dSJung-uk Kim  *
1221f13597dSJung-uk Kim  * No patent licenses or other rights except those expressly stated in
1231f13597dSJung-uk Kim  * the OpenSSL open source license shall be deemed granted or received
1241f13597dSJung-uk Kim  * expressly, by implication, estoppel, or otherwise.
1251f13597dSJung-uk Kim  *
1261f13597dSJung-uk Kim  * No assurances are provided by Nokia that the Contribution does not
1271f13597dSJung-uk Kim  * infringe the patent or other intellectual property rights of any third
1281f13597dSJung-uk Kim  * party or that the license provides you with all the necessary rights
1291f13597dSJung-uk Kim  * to make use of the Contribution.
1301f13597dSJung-uk Kim  *
1311f13597dSJung-uk Kim  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
1321f13597dSJung-uk Kim  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
1331f13597dSJung-uk Kim  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
1341f13597dSJung-uk Kim  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
1351f13597dSJung-uk Kim  * OTHERWISE.
1361f13597dSJung-uk Kim  */
13774664626SKris Kennaway 
13874664626SKris Kennaway #include <assert.h>
1391f13597dSJung-uk Kim #include <ctype.h>
14074664626SKris Kennaway #include <stdio.h>
14174664626SKris Kennaway #include <stdlib.h>
14274664626SKris Kennaway #include <string.h>
1435c87c606SMark Murray #include <openssl/e_os2.h>
1445c87c606SMark Murray #ifdef OPENSSL_NO_STDIO
14574664626SKris Kennaway # define APPS_WIN16
14674664626SKris Kennaway #endif
14774664626SKris Kennaway 
148*6f9291ceSJung-uk Kim /*
149*6f9291ceSJung-uk Kim  * With IPv6, it looks like Digital has mixed up the proper order of
150*6f9291ceSJung-uk Kim  * recursive header file inclusion, resulting in the compiler complaining
151*6f9291ceSJung-uk Kim  * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
152*6f9291ceSJung-uk Kim  * needed to have fileno() declared correctly...  So let's define u_int
153*6f9291ceSJung-uk Kim  */
1545c87c606SMark Murray #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
15574664626SKris Kennaway # define __U_INT
15674664626SKris Kennaway typedef unsigned int u_int;
15774664626SKris Kennaway #endif
15874664626SKris Kennaway 
15974664626SKris Kennaway #define USE_SOCKETS
16074664626SKris Kennaway #include "apps.h"
16174664626SKris Kennaway #include <openssl/x509.h>
16274664626SKris Kennaway #include <openssl/ssl.h>
16374664626SKris Kennaway #include <openssl/err.h>
16474664626SKris Kennaway #include <openssl/pem.h>
1655740a5e3SKris Kennaway #include <openssl/rand.h>
166db522d3aSSimon L. B. Nielsen #include <openssl/ocsp.h>
1671f13597dSJung-uk Kim #include <openssl/bn.h>
1681f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP
1691f13597dSJung-uk Kim # include <openssl/srp.h>
1701f13597dSJung-uk Kim #endif
17174664626SKris Kennaway #include "s_apps.h"
1723b4e3dcbSSimon L. B. Nielsen #include "timeouts.h"
17374664626SKris Kennaway 
1745c87c606SMark Murray #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
17574664626SKris Kennaway /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
17674664626SKris Kennaway # undef FIONBIO
17774664626SKris Kennaway #endif
17874664626SKris Kennaway 
1791f13597dSJung-uk Kim #if defined(OPENSSL_SYS_BEOS_R5)
1801f13597dSJung-uk Kim # include <fcntl.h>
1811f13597dSJung-uk Kim #endif
1821f13597dSJung-uk Kim 
18374664626SKris Kennaway #undef PROG
18474664626SKris Kennaway #define PROG    s_client_main
18574664626SKris Kennaway 
186*6f9291ceSJung-uk Kim /*
187*6f9291ceSJung-uk Kim  * #define SSL_HOST_NAME "www.netscape.com"
188*6f9291ceSJung-uk Kim  */
189*6f9291ceSJung-uk Kim /*
190*6f9291ceSJung-uk Kim  * #define SSL_HOST_NAME "193.118.187.102"
191*6f9291ceSJung-uk Kim  */
19274664626SKris Kennaway #define SSL_HOST_NAME   "localhost"
19374664626SKris Kennaway 
194*6f9291ceSJung-uk Kim /* no default cert. */
195*6f9291ceSJung-uk Kim /*
196*6f9291ceSJung-uk Kim  * #define TEST_CERT "client.pem"
197*6f9291ceSJung-uk Kim  */
19874664626SKris Kennaway 
19974664626SKris Kennaway #undef BUFSIZZ
20074664626SKris Kennaway #define BUFSIZZ 1024*8
20174664626SKris Kennaway 
20274664626SKris Kennaway extern int verify_depth;
20374664626SKris Kennaway extern int verify_error;
2041f13597dSJung-uk Kim extern int verify_return_error;
20574664626SKris Kennaway 
20674664626SKris Kennaway #ifdef FIONBIO
20774664626SKris Kennaway static int c_nbio = 0;
20874664626SKris Kennaway #endif
20974664626SKris Kennaway static int c_Pause = 0;
21074664626SKris Kennaway static int c_debug = 0;
211db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
212db522d3aSSimon L. B. Nielsen static int c_tlsextdebug = 0;
213db522d3aSSimon L. B. Nielsen static int c_status_req = 0;
214db522d3aSSimon L. B. Nielsen #endif
2155c87c606SMark Murray static int c_msg = 0;
21674664626SKris Kennaway static int c_showcerts = 0;
21774664626SKris Kennaway 
2181f13597dSJung-uk Kim static char *keymatexportlabel = NULL;
2191f13597dSJung-uk Kim static int keymatexportlen = 20;
2201f13597dSJung-uk Kim 
22174664626SKris Kennaway static void sc_usage(void);
22274664626SKris Kennaway static void print_stuff(BIO *berr, SSL *con, int full);
223db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
224db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg);
225db522d3aSSimon L. B. Nielsen #endif
22674664626SKris Kennaway static BIO *bio_c_out = NULL;
22774664626SKris Kennaway static int c_quiet = 0;
228f579bf8eSKris Kennaway static int c_ign_eof = 0;
22974664626SKris Kennaway 
2301f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK
2311f13597dSJung-uk Kim /* Default PSK identity and key */
2321f13597dSJung-uk Kim static char *psk_identity = "Client_identity";
233*6f9291ceSJung-uk Kim /*
234*6f9291ceSJung-uk Kim  * char *psk_key=NULL; by default PSK is not used
235*6f9291ceSJung-uk Kim  */
2361f13597dSJung-uk Kim 
2371f13597dSJung-uk Kim static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
238*6f9291ceSJung-uk Kim                                   unsigned int max_identity_len,
239*6f9291ceSJung-uk Kim                                   unsigned char *psk,
2401f13597dSJung-uk Kim                                   unsigned int max_psk_len)
2411f13597dSJung-uk Kim {
2421f13597dSJung-uk Kim     unsigned int psk_len = 0;
2431f13597dSJung-uk Kim     int ret;
2441f13597dSJung-uk Kim     BIGNUM *bn = NULL;
2451f13597dSJung-uk Kim 
2461f13597dSJung-uk Kim     if (c_debug)
2471f13597dSJung-uk Kim         BIO_printf(bio_c_out, "psk_client_cb\n");
248*6f9291ceSJung-uk Kim     if (!hint) {
2491f13597dSJung-uk Kim         /* no ServerKeyExchange message */
2501f13597dSJung-uk Kim         if (c_debug)
251*6f9291ceSJung-uk Kim             BIO_printf(bio_c_out,
252*6f9291ceSJung-uk Kim                        "NULL received PSK identity hint, continuing anyway\n");
253*6f9291ceSJung-uk Kim     } else if (c_debug)
2541f13597dSJung-uk Kim         BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
2551f13597dSJung-uk Kim 
256*6f9291ceSJung-uk Kim     /*
257*6f9291ceSJung-uk Kim      * lookup PSK identity and PSK key based on the given identity hint here
258*6f9291ceSJung-uk Kim      */
2591f13597dSJung-uk Kim     ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
2601f13597dSJung-uk Kim     if (ret < 0 || (unsigned int)ret > max_identity_len)
2611f13597dSJung-uk Kim         goto out_err;
2621f13597dSJung-uk Kim     if (c_debug)
263*6f9291ceSJung-uk Kim         BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
264*6f9291ceSJung-uk Kim                    ret);
2651f13597dSJung-uk Kim     ret = BN_hex2bn(&bn, psk_key);
266*6f9291ceSJung-uk Kim     if (!ret) {
267*6f9291ceSJung-uk Kim         BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
268*6f9291ceSJung-uk Kim                    psk_key);
2691f13597dSJung-uk Kim         if (bn)
2701f13597dSJung-uk Kim             BN_free(bn);
2711f13597dSJung-uk Kim         return 0;
2721f13597dSJung-uk Kim     }
2731f13597dSJung-uk Kim 
274*6f9291ceSJung-uk Kim     if ((unsigned int)BN_num_bytes(bn) > max_psk_len) {
275*6f9291ceSJung-uk Kim         BIO_printf(bio_err,
276*6f9291ceSJung-uk Kim                    "psk buffer of callback is too small (%d) for key (%d)\n",
2771f13597dSJung-uk Kim                    max_psk_len, BN_num_bytes(bn));
2781f13597dSJung-uk Kim         BN_free(bn);
2791f13597dSJung-uk Kim         return 0;
2801f13597dSJung-uk Kim     }
2811f13597dSJung-uk Kim 
2821f13597dSJung-uk Kim     psk_len = BN_bn2bin(bn, psk);
2831f13597dSJung-uk Kim     BN_free(bn);
2841f13597dSJung-uk Kim     if (psk_len == 0)
2851f13597dSJung-uk Kim         goto out_err;
2861f13597dSJung-uk Kim 
2871f13597dSJung-uk Kim     if (c_debug)
2881f13597dSJung-uk Kim         BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
2891f13597dSJung-uk Kim 
2901f13597dSJung-uk Kim     return psk_len;
2911f13597dSJung-uk Kim  out_err:
2921f13597dSJung-uk Kim     if (c_debug)
2931f13597dSJung-uk Kim         BIO_printf(bio_err, "Error in PSK client callback\n");
2941f13597dSJung-uk Kim     return 0;
2951f13597dSJung-uk Kim }
2961f13597dSJung-uk Kim #endif
2971f13597dSJung-uk Kim 
29874664626SKris Kennaway static void sc_usage(void)
29974664626SKris Kennaway {
30074664626SKris Kennaway     BIO_printf(bio_err, "usage: s_client args\n");
30174664626SKris Kennaway     BIO_printf(bio_err, "\n");
30274664626SKris Kennaway     BIO_printf(bio_err, " -host host     - use -connect instead\n");
30374664626SKris Kennaway     BIO_printf(bio_err, " -port port     - use -connect instead\n");
304*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
305*6f9291ceSJung-uk Kim                " -connect host:port - who to connect to (default is %s:%s)\n",
306*6f9291ceSJung-uk Kim                SSL_HOST_NAME, PORT_STR);
30774664626SKris Kennaway 
308*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
309*6f9291ceSJung-uk Kim                " -verify arg   - turn on peer certificate verification\n");
310*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
311*6f9291ceSJung-uk Kim                " -verify_return_error - return verification errors\n");
312*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
313*6f9291ceSJung-uk Kim                " -cert arg     - certificate file to use, PEM format assumed\n");
314*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
315*6f9291ceSJung-uk Kim                " -certform arg - certificate format (PEM or DER) PEM default\n");
316*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
317*6f9291ceSJung-uk Kim                " -key arg      - Private key file to use, in cert file if\n");
31874664626SKris Kennaway     BIO_printf(bio_err, "                 not specified but cert file is.\n");
319*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
320*6f9291ceSJung-uk Kim                " -keyform arg  - key format (PEM or DER) PEM default\n");
321*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
322*6f9291ceSJung-uk Kim                " -pass arg     - private key file pass phrase source\n");
32374664626SKris Kennaway     BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
32474664626SKris Kennaway     BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
325*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
326*6f9291ceSJung-uk Kim                " -reconnect    - Drop and re-make the connection with the same Session-ID\n");
327*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
328*6f9291ceSJung-uk Kim                " -pause        - sleep(1) after each read(2) and write(2) system call\n");
329*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
330*6f9291ceSJung-uk Kim                " -prexit       - print session information even on connection failure\n");
331*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
332*6f9291ceSJung-uk Kim                " -showcerts    - show all certificates in the chain\n");
33374664626SKris Kennaway     BIO_printf(bio_err, " -debug        - extra output\n");
3343b4e3dcbSSimon L. B. Nielsen #ifdef WATT32
3353b4e3dcbSSimon L. B. Nielsen     BIO_printf(bio_err, " -wdebug       - WATT-32 tcp debugging\n");
3363b4e3dcbSSimon L. B. Nielsen #endif
3375c87c606SMark Murray     BIO_printf(bio_err, " -msg          - Show protocol messages\n");
33874664626SKris Kennaway     BIO_printf(bio_err, " -nbio_test    - more ssl protocol testing\n");
33974664626SKris Kennaway     BIO_printf(bio_err, " -state        - print the 'ssl' states\n");
34074664626SKris Kennaway #ifdef FIONBIO
34174664626SKris Kennaway     BIO_printf(bio_err, " -nbio         - Run with non-blocking IO\n");
34274664626SKris Kennaway #endif
343*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
344*6f9291ceSJung-uk Kim                " -crlf         - convert LF from terminal into CRLF\n");
34574664626SKris Kennaway     BIO_printf(bio_err, " -quiet        - no s_client output\n");
346*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
347*6f9291ceSJung-uk Kim                " -ign_eof      - ignore input eof (default when -quiet)\n");
348db522d3aSSimon L. B. Nielsen     BIO_printf(bio_err, " -no_ign_eof   - don't ignore input eof\n");
3491f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK
3501f13597dSJung-uk Kim     BIO_printf(bio_err, " -psk_identity arg - PSK identity\n");
3511f13597dSJung-uk Kim     BIO_printf(bio_err, " -psk arg      - PSK in hex (without 0x)\n");
3521f13597dSJung-uk Kim # ifndef OPENSSL_NO_JPAKE
3531f13597dSJung-uk Kim     BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
3541f13597dSJung-uk Kim # endif
3551f13597dSJung-uk Kim #endif
3561f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP
357*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
358*6f9291ceSJung-uk Kim                " -srpuser user     - SRP authentification for 'user'\n");
3591f13597dSJung-uk Kim     BIO_printf(bio_err, " -srppass arg      - password for 'user'\n");
360*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
361*6f9291ceSJung-uk Kim                " -srp_lateuser     - SRP username into second ClientHello message\n");
362*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
363*6f9291ceSJung-uk Kim                " -srp_moregroups   - Tolerate other than the known g N values.\n");
364*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
365*6f9291ceSJung-uk Kim                " -srp_strength int - minimal length in bits for N (default %d).\n",
366*6f9291ceSJung-uk Kim                SRP_MINIMAL_N);
3671f13597dSJung-uk Kim #endif
36874664626SKris Kennaway     BIO_printf(bio_err, " -ssl2         - just use SSLv2\n");
369751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD
37074664626SKris Kennaway     BIO_printf(bio_err, " -ssl3         - just use SSLv3\n");
371751d2991SJung-uk Kim #endif
3721f13597dSJung-uk Kim     BIO_printf(bio_err, " -tls1_2       - just use TLSv1.2\n");
3731f13597dSJung-uk Kim     BIO_printf(bio_err, " -tls1_1       - just use TLSv1.1\n");
37474664626SKris Kennaway     BIO_printf(bio_err, " -tls1         - just use TLSv1\n");
3753b4e3dcbSSimon L. B. Nielsen     BIO_printf(bio_err, " -dtls1        - just use DTLSv1\n");
376fa5fddf1SJung-uk Kim     BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n");
3776a599222SSimon L. B. Nielsen     BIO_printf(bio_err, " -mtu          - set the link layer MTU\n");
378*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
379*6f9291ceSJung-uk Kim                " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
380*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
381*6f9291ceSJung-uk Kim                " -bugs         - Switch on all SSL implementation bug workarounds\n");
382*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
383*6f9291ceSJung-uk Kim                " -serverpref   - Use server's cipher preferences (only SSLv2)\n");
384*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
385*6f9291ceSJung-uk Kim                " -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
386*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
387*6f9291ceSJung-uk Kim                "                 command to see what is available\n");
388*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
389*6f9291ceSJung-uk Kim                " -starttls prot - use the STARTTLS command before starting TLS\n");
390*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
391*6f9291ceSJung-uk Kim                "                 for those protocols that support it, where\n");
392*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
393*6f9291ceSJung-uk Kim                "                 'prot' defines which one to assume.  Currently,\n");
394*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
395*6f9291ceSJung-uk Kim                "                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
396db522d3aSSimon L. B. Nielsen     BIO_printf(bio_err, "                 are supported.\n");
397fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE
398*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
399*6f9291ceSJung-uk Kim                " -engine id    - Initialise and use the specified engine\n");
400fceca8a3SJacques Vidrine #endif
401*6f9291ceSJung-uk Kim     BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
402*6f9291ceSJung-uk Kim                LIST_SEPARATOR_CHAR);
403db522d3aSSimon L. B. Nielsen     BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n");
404db522d3aSSimon L. B. Nielsen     BIO_printf(bio_err, " -sess_in arg  - file to read SSL session from\n");
405db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
406*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
407*6f9291ceSJung-uk Kim                " -servername host  - Set TLS extension servername in ClientHello\n");
408*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
409*6f9291ceSJung-uk Kim                " -tlsextdebug      - hex dump of all TLS extensions received\n");
410*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
411*6f9291ceSJung-uk Kim                " -status           - request certificate status from server\n");
412*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
413*6f9291ceSJung-uk Kim                " -no_ticket        - disable use of RFC4507bis session tickets\n");
41409286989SJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG
415*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
416*6f9291ceSJung-uk Kim                " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
4171f13597dSJung-uk Kim # endif
418db522d3aSSimon L. B. Nielsen #endif
419*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
420*6f9291ceSJung-uk Kim                " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
42109286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP
422*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
423*6f9291ceSJung-uk Kim                " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
42409286989SJung-uk Kim #endif
425*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
426*6f9291ceSJung-uk Kim                " -keymatexport label   - Export keying material using label\n");
427*6f9291ceSJung-uk Kim     BIO_printf(bio_err,
428*6f9291ceSJung-uk Kim                " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
42974664626SKris Kennaway }
43074664626SKris Kennaway 
431db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
432db522d3aSSimon L. B. Nielsen 
433db522d3aSSimon L. B. Nielsen /* This is a context that we pass to callbacks */
434db522d3aSSimon L. B. Nielsen typedef struct tlsextctx_st {
435db522d3aSSimon L. B. Nielsen     BIO *biodebug;
436db522d3aSSimon L. B. Nielsen     int ack;
437db522d3aSSimon L. B. Nielsen } tlsextctx;
438db522d3aSSimon L. B. Nielsen 
439db522d3aSSimon L. B. Nielsen static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
440db522d3aSSimon L. B. Nielsen {
441db522d3aSSimon L. B. Nielsen     tlsextctx *p = (tlsextctx *) arg;
442db522d3aSSimon L. B. Nielsen     const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
443db522d3aSSimon L. B. Nielsen     if (SSL_get_servername_type(s) != -1)
444db522d3aSSimon L. B. Nielsen         p->ack = !SSL_session_reused(s) && hn != NULL;
445db522d3aSSimon L. B. Nielsen     else
446db522d3aSSimon L. B. Nielsen         BIO_printf(bio_err, "Can't use SSL_get_servername\n");
447db522d3aSSimon L. B. Nielsen 
448db522d3aSSimon L. B. Nielsen     return SSL_TLSEXT_ERR_OK;
449db522d3aSSimon L. B. Nielsen }
4501f13597dSJung-uk Kim 
4511f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP
4521f13597dSJung-uk Kim 
4531f13597dSJung-uk Kim /* This is a context that we pass to all callbacks */
454*6f9291ceSJung-uk Kim typedef struct srp_arg_st {
4551f13597dSJung-uk Kim     char *srppassin;
4561f13597dSJung-uk Kim     char *srplogin;
4571f13597dSJung-uk Kim     int msg;                    /* copy from c_msg */
4581f13597dSJung-uk Kim     int debug;                  /* copy from c_debug */
4591f13597dSJung-uk Kim     int amp;                    /* allow more groups */
4601f13597dSJung-uk Kim     int strength /* minimal size for N */ ;
4611f13597dSJung-uk Kim } SRP_ARG;
4621f13597dSJung-uk Kim 
4631f13597dSJung-uk Kim #  define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
4641f13597dSJung-uk Kim 
4651f13597dSJung-uk Kim static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g)
4661f13597dSJung-uk Kim {
4671f13597dSJung-uk Kim     BN_CTX *bn_ctx = BN_CTX_new();
4681f13597dSJung-uk Kim     BIGNUM *p = BN_new();
4691f13597dSJung-uk Kim     BIGNUM *r = BN_new();
4701f13597dSJung-uk Kim     int ret =
4711f13597dSJung-uk Kim         g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
4721f13597dSJung-uk Kim         BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
4731f13597dSJung-uk Kim         p != NULL && BN_rshift1(p, N) &&
4741f13597dSJung-uk Kim         /* p = (N-1)/2 */
4751f13597dSJung-uk Kim         BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
4761f13597dSJung-uk Kim         r != NULL &&
4771f13597dSJung-uk Kim         /* verify g^((N-1)/2) == -1 (mod N) */
4781f13597dSJung-uk Kim         BN_mod_exp(r, g, p, N, bn_ctx) &&
479*6f9291ceSJung-uk Kim         BN_add_word(r, 1) && BN_cmp(r, N) == 0;
4801f13597dSJung-uk Kim 
4811f13597dSJung-uk Kim     if (r)
4821f13597dSJung-uk Kim         BN_free(r);
4831f13597dSJung-uk Kim     if (p)
4841f13597dSJung-uk Kim         BN_free(p);
4851f13597dSJung-uk Kim     if (bn_ctx)
4861f13597dSJung-uk Kim         BN_CTX_free(bn_ctx);
4871f13597dSJung-uk Kim     return ret;
4881f13597dSJung-uk Kim }
4891f13597dSJung-uk Kim 
490*6f9291ceSJung-uk Kim /*-
491*6f9291ceSJung-uk Kim  * This callback is used here for two purposes:
492*6f9291ceSJung-uk Kim  * - extended debugging
493*6f9291ceSJung-uk Kim  * - making some primality tests for unknown groups
494*6f9291ceSJung-uk Kim  * The callback is only called for a non default group.
495*6f9291ceSJung-uk Kim  *
496*6f9291ceSJung-uk Kim  * An application does not need the call back at all if
497*6f9291ceSJung-uk Kim  * only the stanard groups are used.  In real life situations,
498*6f9291ceSJung-uk Kim  * client and server already share well known groups,
499*6f9291ceSJung-uk Kim  * thus there is no need to verify them.
500*6f9291ceSJung-uk Kim  * Furthermore, in case that a server actually proposes a group that
501*6f9291ceSJung-uk Kim  * is not one of those defined in RFC 5054, it is more appropriate
502*6f9291ceSJung-uk Kim  * to add the group to a static list and then compare since
503*6f9291ceSJung-uk Kim  * primality tests are rather cpu consuming.
5041f13597dSJung-uk Kim  */
5051f13597dSJung-uk Kim 
5061f13597dSJung-uk Kim static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)
5071f13597dSJung-uk Kim {
5081f13597dSJung-uk Kim     SRP_ARG *srp_arg = (SRP_ARG *)arg;
5091f13597dSJung-uk Kim     BIGNUM *N = NULL, *g = NULL;
5101f13597dSJung-uk Kim     if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s)))
5111f13597dSJung-uk Kim         return 0;
512*6f9291ceSJung-uk Kim     if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
5131f13597dSJung-uk Kim         BIO_printf(bio_err, "SRP parameters:\n");
514*6f9291ceSJung-uk Kim         BIO_printf(bio_err, "\tN=");
515*6f9291ceSJung-uk Kim         BN_print(bio_err, N);
516*6f9291ceSJung-uk Kim         BIO_printf(bio_err, "\n\tg=");
517*6f9291ceSJung-uk Kim         BN_print(bio_err, g);
5181f13597dSJung-uk Kim         BIO_printf(bio_err, "\n");
5191f13597dSJung-uk Kim     }
5201f13597dSJung-uk Kim 
5211f13597dSJung-uk Kim     if (SRP_check_known_gN_param(g, N))
5221f13597dSJung-uk Kim         return 1;
5231f13597dSJung-uk Kim 
524*6f9291ceSJung-uk Kim     if (srp_arg->amp == 1) {
5251f13597dSJung-uk Kim         if (srp_arg->debug)
526*6f9291ceSJung-uk Kim             BIO_printf(bio_err,
527*6f9291ceSJung-uk Kim                        "SRP param N and g are not known params, going to check deeper.\n");
5281f13597dSJung-uk Kim 
529*6f9291ceSJung-uk Kim         /*
530*6f9291ceSJung-uk Kim          * The srp_moregroups is a real debugging feature. Implementors
531*6f9291ceSJung-uk Kim          * should rather add the value to the known ones. The minimal size
532*6f9291ceSJung-uk Kim          * has already been tested.
5331f13597dSJung-uk Kim          */
5341f13597dSJung-uk Kim         if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
5351f13597dSJung-uk Kim             return 1;
5361f13597dSJung-uk Kim     }
5371f13597dSJung-uk Kim     BIO_printf(bio_err, "SRP param N and g rejected.\n");
5381f13597dSJung-uk Kim     return 0;
5391f13597dSJung-uk Kim }
5401f13597dSJung-uk Kim 
5411f13597dSJung-uk Kim #  define PWD_STRLEN 1024
5421f13597dSJung-uk Kim 
5431f13597dSJung-uk Kim static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
5441f13597dSJung-uk Kim {
5451f13597dSJung-uk Kim     SRP_ARG *srp_arg = (SRP_ARG *)arg;
5461f13597dSJung-uk Kim     char *pass = (char *)OPENSSL_malloc(PWD_STRLEN + 1);
5471f13597dSJung-uk Kim     PW_CB_DATA cb_tmp;
5481f13597dSJung-uk Kim     int l;
5491f13597dSJung-uk Kim 
550*6f9291ceSJung-uk Kim     if(!pass) {
551*6f9291ceSJung-uk Kim         BIO_printf(bio_err, "Malloc failure\n");
552*6f9291ceSJung-uk Kim         return NULL;
553*6f9291ceSJung-uk Kim     }
554*6f9291ceSJung-uk Kim 
5551f13597dSJung-uk Kim     cb_tmp.password = (char *)srp_arg->srppassin;
5561f13597dSJung-uk Kim     cb_tmp.prompt_info = "SRP user";
557*6f9291ceSJung-uk Kim     if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
5581f13597dSJung-uk Kim         BIO_printf(bio_err, "Can't read Password\n");
5591f13597dSJung-uk Kim         OPENSSL_free(pass);
5601f13597dSJung-uk Kim         return NULL;
5611f13597dSJung-uk Kim     }
5621f13597dSJung-uk Kim     *(pass + l) = '\0';
5631f13597dSJung-uk Kim 
5641f13597dSJung-uk Kim     return pass;
5651f13597dSJung-uk Kim }
5661f13597dSJung-uk Kim 
567db522d3aSSimon L. B. Nielsen # endif
56809286989SJung-uk Kim # ifndef OPENSSL_NO_SRTP
5691f13597dSJung-uk Kim char *srtp_profiles = NULL;
57009286989SJung-uk Kim # endif
5711f13597dSJung-uk Kim 
5721f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG
5731f13597dSJung-uk Kim /* This the context that we pass to next_proto_cb */
5741f13597dSJung-uk Kim typedef struct tlsextnextprotoctx_st {
5751f13597dSJung-uk Kim     unsigned char *data;
5761f13597dSJung-uk Kim     unsigned short len;
5771f13597dSJung-uk Kim     int status;
5781f13597dSJung-uk Kim } tlsextnextprotoctx;
5791f13597dSJung-uk Kim 
5801f13597dSJung-uk Kim static tlsextnextprotoctx next_proto;
5811f13597dSJung-uk Kim 
582*6f9291ceSJung-uk Kim static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen,
583*6f9291ceSJung-uk Kim                          const unsigned char *in, unsigned int inlen,
584*6f9291ceSJung-uk Kim                          void *arg)
5851f13597dSJung-uk Kim {
5861f13597dSJung-uk Kim     tlsextnextprotoctx *ctx = arg;
5871f13597dSJung-uk Kim 
588*6f9291ceSJung-uk Kim     if (!c_quiet) {
5891f13597dSJung-uk Kim         /* We can assume that |in| is syntactically valid. */
5901f13597dSJung-uk Kim         unsigned i;
5911f13597dSJung-uk Kim         BIO_printf(bio_c_out, "Protocols advertised by server: ");
592*6f9291ceSJung-uk Kim         for (i = 0; i < inlen;) {
5931f13597dSJung-uk Kim             if (i)
5941f13597dSJung-uk Kim                 BIO_write(bio_c_out, ", ", 2);
5951f13597dSJung-uk Kim             BIO_write(bio_c_out, &in[i + 1], in[i]);
5961f13597dSJung-uk Kim             i += in[i] + 1;
5971f13597dSJung-uk Kim         }
5981f13597dSJung-uk Kim         BIO_write(bio_c_out, "\n", 1);
5991f13597dSJung-uk Kim     }
6001f13597dSJung-uk Kim 
601*6f9291ceSJung-uk Kim     ctx->status =
602*6f9291ceSJung-uk Kim         SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
6031f13597dSJung-uk Kim     return SSL_TLSEXT_ERR_OK;
6041f13597dSJung-uk Kim }
60509286989SJung-uk Kim # endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
6061f13597dSJung-uk Kim #endif
6071f13597dSJung-uk Kim 
608*6f9291ceSJung-uk Kim enum {
6095471f83eSSimon L. B. Nielsen     PROTO_OFF = 0,
6105471f83eSSimon L. B. Nielsen     PROTO_SMTP,
6115471f83eSSimon L. B. Nielsen     PROTO_POP3,
6125471f83eSSimon L. B. Nielsen     PROTO_IMAP,
613db522d3aSSimon L. B. Nielsen     PROTO_FTP,
614db522d3aSSimon L. B. Nielsen     PROTO_XMPP
6155471f83eSSimon L. B. Nielsen };
6165471f83eSSimon L. B. Nielsen 
617f579bf8eSKris Kennaway int MAIN(int, char **);
618f579bf8eSKris Kennaway 
61974664626SKris Kennaway int MAIN(int argc, char **argv)
62074664626SKris Kennaway {
6211f13597dSJung-uk Kim     unsigned int off = 0, clr = 0;
6221f13597dSJung-uk Kim     SSL *con = NULL;
6231f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5
6241f13597dSJung-uk Kim     KSSL_CTX *kctx;
6251f13597dSJung-uk Kim #endif
62674664626SKris Kennaway     int s, k, width, state = 0;
6275c87c606SMark Murray     char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL;
62874664626SKris Kennaway     int cbuf_len, cbuf_off;
62974664626SKris Kennaway     int sbuf_len, sbuf_off;
63074664626SKris Kennaway     fd_set readfds, writefds;
63174664626SKris Kennaway     short port = PORT;
63274664626SKris Kennaway     int full_log = 1;
63374664626SKris Kennaway     char *host = SSL_HOST_NAME;
63474664626SKris Kennaway     char *cert_file = NULL, *key_file = NULL;
6353b4e3dcbSSimon L. B. Nielsen     int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
6363b4e3dcbSSimon L. B. Nielsen     char *passarg = NULL, *pass = NULL;
6373b4e3dcbSSimon L. B. Nielsen     X509 *cert = NULL;
6383b4e3dcbSSimon L. B. Nielsen     EVP_PKEY *key = NULL;
63974664626SKris Kennaway     char *CApath = NULL, *CAfile = NULL, *cipher = NULL;
64074664626SKris Kennaway     int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0;
64174664626SKris Kennaway     int crlf = 0;
64274664626SKris Kennaway     int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
64374664626SKris Kennaway     SSL_CTX *ctx = NULL;
64474664626SKris Kennaway     int ret = 1, in_init = 1, i, nbio_test = 0;
6455471f83eSSimon L. B. Nielsen     int starttls_proto = PROTO_OFF;
6461f13597dSJung-uk Kim     int prexit = 0;
6471f13597dSJung-uk Kim     X509_VERIFY_PARAM *vpm = NULL;
6481f13597dSJung-uk Kim     int badarg = 0;
6491f13597dSJung-uk Kim     const SSL_METHOD *meth = NULL;
6501f13597dSJung-uk Kim     int socket_type = SOCK_STREAM;
65174664626SKris Kennaway     BIO *sbio;
6525740a5e3SKris Kennaway     char *inrand = NULL;
6535471f83eSSimon L. B. Nielsen     int mbuf_len = 0;
6546a599222SSimon L. B. Nielsen     struct timeval timeout, *timeoutp;
655fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE
6565c87c606SMark Murray     char *engine_id = NULL;
657db522d3aSSimon L. B. Nielsen     char *ssl_client_engine_id = NULL;
658db522d3aSSimon L. B. Nielsen     ENGINE *ssl_client_engine = NULL;
659fceca8a3SJacques Vidrine #endif
660db522d3aSSimon L. B. Nielsen     ENGINE *e = NULL;
6611f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
662f579bf8eSKris Kennaway     struct timeval tv;
6631f13597dSJung-uk Kim # if defined(OPENSSL_SYS_BEOS_R5)
6641f13597dSJung-uk Kim     int stdin_set = 0;
665f579bf8eSKris Kennaway # endif
6661f13597dSJung-uk Kim #endif
667db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
668db522d3aSSimon L. B. Nielsen     char *servername = NULL;
669*6f9291ceSJung-uk Kim     tlsextctx tlsextcbp = { NULL, 0 };
6701f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG
6711f13597dSJung-uk Kim     const char *next_proto_neg_in = NULL;
6721f13597dSJung-uk Kim # endif
673db522d3aSSimon L. B. Nielsen #endif
674db522d3aSSimon L. B. Nielsen     char *sess_in = NULL;
675db522d3aSSimon L. B. Nielsen     char *sess_out = NULL;
6763b4e3dcbSSimon L. B. Nielsen     struct sockaddr peer;
6773b4e3dcbSSimon L. B. Nielsen     int peerlen = sizeof(peer);
678fa5fddf1SJung-uk Kim     int fallback_scsv = 0;
6793b4e3dcbSSimon L. B. Nielsen     int enable_timeouts = 0;
6806a599222SSimon L. B. Nielsen     long socket_mtu = 0;
681db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE
682db522d3aSSimon L. B. Nielsen     char *jpake_secret = NULL;
683db522d3aSSimon L. B. Nielsen #endif
6841f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP
6851f13597dSJung-uk Kim     char *srppass = NULL;
6861f13597dSJung-uk Kim     int srp_lateuser = 0;
6871f13597dSJung-uk Kim     SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
6881f13597dSJung-uk Kim #endif
6893b4e3dcbSSimon L. B. Nielsen 
69074664626SKris Kennaway     meth = SSLv23_client_method();
69174664626SKris Kennaway 
69274664626SKris Kennaway     apps_startup();
69374664626SKris Kennaway     c_Pause = 0;
69474664626SKris Kennaway     c_quiet = 0;
695f579bf8eSKris Kennaway     c_ign_eof = 0;
69674664626SKris Kennaway     c_debug = 0;
6975c87c606SMark Murray     c_msg = 0;
69874664626SKris Kennaway     c_showcerts = 0;
69974664626SKris Kennaway 
70074664626SKris Kennaway     if (bio_err == NULL)
70174664626SKris Kennaway         bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
70274664626SKris Kennaway 
7035c87c606SMark Murray     if (!load_config(bio_err, NULL))
7045c87c606SMark Murray         goto end;
7055c87c606SMark Murray 
706ddd58736SKris Kennaway     if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) ||
7075c87c606SMark Murray         ((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) ||
708*6f9291ceSJung-uk Kim         ((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) {
70974664626SKris Kennaway         BIO_printf(bio_err, "out of memory\n");
71074664626SKris Kennaway         goto end;
71174664626SKris Kennaway     }
71274664626SKris Kennaway 
71374664626SKris Kennaway     verify_depth = 0;
71474664626SKris Kennaway     verify_error = X509_V_OK;
71574664626SKris Kennaway #ifdef FIONBIO
71674664626SKris Kennaway     c_nbio = 0;
71774664626SKris Kennaway #endif
71874664626SKris Kennaway 
71974664626SKris Kennaway     argc--;
72074664626SKris Kennaway     argv++;
721*6f9291ceSJung-uk Kim     while (argc >= 1) {
722*6f9291ceSJung-uk Kim         if (strcmp(*argv, "-host") == 0) {
723*6f9291ceSJung-uk Kim             if (--argc < 1)
724*6f9291ceSJung-uk Kim                 goto bad;
72574664626SKris Kennaway             host = *(++argv);
726*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-port") == 0) {
727*6f9291ceSJung-uk Kim             if (--argc < 1)
728*6f9291ceSJung-uk Kim                 goto bad;
72974664626SKris Kennaway             port = atoi(*(++argv));
730*6f9291ceSJung-uk Kim             if (port == 0)
731*6f9291ceSJung-uk Kim                 goto bad;
732*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-connect") == 0) {
733*6f9291ceSJung-uk Kim             if (--argc < 1)
734*6f9291ceSJung-uk Kim                 goto bad;
73574664626SKris Kennaway             if (!extract_host_port(*(++argv), &host, NULL, &port))
73674664626SKris Kennaway                 goto bad;
737*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-verify") == 0) {
73874664626SKris Kennaway             verify = SSL_VERIFY_PEER;
739*6f9291ceSJung-uk Kim             if (--argc < 1)
740*6f9291ceSJung-uk Kim                 goto bad;
74174664626SKris Kennaway             verify_depth = atoi(*(++argv));
74274664626SKris Kennaway             BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
743*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-cert") == 0) {
744*6f9291ceSJung-uk Kim             if (--argc < 1)
745*6f9291ceSJung-uk Kim                 goto bad;
74674664626SKris Kennaway             cert_file = *(++argv);
747*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-sess_out") == 0) {
748*6f9291ceSJung-uk Kim             if (--argc < 1)
749*6f9291ceSJung-uk Kim                 goto bad;
750db522d3aSSimon L. B. Nielsen             sess_out = *(++argv);
751*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-sess_in") == 0) {
752*6f9291ceSJung-uk Kim             if (--argc < 1)
753*6f9291ceSJung-uk Kim                 goto bad;
754db522d3aSSimon L. B. Nielsen             sess_in = *(++argv);
755*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-certform") == 0) {
756*6f9291ceSJung-uk Kim             if (--argc < 1)
757*6f9291ceSJung-uk Kim                 goto bad;
7583b4e3dcbSSimon L. B. Nielsen             cert_format = str2fmt(*(++argv));
759*6f9291ceSJung-uk Kim         } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
7601f13597dSJung-uk Kim             if (badarg)
7611f13597dSJung-uk Kim                 goto bad;
7621f13597dSJung-uk Kim             continue;
763*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-verify_return_error") == 0)
7641f13597dSJung-uk Kim             verify_return_error = 1;
765f579bf8eSKris Kennaway         else if (strcmp(*argv, "-prexit") == 0)
766f579bf8eSKris Kennaway             prexit = 1;
76774664626SKris Kennaway         else if (strcmp(*argv, "-crlf") == 0)
76874664626SKris Kennaway             crlf = 1;
769*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-quiet") == 0) {
77074664626SKris Kennaway             c_quiet = 1;
771f579bf8eSKris Kennaway             c_ign_eof = 1;
772*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-ign_eof") == 0)
773f579bf8eSKris Kennaway             c_ign_eof = 1;
774db522d3aSSimon L. B. Nielsen         else if (strcmp(*argv, "-no_ign_eof") == 0)
775db522d3aSSimon L. B. Nielsen             c_ign_eof = 0;
77674664626SKris Kennaway         else if (strcmp(*argv, "-pause") == 0)
77774664626SKris Kennaway             c_Pause = 1;
77874664626SKris Kennaway         else if (strcmp(*argv, "-debug") == 0)
77974664626SKris Kennaway             c_debug = 1;
780db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
781db522d3aSSimon L. B. Nielsen         else if (strcmp(*argv, "-tlsextdebug") == 0)
782db522d3aSSimon L. B. Nielsen             c_tlsextdebug = 1;
783db522d3aSSimon L. B. Nielsen         else if (strcmp(*argv, "-status") == 0)
784db522d3aSSimon L. B. Nielsen             c_status_req = 1;
785db522d3aSSimon L. B. Nielsen #endif
7863b4e3dcbSSimon L. B. Nielsen #ifdef WATT32
7873b4e3dcbSSimon L. B. Nielsen         else if (strcmp(*argv, "-wdebug") == 0)
7883b4e3dcbSSimon L. B. Nielsen             dbug_init();
7893b4e3dcbSSimon L. B. Nielsen #endif
7905c87c606SMark Murray         else if (strcmp(*argv, "-msg") == 0)
7915c87c606SMark Murray             c_msg = 1;
79274664626SKris Kennaway         else if (strcmp(*argv, "-showcerts") == 0)
79374664626SKris Kennaway             c_showcerts = 1;
79474664626SKris Kennaway         else if (strcmp(*argv, "-nbio_test") == 0)
79574664626SKris Kennaway             nbio_test = 1;
79674664626SKris Kennaway         else if (strcmp(*argv, "-state") == 0)
79774664626SKris Kennaway             state = 1;
7981f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK
799*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-psk_identity") == 0) {
800*6f9291ceSJung-uk Kim             if (--argc < 1)
801*6f9291ceSJung-uk Kim                 goto bad;
8021f13597dSJung-uk Kim             psk_identity = *(++argv);
803*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-psk") == 0) {
8041f13597dSJung-uk Kim             size_t j;
8051f13597dSJung-uk Kim 
806*6f9291ceSJung-uk Kim             if (--argc < 1)
807*6f9291ceSJung-uk Kim                 goto bad;
8081f13597dSJung-uk Kim             psk_key = *(++argv);
809*6f9291ceSJung-uk Kim             for (j = 0; j < strlen(psk_key); j++) {
8101f13597dSJung-uk Kim                 if (isxdigit((unsigned char)psk_key[j]))
8111f13597dSJung-uk Kim                     continue;
8121f13597dSJung-uk Kim                 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
8131f13597dSJung-uk Kim                 goto bad;
8141f13597dSJung-uk Kim             }
8151f13597dSJung-uk Kim         }
8161f13597dSJung-uk Kim #endif
8171f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP
818*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-srpuser") == 0) {
819*6f9291ceSJung-uk Kim             if (--argc < 1)
820*6f9291ceSJung-uk Kim                 goto bad;
8211f13597dSJung-uk Kim             srp_arg.srplogin = *(++argv);
8221f13597dSJung-uk Kim             meth = TLSv1_client_method();
823*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-srppass") == 0) {
824*6f9291ceSJung-uk Kim             if (--argc < 1)
825*6f9291ceSJung-uk Kim                 goto bad;
8261f13597dSJung-uk Kim             srppass = *(++argv);
8271f13597dSJung-uk Kim             meth = TLSv1_client_method();
828*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-srp_strength") == 0) {
829*6f9291ceSJung-uk Kim             if (--argc < 1)
830*6f9291ceSJung-uk Kim                 goto bad;
8311f13597dSJung-uk Kim             srp_arg.strength = atoi(*(++argv));
832*6f9291ceSJung-uk Kim             BIO_printf(bio_err, "SRP minimal length for N is %d\n",
833*6f9291ceSJung-uk Kim                        srp_arg.strength);
8341f13597dSJung-uk Kim             meth = TLSv1_client_method();
835*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-srp_lateuser") == 0) {
8361f13597dSJung-uk Kim             srp_lateuser = 1;
8371f13597dSJung-uk Kim             meth = TLSv1_client_method();
838*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-srp_moregroups") == 0) {
8391f13597dSJung-uk Kim             srp_arg.amp = 1;
8401f13597dSJung-uk Kim             meth = TLSv1_client_method();
8411f13597dSJung-uk Kim         }
8421f13597dSJung-uk Kim #endif
8435c87c606SMark Murray #ifndef OPENSSL_NO_SSL2
84474664626SKris Kennaway         else if (strcmp(*argv, "-ssl2") == 0)
84574664626SKris Kennaway             meth = SSLv2_client_method();
84674664626SKris Kennaway #endif
847751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD
84874664626SKris Kennaway         else if (strcmp(*argv, "-ssl3") == 0)
84974664626SKris Kennaway             meth = SSLv3_client_method();
85074664626SKris Kennaway #endif
8515c87c606SMark Murray #ifndef OPENSSL_NO_TLS1
8521f13597dSJung-uk Kim         else if (strcmp(*argv, "-tls1_2") == 0)
8531f13597dSJung-uk Kim             meth = TLSv1_2_client_method();
8541f13597dSJung-uk Kim         else if (strcmp(*argv, "-tls1_1") == 0)
8551f13597dSJung-uk Kim             meth = TLSv1_1_client_method();
85674664626SKris Kennaway         else if (strcmp(*argv, "-tls1") == 0)
85774664626SKris Kennaway             meth = TLSv1_client_method();
85874664626SKris Kennaway #endif
8593b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_DTLS1
860*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-dtls1") == 0) {
8613b4e3dcbSSimon L. B. Nielsen             meth = DTLSv1_client_method();
8621f13597dSJung-uk Kim             socket_type = SOCK_DGRAM;
863*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-fallback_scsv") == 0) {
864fa5fddf1SJung-uk Kim             fallback_scsv = 1;
865*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-timeout") == 0)
8663b4e3dcbSSimon L. B. Nielsen             enable_timeouts = 1;
867*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-mtu") == 0) {
868*6f9291ceSJung-uk Kim             if (--argc < 1)
869*6f9291ceSJung-uk Kim                 goto bad;
8706a599222SSimon L. B. Nielsen             socket_mtu = atol(*(++argv));
8713b4e3dcbSSimon L. B. Nielsen         }
8723b4e3dcbSSimon L. B. Nielsen #endif
87374664626SKris Kennaway         else if (strcmp(*argv, "-bugs") == 0)
87474664626SKris Kennaway             bugs = 1;
875*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-keyform") == 0) {
876*6f9291ceSJung-uk Kim             if (--argc < 1)
877*6f9291ceSJung-uk Kim                 goto bad;
8783b4e3dcbSSimon L. B. Nielsen             key_format = str2fmt(*(++argv));
879*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-pass") == 0) {
880*6f9291ceSJung-uk Kim             if (--argc < 1)
881*6f9291ceSJung-uk Kim                 goto bad;
8823b4e3dcbSSimon L. B. Nielsen             passarg = *(++argv);
883*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-key") == 0) {
884*6f9291ceSJung-uk Kim             if (--argc < 1)
885*6f9291ceSJung-uk Kim                 goto bad;
88674664626SKris Kennaway             key_file = *(++argv);
887*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-reconnect") == 0) {
88874664626SKris Kennaway             reconnect = 5;
889*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-CApath") == 0) {
890*6f9291ceSJung-uk Kim             if (--argc < 1)
891*6f9291ceSJung-uk Kim                 goto bad;
89274664626SKris Kennaway             CApath = *(++argv);
893*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-CAfile") == 0) {
894*6f9291ceSJung-uk Kim             if (--argc < 1)
895*6f9291ceSJung-uk Kim                 goto bad;
89674664626SKris Kennaway             CAfile = *(++argv);
897*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-no_tls1_2") == 0)
8981f13597dSJung-uk Kim             off |= SSL_OP_NO_TLSv1_2;
8991f13597dSJung-uk Kim         else if (strcmp(*argv, "-no_tls1_1") == 0)
9001f13597dSJung-uk Kim             off |= SSL_OP_NO_TLSv1_1;
90174664626SKris Kennaway         else if (strcmp(*argv, "-no_tls1") == 0)
90274664626SKris Kennaway             off |= SSL_OP_NO_TLSv1;
90374664626SKris Kennaway         else if (strcmp(*argv, "-no_ssl3") == 0)
90474664626SKris Kennaway             off |= SSL_OP_NO_SSLv3;
90574664626SKris Kennaway         else if (strcmp(*argv, "-no_ssl2") == 0)
90674664626SKris Kennaway             off |= SSL_OP_NO_SSLv2;
907*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-no_comp") == 0) {
908*6f9291ceSJung-uk Kim             off |= SSL_OP_NO_COMPRESSION;
909*6f9291ceSJung-uk Kim         }
910db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
911*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-no_ticket") == 0) {
912*6f9291ceSJung-uk Kim             off |= SSL_OP_NO_TICKET;
913*6f9291ceSJung-uk Kim         }
9141f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG
915*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-nextprotoneg") == 0) {
916*6f9291ceSJung-uk Kim             if (--argc < 1)
917*6f9291ceSJung-uk Kim                 goto bad;
9181f13597dSJung-uk Kim             next_proto_neg_in = *(++argv);
9191f13597dSJung-uk Kim         }
9201f13597dSJung-uk Kim # endif
921db522d3aSSimon L. B. Nielsen #endif
9225c87c606SMark Murray         else if (strcmp(*argv, "-serverpref") == 0)
9235c87c606SMark Murray             off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
9246a599222SSimon L. B. Nielsen         else if (strcmp(*argv, "-legacy_renegotiation") == 0)
9256a599222SSimon L. B. Nielsen             off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
926*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-legacy_server_connect") == 0) {
927*6f9291ceSJung-uk Kim             off |= SSL_OP_LEGACY_SERVER_CONNECT;
928*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
929*6f9291ceSJung-uk Kim             clr |= SSL_OP_LEGACY_SERVER_CONNECT;
930*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-cipher") == 0) {
931*6f9291ceSJung-uk Kim             if (--argc < 1)
932*6f9291ceSJung-uk Kim                 goto bad;
93374664626SKris Kennaway             cipher = *(++argv);
93474664626SKris Kennaway         }
93574664626SKris Kennaway #ifdef FIONBIO
936*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-nbio") == 0) {
937*6f9291ceSJung-uk Kim             c_nbio = 1;
938*6f9291ceSJung-uk Kim         }
93974664626SKris Kennaway #endif
940*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-starttls") == 0) {
941*6f9291ceSJung-uk Kim             if (--argc < 1)
942*6f9291ceSJung-uk Kim                 goto bad;
9435c87c606SMark Murray             ++argv;
9445c87c606SMark Murray             if (strcmp(*argv, "smtp") == 0)
9455471f83eSSimon L. B. Nielsen                 starttls_proto = PROTO_SMTP;
94650ef0093SJacques Vidrine             else if (strcmp(*argv, "pop3") == 0)
9475471f83eSSimon L. B. Nielsen                 starttls_proto = PROTO_POP3;
9485471f83eSSimon L. B. Nielsen             else if (strcmp(*argv, "imap") == 0)
9495471f83eSSimon L. B. Nielsen                 starttls_proto = PROTO_IMAP;
9505471f83eSSimon L. B. Nielsen             else if (strcmp(*argv, "ftp") == 0)
9515471f83eSSimon L. B. Nielsen                 starttls_proto = PROTO_FTP;
952db522d3aSSimon L. B. Nielsen             else if (strcmp(*argv, "xmpp") == 0)
953db522d3aSSimon L. B. Nielsen                 starttls_proto = PROTO_XMPP;
9545c87c606SMark Murray             else
9555c87c606SMark Murray                 goto bad;
9565c87c606SMark Murray         }
957fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE
958*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-engine") == 0) {
959*6f9291ceSJung-uk Kim             if (--argc < 1)
960*6f9291ceSJung-uk Kim                 goto bad;
9615c87c606SMark Murray             engine_id = *(++argv);
962*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-ssl_client_engine") == 0) {
963*6f9291ceSJung-uk Kim             if (--argc < 1)
964*6f9291ceSJung-uk Kim                 goto bad;
965db522d3aSSimon L. B. Nielsen             ssl_client_engine_id = *(++argv);
966db522d3aSSimon L. B. Nielsen         }
967fceca8a3SJacques Vidrine #endif
968*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-rand") == 0) {
969*6f9291ceSJung-uk Kim             if (--argc < 1)
970*6f9291ceSJung-uk Kim                 goto bad;
9715740a5e3SKris Kennaway             inrand = *(++argv);
9725740a5e3SKris Kennaway         }
973db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
974*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-servername") == 0) {
975*6f9291ceSJung-uk Kim             if (--argc < 1)
976*6f9291ceSJung-uk Kim                 goto bad;
977db522d3aSSimon L. B. Nielsen             servername = *(++argv);
978db522d3aSSimon L. B. Nielsen             /* meth=TLSv1_client_method(); */
979db522d3aSSimon L. B. Nielsen         }
980db522d3aSSimon L. B. Nielsen #endif
981db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE
982*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-jpake") == 0) {
983*6f9291ceSJung-uk Kim             if (--argc < 1)
984*6f9291ceSJung-uk Kim                 goto bad;
985db522d3aSSimon L. B. Nielsen             jpake_secret = *++argv;
986db522d3aSSimon L. B. Nielsen         }
987db522d3aSSimon L. B. Nielsen #endif
98809286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP
989*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-use_srtp") == 0) {
990*6f9291ceSJung-uk Kim             if (--argc < 1)
991*6f9291ceSJung-uk Kim                 goto bad;
9921f13597dSJung-uk Kim             srtp_profiles = *(++argv);
9931f13597dSJung-uk Kim         }
99409286989SJung-uk Kim #endif
995*6f9291ceSJung-uk Kim         else if (strcmp(*argv, "-keymatexport") == 0) {
996*6f9291ceSJung-uk Kim             if (--argc < 1)
997*6f9291ceSJung-uk Kim                 goto bad;
9981f13597dSJung-uk Kim             keymatexportlabel = *(++argv);
999*6f9291ceSJung-uk Kim         } else if (strcmp(*argv, "-keymatexportlen") == 0) {
1000*6f9291ceSJung-uk Kim             if (--argc < 1)
1001*6f9291ceSJung-uk Kim                 goto bad;
10021f13597dSJung-uk Kim             keymatexportlen = atoi(*(++argv));
1003*6f9291ceSJung-uk Kim             if (keymatexportlen == 0)
1004*6f9291ceSJung-uk Kim                 goto bad;
1005*6f9291ceSJung-uk Kim         } else {
100674664626SKris Kennaway             BIO_printf(bio_err, "unknown option %s\n", *argv);
100774664626SKris Kennaway             badop = 1;
100874664626SKris Kennaway             break;
100974664626SKris Kennaway         }
101074664626SKris Kennaway         argc--;
101174664626SKris Kennaway         argv++;
101274664626SKris Kennaway     }
1013*6f9291ceSJung-uk Kim     if (badop) {
101474664626SKris Kennaway  bad:
101574664626SKris Kennaway         sc_usage();
101674664626SKris Kennaway         goto end;
101774664626SKris Kennaway     }
10181f13597dSJung-uk Kim #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1019*6f9291ceSJung-uk Kim     if (jpake_secret) {
1020*6f9291ceSJung-uk Kim         if (psk_key) {
1021*6f9291ceSJung-uk Kim             BIO_printf(bio_err, "Can't use JPAKE and PSK together\n");
10221f13597dSJung-uk Kim             goto end;
10231f13597dSJung-uk Kim         }
10241f13597dSJung-uk Kim         psk_identity = "JPAKE";
1025*6f9291ceSJung-uk Kim         if (cipher) {
10261f13597dSJung-uk Kim             BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
10271f13597dSJung-uk Kim             goto end;
10281f13597dSJung-uk Kim         }
10291f13597dSJung-uk Kim         cipher = "PSK";
10301f13597dSJung-uk Kim     }
10311f13597dSJung-uk Kim #endif
10321f13597dSJung-uk Kim 
10335c87c606SMark Murray     OpenSSL_add_ssl_algorithms();
10345c87c606SMark Murray     SSL_load_error_strings();
10355c87c606SMark Murray 
10361f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
10371f13597dSJung-uk Kim     next_proto.status = -1;
1038*6f9291ceSJung-uk Kim     if (next_proto_neg_in) {
1039*6f9291ceSJung-uk Kim         next_proto.data =
1040*6f9291ceSJung-uk Kim             next_protos_parse(&next_proto.len, next_proto_neg_in);
1041*6f9291ceSJung-uk Kim         if (next_proto.data == NULL) {
10421f13597dSJung-uk Kim             BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
10431f13597dSJung-uk Kim             goto end;
10441f13597dSJung-uk Kim         }
1045*6f9291ceSJung-uk Kim     } else
10461f13597dSJung-uk Kim         next_proto.data = NULL;
10471f13597dSJung-uk Kim #endif
10481f13597dSJung-uk Kim 
1049fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE
10505c87c606SMark Murray     e = setup_engine(bio_err, engine_id, 1);
1051*6f9291ceSJung-uk Kim     if (ssl_client_engine_id) {
1052db522d3aSSimon L. B. Nielsen         ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
1053*6f9291ceSJung-uk Kim         if (!ssl_client_engine) {
1054*6f9291ceSJung-uk Kim             BIO_printf(bio_err, "Error getting client auth engine\n");
1055db522d3aSSimon L. B. Nielsen             goto end;
1056db522d3aSSimon L. B. Nielsen         }
1057db522d3aSSimon L. B. Nielsen     }
1058fceca8a3SJacques Vidrine #endif
1059*6f9291ceSJung-uk Kim     if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
10603b4e3dcbSSimon L. B. Nielsen         BIO_printf(bio_err, "Error getting password\n");
10613b4e3dcbSSimon L. B. Nielsen         goto end;
10623b4e3dcbSSimon L. B. Nielsen     }
10633b4e3dcbSSimon L. B. Nielsen 
10643b4e3dcbSSimon L. B. Nielsen     if (key_file == NULL)
10653b4e3dcbSSimon L. B. Nielsen         key_file = cert_file;
10663b4e3dcbSSimon L. B. Nielsen 
1067*6f9291ceSJung-uk Kim     if (key_file) {
10683b4e3dcbSSimon L. B. Nielsen 
10693b4e3dcbSSimon L. B. Nielsen         key = load_key(bio_err, key_file, key_format, 0, pass, e,
10703b4e3dcbSSimon L. B. Nielsen                        "client certificate private key file");
1071*6f9291ceSJung-uk Kim         if (!key) {
10723b4e3dcbSSimon L. B. Nielsen             ERR_print_errors(bio_err);
10733b4e3dcbSSimon L. B. Nielsen             goto end;
10743b4e3dcbSSimon L. B. Nielsen         }
10753b4e3dcbSSimon L. B. Nielsen 
10763b4e3dcbSSimon L. B. Nielsen     }
10773b4e3dcbSSimon L. B. Nielsen 
1078*6f9291ceSJung-uk Kim     if (cert_file) {
10793b4e3dcbSSimon L. B. Nielsen         cert = load_cert(bio_err, cert_file, cert_format,
10803b4e3dcbSSimon L. B. Nielsen                          NULL, e, "client certificate file");
10813b4e3dcbSSimon L. B. Nielsen 
1082*6f9291ceSJung-uk Kim         if (!cert) {
10833b4e3dcbSSimon L. B. Nielsen             ERR_print_errors(bio_err);
10843b4e3dcbSSimon L. B. Nielsen             goto end;
10853b4e3dcbSSimon L. B. Nielsen         }
10863b4e3dcbSSimon L. B. Nielsen     }
10875c87c606SMark Murray 
10885740a5e3SKris Kennaway     if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1089*6f9291ceSJung-uk Kim         && !RAND_status()) {
1090*6f9291ceSJung-uk Kim         BIO_printf(bio_err,
1091*6f9291ceSJung-uk Kim                    "warning, not much extra random data, consider using the -rand option\n");
10925740a5e3SKris Kennaway     }
10935740a5e3SKris Kennaway     if (inrand != NULL)
10945740a5e3SKris Kennaway         BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
10955740a5e3SKris Kennaway                    app_RAND_load_files(inrand));
1096f579bf8eSKris Kennaway 
1097*6f9291ceSJung-uk Kim     if (bio_c_out == NULL) {
1098*6f9291ceSJung-uk Kim         if (c_quiet && !c_debug && !c_msg) {
109974664626SKris Kennaway             bio_c_out = BIO_new(BIO_s_null());
1100*6f9291ceSJung-uk Kim         } else {
110174664626SKris Kennaway             if (bio_c_out == NULL)
110274664626SKris Kennaway                 bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE);
110374664626SKris Kennaway         }
110474664626SKris Kennaway     }
11051f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP
1106*6f9291ceSJung-uk Kim     if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) {
11071f13597dSJung-uk Kim         BIO_printf(bio_err, "Error getting password\n");
11081f13597dSJung-uk Kim         goto end;
11091f13597dSJung-uk Kim     }
11101f13597dSJung-uk Kim #endif
11111f13597dSJung-uk Kim 
111274664626SKris Kennaway     ctx = SSL_CTX_new(meth);
1113*6f9291ceSJung-uk Kim     if (ctx == NULL) {
111474664626SKris Kennaway         ERR_print_errors(bio_err);
111574664626SKris Kennaway         goto end;
111674664626SKris Kennaway     }
111774664626SKris Kennaway 
11181f13597dSJung-uk Kim     if (vpm)
11191f13597dSJung-uk Kim         SSL_CTX_set1_param(ctx, vpm);
11201f13597dSJung-uk Kim 
1121db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_ENGINE
1122*6f9291ceSJung-uk Kim     if (ssl_client_engine) {
1123*6f9291ceSJung-uk Kim         if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
1124db522d3aSSimon L. B. Nielsen             BIO_puts(bio_err, "Error setting client auth engine\n");
1125db522d3aSSimon L. B. Nielsen             ERR_print_errors(bio_err);
1126db522d3aSSimon L. B. Nielsen             ENGINE_free(ssl_client_engine);
1127db522d3aSSimon L. B. Nielsen             goto end;
1128db522d3aSSimon L. B. Nielsen         }
1129db522d3aSSimon L. B. Nielsen         ENGINE_free(ssl_client_engine);
1130db522d3aSSimon L. B. Nielsen     }
1131db522d3aSSimon L. B. Nielsen #endif
1132db522d3aSSimon L. B. Nielsen 
11331f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK
11341f13597dSJung-uk Kim # ifdef OPENSSL_NO_JPAKE
11351f13597dSJung-uk Kim     if (psk_key != NULL)
11361f13597dSJung-uk Kim # else
11371f13597dSJung-uk Kim     if (psk_key != NULL || jpake_secret)
11381f13597dSJung-uk Kim # endif
11391f13597dSJung-uk Kim     {
11401f13597dSJung-uk Kim         if (c_debug)
1141*6f9291ceSJung-uk Kim             BIO_printf(bio_c_out,
1142*6f9291ceSJung-uk Kim                        "PSK key given or JPAKE in use, setting client callback\n");
11431f13597dSJung-uk Kim         SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
11441f13597dSJung-uk Kim     }
114509286989SJung-uk Kim #endif
114609286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP
11471f13597dSJung-uk Kim     if (srtp_profiles != NULL)
11481f13597dSJung-uk Kim         SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
11491f13597dSJung-uk Kim #endif
115074664626SKris Kennaway     if (bugs)
115174664626SKris Kennaway         SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
115274664626SKris Kennaway     else
115374664626SKris Kennaway         SSL_CTX_set_options(ctx, off);
11546a599222SSimon L. B. Nielsen 
11556a599222SSimon L. B. Nielsen     if (clr)
11566a599222SSimon L. B. Nielsen         SSL_CTX_clear_options(ctx, clr);
11571f13597dSJung-uk Kim 
11581f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
11591f13597dSJung-uk Kim     if (next_proto.data)
11601f13597dSJung-uk Kim         SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
11611f13597dSJung-uk Kim #endif
116274664626SKris Kennaway 
1163*6f9291ceSJung-uk Kim     if (state)
1164*6f9291ceSJung-uk Kim         SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
116574664626SKris Kennaway     if (cipher != NULL)
1166f579bf8eSKris Kennaway         if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
1167f579bf8eSKris Kennaway             BIO_printf(bio_err, "error setting cipher list\n");
1168f579bf8eSKris Kennaway             ERR_print_errors(bio_err);
1169f579bf8eSKris Kennaway             goto end;
1170f579bf8eSKris Kennaway         }
117174664626SKris Kennaway #if 0
117274664626SKris Kennaway         else
117374664626SKris Kennaway             SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
117474664626SKris Kennaway #endif
117574664626SKris Kennaway 
117674664626SKris Kennaway     SSL_CTX_set_verify(ctx, verify, verify_callback);
11773b4e3dcbSSimon L. B. Nielsen     if (!set_cert_key_stuff(ctx, cert, key))
117874664626SKris Kennaway         goto end;
117974664626SKris Kennaway 
118074664626SKris Kennaway     if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
1181*6f9291ceSJung-uk Kim         (!SSL_CTX_set_default_verify_paths(ctx))) {
1182*6f9291ceSJung-uk Kim         /*
1183*6f9291ceSJung-uk Kim          * BIO_printf(bio_err,"error setting default verify locations\n");
1184*6f9291ceSJung-uk Kim          */
118574664626SKris Kennaway         ERR_print_errors(bio_err);
118674664626SKris Kennaway         /* goto end; */
118774664626SKris Kennaway     }
1188db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
1189*6f9291ceSJung-uk Kim     if (servername != NULL) {
1190db522d3aSSimon L. B. Nielsen         tlsextcbp.biodebug = bio_err;
1191db522d3aSSimon L. B. Nielsen         SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1192db522d3aSSimon L. B. Nielsen         SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1193db522d3aSSimon L. B. Nielsen     }
11941f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP
1195*6f9291ceSJung-uk Kim     if (srp_arg.srplogin) {
1196*6f9291ceSJung-uk Kim         if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
11971f13597dSJung-uk Kim             BIO_printf(bio_err, "Unable to set SRP username\n");
11981f13597dSJung-uk Kim             goto end;
11991f13597dSJung-uk Kim         }
12001f13597dSJung-uk Kim         srp_arg.msg = c_msg;
12011f13597dSJung-uk Kim         srp_arg.debug = c_debug;
12021f13597dSJung-uk Kim         SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
12031f13597dSJung-uk Kim         SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
12041f13597dSJung-uk Kim         SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
12051f13597dSJung-uk Kim         if (c_msg || c_debug || srp_arg.amp == 0)
1206*6f9291ceSJung-uk Kim             SSL_CTX_set_srp_verify_param_callback(ctx,
1207*6f9291ceSJung-uk Kim                                                   ssl_srp_verify_param_cb);
12081f13597dSJung-uk Kim     }
12091f13597dSJung-uk Kim # endif
1210db522d3aSSimon L. B. Nielsen #endif
121174664626SKris Kennaway 
1212f579bf8eSKris Kennaway     con = SSL_new(ctx);
1213*6f9291ceSJung-uk Kim     if (sess_in) {
1214db522d3aSSimon L. B. Nielsen         SSL_SESSION *sess;
1215db522d3aSSimon L. B. Nielsen         BIO *stmp = BIO_new_file(sess_in, "r");
1216*6f9291ceSJung-uk Kim         if (!stmp) {
1217*6f9291ceSJung-uk Kim             BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
1218db522d3aSSimon L. B. Nielsen             ERR_print_errors(bio_err);
1219db522d3aSSimon L. B. Nielsen             goto end;
1220db522d3aSSimon L. B. Nielsen         }
1221db522d3aSSimon L. B. Nielsen         sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
1222db522d3aSSimon L. B. Nielsen         BIO_free(stmp);
1223*6f9291ceSJung-uk Kim         if (!sess) {
1224*6f9291ceSJung-uk Kim             BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
1225db522d3aSSimon L. B. Nielsen             ERR_print_errors(bio_err);
1226db522d3aSSimon L. B. Nielsen             goto end;
1227db522d3aSSimon L. B. Nielsen         }
1228db522d3aSSimon L. B. Nielsen         SSL_set_session(con, sess);
1229db522d3aSSimon L. B. Nielsen         SSL_SESSION_free(sess);
1230db522d3aSSimon L. B. Nielsen     }
1231fa5fddf1SJung-uk Kim 
1232fa5fddf1SJung-uk Kim     if (fallback_scsv)
1233fa5fddf1SJung-uk Kim         SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
1234fa5fddf1SJung-uk Kim 
1235db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
1236*6f9291ceSJung-uk Kim     if (servername != NULL) {
1237*6f9291ceSJung-uk Kim         if (!SSL_set_tlsext_host_name(con, servername)) {
1238db522d3aSSimon L. B. Nielsen             BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
1239db522d3aSSimon L. B. Nielsen             ERR_print_errors(bio_err);
1240db522d3aSSimon L. B. Nielsen             goto end;
1241db522d3aSSimon L. B. Nielsen         }
1242db522d3aSSimon L. B. Nielsen     }
1243db522d3aSSimon L. B. Nielsen #endif
12445c87c606SMark Murray #ifndef OPENSSL_NO_KRB5
1245*6f9291ceSJung-uk Kim     if (con && (kctx = kssl_ctx_new()) != NULL) {
12461f13597dSJung-uk Kim         SSL_set0_kssl_ctx(con, kctx);
12471f13597dSJung-uk Kim         kssl_ctx_setstring(kctx, KSSL_SERVER, host);
12485c87c606SMark Murray     }
12495c87c606SMark Murray #endif                          /* OPENSSL_NO_KRB5 */
125074664626SKris Kennaway /*      SSL_set_cipher_list(con,"RC4-MD5"); */
12511f13597dSJung-uk Kim #if 0
12521f13597dSJung-uk Kim # ifdef TLSEXT_TYPE_opaque_prf_input
12531f13597dSJung-uk Kim     SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
12541f13597dSJung-uk Kim # endif
12551f13597dSJung-uk Kim #endif
125674664626SKris Kennaway 
125774664626SKris Kennaway  re_start:
125874664626SKris Kennaway 
1259*6f9291ceSJung-uk Kim     if (init_client(&s, host, port, socket_type) == 0) {
126074664626SKris Kennaway         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
126174664626SKris Kennaway         SHUTDOWN(s);
126274664626SKris Kennaway         goto end;
126374664626SKris Kennaway     }
126474664626SKris Kennaway     BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
126574664626SKris Kennaway 
126674664626SKris Kennaway #ifdef FIONBIO
1267*6f9291ceSJung-uk Kim     if (c_nbio) {
126874664626SKris Kennaway         unsigned long l = 1;
126974664626SKris Kennaway         BIO_printf(bio_c_out, "turning on non blocking io\n");
1270*6f9291ceSJung-uk Kim         if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) {
127174664626SKris Kennaway             ERR_print_errors(bio_err);
127274664626SKris Kennaway             goto end;
127374664626SKris Kennaway         }
127474664626SKris Kennaway     }
127574664626SKris Kennaway #endif
1276*6f9291ceSJung-uk Kim     if (c_Pause & 0x01)
1277*6f9291ceSJung-uk Kim         SSL_set_debug(con, 1);
12783b4e3dcbSSimon L. B. Nielsen 
1279*6f9291ceSJung-uk Kim     if (SSL_version(con) == DTLS1_VERSION) {
12803b4e3dcbSSimon L. B. Nielsen 
12813b4e3dcbSSimon L. B. Nielsen         sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1282*6f9291ceSJung-uk Kim         if (getsockname(s, &peer, (void *)&peerlen) < 0) {
12833b4e3dcbSSimon L. B. Nielsen             BIO_printf(bio_err, "getsockname:errno=%d\n",
12843b4e3dcbSSimon L. B. Nielsen                        get_last_socket_error());
12853b4e3dcbSSimon L. B. Nielsen             SHUTDOWN(s);
12863b4e3dcbSSimon L. B. Nielsen             goto end;
12873b4e3dcbSSimon L. B. Nielsen         }
12883b4e3dcbSSimon L. B. Nielsen 
1289db522d3aSSimon L. B. Nielsen         (void)BIO_ctrl_set_connected(sbio, 1, &peer);
12903b4e3dcbSSimon L. B. Nielsen 
1291*6f9291ceSJung-uk Kim         if (enable_timeouts) {
12923b4e3dcbSSimon L. B. Nielsen             timeout.tv_sec = 0;
12933b4e3dcbSSimon L. B. Nielsen             timeout.tv_usec = DGRAM_RCV_TIMEOUT;
12943b4e3dcbSSimon L. B. Nielsen             BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
12953b4e3dcbSSimon L. B. Nielsen 
12963b4e3dcbSSimon L. B. Nielsen             timeout.tv_sec = 0;
12973b4e3dcbSSimon L. B. Nielsen             timeout.tv_usec = DGRAM_SND_TIMEOUT;
12983b4e3dcbSSimon L. B. Nielsen             BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
12993b4e3dcbSSimon L. B. Nielsen         }
13003b4e3dcbSSimon L. B. Nielsen 
1301*6f9291ceSJung-uk Kim         if (socket_mtu) {
1302*6f9291ceSJung-uk Kim             if (socket_mtu < DTLS_get_link_min_mtu(con)) {
1303751d2991SJung-uk Kim                 BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
1304751d2991SJung-uk Kim                            DTLS_get_link_min_mtu(con));
1305751d2991SJung-uk Kim                 BIO_free(sbio);
1306751d2991SJung-uk Kim                 goto shut;
1307751d2991SJung-uk Kim             }
13083b4e3dcbSSimon L. B. Nielsen             SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1309*6f9291ceSJung-uk Kim             if (!DTLS_set_link_mtu(con, socket_mtu)) {
1310751d2991SJung-uk Kim                 BIO_printf(bio_err, "Failed to set MTU\n");
1311751d2991SJung-uk Kim                 BIO_free(sbio);
1312751d2991SJung-uk Kim                 goto shut;
1313751d2991SJung-uk Kim             }
1314*6f9291ceSJung-uk Kim         } else
13153b4e3dcbSSimon L. B. Nielsen             /* want to do MTU discovery */
13163b4e3dcbSSimon L. B. Nielsen             BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1317*6f9291ceSJung-uk Kim     } else
131874664626SKris Kennaway         sbio = BIO_new_socket(s, BIO_NOCLOSE);
131974664626SKris Kennaway 
1320*6f9291ceSJung-uk Kim     if (nbio_test) {
132174664626SKris Kennaway         BIO *test;
132274664626SKris Kennaway 
132374664626SKris Kennaway         test = BIO_new(BIO_f_nbio_test());
132474664626SKris Kennaway         sbio = BIO_push(test, sbio);
132574664626SKris Kennaway     }
132674664626SKris Kennaway 
1327*6f9291ceSJung-uk Kim     if (c_debug) {
13281f13597dSJung-uk Kim         SSL_set_debug(con, 1);
13293b4e3dcbSSimon L. B. Nielsen         BIO_set_callback(sbio, bio_dump_callback);
13305471f83eSSimon L. B. Nielsen         BIO_set_callback_arg(sbio, (char *)bio_c_out);
133174664626SKris Kennaway     }
1332*6f9291ceSJung-uk Kim     if (c_msg) {
13335c87c606SMark Murray         SSL_set_msg_callback(con, msg_cb);
13345c87c606SMark Murray         SSL_set_msg_callback_arg(con, bio_c_out);
13355c87c606SMark Murray     }
1336db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
1337*6f9291ceSJung-uk Kim     if (c_tlsextdebug) {
1338db522d3aSSimon L. B. Nielsen         SSL_set_tlsext_debug_callback(con, tlsext_cb);
1339db522d3aSSimon L. B. Nielsen         SSL_set_tlsext_debug_arg(con, bio_c_out);
1340db522d3aSSimon L. B. Nielsen     }
1341*6f9291ceSJung-uk Kim     if (c_status_req) {
1342db522d3aSSimon L. B. Nielsen         SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
1343db522d3aSSimon L. B. Nielsen         SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
1344db522d3aSSimon L. B. Nielsen         SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
1345db522d3aSSimon L. B. Nielsen # if 0
1346db522d3aSSimon L. B. Nielsen         {
1347db522d3aSSimon L. B. Nielsen             STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
1348db522d3aSSimon L. B. Nielsen             OCSP_RESPID *id = OCSP_RESPID_new();
1349db522d3aSSimon L. B. Nielsen             id->value.byKey = ASN1_OCTET_STRING_new();
1350db522d3aSSimon L. B. Nielsen             id->type = V_OCSP_RESPID_KEY;
1351db522d3aSSimon L. B. Nielsen             ASN1_STRING_set(id->value.byKey, "Hello World", -1);
1352db522d3aSSimon L. B. Nielsen             sk_OCSP_RESPID_push(ids, id);
1353db522d3aSSimon L. B. Nielsen             SSL_set_tlsext_status_ids(con, ids);
1354db522d3aSSimon L. B. Nielsen         }
1355db522d3aSSimon L. B. Nielsen # endif
1356db522d3aSSimon L. B. Nielsen     }
1357db522d3aSSimon L. B. Nielsen #endif
1358db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE
1359db522d3aSSimon L. B. Nielsen     if (jpake_secret)
1360db522d3aSSimon L. B. Nielsen         jpake_client_auth(bio_c_out, sbio, jpake_secret);
1361db522d3aSSimon L. B. Nielsen #endif
136274664626SKris Kennaway 
136374664626SKris Kennaway     SSL_set_bio(con, sbio, sbio);
136474664626SKris Kennaway     SSL_set_connect_state(con);
136574664626SKris Kennaway 
136674664626SKris Kennaway     /* ok, lets connect */
136774664626SKris Kennaway     width = SSL_get_fd(con) + 1;
136874664626SKris Kennaway 
136974664626SKris Kennaway     read_tty = 1;
137074664626SKris Kennaway     write_tty = 0;
137174664626SKris Kennaway     tty_on = 0;
137274664626SKris Kennaway     read_ssl = 1;
137374664626SKris Kennaway     write_ssl = 1;
137474664626SKris Kennaway 
137574664626SKris Kennaway     cbuf_len = 0;
137674664626SKris Kennaway     cbuf_off = 0;
137774664626SKris Kennaway     sbuf_len = 0;
137874664626SKris Kennaway     sbuf_off = 0;
137974664626SKris Kennaway 
13805c87c606SMark Murray     /* This is an ugly hack that does a lot of assumptions */
1381*6f9291ceSJung-uk Kim     /*
1382*6f9291ceSJung-uk Kim      * We do have to handle multi-line responses which may come in a single
1383*6f9291ceSJung-uk Kim      * packet or not. We therefore have to use BIO_gets() which does need a
1384*6f9291ceSJung-uk Kim      * buffering BIO. So during the initial chitchat we do push a buffering
1385*6f9291ceSJung-uk Kim      * BIO into the chain that is removed again later on to not disturb the
1386*6f9291ceSJung-uk Kim      * rest of the s_client operation.
1387*6f9291ceSJung-uk Kim      */
1388*6f9291ceSJung-uk Kim     if (starttls_proto == PROTO_SMTP) {
13895471f83eSSimon L. B. Nielsen         int foundit = 0;
13905471f83eSSimon L. B. Nielsen         BIO *fbio = BIO_new(BIO_f_buffer());
13915471f83eSSimon L. B. Nielsen         BIO_push(fbio, sbio);
13925471f83eSSimon L. B. Nielsen         /* wait for multi-line response to end from SMTP */
1393*6f9291ceSJung-uk Kim         do {
13945471f83eSSimon L. B. Nielsen             mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
13955471f83eSSimon L. B. Nielsen         }
13965471f83eSSimon L. B. Nielsen         while (mbuf_len > 3 && mbuf[3] == '-');
13975471f83eSSimon L. B. Nielsen         /* STARTTLS command requires EHLO... */
13985471f83eSSimon L. B. Nielsen         BIO_printf(fbio, "EHLO openssl.client.net\r\n");
1399db522d3aSSimon L. B. Nielsen         (void)BIO_flush(fbio);
14005471f83eSSimon L. B. Nielsen         /* wait for multi-line response to end EHLO SMTP response */
1401*6f9291ceSJung-uk Kim         do {
14025471f83eSSimon L. B. Nielsen             mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
14035471f83eSSimon L. B. Nielsen             if (strstr(mbuf, "STARTTLS"))
14045471f83eSSimon L. B. Nielsen                 foundit = 1;
14055471f83eSSimon L. B. Nielsen         }
14065471f83eSSimon L. B. Nielsen         while (mbuf_len > 3 && mbuf[3] == '-');
1407db522d3aSSimon L. B. Nielsen         (void)BIO_flush(fbio);
14085471f83eSSimon L. B. Nielsen         BIO_pop(fbio);
14095471f83eSSimon L. B. Nielsen         BIO_free(fbio);
14105471f83eSSimon L. B. Nielsen         if (!foundit)
14115471f83eSSimon L. B. Nielsen             BIO_printf(bio_err,
14125471f83eSSimon L. B. Nielsen                        "didn't found starttls in server response,"
14135471f83eSSimon L. B. Nielsen                        " try anyway...\n");
14145c87c606SMark Murray         BIO_printf(sbio, "STARTTLS\r\n");
14155c87c606SMark Murray         BIO_read(sbio, sbuf, BUFSIZZ);
1416*6f9291ceSJung-uk Kim     } else if (starttls_proto == PROTO_POP3) {
141750ef0093SJacques Vidrine         BIO_read(sbio, mbuf, BUFSIZZ);
141850ef0093SJacques Vidrine         BIO_printf(sbio, "STLS\r\n");
141950ef0093SJacques Vidrine         BIO_read(sbio, sbuf, BUFSIZZ);
1420*6f9291ceSJung-uk Kim     } else if (starttls_proto == PROTO_IMAP) {
14215471f83eSSimon L. B. Nielsen         int foundit = 0;
14225471f83eSSimon L. B. Nielsen         BIO *fbio = BIO_new(BIO_f_buffer());
14235471f83eSSimon L. B. Nielsen         BIO_push(fbio, sbio);
14245471f83eSSimon L. B. Nielsen         BIO_gets(fbio, mbuf, BUFSIZZ);
14255471f83eSSimon L. B. Nielsen         /* STARTTLS command requires CAPABILITY... */
14265471f83eSSimon L. B. Nielsen         BIO_printf(fbio, ". CAPABILITY\r\n");
1427db522d3aSSimon L. B. Nielsen         (void)BIO_flush(fbio);
14285471f83eSSimon L. B. Nielsen         /* wait for multi-line CAPABILITY response */
1429*6f9291ceSJung-uk Kim         do {
14305471f83eSSimon L. B. Nielsen             mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
14315471f83eSSimon L. B. Nielsen             if (strstr(mbuf, "STARTTLS"))
14325471f83eSSimon L. B. Nielsen                 foundit = 1;
14335471f83eSSimon L. B. Nielsen         }
14345471f83eSSimon L. B. Nielsen         while (mbuf_len > 3 && mbuf[0] != '.');
1435db522d3aSSimon L. B. Nielsen         (void)BIO_flush(fbio);
14365471f83eSSimon L. B. Nielsen         BIO_pop(fbio);
14375471f83eSSimon L. B. Nielsen         BIO_free(fbio);
14385471f83eSSimon L. B. Nielsen         if (!foundit)
14395471f83eSSimon L. B. Nielsen             BIO_printf(bio_err,
14405471f83eSSimon L. B. Nielsen                        "didn't found STARTTLS in server response,"
14415471f83eSSimon L. B. Nielsen                        " try anyway...\n");
14425471f83eSSimon L. B. Nielsen         BIO_printf(sbio, ". STARTTLS\r\n");
14435471f83eSSimon L. B. Nielsen         BIO_read(sbio, sbuf, BUFSIZZ);
1444*6f9291ceSJung-uk Kim     } else if (starttls_proto == PROTO_FTP) {
14455471f83eSSimon L. B. Nielsen         BIO *fbio = BIO_new(BIO_f_buffer());
14465471f83eSSimon L. B. Nielsen         BIO_push(fbio, sbio);
14475471f83eSSimon L. B. Nielsen         /* wait for multi-line response to end from FTP */
1448*6f9291ceSJung-uk Kim         do {
14495471f83eSSimon L. B. Nielsen             mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
14505471f83eSSimon L. B. Nielsen         }
14515471f83eSSimon L. B. Nielsen         while (mbuf_len > 3 && mbuf[3] == '-');
1452db522d3aSSimon L. B. Nielsen         (void)BIO_flush(fbio);
14535471f83eSSimon L. B. Nielsen         BIO_pop(fbio);
14545471f83eSSimon L. B. Nielsen         BIO_free(fbio);
14555471f83eSSimon L. B. Nielsen         BIO_printf(sbio, "AUTH TLS\r\n");
14565471f83eSSimon L. B. Nielsen         BIO_read(sbio, sbuf, BUFSIZZ);
14575471f83eSSimon L. B. Nielsen     }
1458*6f9291ceSJung-uk Kim     if (starttls_proto == PROTO_XMPP) {
1459db522d3aSSimon L. B. Nielsen         int seen = 0;
1460db522d3aSSimon L. B. Nielsen         BIO_printf(sbio, "<stream:stream "
1461db522d3aSSimon L. B. Nielsen                    "xmlns:stream='http://etherx.jabber.org/streams' "
1462db522d3aSSimon L. B. Nielsen                    "xmlns='jabber:client' to='%s' version='1.0'>", host);
1463db522d3aSSimon L. B. Nielsen         seen = BIO_read(sbio, mbuf, BUFSIZZ);
1464db522d3aSSimon L. B. Nielsen         mbuf[seen] = 0;
1465*6f9291ceSJung-uk Kim         while (!strstr
1466*6f9291ceSJung-uk Kim                (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) {
1467db522d3aSSimon L. B. Nielsen             if (strstr(mbuf, "/stream:features>"))
1468db522d3aSSimon L. B. Nielsen                 goto shut;
1469db522d3aSSimon L. B. Nielsen             seen = BIO_read(sbio, mbuf, BUFSIZZ);
1470db522d3aSSimon L. B. Nielsen             mbuf[seen] = 0;
1471db522d3aSSimon L. B. Nielsen         }
1472*6f9291ceSJung-uk Kim         BIO_printf(sbio,
1473*6f9291ceSJung-uk Kim                    "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
1474db522d3aSSimon L. B. Nielsen         seen = BIO_read(sbio, sbuf, BUFSIZZ);
1475db522d3aSSimon L. B. Nielsen         sbuf[seen] = 0;
1476db522d3aSSimon L. B. Nielsen         if (!strstr(sbuf, "<proceed"))
1477db522d3aSSimon L. B. Nielsen             goto shut;
1478db522d3aSSimon L. B. Nielsen         mbuf[0] = 0;
1479db522d3aSSimon L. B. Nielsen     }
14805c87c606SMark Murray 
1481*6f9291ceSJung-uk Kim     for (;;) {
148274664626SKris Kennaway         FD_ZERO(&readfds);
148374664626SKris Kennaway         FD_ZERO(&writefds);
148474664626SKris Kennaway 
14856a599222SSimon L. B. Nielsen         if ((SSL_version(con) == DTLS1_VERSION) &&
14866a599222SSimon L. B. Nielsen             DTLSv1_get_timeout(con, &timeout))
14876a599222SSimon L. B. Nielsen             timeoutp = &timeout;
14886a599222SSimon L. B. Nielsen         else
14896a599222SSimon L. B. Nielsen             timeoutp = NULL;
14906a599222SSimon L. B. Nielsen 
1491*6f9291ceSJung-uk Kim         if (SSL_in_init(con) && !SSL_total_renegotiations(con)) {
149274664626SKris Kennaway             in_init = 1;
149374664626SKris Kennaway             tty_on = 0;
1494*6f9291ceSJung-uk Kim         } else {
149574664626SKris Kennaway             tty_on = 1;
1496*6f9291ceSJung-uk Kim             if (in_init) {
149774664626SKris Kennaway                 in_init = 0;
1498*6f9291ceSJung-uk Kim #if 0                           /* This test doesn't really work as intended
1499*6f9291ceSJung-uk Kim                                  * (needs to be fixed) */
15001f13597dSJung-uk Kim # ifndef OPENSSL_NO_TLSEXT
1501*6f9291ceSJung-uk Kim                 if (servername != NULL && !SSL_session_reused(con)) {
1502*6f9291ceSJung-uk Kim                     BIO_printf(bio_c_out,
1503*6f9291ceSJung-uk Kim                                "Server did %sacknowledge servername extension.\n",
1504*6f9291ceSJung-uk Kim                                tlsextcbp.ack ? "" : "not ");
15051f13597dSJung-uk Kim                 }
15061f13597dSJung-uk Kim # endif
15071f13597dSJung-uk Kim #endif
1508*6f9291ceSJung-uk Kim                 if (sess_out) {
1509db522d3aSSimon L. B. Nielsen                     BIO *stmp = BIO_new_file(sess_out, "w");
1510*6f9291ceSJung-uk Kim                     if (stmp) {
1511db522d3aSSimon L. B. Nielsen                         PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
1512db522d3aSSimon L. B. Nielsen                         BIO_free(stmp);
1513*6f9291ceSJung-uk Kim                     } else
1514*6f9291ceSJung-uk Kim                         BIO_printf(bio_err, "Error writing session file %s\n",
1515*6f9291ceSJung-uk Kim                                    sess_out);
1516db522d3aSSimon L. B. Nielsen                 }
151774664626SKris Kennaway                 print_stuff(bio_c_out, con, full_log);
1518*6f9291ceSJung-uk Kim                 if (full_log > 0)
1519*6f9291ceSJung-uk Kim                     full_log--;
152074664626SKris Kennaway 
1521*6f9291ceSJung-uk Kim                 if (starttls_proto) {
15225c87c606SMark Murray                     BIO_printf(bio_err, "%s", mbuf);
15235c87c606SMark Murray                     /* We don't need to know any more */
15245471f83eSSimon L. B. Nielsen                     starttls_proto = PROTO_OFF;
15255c87c606SMark Murray                 }
15265c87c606SMark Murray 
1527*6f9291ceSJung-uk Kim                 if (reconnect) {
152874664626SKris Kennaway                     reconnect--;
1529*6f9291ceSJung-uk Kim                     BIO_printf(bio_c_out,
1530*6f9291ceSJung-uk Kim                                "drop connection and then reconnect\n");
153174664626SKris Kennaway                     SSL_shutdown(con);
153274664626SKris Kennaway                     SSL_set_connect_state(con);
153374664626SKris Kennaway                     SHUTDOWN(SSL_get_fd(con));
153474664626SKris Kennaway                     goto re_start;
153574664626SKris Kennaway                 }
153674664626SKris Kennaway             }
153774664626SKris Kennaway         }
153874664626SKris Kennaway 
153974664626SKris Kennaway         ssl_pending = read_ssl && SSL_pending(con);
154074664626SKris Kennaway 
1541*6f9291ceSJung-uk Kim         if (!ssl_pending) {
15421f13597dSJung-uk Kim #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
1543*6f9291ceSJung-uk Kim             if (tty_on) {
1544*6f9291ceSJung-uk Kim                 if (read_tty)
1545*6f9291ceSJung-uk Kim                     openssl_fdset(fileno(stdin), &readfds);
1546*6f9291ceSJung-uk Kim                 if (write_tty)
1547*6f9291ceSJung-uk Kim                     openssl_fdset(fileno(stdout), &writefds);
154874664626SKris Kennaway             }
154974664626SKris Kennaway             if (read_ssl)
15501f13597dSJung-uk Kim                 openssl_fdset(SSL_get_fd(con), &readfds);
155174664626SKris Kennaway             if (write_ssl)
15521f13597dSJung-uk Kim                 openssl_fdset(SSL_get_fd(con), &writefds);
1553f579bf8eSKris Kennaway #else
1554f579bf8eSKris Kennaway             if (!tty_on || !write_tty) {
1555f579bf8eSKris Kennaway                 if (read_ssl)
15561f13597dSJung-uk Kim                     openssl_fdset(SSL_get_fd(con), &readfds);
1557f579bf8eSKris Kennaway                 if (write_ssl)
15581f13597dSJung-uk Kim                     openssl_fdset(SSL_get_fd(con), &writefds);
1559f579bf8eSKris Kennaway             }
1560f579bf8eSKris Kennaway #endif
1561*6f9291ceSJung-uk Kim /*-         printf("mode tty(%d %d%d) ssl(%d%d)\n",
156274664626SKris Kennaway                     tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
156374664626SKris Kennaway 
1564*6f9291ceSJung-uk Kim             /*
1565*6f9291ceSJung-uk Kim              * Note: under VMS with SOCKETSHR the second parameter is
1566*6f9291ceSJung-uk Kim              * currently of type (int *) whereas under other systems it is
1567*6f9291ceSJung-uk Kim              * (void *) if you don't have a cast it will choke the compiler:
1568*6f9291ceSJung-uk Kim              * if you do have a cast then you can either go for (int *) or
1569*6f9291ceSJung-uk Kim              * (void *).
157074664626SKris Kennaway              */
157150ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
1572*6f9291ceSJung-uk Kim             /*
1573*6f9291ceSJung-uk Kim              * Under Windows/DOS we make the assumption that we can always
1574*6f9291ceSJung-uk Kim              * write to the tty: therefore if we need to write to the tty we
1575*6f9291ceSJung-uk Kim              * just fall through. Otherwise we timeout the select every
1576*6f9291ceSJung-uk Kim              * second and see if there are any keypresses. Note: this is a
1577*6f9291ceSJung-uk Kim              * hack, in a proper Windows application we wouldn't do this.
1578f579bf8eSKris Kennaway              */
1579f579bf8eSKris Kennaway             i = 0;
1580f579bf8eSKris Kennaway             if (!write_tty) {
1581f579bf8eSKris Kennaway                 if (read_tty) {
1582f579bf8eSKris Kennaway                     tv.tv_sec = 1;
1583f579bf8eSKris Kennaway                     tv.tv_usec = 0;
1584f579bf8eSKris Kennaway                     i = select(width, (void *)&readfds, (void *)&writefds,
1585f579bf8eSKris Kennaway                                NULL, &tv);
158650ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
1587*6f9291ceSJung-uk Kim                     if (!i && (!_kbhit() || !read_tty))
1588*6f9291ceSJung-uk Kim                         continue;
15895c87c606SMark Murray # else
1590*6f9291ceSJung-uk Kim                     if (!i && (!((_kbhit())
1591*6f9291ceSJung-uk Kim                                  || (WAIT_OBJECT_0 ==
1592*6f9291ceSJung-uk Kim                                      WaitForSingleObject(GetStdHandle
1593*6f9291ceSJung-uk Kim                                                          (STD_INPUT_HANDLE),
1594*6f9291ceSJung-uk Kim                                                          0)))
1595*6f9291ceSJung-uk Kim                                || !read_tty))
1596*6f9291ceSJung-uk Kim                         continue;
15975c87c606SMark Murray # endif
1598*6f9291ceSJung-uk Kim                 } else
1599*6f9291ceSJung-uk Kim                     i = select(width, (void *)&readfds, (void *)&writefds,
16006a599222SSimon L. B. Nielsen                                NULL, timeoutp);
1601f579bf8eSKris Kennaway             }
16023b4e3dcbSSimon L. B. Nielsen #elif defined(OPENSSL_SYS_NETWARE)
16033b4e3dcbSSimon L. B. Nielsen             if (!write_tty) {
16043b4e3dcbSSimon L. B. Nielsen                 if (read_tty) {
16053b4e3dcbSSimon L. B. Nielsen                     tv.tv_sec = 1;
16063b4e3dcbSSimon L. B. Nielsen                     tv.tv_usec = 0;
16073b4e3dcbSSimon L. B. Nielsen                     i = select(width, (void *)&readfds, (void *)&writefds,
16083b4e3dcbSSimon L. B. Nielsen                                NULL, &tv);
1609*6f9291ceSJung-uk Kim                 } else
1610*6f9291ceSJung-uk Kim                     i = select(width, (void *)&readfds, (void *)&writefds,
16116a599222SSimon L. B. Nielsen                                NULL, timeoutp);
16123b4e3dcbSSimon L. B. Nielsen             }
16131f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5)
16141f13597dSJung-uk Kim             /* Under BeOS-R5 the situation is similar to DOS */
16151f13597dSJung-uk Kim             i = 0;
16161f13597dSJung-uk Kim             stdin_set = 0;
16171f13597dSJung-uk Kim             (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
16181f13597dSJung-uk Kim             if (!write_tty) {
16191f13597dSJung-uk Kim                 if (read_tty) {
16201f13597dSJung-uk Kim                     tv.tv_sec = 1;
16211f13597dSJung-uk Kim                     tv.tv_usec = 0;
16221f13597dSJung-uk Kim                     i = select(width, (void *)&readfds, (void *)&writefds,
16231f13597dSJung-uk Kim                                NULL, &tv);
16241f13597dSJung-uk Kim                     if (read(fileno(stdin), sbuf, 0) >= 0)
16251f13597dSJung-uk Kim                         stdin_set = 1;
16261f13597dSJung-uk Kim                     if (!i && (stdin_set != 1 || !read_tty))
16271f13597dSJung-uk Kim                         continue;
1628*6f9291ceSJung-uk Kim                 } else
1629*6f9291ceSJung-uk Kim                     i = select(width, (void *)&readfds, (void *)&writefds,
16301f13597dSJung-uk Kim                                NULL, timeoutp);
16311f13597dSJung-uk Kim             }
16321f13597dSJung-uk Kim             (void)fcntl(fileno(stdin), F_SETFL, 0);
1633f579bf8eSKris Kennaway #else
163474664626SKris Kennaway             i = select(width, (void *)&readfds, (void *)&writefds,
16356a599222SSimon L. B. Nielsen                        NULL, timeoutp);
1636f579bf8eSKris Kennaway #endif
1637*6f9291ceSJung-uk Kim             if (i < 0) {
163874664626SKris Kennaway                 BIO_printf(bio_err, "bad select %d\n",
163974664626SKris Kennaway                            get_last_socket_error());
164074664626SKris Kennaway                 goto shut;
164174664626SKris Kennaway                 /* goto end; */
164274664626SKris Kennaway             }
164374664626SKris Kennaway         }
164474664626SKris Kennaway 
1645*6f9291ceSJung-uk Kim         if ((SSL_version(con) == DTLS1_VERSION)
1646*6f9291ceSJung-uk Kim             && DTLSv1_handle_timeout(con) > 0) {
16476a599222SSimon L. B. Nielsen             BIO_printf(bio_err, "TIMEOUT occured\n");
16486a599222SSimon L. B. Nielsen         }
16496a599222SSimon L. B. Nielsen 
1650*6f9291ceSJung-uk Kim         if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
1651*6f9291ceSJung-uk Kim             k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);
1652*6f9291ceSJung-uk Kim             switch (SSL_get_error(con, k)) {
165374664626SKris Kennaway             case SSL_ERROR_NONE:
165474664626SKris Kennaway                 cbuf_off += k;
165574664626SKris Kennaway                 cbuf_len -= k;
1656*6f9291ceSJung-uk Kim                 if (k <= 0)
1657*6f9291ceSJung-uk Kim                     goto end;
165874664626SKris Kennaway                 /* we have done a  write(con,NULL,0); */
1659*6f9291ceSJung-uk Kim                 if (cbuf_len <= 0) {
166074664626SKris Kennaway                     read_tty = 1;
166174664626SKris Kennaway                     write_ssl = 0;
1662*6f9291ceSJung-uk Kim                 } else {        /* if (cbuf_len > 0) */
1663*6f9291ceSJung-uk Kim 
166474664626SKris Kennaway                     read_tty = 0;
166574664626SKris Kennaway                     write_ssl = 1;
166674664626SKris Kennaway                 }
166774664626SKris Kennaway                 break;
166874664626SKris Kennaway             case SSL_ERROR_WANT_WRITE:
166974664626SKris Kennaway                 BIO_printf(bio_c_out, "write W BLOCK\n");
167074664626SKris Kennaway                 write_ssl = 1;
167174664626SKris Kennaway                 read_tty = 0;
167274664626SKris Kennaway                 break;
167374664626SKris Kennaway             case SSL_ERROR_WANT_READ:
167474664626SKris Kennaway                 BIO_printf(bio_c_out, "write R BLOCK\n");
167574664626SKris Kennaway                 write_tty = 0;
167674664626SKris Kennaway                 read_ssl = 1;
167774664626SKris Kennaway                 write_ssl = 0;
167874664626SKris Kennaway                 break;
167974664626SKris Kennaway             case SSL_ERROR_WANT_X509_LOOKUP:
168074664626SKris Kennaway                 BIO_printf(bio_c_out, "write X BLOCK\n");
168174664626SKris Kennaway                 break;
168274664626SKris Kennaway             case SSL_ERROR_ZERO_RETURN:
1683*6f9291ceSJung-uk Kim                 if (cbuf_len != 0) {
168474664626SKris Kennaway                     BIO_printf(bio_c_out, "shutdown\n");
16851f13597dSJung-uk Kim                     ret = 0;
168674664626SKris Kennaway                     goto shut;
1687*6f9291ceSJung-uk Kim                 } else {
168874664626SKris Kennaway                     read_tty = 1;
168974664626SKris Kennaway                     write_ssl = 0;
169074664626SKris Kennaway                     break;
169174664626SKris Kennaway                 }
169274664626SKris Kennaway 
169374664626SKris Kennaway             case SSL_ERROR_SYSCALL:
1694*6f9291ceSJung-uk Kim                 if ((k != 0) || (cbuf_len != 0)) {
169574664626SKris Kennaway                     BIO_printf(bio_err, "write:errno=%d\n",
169674664626SKris Kennaway                                get_last_socket_error());
169774664626SKris Kennaway                     goto shut;
1698*6f9291ceSJung-uk Kim                 } else {
169974664626SKris Kennaway                     read_tty = 1;
170074664626SKris Kennaway                     write_ssl = 0;
170174664626SKris Kennaway                 }
170274664626SKris Kennaway                 break;
170374664626SKris Kennaway             case SSL_ERROR_SSL:
170474664626SKris Kennaway                 ERR_print_errors(bio_err);
170574664626SKris Kennaway                 goto shut;
170674664626SKris Kennaway             }
170774664626SKris Kennaway         }
17081f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
17091f13597dSJung-uk Kim         /* Assume Windows/DOS/BeOS can always write */
1710f579bf8eSKris Kennaway         else if (!ssl_pending && write_tty)
1711f579bf8eSKris Kennaway #else
171274664626SKris Kennaway         else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds))
1713f579bf8eSKris Kennaway #endif
171474664626SKris Kennaway         {
171574664626SKris Kennaway #ifdef CHARSET_EBCDIC
171674664626SKris Kennaway             ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len);
171774664626SKris Kennaway #endif
17181f13597dSJung-uk Kim             i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len);
171974664626SKris Kennaway 
1720*6f9291ceSJung-uk Kim             if (i <= 0) {
172174664626SKris Kennaway                 BIO_printf(bio_c_out, "DONE\n");
17221f13597dSJung-uk Kim                 ret = 0;
172374664626SKris Kennaway                 goto shut;
172474664626SKris Kennaway                 /* goto end; */
172574664626SKris Kennaway             }
172674664626SKris Kennaway 
172774664626SKris Kennaway             sbuf_len -= i;;
172874664626SKris Kennaway             sbuf_off += i;
1729*6f9291ceSJung-uk Kim             if (sbuf_len <= 0) {
173074664626SKris Kennaway                 read_ssl = 1;
173174664626SKris Kennaway                 write_tty = 0;
173274664626SKris Kennaway             }
1733*6f9291ceSJung-uk Kim         } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) {
173474664626SKris Kennaway #ifdef RENEG
1735*6f9291ceSJung-uk Kim             {
1736*6f9291ceSJung-uk Kim                 static int iiii;
1737*6f9291ceSJung-uk Kim                 if (++iiii == 52) {
1738*6f9291ceSJung-uk Kim                     SSL_renegotiate(con);
1739*6f9291ceSJung-uk Kim                     iiii = 0;
1740*6f9291ceSJung-uk Kim                 }
1741*6f9291ceSJung-uk Kim             }
174274664626SKris Kennaway #endif
174374664626SKris Kennaway #if 1
174474664626SKris Kennaway             k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
174574664626SKris Kennaway #else
174674664626SKris Kennaway /* Demo for pending and peek :-) */
174774664626SKris Kennaway             k = SSL_read(con, sbuf, 16);
1748*6f9291ceSJung-uk Kim             {
1749*6f9291ceSJung-uk Kim                 char zbuf[10240];
1750*6f9291ceSJung-uk Kim                 printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con),
1751*6f9291ceSJung-uk Kim                        SSL_peek(con, zbuf, 10240));
175274664626SKris Kennaway             }
175374664626SKris Kennaway #endif
175474664626SKris Kennaway 
1755*6f9291ceSJung-uk Kim             switch (SSL_get_error(con, k)) {
175674664626SKris Kennaway             case SSL_ERROR_NONE:
175774664626SKris Kennaway                 if (k <= 0)
175874664626SKris Kennaway                     goto end;
175974664626SKris Kennaway                 sbuf_off = 0;
176074664626SKris Kennaway                 sbuf_len = k;
176174664626SKris Kennaway 
176274664626SKris Kennaway                 read_ssl = 0;
176374664626SKris Kennaway                 write_tty = 1;
176474664626SKris Kennaway                 break;
176574664626SKris Kennaway             case SSL_ERROR_WANT_WRITE:
176674664626SKris Kennaway                 BIO_printf(bio_c_out, "read W BLOCK\n");
176774664626SKris Kennaway                 write_ssl = 1;
176874664626SKris Kennaway                 read_tty = 0;
176974664626SKris Kennaway                 break;
177074664626SKris Kennaway             case SSL_ERROR_WANT_READ:
177174664626SKris Kennaway                 BIO_printf(bio_c_out, "read R BLOCK\n");
177274664626SKris Kennaway                 write_tty = 0;
177374664626SKris Kennaway                 read_ssl = 1;
177474664626SKris Kennaway                 if ((read_tty == 0) && (write_ssl == 0))
177574664626SKris Kennaway                     write_ssl = 1;
177674664626SKris Kennaway                 break;
177774664626SKris Kennaway             case SSL_ERROR_WANT_X509_LOOKUP:
177874664626SKris Kennaway                 BIO_printf(bio_c_out, "read X BLOCK\n");
177974664626SKris Kennaway                 break;
178074664626SKris Kennaway             case SSL_ERROR_SYSCALL:
17811f13597dSJung-uk Kim                 ret = get_last_socket_error();
17821f13597dSJung-uk Kim                 BIO_printf(bio_err, "read:errno=%d\n", ret);
178374664626SKris Kennaway                 goto shut;
178474664626SKris Kennaway             case SSL_ERROR_ZERO_RETURN:
178574664626SKris Kennaway                 BIO_printf(bio_c_out, "closed\n");
17861f13597dSJung-uk Kim                 ret = 0;
178774664626SKris Kennaway                 goto shut;
178874664626SKris Kennaway             case SSL_ERROR_SSL:
178974664626SKris Kennaway                 ERR_print_errors(bio_err);
179074664626SKris Kennaway                 goto shut;
179174664626SKris Kennaway                 /* break; */
179274664626SKris Kennaway             }
179374664626SKris Kennaway         }
179450ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
179550ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
17965c87c606SMark Murray         else if (_kbhit())
17975c87c606SMark Murray # else
1798*6f9291ceSJung-uk Kim         else if ((_kbhit())
1799*6f9291ceSJung-uk Kim                  || (WAIT_OBJECT_0 ==
1800*6f9291ceSJung-uk Kim                      WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
18015c87c606SMark Murray # endif
18023b4e3dcbSSimon L. B. Nielsen #elif defined (OPENSSL_SYS_NETWARE)
18033b4e3dcbSSimon L. B. Nielsen         else if (_kbhit())
18041f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5)
18051f13597dSJung-uk Kim         else if (stdin_set)
1806f579bf8eSKris Kennaway #else
180774664626SKris Kennaway         else if (FD_ISSET(fileno(stdin), &readfds))
1808f579bf8eSKris Kennaway #endif
180974664626SKris Kennaway         {
1810*6f9291ceSJung-uk Kim             if (crlf) {
181174664626SKris Kennaway                 int j, lf_num;
181274664626SKris Kennaway 
18131f13597dSJung-uk Kim                 i = raw_read_stdin(cbuf, BUFSIZZ / 2);
181474664626SKris Kennaway                 lf_num = 0;
181574664626SKris Kennaway                 /* both loops are skipped when i <= 0 */
181674664626SKris Kennaway                 for (j = 0; j < i; j++)
181774664626SKris Kennaway                     if (cbuf[j] == '\n')
181874664626SKris Kennaway                         lf_num++;
1819*6f9291ceSJung-uk Kim                 for (j = i - 1; j >= 0; j--) {
182074664626SKris Kennaway                     cbuf[j + lf_num] = cbuf[j];
1821*6f9291ceSJung-uk Kim                     if (cbuf[j] == '\n') {
182274664626SKris Kennaway                         lf_num--;
182374664626SKris Kennaway                         i++;
182474664626SKris Kennaway                         cbuf[j + lf_num] = '\r';
182574664626SKris Kennaway                     }
182674664626SKris Kennaway                 }
182774664626SKris Kennaway                 assert(lf_num == 0);
1828*6f9291ceSJung-uk Kim             } else
18291f13597dSJung-uk Kim                 i = raw_read_stdin(cbuf, BUFSIZZ);
183074664626SKris Kennaway 
1831*6f9291ceSJung-uk Kim             if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) {
183274664626SKris Kennaway                 BIO_printf(bio_err, "DONE\n");
18331f13597dSJung-uk Kim                 ret = 0;
183474664626SKris Kennaway                 goto shut;
183574664626SKris Kennaway             }
183674664626SKris Kennaway 
1837*6f9291ceSJung-uk Kim             if ((!c_ign_eof) && (cbuf[0] == 'R')) {
183874664626SKris Kennaway                 BIO_printf(bio_err, "RENEGOTIATING\n");
183974664626SKris Kennaway                 SSL_renegotiate(con);
184074664626SKris Kennaway                 cbuf_len = 0;
184174664626SKris Kennaway             }
18421f13597dSJung-uk Kim #ifndef OPENSSL_NO_HEARTBEATS
1843*6f9291ceSJung-uk Kim             else if ((!c_ign_eof) && (cbuf[0] == 'B')) {
18441f13597dSJung-uk Kim                 BIO_printf(bio_err, "HEARTBEATING\n");
18451f13597dSJung-uk Kim                 SSL_heartbeat(con);
18461f13597dSJung-uk Kim                 cbuf_len = 0;
18471f13597dSJung-uk Kim             }
18481f13597dSJung-uk Kim #endif
1849*6f9291ceSJung-uk Kim             else {
185074664626SKris Kennaway                 cbuf_len = i;
185174664626SKris Kennaway                 cbuf_off = 0;
185274664626SKris Kennaway #ifdef CHARSET_EBCDIC
185374664626SKris Kennaway                 ebcdic2ascii(cbuf, cbuf, i);
185474664626SKris Kennaway #endif
185574664626SKris Kennaway             }
185674664626SKris Kennaway 
185774664626SKris Kennaway             write_ssl = 1;
185874664626SKris Kennaway             read_tty = 0;
185974664626SKris Kennaway         }
186074664626SKris Kennaway     }
18611f13597dSJung-uk Kim 
18621f13597dSJung-uk Kim     ret = 0;
186374664626SKris Kennaway  shut:
18641f13597dSJung-uk Kim     if (in_init)
18651f13597dSJung-uk Kim         print_stuff(bio_c_out, con, full_log);
186674664626SKris Kennaway     SSL_shutdown(con);
186774664626SKris Kennaway     SHUTDOWN(SSL_get_fd(con));
186874664626SKris Kennaway  end:
1869*6f9291ceSJung-uk Kim     if (con != NULL) {
18701f13597dSJung-uk Kim         if (prexit != 0)
18711f13597dSJung-uk Kim             print_stuff(bio_c_out, con, 1);
18721f13597dSJung-uk Kim         SSL_free(con);
18731f13597dSJung-uk Kim     }
187409286989SJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
187509286989SJung-uk Kim     if (next_proto.data)
187609286989SJung-uk Kim         OPENSSL_free(next_proto.data);
187709286989SJung-uk Kim #endif
1878*6f9291ceSJung-uk Kim     if (ctx != NULL)
1879*6f9291ceSJung-uk Kim         SSL_CTX_free(ctx);
18803b4e3dcbSSimon L. B. Nielsen     if (cert)
18813b4e3dcbSSimon L. B. Nielsen         X509_free(cert);
18823b4e3dcbSSimon L. B. Nielsen     if (key)
18833b4e3dcbSSimon L. B. Nielsen         EVP_PKEY_free(key);
18843b4e3dcbSSimon L. B. Nielsen     if (pass)
18853b4e3dcbSSimon L. B. Nielsen         OPENSSL_free(pass);
188609286989SJung-uk Kim     if (vpm)
188709286989SJung-uk Kim         X509_VERIFY_PARAM_free(vpm);
1888*6f9291ceSJung-uk Kim     if (cbuf != NULL) {
1889*6f9291ceSJung-uk Kim         OPENSSL_cleanse(cbuf, BUFSIZZ);
1890*6f9291ceSJung-uk Kim         OPENSSL_free(cbuf);
1891*6f9291ceSJung-uk Kim     }
1892*6f9291ceSJung-uk Kim     if (sbuf != NULL) {
1893*6f9291ceSJung-uk Kim         OPENSSL_cleanse(sbuf, BUFSIZZ);
1894*6f9291ceSJung-uk Kim         OPENSSL_free(sbuf);
1895*6f9291ceSJung-uk Kim     }
1896*6f9291ceSJung-uk Kim     if (mbuf != NULL) {
1897*6f9291ceSJung-uk Kim         OPENSSL_cleanse(mbuf, BUFSIZZ);
1898*6f9291ceSJung-uk Kim         OPENSSL_free(mbuf);
1899*6f9291ceSJung-uk Kim     }
1900*6f9291ceSJung-uk Kim     if (bio_c_out != NULL) {
190174664626SKris Kennaway         BIO_free(bio_c_out);
190274664626SKris Kennaway         bio_c_out = NULL;
190374664626SKris Kennaway     }
19045c87c606SMark Murray     apps_shutdown();
19055c87c606SMark Murray     OPENSSL_EXIT(ret);
190674664626SKris Kennaway }
190774664626SKris Kennaway 
190874664626SKris Kennaway static void print_stuff(BIO *bio, SSL *s, int full)
190974664626SKris Kennaway {
191074664626SKris Kennaway     X509 *peer = NULL;
191174664626SKris Kennaway     char *p;
19123b4e3dcbSSimon L. B. Nielsen     static const char *space = "                ";
191374664626SKris Kennaway     char buf[BUFSIZ];
191474664626SKris Kennaway     STACK_OF(X509) *sk;
191574664626SKris Kennaway     STACK_OF(X509_NAME) *sk2;
19161f13597dSJung-uk Kim     const SSL_CIPHER *c;
191774664626SKris Kennaway     X509_NAME *xn;
191874664626SKris Kennaway     int j, i;
19193b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP
19203b4e3dcbSSimon L. B. Nielsen     const COMP_METHOD *comp, *expansion;
19213b4e3dcbSSimon L. B. Nielsen #endif
19221f13597dSJung-uk Kim     unsigned char *exportedkeymat;
192374664626SKris Kennaway 
1924*6f9291ceSJung-uk Kim     if (full) {
192574664626SKris Kennaway         int got_a_chain = 0;
192674664626SKris Kennaway 
192774664626SKris Kennaway         sk = SSL_get_peer_cert_chain(s);
1928*6f9291ceSJung-uk Kim         if (sk != NULL) {
192974664626SKris Kennaway             got_a_chain = 1;    /* we don't have it for SSL2 (yet) */
193074664626SKris Kennaway 
193174664626SKris Kennaway             BIO_printf(bio, "---\nCertificate chain\n");
1932*6f9291ceSJung-uk Kim             for (i = 0; i < sk_X509_num(sk); i++) {
1933*6f9291ceSJung-uk Kim                 X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
1934*6f9291ceSJung-uk Kim                                   buf, sizeof buf);
193574664626SKris Kennaway                 BIO_printf(bio, "%2d s:%s\n", i, buf);
1936*6f9291ceSJung-uk Kim                 X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
1937*6f9291ceSJung-uk Kim                                   buf, sizeof buf);
193874664626SKris Kennaway                 BIO_printf(bio, "   i:%s\n", buf);
193974664626SKris Kennaway                 if (c_showcerts)
194074664626SKris Kennaway                     PEM_write_bio_X509(bio, sk_X509_value(sk, i));
194174664626SKris Kennaway             }
194274664626SKris Kennaway         }
194374664626SKris Kennaway 
194474664626SKris Kennaway         BIO_printf(bio, "---\n");
194574664626SKris Kennaway         peer = SSL_get_peer_certificate(s);
1946*6f9291ceSJung-uk Kim         if (peer != NULL) {
194774664626SKris Kennaway             BIO_printf(bio, "Server certificate\n");
1948*6f9291ceSJung-uk Kim 
1949*6f9291ceSJung-uk Kim             /* Redundant if we showed the whole chain */
1950*6f9291ceSJung-uk Kim             if (!(c_showcerts && got_a_chain))
195174664626SKris Kennaway                 PEM_write_bio_X509(bio, peer);
1952*6f9291ceSJung-uk Kim             X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
195374664626SKris Kennaway             BIO_printf(bio, "subject=%s\n", buf);
1954*6f9291ceSJung-uk Kim             X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
195574664626SKris Kennaway             BIO_printf(bio, "issuer=%s\n", buf);
1956*6f9291ceSJung-uk Kim         } else
195774664626SKris Kennaway             BIO_printf(bio, "no peer certificate available\n");
195874664626SKris Kennaway 
195974664626SKris Kennaway         sk2 = SSL_get_client_CA_list(s);
1960*6f9291ceSJung-uk Kim         if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) {
196174664626SKris Kennaway             BIO_printf(bio, "---\nAcceptable client certificate CA names\n");
1962*6f9291ceSJung-uk Kim             for (i = 0; i < sk_X509_NAME_num(sk2); i++) {
196374664626SKris Kennaway                 xn = sk_X509_NAME_value(sk2, i);
196474664626SKris Kennaway                 X509_NAME_oneline(xn, buf, sizeof(buf));
196574664626SKris Kennaway                 BIO_write(bio, buf, strlen(buf));
196674664626SKris Kennaway                 BIO_write(bio, "\n", 1);
196774664626SKris Kennaway             }
1968*6f9291ceSJung-uk Kim         } else {
196974664626SKris Kennaway             BIO_printf(bio, "---\nNo client certificate CA names sent\n");
197074664626SKris Kennaway         }
19715c87c606SMark Murray         p = SSL_get_shared_ciphers(s, buf, sizeof buf);
1972*6f9291ceSJung-uk Kim         if (p != NULL) {
1973*6f9291ceSJung-uk Kim             /*
1974*6f9291ceSJung-uk Kim              * This works only for SSL 2.  In later protocol versions, the
1975*6f9291ceSJung-uk Kim              * client does not know what other ciphers (in addition to the
1976*6f9291ceSJung-uk Kim              * one to be used in the current connection) the server supports.
1977*6f9291ceSJung-uk Kim              */
197874664626SKris Kennaway 
1979*6f9291ceSJung-uk Kim             BIO_printf(bio,
1980*6f9291ceSJung-uk Kim                        "---\nCiphers common between both SSL endpoints:\n");
198174664626SKris Kennaway             j = i = 0;
1982*6f9291ceSJung-uk Kim             while (*p) {
1983*6f9291ceSJung-uk Kim                 if (*p == ':') {
198474664626SKris Kennaway                     BIO_write(bio, space, 15 - j % 25);
198574664626SKris Kennaway                     i++;
198674664626SKris Kennaway                     j = 0;
198774664626SKris Kennaway                     BIO_write(bio, ((i % 3) ? " " : "\n"), 1);
1988*6f9291ceSJung-uk Kim                 } else {
198974664626SKris Kennaway                     BIO_write(bio, p, 1);
199074664626SKris Kennaway                     j++;
199174664626SKris Kennaway                 }
199274664626SKris Kennaway                 p++;
199374664626SKris Kennaway             }
199474664626SKris Kennaway             BIO_write(bio, "\n", 1);
199574664626SKris Kennaway         }
199674664626SKris Kennaway 
1997*6f9291ceSJung-uk Kim         BIO_printf(bio,
1998*6f9291ceSJung-uk Kim                    "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
199974664626SKris Kennaway                    BIO_number_read(SSL_get_rbio(s)),
200074664626SKris Kennaway                    BIO_number_written(SSL_get_wbio(s)));
200174664626SKris Kennaway     }
20021f13597dSJung-uk Kim     BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, "));
200374664626SKris Kennaway     c = SSL_get_current_cipher(s);
200474664626SKris Kennaway     BIO_printf(bio, "%s, Cipher is %s\n",
2005*6f9291ceSJung-uk Kim                SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
200674664626SKris Kennaway     if (peer != NULL) {
200774664626SKris Kennaway         EVP_PKEY *pktmp;
200874664626SKris Kennaway         pktmp = X509_get_pubkey(peer);
200974664626SKris Kennaway         BIO_printf(bio, "Server public key is %d bit\n",
201074664626SKris Kennaway                    EVP_PKEY_bits(pktmp));
201174664626SKris Kennaway         EVP_PKEY_free(pktmp);
201274664626SKris Kennaway     }
20136a599222SSimon L. B. Nielsen     BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
20146a599222SSimon L. B. Nielsen                SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
20153b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP
20163b4e3dcbSSimon L. B. Nielsen     comp = SSL_get_current_compression(s);
20173b4e3dcbSSimon L. B. Nielsen     expansion = SSL_get_current_expansion(s);
20183b4e3dcbSSimon L. B. Nielsen     BIO_printf(bio, "Compression: %s\n",
20193b4e3dcbSSimon L. B. Nielsen                comp ? SSL_COMP_get_name(comp) : "NONE");
20203b4e3dcbSSimon L. B. Nielsen     BIO_printf(bio, "Expansion: %s\n",
20213b4e3dcbSSimon L. B. Nielsen                expansion ? SSL_COMP_get_name(expansion) : "NONE");
20223b4e3dcbSSimon L. B. Nielsen #endif
20231f13597dSJung-uk Kim 
20241f13597dSJung-uk Kim #ifdef SSL_DEBUG
20251f13597dSJung-uk Kim     {
20261f13597dSJung-uk Kim         /* Print out local port of connection: useful for debugging */
20271f13597dSJung-uk Kim         int sock;
20281f13597dSJung-uk Kim         struct sockaddr_in ladd;
20291f13597dSJung-uk Kim         socklen_t ladd_size = sizeof(ladd);
20301f13597dSJung-uk Kim         sock = SSL_get_fd(s);
20311f13597dSJung-uk Kim         getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
20321f13597dSJung-uk Kim         BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
20331f13597dSJung-uk Kim     }
20341f13597dSJung-uk Kim #endif
20351f13597dSJung-uk Kim 
20361f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
20371f13597dSJung-uk Kim     if (next_proto.status != -1) {
20381f13597dSJung-uk Kim         const unsigned char *proto;
20391f13597dSJung-uk Kim         unsigned int proto_len;
20401f13597dSJung-uk Kim         SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
20411f13597dSJung-uk Kim         BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
20421f13597dSJung-uk Kim         BIO_write(bio, proto, proto_len);
20431f13597dSJung-uk Kim         BIO_write(bio, "\n", 1);
20441f13597dSJung-uk Kim     }
20451f13597dSJung-uk Kim #endif
20461f13597dSJung-uk Kim 
204709286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP
20481f13597dSJung-uk Kim     {
2049*6f9291ceSJung-uk Kim         SRTP_PROTECTION_PROFILE *srtp_profile =
2050*6f9291ceSJung-uk Kim             SSL_get_selected_srtp_profile(s);
20511f13597dSJung-uk Kim 
20521f13597dSJung-uk Kim         if (srtp_profile)
20531f13597dSJung-uk Kim             BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n",
20541f13597dSJung-uk Kim                        srtp_profile->name);
20551f13597dSJung-uk Kim     }
205609286989SJung-uk Kim #endif
20571f13597dSJung-uk Kim 
205874664626SKris Kennaway     SSL_SESSION_print(bio, SSL_get_session(s));
2059*6f9291ceSJung-uk Kim     if (keymatexportlabel != NULL) {
20601f13597dSJung-uk Kim         BIO_printf(bio, "Keying material exporter:\n");
20611f13597dSJung-uk Kim         BIO_printf(bio, "    Label: '%s'\n", keymatexportlabel);
20621f13597dSJung-uk Kim         BIO_printf(bio, "    Length: %i bytes\n", keymatexportlen);
20631f13597dSJung-uk Kim         exportedkeymat = OPENSSL_malloc(keymatexportlen);
2064*6f9291ceSJung-uk Kim         if (exportedkeymat != NULL) {
20651f13597dSJung-uk Kim             if (!SSL_export_keying_material(s, exportedkeymat,
20661f13597dSJung-uk Kim                                             keymatexportlen,
20671f13597dSJung-uk Kim                                             keymatexportlabel,
20681f13597dSJung-uk Kim                                             strlen(keymatexportlabel),
2069*6f9291ceSJung-uk Kim                                             NULL, 0, 0)) {
20701f13597dSJung-uk Kim                 BIO_printf(bio, "    Error\n");
2071*6f9291ceSJung-uk Kim             } else {
20721f13597dSJung-uk Kim                 BIO_printf(bio, "    Keying material: ");
20731f13597dSJung-uk Kim                 for (i = 0; i < keymatexportlen; i++)
2074*6f9291ceSJung-uk Kim                     BIO_printf(bio, "%02X", exportedkeymat[i]);
20751f13597dSJung-uk Kim                 BIO_printf(bio, "\n");
20761f13597dSJung-uk Kim             }
20771f13597dSJung-uk Kim             OPENSSL_free(exportedkeymat);
20781f13597dSJung-uk Kim         }
20791f13597dSJung-uk Kim     }
208074664626SKris Kennaway     BIO_printf(bio, "---\n");
208174664626SKris Kennaway     if (peer != NULL)
208274664626SKris Kennaway         X509_free(peer);
2083a21b1b38SKris Kennaway     /* flush, or debugging output gets mixed with http response */
2084db522d3aSSimon L. B. Nielsen     (void)BIO_flush(bio);
208574664626SKris Kennaway }
208674664626SKris Kennaway 
2087db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT
2088db522d3aSSimon L. B. Nielsen 
2089db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg)
2090db522d3aSSimon L. B. Nielsen {
2091db522d3aSSimon L. B. Nielsen     const unsigned char *p;
2092db522d3aSSimon L. B. Nielsen     int len;
2093db522d3aSSimon L. B. Nielsen     OCSP_RESPONSE *rsp;
2094db522d3aSSimon L. B. Nielsen     len = SSL_get_tlsext_status_ocsp_resp(s, &p);
2095db522d3aSSimon L. B. Nielsen     BIO_puts(arg, "OCSP response: ");
2096*6f9291ceSJung-uk Kim     if (!p) {
2097db522d3aSSimon L. B. Nielsen         BIO_puts(arg, "no response sent\n");
2098db522d3aSSimon L. B. Nielsen         return 1;
2099db522d3aSSimon L. B. Nielsen     }
2100db522d3aSSimon L. B. Nielsen     rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
2101*6f9291ceSJung-uk Kim     if (!rsp) {
2102db522d3aSSimon L. B. Nielsen         BIO_puts(arg, "response parse error\n");
2103db522d3aSSimon L. B. Nielsen         BIO_dump_indent(arg, (char *)p, len, 4);
2104db522d3aSSimon L. B. Nielsen         return 0;
2105db522d3aSSimon L. B. Nielsen     }
2106db522d3aSSimon L. B. Nielsen     BIO_puts(arg, "\n======================================\n");
2107db522d3aSSimon L. B. Nielsen     OCSP_RESPONSE_print(arg, rsp, 0);
2108db522d3aSSimon L. B. Nielsen     BIO_puts(arg, "======================================\n");
2109db522d3aSSimon L. B. Nielsen     OCSP_RESPONSE_free(rsp);
2110db522d3aSSimon L. B. Nielsen     return 1;
2111db522d3aSSimon L. B. Nielsen }
21121f13597dSJung-uk Kim 
21131f13597dSJung-uk Kim #endif
2114