174664626SKris Kennaway /* apps/s_client.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 585c87c606SMark Murray /* ==================================================================== 591f13597dSJung-uk Kim * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 605c87c606SMark Murray * 615c87c606SMark Murray * Redistribution and use in source and binary forms, with or without 625c87c606SMark Murray * modification, are permitted provided that the following conditions 635c87c606SMark Murray * are met: 645c87c606SMark Murray * 655c87c606SMark Murray * 1. Redistributions of source code must retain the above copyright 665c87c606SMark Murray * notice, this list of conditions and the following disclaimer. 675c87c606SMark Murray * 685c87c606SMark Murray * 2. Redistributions in binary form must reproduce the above copyright 695c87c606SMark Murray * notice, this list of conditions and the following disclaimer in 705c87c606SMark Murray * the documentation and/or other materials provided with the 715c87c606SMark Murray * distribution. 725c87c606SMark Murray * 735c87c606SMark Murray * 3. All advertising materials mentioning features or use of this 745c87c606SMark Murray * software must display the following acknowledgment: 755c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 765c87c606SMark Murray * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 775c87c606SMark Murray * 785c87c606SMark Murray * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 795c87c606SMark Murray * endorse or promote products derived from this software without 805c87c606SMark Murray * prior written permission. For written permission, please contact 815c87c606SMark Murray * openssl-core@openssl.org. 825c87c606SMark Murray * 835c87c606SMark Murray * 5. Products derived from this software may not be called "OpenSSL" 845c87c606SMark Murray * nor may "OpenSSL" appear in their names without prior written 855c87c606SMark Murray * permission of the OpenSSL Project. 865c87c606SMark Murray * 875c87c606SMark Murray * 6. Redistributions of any form whatsoever must retain the following 885c87c606SMark Murray * acknowledgment: 895c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 905c87c606SMark Murray * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 915c87c606SMark Murray * 925c87c606SMark Murray * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 935c87c606SMark Murray * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 945c87c606SMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 955c87c606SMark Murray * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 965c87c606SMark Murray * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 975c87c606SMark Murray * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 985c87c606SMark Murray * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 995c87c606SMark Murray * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1005c87c606SMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1015c87c606SMark Murray * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 1025c87c606SMark Murray * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 1035c87c606SMark Murray * OF THE POSSIBILITY OF SUCH DAMAGE. 1045c87c606SMark Murray * ==================================================================== 1055c87c606SMark Murray * 1065c87c606SMark Murray * This product includes cryptographic software written by Eric Young 1075c87c606SMark Murray * (eay@cryptsoft.com). This product includes software written by Tim 1085c87c606SMark Murray * Hudson (tjh@cryptsoft.com). 1095c87c606SMark Murray * 1105c87c606SMark Murray */ 1111f13597dSJung-uk Kim /* ==================================================================== 1121f13597dSJung-uk Kim * Copyright 2005 Nokia. All rights reserved. 1131f13597dSJung-uk Kim * 1141f13597dSJung-uk Kim * The portions of the attached software ("Contribution") is developed by 1151f13597dSJung-uk Kim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 1161f13597dSJung-uk Kim * license. 1171f13597dSJung-uk Kim * 1181f13597dSJung-uk Kim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 1191f13597dSJung-uk Kim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 1201f13597dSJung-uk Kim * support (see RFC 4279) to OpenSSL. 1211f13597dSJung-uk Kim * 1221f13597dSJung-uk Kim * No patent licenses or other rights except those expressly stated in 1231f13597dSJung-uk Kim * the OpenSSL open source license shall be deemed granted or received 1241f13597dSJung-uk Kim * expressly, by implication, estoppel, or otherwise. 1251f13597dSJung-uk Kim * 1261f13597dSJung-uk Kim * No assurances are provided by Nokia that the Contribution does not 1271f13597dSJung-uk Kim * infringe the patent or other intellectual property rights of any third 1281f13597dSJung-uk Kim * party or that the license provides you with all the necessary rights 1291f13597dSJung-uk Kim * to make use of the Contribution. 1301f13597dSJung-uk Kim * 1311f13597dSJung-uk Kim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 1321f13597dSJung-uk Kim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 1331f13597dSJung-uk Kim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 1341f13597dSJung-uk Kim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 1351f13597dSJung-uk Kim * OTHERWISE. 1361f13597dSJung-uk Kim */ 13774664626SKris Kennaway 13874664626SKris Kennaway #include <assert.h> 1391f13597dSJung-uk Kim #include <ctype.h> 14074664626SKris Kennaway #include <stdio.h> 14174664626SKris Kennaway #include <stdlib.h> 14274664626SKris Kennaway #include <string.h> 1435c87c606SMark Murray #include <openssl/e_os2.h> 1445c87c606SMark Murray #ifdef OPENSSL_NO_STDIO 14574664626SKris Kennaway # define APPS_WIN16 14674664626SKris Kennaway #endif 14774664626SKris Kennaway 148*6f9291ceSJung-uk Kim /* 149*6f9291ceSJung-uk Kim * With IPv6, it looks like Digital has mixed up the proper order of 150*6f9291ceSJung-uk Kim * recursive header file inclusion, resulting in the compiler complaining 151*6f9291ceSJung-uk Kim * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is 152*6f9291ceSJung-uk Kim * needed to have fileno() declared correctly... So let's define u_int 153*6f9291ceSJung-uk Kim */ 1545c87c606SMark Murray #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 15574664626SKris Kennaway # define __U_INT 15674664626SKris Kennaway typedef unsigned int u_int; 15774664626SKris Kennaway #endif 15874664626SKris Kennaway 15974664626SKris Kennaway #define USE_SOCKETS 16074664626SKris Kennaway #include "apps.h" 16174664626SKris Kennaway #include <openssl/x509.h> 16274664626SKris Kennaway #include <openssl/ssl.h> 16374664626SKris Kennaway #include <openssl/err.h> 16474664626SKris Kennaway #include <openssl/pem.h> 1655740a5e3SKris Kennaway #include <openssl/rand.h> 166db522d3aSSimon L. B. Nielsen #include <openssl/ocsp.h> 1671f13597dSJung-uk Kim #include <openssl/bn.h> 1681f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 1691f13597dSJung-uk Kim # include <openssl/srp.h> 1701f13597dSJung-uk Kim #endif 17174664626SKris Kennaway #include "s_apps.h" 1723b4e3dcbSSimon L. B. Nielsen #include "timeouts.h" 17374664626SKris Kennaway 1745c87c606SMark Murray #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) 17574664626SKris Kennaway /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 17674664626SKris Kennaway # undef FIONBIO 17774664626SKris Kennaway #endif 17874664626SKris Kennaway 1791f13597dSJung-uk Kim #if defined(OPENSSL_SYS_BEOS_R5) 1801f13597dSJung-uk Kim # include <fcntl.h> 1811f13597dSJung-uk Kim #endif 1821f13597dSJung-uk Kim 18374664626SKris Kennaway #undef PROG 18474664626SKris Kennaway #define PROG s_client_main 18574664626SKris Kennaway 186*6f9291ceSJung-uk Kim /* 187*6f9291ceSJung-uk Kim * #define SSL_HOST_NAME "www.netscape.com" 188*6f9291ceSJung-uk Kim */ 189*6f9291ceSJung-uk Kim /* 190*6f9291ceSJung-uk Kim * #define SSL_HOST_NAME "193.118.187.102" 191*6f9291ceSJung-uk Kim */ 19274664626SKris Kennaway #define SSL_HOST_NAME "localhost" 19374664626SKris Kennaway 194*6f9291ceSJung-uk Kim /* no default cert. */ 195*6f9291ceSJung-uk Kim /* 196*6f9291ceSJung-uk Kim * #define TEST_CERT "client.pem" 197*6f9291ceSJung-uk Kim */ 19874664626SKris Kennaway 19974664626SKris Kennaway #undef BUFSIZZ 20074664626SKris Kennaway #define BUFSIZZ 1024*8 20174664626SKris Kennaway 20274664626SKris Kennaway extern int verify_depth; 20374664626SKris Kennaway extern int verify_error; 2041f13597dSJung-uk Kim extern int verify_return_error; 20574664626SKris Kennaway 20674664626SKris Kennaway #ifdef FIONBIO 20774664626SKris Kennaway static int c_nbio = 0; 20874664626SKris Kennaway #endif 20974664626SKris Kennaway static int c_Pause = 0; 21074664626SKris Kennaway static int c_debug = 0; 211db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 212db522d3aSSimon L. B. Nielsen static int c_tlsextdebug = 0; 213db522d3aSSimon L. B. Nielsen static int c_status_req = 0; 214db522d3aSSimon L. B. Nielsen #endif 2155c87c606SMark Murray static int c_msg = 0; 21674664626SKris Kennaway static int c_showcerts = 0; 21774664626SKris Kennaway 2181f13597dSJung-uk Kim static char *keymatexportlabel = NULL; 2191f13597dSJung-uk Kim static int keymatexportlen = 20; 2201f13597dSJung-uk Kim 22174664626SKris Kennaway static void sc_usage(void); 22274664626SKris Kennaway static void print_stuff(BIO *berr, SSL *con, int full); 223db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 224db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg); 225db522d3aSSimon L. B. Nielsen #endif 22674664626SKris Kennaway static BIO *bio_c_out = NULL; 22774664626SKris Kennaway static int c_quiet = 0; 228f579bf8eSKris Kennaway static int c_ign_eof = 0; 22974664626SKris Kennaway 2301f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 2311f13597dSJung-uk Kim /* Default PSK identity and key */ 2321f13597dSJung-uk Kim static char *psk_identity = "Client_identity"; 233*6f9291ceSJung-uk Kim /* 234*6f9291ceSJung-uk Kim * char *psk_key=NULL; by default PSK is not used 235*6f9291ceSJung-uk Kim */ 2361f13597dSJung-uk Kim 2371f13597dSJung-uk Kim static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, 238*6f9291ceSJung-uk Kim unsigned int max_identity_len, 239*6f9291ceSJung-uk Kim unsigned char *psk, 2401f13597dSJung-uk Kim unsigned int max_psk_len) 2411f13597dSJung-uk Kim { 2421f13597dSJung-uk Kim unsigned int psk_len = 0; 2431f13597dSJung-uk Kim int ret; 2441f13597dSJung-uk Kim BIGNUM *bn = NULL; 2451f13597dSJung-uk Kim 2461f13597dSJung-uk Kim if (c_debug) 2471f13597dSJung-uk Kim BIO_printf(bio_c_out, "psk_client_cb\n"); 248*6f9291ceSJung-uk Kim if (!hint) { 2491f13597dSJung-uk Kim /* no ServerKeyExchange message */ 2501f13597dSJung-uk Kim if (c_debug) 251*6f9291ceSJung-uk Kim BIO_printf(bio_c_out, 252*6f9291ceSJung-uk Kim "NULL received PSK identity hint, continuing anyway\n"); 253*6f9291ceSJung-uk Kim } else if (c_debug) 2541f13597dSJung-uk Kim BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); 2551f13597dSJung-uk Kim 256*6f9291ceSJung-uk Kim /* 257*6f9291ceSJung-uk Kim * lookup PSK identity and PSK key based on the given identity hint here 258*6f9291ceSJung-uk Kim */ 2591f13597dSJung-uk Kim ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); 2601f13597dSJung-uk Kim if (ret < 0 || (unsigned int)ret > max_identity_len) 2611f13597dSJung-uk Kim goto out_err; 2621f13597dSJung-uk Kim if (c_debug) 263*6f9291ceSJung-uk Kim BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, 264*6f9291ceSJung-uk Kim ret); 2651f13597dSJung-uk Kim ret = BN_hex2bn(&bn, psk_key); 266*6f9291ceSJung-uk Kim if (!ret) { 267*6f9291ceSJung-uk Kim BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", 268*6f9291ceSJung-uk Kim psk_key); 2691f13597dSJung-uk Kim if (bn) 2701f13597dSJung-uk Kim BN_free(bn); 2711f13597dSJung-uk Kim return 0; 2721f13597dSJung-uk Kim } 2731f13597dSJung-uk Kim 274*6f9291ceSJung-uk Kim if ((unsigned int)BN_num_bytes(bn) > max_psk_len) { 275*6f9291ceSJung-uk Kim BIO_printf(bio_err, 276*6f9291ceSJung-uk Kim "psk buffer of callback is too small (%d) for key (%d)\n", 2771f13597dSJung-uk Kim max_psk_len, BN_num_bytes(bn)); 2781f13597dSJung-uk Kim BN_free(bn); 2791f13597dSJung-uk Kim return 0; 2801f13597dSJung-uk Kim } 2811f13597dSJung-uk Kim 2821f13597dSJung-uk Kim psk_len = BN_bn2bin(bn, psk); 2831f13597dSJung-uk Kim BN_free(bn); 2841f13597dSJung-uk Kim if (psk_len == 0) 2851f13597dSJung-uk Kim goto out_err; 2861f13597dSJung-uk Kim 2871f13597dSJung-uk Kim if (c_debug) 2881f13597dSJung-uk Kim BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); 2891f13597dSJung-uk Kim 2901f13597dSJung-uk Kim return psk_len; 2911f13597dSJung-uk Kim out_err: 2921f13597dSJung-uk Kim if (c_debug) 2931f13597dSJung-uk Kim BIO_printf(bio_err, "Error in PSK client callback\n"); 2941f13597dSJung-uk Kim return 0; 2951f13597dSJung-uk Kim } 2961f13597dSJung-uk Kim #endif 2971f13597dSJung-uk Kim 29874664626SKris Kennaway static void sc_usage(void) 29974664626SKris Kennaway { 30074664626SKris Kennaway BIO_printf(bio_err, "usage: s_client args\n"); 30174664626SKris Kennaway BIO_printf(bio_err, "\n"); 30274664626SKris Kennaway BIO_printf(bio_err, " -host host - use -connect instead\n"); 30374664626SKris Kennaway BIO_printf(bio_err, " -port port - use -connect instead\n"); 304*6f9291ceSJung-uk Kim BIO_printf(bio_err, 305*6f9291ceSJung-uk Kim " -connect host:port - who to connect to (default is %s:%s)\n", 306*6f9291ceSJung-uk Kim SSL_HOST_NAME, PORT_STR); 30774664626SKris Kennaway 308*6f9291ceSJung-uk Kim BIO_printf(bio_err, 309*6f9291ceSJung-uk Kim " -verify arg - turn on peer certificate verification\n"); 310*6f9291ceSJung-uk Kim BIO_printf(bio_err, 311*6f9291ceSJung-uk Kim " -verify_return_error - return verification errors\n"); 312*6f9291ceSJung-uk Kim BIO_printf(bio_err, 313*6f9291ceSJung-uk Kim " -cert arg - certificate file to use, PEM format assumed\n"); 314*6f9291ceSJung-uk Kim BIO_printf(bio_err, 315*6f9291ceSJung-uk Kim " -certform arg - certificate format (PEM or DER) PEM default\n"); 316*6f9291ceSJung-uk Kim BIO_printf(bio_err, 317*6f9291ceSJung-uk Kim " -key arg - Private key file to use, in cert file if\n"); 31874664626SKris Kennaway BIO_printf(bio_err, " not specified but cert file is.\n"); 319*6f9291ceSJung-uk Kim BIO_printf(bio_err, 320*6f9291ceSJung-uk Kim " -keyform arg - key format (PEM or DER) PEM default\n"); 321*6f9291ceSJung-uk Kim BIO_printf(bio_err, 322*6f9291ceSJung-uk Kim " -pass arg - private key file pass phrase source\n"); 32374664626SKris Kennaway BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); 32474664626SKris Kennaway BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); 325*6f9291ceSJung-uk Kim BIO_printf(bio_err, 326*6f9291ceSJung-uk Kim " -reconnect - Drop and re-make the connection with the same Session-ID\n"); 327*6f9291ceSJung-uk Kim BIO_printf(bio_err, 328*6f9291ceSJung-uk Kim " -pause - sleep(1) after each read(2) and write(2) system call\n"); 329*6f9291ceSJung-uk Kim BIO_printf(bio_err, 330*6f9291ceSJung-uk Kim " -prexit - print session information even on connection failure\n"); 331*6f9291ceSJung-uk Kim BIO_printf(bio_err, 332*6f9291ceSJung-uk Kim " -showcerts - show all certificates in the chain\n"); 33374664626SKris Kennaway BIO_printf(bio_err, " -debug - extra output\n"); 3343b4e3dcbSSimon L. B. Nielsen #ifdef WATT32 3353b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); 3363b4e3dcbSSimon L. B. Nielsen #endif 3375c87c606SMark Murray BIO_printf(bio_err, " -msg - Show protocol messages\n"); 33874664626SKris Kennaway BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); 33974664626SKris Kennaway BIO_printf(bio_err, " -state - print the 'ssl' states\n"); 34074664626SKris Kennaway #ifdef FIONBIO 34174664626SKris Kennaway BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); 34274664626SKris Kennaway #endif 343*6f9291ceSJung-uk Kim BIO_printf(bio_err, 344*6f9291ceSJung-uk Kim " -crlf - convert LF from terminal into CRLF\n"); 34574664626SKris Kennaway BIO_printf(bio_err, " -quiet - no s_client output\n"); 346*6f9291ceSJung-uk Kim BIO_printf(bio_err, 347*6f9291ceSJung-uk Kim " -ign_eof - ignore input eof (default when -quiet)\n"); 348db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); 3491f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 3501f13597dSJung-uk Kim BIO_printf(bio_err, " -psk_identity arg - PSK identity\n"); 3511f13597dSJung-uk Kim BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); 3521f13597dSJung-uk Kim # ifndef OPENSSL_NO_JPAKE 3531f13597dSJung-uk Kim BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); 3541f13597dSJung-uk Kim # endif 3551f13597dSJung-uk Kim #endif 3561f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 357*6f9291ceSJung-uk Kim BIO_printf(bio_err, 358*6f9291ceSJung-uk Kim " -srpuser user - SRP authentification for 'user'\n"); 3591f13597dSJung-uk Kim BIO_printf(bio_err, " -srppass arg - password for 'user'\n"); 360*6f9291ceSJung-uk Kim BIO_printf(bio_err, 361*6f9291ceSJung-uk Kim " -srp_lateuser - SRP username into second ClientHello message\n"); 362*6f9291ceSJung-uk Kim BIO_printf(bio_err, 363*6f9291ceSJung-uk Kim " -srp_moregroups - Tolerate other than the known g N values.\n"); 364*6f9291ceSJung-uk Kim BIO_printf(bio_err, 365*6f9291ceSJung-uk Kim " -srp_strength int - minimal length in bits for N (default %d).\n", 366*6f9291ceSJung-uk Kim SRP_MINIMAL_N); 3671f13597dSJung-uk Kim #endif 36874664626SKris Kennaway BIO_printf(bio_err, " -ssl2 - just use SSLv2\n"); 369751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 37074664626SKris Kennaway BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); 371751d2991SJung-uk Kim #endif 3721f13597dSJung-uk Kim BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); 3731f13597dSJung-uk Kim BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); 37474664626SKris Kennaway BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); 3753b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); 376fa5fddf1SJung-uk Kim BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n"); 3776a599222SSimon L. B. Nielsen BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); 378*6f9291ceSJung-uk Kim BIO_printf(bio_err, 379*6f9291ceSJung-uk Kim " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); 380*6f9291ceSJung-uk Kim BIO_printf(bio_err, 381*6f9291ceSJung-uk Kim " -bugs - Switch on all SSL implementation bug workarounds\n"); 382*6f9291ceSJung-uk Kim BIO_printf(bio_err, 383*6f9291ceSJung-uk Kim " -serverpref - Use server's cipher preferences (only SSLv2)\n"); 384*6f9291ceSJung-uk Kim BIO_printf(bio_err, 385*6f9291ceSJung-uk Kim " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); 386*6f9291ceSJung-uk Kim BIO_printf(bio_err, 387*6f9291ceSJung-uk Kim " command to see what is available\n"); 388*6f9291ceSJung-uk Kim BIO_printf(bio_err, 389*6f9291ceSJung-uk Kim " -starttls prot - use the STARTTLS command before starting TLS\n"); 390*6f9291ceSJung-uk Kim BIO_printf(bio_err, 391*6f9291ceSJung-uk Kim " for those protocols that support it, where\n"); 392*6f9291ceSJung-uk Kim BIO_printf(bio_err, 393*6f9291ceSJung-uk Kim " 'prot' defines which one to assume. Currently,\n"); 394*6f9291ceSJung-uk Kim BIO_printf(bio_err, 395*6f9291ceSJung-uk Kim " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); 396db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " are supported.\n"); 397fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 398*6f9291ceSJung-uk Kim BIO_printf(bio_err, 399*6f9291ceSJung-uk Kim " -engine id - Initialise and use the specified engine\n"); 400fceca8a3SJacques Vidrine #endif 401*6f9291ceSJung-uk Kim BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, 402*6f9291ceSJung-uk Kim LIST_SEPARATOR_CHAR); 403db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); 404db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); 405db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 406*6f9291ceSJung-uk Kim BIO_printf(bio_err, 407*6f9291ceSJung-uk Kim " -servername host - Set TLS extension servername in ClientHello\n"); 408*6f9291ceSJung-uk Kim BIO_printf(bio_err, 409*6f9291ceSJung-uk Kim " -tlsextdebug - hex dump of all TLS extensions received\n"); 410*6f9291ceSJung-uk Kim BIO_printf(bio_err, 411*6f9291ceSJung-uk Kim " -status - request certificate status from server\n"); 412*6f9291ceSJung-uk Kim BIO_printf(bio_err, 413*6f9291ceSJung-uk Kim " -no_ticket - disable use of RFC4507bis session tickets\n"); 41409286989SJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 415*6f9291ceSJung-uk Kim BIO_printf(bio_err, 416*6f9291ceSJung-uk Kim " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); 4171f13597dSJung-uk Kim # endif 418db522d3aSSimon L. B. Nielsen #endif 419*6f9291ceSJung-uk Kim BIO_printf(bio_err, 420*6f9291ceSJung-uk Kim " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 42109286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 422*6f9291ceSJung-uk Kim BIO_printf(bio_err, 423*6f9291ceSJung-uk Kim " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 42409286989SJung-uk Kim #endif 425*6f9291ceSJung-uk Kim BIO_printf(bio_err, 426*6f9291ceSJung-uk Kim " -keymatexport label - Export keying material using label\n"); 427*6f9291ceSJung-uk Kim BIO_printf(bio_err, 428*6f9291ceSJung-uk Kim " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 42974664626SKris Kennaway } 43074664626SKris Kennaway 431db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 432db522d3aSSimon L. B. Nielsen 433db522d3aSSimon L. B. Nielsen /* This is a context that we pass to callbacks */ 434db522d3aSSimon L. B. Nielsen typedef struct tlsextctx_st { 435db522d3aSSimon L. B. Nielsen BIO *biodebug; 436db522d3aSSimon L. B. Nielsen int ack; 437db522d3aSSimon L. B. Nielsen } tlsextctx; 438db522d3aSSimon L. B. Nielsen 439db522d3aSSimon L. B. Nielsen static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) 440db522d3aSSimon L. B. Nielsen { 441db522d3aSSimon L. B. Nielsen tlsextctx *p = (tlsextctx *) arg; 442db522d3aSSimon L. B. Nielsen const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 443db522d3aSSimon L. B. Nielsen if (SSL_get_servername_type(s) != -1) 444db522d3aSSimon L. B. Nielsen p->ack = !SSL_session_reused(s) && hn != NULL; 445db522d3aSSimon L. B. Nielsen else 446db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Can't use SSL_get_servername\n"); 447db522d3aSSimon L. B. Nielsen 448db522d3aSSimon L. B. Nielsen return SSL_TLSEXT_ERR_OK; 449db522d3aSSimon L. B. Nielsen } 4501f13597dSJung-uk Kim 4511f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP 4521f13597dSJung-uk Kim 4531f13597dSJung-uk Kim /* This is a context that we pass to all callbacks */ 454*6f9291ceSJung-uk Kim typedef struct srp_arg_st { 4551f13597dSJung-uk Kim char *srppassin; 4561f13597dSJung-uk Kim char *srplogin; 4571f13597dSJung-uk Kim int msg; /* copy from c_msg */ 4581f13597dSJung-uk Kim int debug; /* copy from c_debug */ 4591f13597dSJung-uk Kim int amp; /* allow more groups */ 4601f13597dSJung-uk Kim int strength /* minimal size for N */ ; 4611f13597dSJung-uk Kim } SRP_ARG; 4621f13597dSJung-uk Kim 4631f13597dSJung-uk Kim # define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 4641f13597dSJung-uk Kim 4651f13597dSJung-uk Kim static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g) 4661f13597dSJung-uk Kim { 4671f13597dSJung-uk Kim BN_CTX *bn_ctx = BN_CTX_new(); 4681f13597dSJung-uk Kim BIGNUM *p = BN_new(); 4691f13597dSJung-uk Kim BIGNUM *r = BN_new(); 4701f13597dSJung-uk Kim int ret = 4711f13597dSJung-uk Kim g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && 4721f13597dSJung-uk Kim BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 4731f13597dSJung-uk Kim p != NULL && BN_rshift1(p, N) && 4741f13597dSJung-uk Kim /* p = (N-1)/2 */ 4751f13597dSJung-uk Kim BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 4761f13597dSJung-uk Kim r != NULL && 4771f13597dSJung-uk Kim /* verify g^((N-1)/2) == -1 (mod N) */ 4781f13597dSJung-uk Kim BN_mod_exp(r, g, p, N, bn_ctx) && 479*6f9291ceSJung-uk Kim BN_add_word(r, 1) && BN_cmp(r, N) == 0; 4801f13597dSJung-uk Kim 4811f13597dSJung-uk Kim if (r) 4821f13597dSJung-uk Kim BN_free(r); 4831f13597dSJung-uk Kim if (p) 4841f13597dSJung-uk Kim BN_free(p); 4851f13597dSJung-uk Kim if (bn_ctx) 4861f13597dSJung-uk Kim BN_CTX_free(bn_ctx); 4871f13597dSJung-uk Kim return ret; 4881f13597dSJung-uk Kim } 4891f13597dSJung-uk Kim 490*6f9291ceSJung-uk Kim /*- 491*6f9291ceSJung-uk Kim * This callback is used here for two purposes: 492*6f9291ceSJung-uk Kim * - extended debugging 493*6f9291ceSJung-uk Kim * - making some primality tests for unknown groups 494*6f9291ceSJung-uk Kim * The callback is only called for a non default group. 495*6f9291ceSJung-uk Kim * 496*6f9291ceSJung-uk Kim * An application does not need the call back at all if 497*6f9291ceSJung-uk Kim * only the stanard groups are used. In real life situations, 498*6f9291ceSJung-uk Kim * client and server already share well known groups, 499*6f9291ceSJung-uk Kim * thus there is no need to verify them. 500*6f9291ceSJung-uk Kim * Furthermore, in case that a server actually proposes a group that 501*6f9291ceSJung-uk Kim * is not one of those defined in RFC 5054, it is more appropriate 502*6f9291ceSJung-uk Kim * to add the group to a static list and then compare since 503*6f9291ceSJung-uk Kim * primality tests are rather cpu consuming. 5041f13597dSJung-uk Kim */ 5051f13597dSJung-uk Kim 5061f13597dSJung-uk Kim static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg) 5071f13597dSJung-uk Kim { 5081f13597dSJung-uk Kim SRP_ARG *srp_arg = (SRP_ARG *)arg; 5091f13597dSJung-uk Kim BIGNUM *N = NULL, *g = NULL; 5101f13597dSJung-uk Kim if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s))) 5111f13597dSJung-uk Kim return 0; 512*6f9291ceSJung-uk Kim if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) { 5131f13597dSJung-uk Kim BIO_printf(bio_err, "SRP parameters:\n"); 514*6f9291ceSJung-uk Kim BIO_printf(bio_err, "\tN="); 515*6f9291ceSJung-uk Kim BN_print(bio_err, N); 516*6f9291ceSJung-uk Kim BIO_printf(bio_err, "\n\tg="); 517*6f9291ceSJung-uk Kim BN_print(bio_err, g); 5181f13597dSJung-uk Kim BIO_printf(bio_err, "\n"); 5191f13597dSJung-uk Kim } 5201f13597dSJung-uk Kim 5211f13597dSJung-uk Kim if (SRP_check_known_gN_param(g, N)) 5221f13597dSJung-uk Kim return 1; 5231f13597dSJung-uk Kim 524*6f9291ceSJung-uk Kim if (srp_arg->amp == 1) { 5251f13597dSJung-uk Kim if (srp_arg->debug) 526*6f9291ceSJung-uk Kim BIO_printf(bio_err, 527*6f9291ceSJung-uk Kim "SRP param N and g are not known params, going to check deeper.\n"); 5281f13597dSJung-uk Kim 529*6f9291ceSJung-uk Kim /* 530*6f9291ceSJung-uk Kim * The srp_moregroups is a real debugging feature. Implementors 531*6f9291ceSJung-uk Kim * should rather add the value to the known ones. The minimal size 532*6f9291ceSJung-uk Kim * has already been tested. 5331f13597dSJung-uk Kim */ 5341f13597dSJung-uk Kim if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g)) 5351f13597dSJung-uk Kim return 1; 5361f13597dSJung-uk Kim } 5371f13597dSJung-uk Kim BIO_printf(bio_err, "SRP param N and g rejected.\n"); 5381f13597dSJung-uk Kim return 0; 5391f13597dSJung-uk Kim } 5401f13597dSJung-uk Kim 5411f13597dSJung-uk Kim # define PWD_STRLEN 1024 5421f13597dSJung-uk Kim 5431f13597dSJung-uk Kim static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) 5441f13597dSJung-uk Kim { 5451f13597dSJung-uk Kim SRP_ARG *srp_arg = (SRP_ARG *)arg; 5461f13597dSJung-uk Kim char *pass = (char *)OPENSSL_malloc(PWD_STRLEN + 1); 5471f13597dSJung-uk Kim PW_CB_DATA cb_tmp; 5481f13597dSJung-uk Kim int l; 5491f13597dSJung-uk Kim 550*6f9291ceSJung-uk Kim if(!pass) { 551*6f9291ceSJung-uk Kim BIO_printf(bio_err, "Malloc failure\n"); 552*6f9291ceSJung-uk Kim return NULL; 553*6f9291ceSJung-uk Kim } 554*6f9291ceSJung-uk Kim 5551f13597dSJung-uk Kim cb_tmp.password = (char *)srp_arg->srppassin; 5561f13597dSJung-uk Kim cb_tmp.prompt_info = "SRP user"; 557*6f9291ceSJung-uk Kim if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { 5581f13597dSJung-uk Kim BIO_printf(bio_err, "Can't read Password\n"); 5591f13597dSJung-uk Kim OPENSSL_free(pass); 5601f13597dSJung-uk Kim return NULL; 5611f13597dSJung-uk Kim } 5621f13597dSJung-uk Kim *(pass + l) = '\0'; 5631f13597dSJung-uk Kim 5641f13597dSJung-uk Kim return pass; 5651f13597dSJung-uk Kim } 5661f13597dSJung-uk Kim 567db522d3aSSimon L. B. Nielsen # endif 56809286989SJung-uk Kim # ifndef OPENSSL_NO_SRTP 5691f13597dSJung-uk Kim char *srtp_profiles = NULL; 57009286989SJung-uk Kim # endif 5711f13597dSJung-uk Kim 5721f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 5731f13597dSJung-uk Kim /* This the context that we pass to next_proto_cb */ 5741f13597dSJung-uk Kim typedef struct tlsextnextprotoctx_st { 5751f13597dSJung-uk Kim unsigned char *data; 5761f13597dSJung-uk Kim unsigned short len; 5771f13597dSJung-uk Kim int status; 5781f13597dSJung-uk Kim } tlsextnextprotoctx; 5791f13597dSJung-uk Kim 5801f13597dSJung-uk Kim static tlsextnextprotoctx next_proto; 5811f13597dSJung-uk Kim 582*6f9291ceSJung-uk Kim static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, 583*6f9291ceSJung-uk Kim const unsigned char *in, unsigned int inlen, 584*6f9291ceSJung-uk Kim void *arg) 5851f13597dSJung-uk Kim { 5861f13597dSJung-uk Kim tlsextnextprotoctx *ctx = arg; 5871f13597dSJung-uk Kim 588*6f9291ceSJung-uk Kim if (!c_quiet) { 5891f13597dSJung-uk Kim /* We can assume that |in| is syntactically valid. */ 5901f13597dSJung-uk Kim unsigned i; 5911f13597dSJung-uk Kim BIO_printf(bio_c_out, "Protocols advertised by server: "); 592*6f9291ceSJung-uk Kim for (i = 0; i < inlen;) { 5931f13597dSJung-uk Kim if (i) 5941f13597dSJung-uk Kim BIO_write(bio_c_out, ", ", 2); 5951f13597dSJung-uk Kim BIO_write(bio_c_out, &in[i + 1], in[i]); 5961f13597dSJung-uk Kim i += in[i] + 1; 5971f13597dSJung-uk Kim } 5981f13597dSJung-uk Kim BIO_write(bio_c_out, "\n", 1); 5991f13597dSJung-uk Kim } 6001f13597dSJung-uk Kim 601*6f9291ceSJung-uk Kim ctx->status = 602*6f9291ceSJung-uk Kim SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); 6031f13597dSJung-uk Kim return SSL_TLSEXT_ERR_OK; 6041f13597dSJung-uk Kim } 60509286989SJung-uk Kim # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 6061f13597dSJung-uk Kim #endif 6071f13597dSJung-uk Kim 608*6f9291ceSJung-uk Kim enum { 6095471f83eSSimon L. B. Nielsen PROTO_OFF = 0, 6105471f83eSSimon L. B. Nielsen PROTO_SMTP, 6115471f83eSSimon L. B. Nielsen PROTO_POP3, 6125471f83eSSimon L. B. Nielsen PROTO_IMAP, 613db522d3aSSimon L. B. Nielsen PROTO_FTP, 614db522d3aSSimon L. B. Nielsen PROTO_XMPP 6155471f83eSSimon L. B. Nielsen }; 6165471f83eSSimon L. B. Nielsen 617f579bf8eSKris Kennaway int MAIN(int, char **); 618f579bf8eSKris Kennaway 61974664626SKris Kennaway int MAIN(int argc, char **argv) 62074664626SKris Kennaway { 6211f13597dSJung-uk Kim unsigned int off = 0, clr = 0; 6221f13597dSJung-uk Kim SSL *con = NULL; 6231f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5 6241f13597dSJung-uk Kim KSSL_CTX *kctx; 6251f13597dSJung-uk Kim #endif 62674664626SKris Kennaway int s, k, width, state = 0; 6275c87c606SMark Murray char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; 62874664626SKris Kennaway int cbuf_len, cbuf_off; 62974664626SKris Kennaway int sbuf_len, sbuf_off; 63074664626SKris Kennaway fd_set readfds, writefds; 63174664626SKris Kennaway short port = PORT; 63274664626SKris Kennaway int full_log = 1; 63374664626SKris Kennaway char *host = SSL_HOST_NAME; 63474664626SKris Kennaway char *cert_file = NULL, *key_file = NULL; 6353b4e3dcbSSimon L. B. Nielsen int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; 6363b4e3dcbSSimon L. B. Nielsen char *passarg = NULL, *pass = NULL; 6373b4e3dcbSSimon L. B. Nielsen X509 *cert = NULL; 6383b4e3dcbSSimon L. B. Nielsen EVP_PKEY *key = NULL; 63974664626SKris Kennaway char *CApath = NULL, *CAfile = NULL, *cipher = NULL; 64074664626SKris Kennaway int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0; 64174664626SKris Kennaway int crlf = 0; 64274664626SKris Kennaway int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; 64374664626SKris Kennaway SSL_CTX *ctx = NULL; 64474664626SKris Kennaway int ret = 1, in_init = 1, i, nbio_test = 0; 6455471f83eSSimon L. B. Nielsen int starttls_proto = PROTO_OFF; 6461f13597dSJung-uk Kim int prexit = 0; 6471f13597dSJung-uk Kim X509_VERIFY_PARAM *vpm = NULL; 6481f13597dSJung-uk Kim int badarg = 0; 6491f13597dSJung-uk Kim const SSL_METHOD *meth = NULL; 6501f13597dSJung-uk Kim int socket_type = SOCK_STREAM; 65174664626SKris Kennaway BIO *sbio; 6525740a5e3SKris Kennaway char *inrand = NULL; 6535471f83eSSimon L. B. Nielsen int mbuf_len = 0; 6546a599222SSimon L. B. Nielsen struct timeval timeout, *timeoutp; 655fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 6565c87c606SMark Murray char *engine_id = NULL; 657db522d3aSSimon L. B. Nielsen char *ssl_client_engine_id = NULL; 658db522d3aSSimon L. B. Nielsen ENGINE *ssl_client_engine = NULL; 659fceca8a3SJacques Vidrine #endif 660db522d3aSSimon L. B. Nielsen ENGINE *e = NULL; 6611f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 662f579bf8eSKris Kennaway struct timeval tv; 6631f13597dSJung-uk Kim # if defined(OPENSSL_SYS_BEOS_R5) 6641f13597dSJung-uk Kim int stdin_set = 0; 665f579bf8eSKris Kennaway # endif 6661f13597dSJung-uk Kim #endif 667db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 668db522d3aSSimon L. B. Nielsen char *servername = NULL; 669*6f9291ceSJung-uk Kim tlsextctx tlsextcbp = { NULL, 0 }; 6701f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 6711f13597dSJung-uk Kim const char *next_proto_neg_in = NULL; 6721f13597dSJung-uk Kim # endif 673db522d3aSSimon L. B. Nielsen #endif 674db522d3aSSimon L. B. Nielsen char *sess_in = NULL; 675db522d3aSSimon L. B. Nielsen char *sess_out = NULL; 6763b4e3dcbSSimon L. B. Nielsen struct sockaddr peer; 6773b4e3dcbSSimon L. B. Nielsen int peerlen = sizeof(peer); 678fa5fddf1SJung-uk Kim int fallback_scsv = 0; 6793b4e3dcbSSimon L. B. Nielsen int enable_timeouts = 0; 6806a599222SSimon L. B. Nielsen long socket_mtu = 0; 681db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 682db522d3aSSimon L. B. Nielsen char *jpake_secret = NULL; 683db522d3aSSimon L. B. Nielsen #endif 6841f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 6851f13597dSJung-uk Kim char *srppass = NULL; 6861f13597dSJung-uk Kim int srp_lateuser = 0; 6871f13597dSJung-uk Kim SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; 6881f13597dSJung-uk Kim #endif 6893b4e3dcbSSimon L. B. Nielsen 69074664626SKris Kennaway meth = SSLv23_client_method(); 69174664626SKris Kennaway 69274664626SKris Kennaway apps_startup(); 69374664626SKris Kennaway c_Pause = 0; 69474664626SKris Kennaway c_quiet = 0; 695f579bf8eSKris Kennaway c_ign_eof = 0; 69674664626SKris Kennaway c_debug = 0; 6975c87c606SMark Murray c_msg = 0; 69874664626SKris Kennaway c_showcerts = 0; 69974664626SKris Kennaway 70074664626SKris Kennaway if (bio_err == NULL) 70174664626SKris Kennaway bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 70274664626SKris Kennaway 7035c87c606SMark Murray if (!load_config(bio_err, NULL)) 7045c87c606SMark Murray goto end; 7055c87c606SMark Murray 706ddd58736SKris Kennaway if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || 7075c87c606SMark Murray ((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || 708*6f9291ceSJung-uk Kim ((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) { 70974664626SKris Kennaway BIO_printf(bio_err, "out of memory\n"); 71074664626SKris Kennaway goto end; 71174664626SKris Kennaway } 71274664626SKris Kennaway 71374664626SKris Kennaway verify_depth = 0; 71474664626SKris Kennaway verify_error = X509_V_OK; 71574664626SKris Kennaway #ifdef FIONBIO 71674664626SKris Kennaway c_nbio = 0; 71774664626SKris Kennaway #endif 71874664626SKris Kennaway 71974664626SKris Kennaway argc--; 72074664626SKris Kennaway argv++; 721*6f9291ceSJung-uk Kim while (argc >= 1) { 722*6f9291ceSJung-uk Kim if (strcmp(*argv, "-host") == 0) { 723*6f9291ceSJung-uk Kim if (--argc < 1) 724*6f9291ceSJung-uk Kim goto bad; 72574664626SKris Kennaway host = *(++argv); 726*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-port") == 0) { 727*6f9291ceSJung-uk Kim if (--argc < 1) 728*6f9291ceSJung-uk Kim goto bad; 72974664626SKris Kennaway port = atoi(*(++argv)); 730*6f9291ceSJung-uk Kim if (port == 0) 731*6f9291ceSJung-uk Kim goto bad; 732*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-connect") == 0) { 733*6f9291ceSJung-uk Kim if (--argc < 1) 734*6f9291ceSJung-uk Kim goto bad; 73574664626SKris Kennaway if (!extract_host_port(*(++argv), &host, NULL, &port)) 73674664626SKris Kennaway goto bad; 737*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-verify") == 0) { 73874664626SKris Kennaway verify = SSL_VERIFY_PEER; 739*6f9291ceSJung-uk Kim if (--argc < 1) 740*6f9291ceSJung-uk Kim goto bad; 74174664626SKris Kennaway verify_depth = atoi(*(++argv)); 74274664626SKris Kennaway BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 743*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-cert") == 0) { 744*6f9291ceSJung-uk Kim if (--argc < 1) 745*6f9291ceSJung-uk Kim goto bad; 74674664626SKris Kennaway cert_file = *(++argv); 747*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-sess_out") == 0) { 748*6f9291ceSJung-uk Kim if (--argc < 1) 749*6f9291ceSJung-uk Kim goto bad; 750db522d3aSSimon L. B. Nielsen sess_out = *(++argv); 751*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-sess_in") == 0) { 752*6f9291ceSJung-uk Kim if (--argc < 1) 753*6f9291ceSJung-uk Kim goto bad; 754db522d3aSSimon L. B. Nielsen sess_in = *(++argv); 755*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-certform") == 0) { 756*6f9291ceSJung-uk Kim if (--argc < 1) 757*6f9291ceSJung-uk Kim goto bad; 7583b4e3dcbSSimon L. B. Nielsen cert_format = str2fmt(*(++argv)); 759*6f9291ceSJung-uk Kim } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { 7601f13597dSJung-uk Kim if (badarg) 7611f13597dSJung-uk Kim goto bad; 7621f13597dSJung-uk Kim continue; 763*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-verify_return_error") == 0) 7641f13597dSJung-uk Kim verify_return_error = 1; 765f579bf8eSKris Kennaway else if (strcmp(*argv, "-prexit") == 0) 766f579bf8eSKris Kennaway prexit = 1; 76774664626SKris Kennaway else if (strcmp(*argv, "-crlf") == 0) 76874664626SKris Kennaway crlf = 1; 769*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-quiet") == 0) { 77074664626SKris Kennaway c_quiet = 1; 771f579bf8eSKris Kennaway c_ign_eof = 1; 772*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-ign_eof") == 0) 773f579bf8eSKris Kennaway c_ign_eof = 1; 774db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-no_ign_eof") == 0) 775db522d3aSSimon L. B. Nielsen c_ign_eof = 0; 77674664626SKris Kennaway else if (strcmp(*argv, "-pause") == 0) 77774664626SKris Kennaway c_Pause = 1; 77874664626SKris Kennaway else if (strcmp(*argv, "-debug") == 0) 77974664626SKris Kennaway c_debug = 1; 780db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 781db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-tlsextdebug") == 0) 782db522d3aSSimon L. B. Nielsen c_tlsextdebug = 1; 783db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-status") == 0) 784db522d3aSSimon L. B. Nielsen c_status_req = 1; 785db522d3aSSimon L. B. Nielsen #endif 7863b4e3dcbSSimon L. B. Nielsen #ifdef WATT32 7873b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv, "-wdebug") == 0) 7883b4e3dcbSSimon L. B. Nielsen dbug_init(); 7893b4e3dcbSSimon L. B. Nielsen #endif 7905c87c606SMark Murray else if (strcmp(*argv, "-msg") == 0) 7915c87c606SMark Murray c_msg = 1; 79274664626SKris Kennaway else if (strcmp(*argv, "-showcerts") == 0) 79374664626SKris Kennaway c_showcerts = 1; 79474664626SKris Kennaway else if (strcmp(*argv, "-nbio_test") == 0) 79574664626SKris Kennaway nbio_test = 1; 79674664626SKris Kennaway else if (strcmp(*argv, "-state") == 0) 79774664626SKris Kennaway state = 1; 7981f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 799*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-psk_identity") == 0) { 800*6f9291ceSJung-uk Kim if (--argc < 1) 801*6f9291ceSJung-uk Kim goto bad; 8021f13597dSJung-uk Kim psk_identity = *(++argv); 803*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-psk") == 0) { 8041f13597dSJung-uk Kim size_t j; 8051f13597dSJung-uk Kim 806*6f9291ceSJung-uk Kim if (--argc < 1) 807*6f9291ceSJung-uk Kim goto bad; 8081f13597dSJung-uk Kim psk_key = *(++argv); 809*6f9291ceSJung-uk Kim for (j = 0; j < strlen(psk_key); j++) { 8101f13597dSJung-uk Kim if (isxdigit((unsigned char)psk_key[j])) 8111f13597dSJung-uk Kim continue; 8121f13597dSJung-uk Kim BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); 8131f13597dSJung-uk Kim goto bad; 8141f13597dSJung-uk Kim } 8151f13597dSJung-uk Kim } 8161f13597dSJung-uk Kim #endif 8171f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 818*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-srpuser") == 0) { 819*6f9291ceSJung-uk Kim if (--argc < 1) 820*6f9291ceSJung-uk Kim goto bad; 8211f13597dSJung-uk Kim srp_arg.srplogin = *(++argv); 8221f13597dSJung-uk Kim meth = TLSv1_client_method(); 823*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srppass") == 0) { 824*6f9291ceSJung-uk Kim if (--argc < 1) 825*6f9291ceSJung-uk Kim goto bad; 8261f13597dSJung-uk Kim srppass = *(++argv); 8271f13597dSJung-uk Kim meth = TLSv1_client_method(); 828*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_strength") == 0) { 829*6f9291ceSJung-uk Kim if (--argc < 1) 830*6f9291ceSJung-uk Kim goto bad; 8311f13597dSJung-uk Kim srp_arg.strength = atoi(*(++argv)); 832*6f9291ceSJung-uk Kim BIO_printf(bio_err, "SRP minimal length for N is %d\n", 833*6f9291ceSJung-uk Kim srp_arg.strength); 8341f13597dSJung-uk Kim meth = TLSv1_client_method(); 835*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_lateuser") == 0) { 8361f13597dSJung-uk Kim srp_lateuser = 1; 8371f13597dSJung-uk Kim meth = TLSv1_client_method(); 838*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_moregroups") == 0) { 8391f13597dSJung-uk Kim srp_arg.amp = 1; 8401f13597dSJung-uk Kim meth = TLSv1_client_method(); 8411f13597dSJung-uk Kim } 8421f13597dSJung-uk Kim #endif 8435c87c606SMark Murray #ifndef OPENSSL_NO_SSL2 84474664626SKris Kennaway else if (strcmp(*argv, "-ssl2") == 0) 84574664626SKris Kennaway meth = SSLv2_client_method(); 84674664626SKris Kennaway #endif 847751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 84874664626SKris Kennaway else if (strcmp(*argv, "-ssl3") == 0) 84974664626SKris Kennaway meth = SSLv3_client_method(); 85074664626SKris Kennaway #endif 8515c87c606SMark Murray #ifndef OPENSSL_NO_TLS1 8521f13597dSJung-uk Kim else if (strcmp(*argv, "-tls1_2") == 0) 8531f13597dSJung-uk Kim meth = TLSv1_2_client_method(); 8541f13597dSJung-uk Kim else if (strcmp(*argv, "-tls1_1") == 0) 8551f13597dSJung-uk Kim meth = TLSv1_1_client_method(); 85674664626SKris Kennaway else if (strcmp(*argv, "-tls1") == 0) 85774664626SKris Kennaway meth = TLSv1_client_method(); 85874664626SKris Kennaway #endif 8593b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_DTLS1 860*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-dtls1") == 0) { 8613b4e3dcbSSimon L. B. Nielsen meth = DTLSv1_client_method(); 8621f13597dSJung-uk Kim socket_type = SOCK_DGRAM; 863*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-fallback_scsv") == 0) { 864fa5fddf1SJung-uk Kim fallback_scsv = 1; 865*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-timeout") == 0) 8663b4e3dcbSSimon L. B. Nielsen enable_timeouts = 1; 867*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-mtu") == 0) { 868*6f9291ceSJung-uk Kim if (--argc < 1) 869*6f9291ceSJung-uk Kim goto bad; 8706a599222SSimon L. B. Nielsen socket_mtu = atol(*(++argv)); 8713b4e3dcbSSimon L. B. Nielsen } 8723b4e3dcbSSimon L. B. Nielsen #endif 87374664626SKris Kennaway else if (strcmp(*argv, "-bugs") == 0) 87474664626SKris Kennaway bugs = 1; 875*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-keyform") == 0) { 876*6f9291ceSJung-uk Kim if (--argc < 1) 877*6f9291ceSJung-uk Kim goto bad; 8783b4e3dcbSSimon L. B. Nielsen key_format = str2fmt(*(++argv)); 879*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-pass") == 0) { 880*6f9291ceSJung-uk Kim if (--argc < 1) 881*6f9291ceSJung-uk Kim goto bad; 8823b4e3dcbSSimon L. B. Nielsen passarg = *(++argv); 883*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-key") == 0) { 884*6f9291ceSJung-uk Kim if (--argc < 1) 885*6f9291ceSJung-uk Kim goto bad; 88674664626SKris Kennaway key_file = *(++argv); 887*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-reconnect") == 0) { 88874664626SKris Kennaway reconnect = 5; 889*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-CApath") == 0) { 890*6f9291ceSJung-uk Kim if (--argc < 1) 891*6f9291ceSJung-uk Kim goto bad; 89274664626SKris Kennaway CApath = *(++argv); 893*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-CAfile") == 0) { 894*6f9291ceSJung-uk Kim if (--argc < 1) 895*6f9291ceSJung-uk Kim goto bad; 89674664626SKris Kennaway CAfile = *(++argv); 897*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-no_tls1_2") == 0) 8981f13597dSJung-uk Kim off |= SSL_OP_NO_TLSv1_2; 8991f13597dSJung-uk Kim else if (strcmp(*argv, "-no_tls1_1") == 0) 9001f13597dSJung-uk Kim off |= SSL_OP_NO_TLSv1_1; 90174664626SKris Kennaway else if (strcmp(*argv, "-no_tls1") == 0) 90274664626SKris Kennaway off |= SSL_OP_NO_TLSv1; 90374664626SKris Kennaway else if (strcmp(*argv, "-no_ssl3") == 0) 90474664626SKris Kennaway off |= SSL_OP_NO_SSLv3; 90574664626SKris Kennaway else if (strcmp(*argv, "-no_ssl2") == 0) 90674664626SKris Kennaway off |= SSL_OP_NO_SSLv2; 907*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-no_comp") == 0) { 908*6f9291ceSJung-uk Kim off |= SSL_OP_NO_COMPRESSION; 909*6f9291ceSJung-uk Kim } 910db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 911*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-no_ticket") == 0) { 912*6f9291ceSJung-uk Kim off |= SSL_OP_NO_TICKET; 913*6f9291ceSJung-uk Kim } 9141f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 915*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-nextprotoneg") == 0) { 916*6f9291ceSJung-uk Kim if (--argc < 1) 917*6f9291ceSJung-uk Kim goto bad; 9181f13597dSJung-uk Kim next_proto_neg_in = *(++argv); 9191f13597dSJung-uk Kim } 9201f13597dSJung-uk Kim # endif 921db522d3aSSimon L. B. Nielsen #endif 9225c87c606SMark Murray else if (strcmp(*argv, "-serverpref") == 0) 9235c87c606SMark Murray off |= SSL_OP_CIPHER_SERVER_PREFERENCE; 9246a599222SSimon L. B. Nielsen else if (strcmp(*argv, "-legacy_renegotiation") == 0) 9256a599222SSimon L. B. Nielsen off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; 926*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-legacy_server_connect") == 0) { 927*6f9291ceSJung-uk Kim off |= SSL_OP_LEGACY_SERVER_CONNECT; 928*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) { 929*6f9291ceSJung-uk Kim clr |= SSL_OP_LEGACY_SERVER_CONNECT; 930*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-cipher") == 0) { 931*6f9291ceSJung-uk Kim if (--argc < 1) 932*6f9291ceSJung-uk Kim goto bad; 93374664626SKris Kennaway cipher = *(++argv); 93474664626SKris Kennaway } 93574664626SKris Kennaway #ifdef FIONBIO 936*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-nbio") == 0) { 937*6f9291ceSJung-uk Kim c_nbio = 1; 938*6f9291ceSJung-uk Kim } 93974664626SKris Kennaway #endif 940*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-starttls") == 0) { 941*6f9291ceSJung-uk Kim if (--argc < 1) 942*6f9291ceSJung-uk Kim goto bad; 9435c87c606SMark Murray ++argv; 9445c87c606SMark Murray if (strcmp(*argv, "smtp") == 0) 9455471f83eSSimon L. B. Nielsen starttls_proto = PROTO_SMTP; 94650ef0093SJacques Vidrine else if (strcmp(*argv, "pop3") == 0) 9475471f83eSSimon L. B. Nielsen starttls_proto = PROTO_POP3; 9485471f83eSSimon L. B. Nielsen else if (strcmp(*argv, "imap") == 0) 9495471f83eSSimon L. B. Nielsen starttls_proto = PROTO_IMAP; 9505471f83eSSimon L. B. Nielsen else if (strcmp(*argv, "ftp") == 0) 9515471f83eSSimon L. B. Nielsen starttls_proto = PROTO_FTP; 952db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "xmpp") == 0) 953db522d3aSSimon L. B. Nielsen starttls_proto = PROTO_XMPP; 9545c87c606SMark Murray else 9555c87c606SMark Murray goto bad; 9565c87c606SMark Murray } 957fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 958*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-engine") == 0) { 959*6f9291ceSJung-uk Kim if (--argc < 1) 960*6f9291ceSJung-uk Kim goto bad; 9615c87c606SMark Murray engine_id = *(++argv); 962*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-ssl_client_engine") == 0) { 963*6f9291ceSJung-uk Kim if (--argc < 1) 964*6f9291ceSJung-uk Kim goto bad; 965db522d3aSSimon L. B. Nielsen ssl_client_engine_id = *(++argv); 966db522d3aSSimon L. B. Nielsen } 967fceca8a3SJacques Vidrine #endif 968*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-rand") == 0) { 969*6f9291ceSJung-uk Kim if (--argc < 1) 970*6f9291ceSJung-uk Kim goto bad; 9715740a5e3SKris Kennaway inrand = *(++argv); 9725740a5e3SKris Kennaway } 973db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 974*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-servername") == 0) { 975*6f9291ceSJung-uk Kim if (--argc < 1) 976*6f9291ceSJung-uk Kim goto bad; 977db522d3aSSimon L. B. Nielsen servername = *(++argv); 978db522d3aSSimon L. B. Nielsen /* meth=TLSv1_client_method(); */ 979db522d3aSSimon L. B. Nielsen } 980db522d3aSSimon L. B. Nielsen #endif 981db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 982*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-jpake") == 0) { 983*6f9291ceSJung-uk Kim if (--argc < 1) 984*6f9291ceSJung-uk Kim goto bad; 985db522d3aSSimon L. B. Nielsen jpake_secret = *++argv; 986db522d3aSSimon L. B. Nielsen } 987db522d3aSSimon L. B. Nielsen #endif 98809286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 989*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-use_srtp") == 0) { 990*6f9291ceSJung-uk Kim if (--argc < 1) 991*6f9291ceSJung-uk Kim goto bad; 9921f13597dSJung-uk Kim srtp_profiles = *(++argv); 9931f13597dSJung-uk Kim } 99409286989SJung-uk Kim #endif 995*6f9291ceSJung-uk Kim else if (strcmp(*argv, "-keymatexport") == 0) { 996*6f9291ceSJung-uk Kim if (--argc < 1) 997*6f9291ceSJung-uk Kim goto bad; 9981f13597dSJung-uk Kim keymatexportlabel = *(++argv); 999*6f9291ceSJung-uk Kim } else if (strcmp(*argv, "-keymatexportlen") == 0) { 1000*6f9291ceSJung-uk Kim if (--argc < 1) 1001*6f9291ceSJung-uk Kim goto bad; 10021f13597dSJung-uk Kim keymatexportlen = atoi(*(++argv)); 1003*6f9291ceSJung-uk Kim if (keymatexportlen == 0) 1004*6f9291ceSJung-uk Kim goto bad; 1005*6f9291ceSJung-uk Kim } else { 100674664626SKris Kennaway BIO_printf(bio_err, "unknown option %s\n", *argv); 100774664626SKris Kennaway badop = 1; 100874664626SKris Kennaway break; 100974664626SKris Kennaway } 101074664626SKris Kennaway argc--; 101174664626SKris Kennaway argv++; 101274664626SKris Kennaway } 1013*6f9291ceSJung-uk Kim if (badop) { 101474664626SKris Kennaway bad: 101574664626SKris Kennaway sc_usage(); 101674664626SKris Kennaway goto end; 101774664626SKris Kennaway } 10181f13597dSJung-uk Kim #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 1019*6f9291ceSJung-uk Kim if (jpake_secret) { 1020*6f9291ceSJung-uk Kim if (psk_key) { 1021*6f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't use JPAKE and PSK together\n"); 10221f13597dSJung-uk Kim goto end; 10231f13597dSJung-uk Kim } 10241f13597dSJung-uk Kim psk_identity = "JPAKE"; 1025*6f9291ceSJung-uk Kim if (cipher) { 10261f13597dSJung-uk Kim BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); 10271f13597dSJung-uk Kim goto end; 10281f13597dSJung-uk Kim } 10291f13597dSJung-uk Kim cipher = "PSK"; 10301f13597dSJung-uk Kim } 10311f13597dSJung-uk Kim #endif 10321f13597dSJung-uk Kim 10335c87c606SMark Murray OpenSSL_add_ssl_algorithms(); 10345c87c606SMark Murray SSL_load_error_strings(); 10355c87c606SMark Murray 10361f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 10371f13597dSJung-uk Kim next_proto.status = -1; 1038*6f9291ceSJung-uk Kim if (next_proto_neg_in) { 1039*6f9291ceSJung-uk Kim next_proto.data = 1040*6f9291ceSJung-uk Kim next_protos_parse(&next_proto.len, next_proto_neg_in); 1041*6f9291ceSJung-uk Kim if (next_proto.data == NULL) { 10421f13597dSJung-uk Kim BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); 10431f13597dSJung-uk Kim goto end; 10441f13597dSJung-uk Kim } 1045*6f9291ceSJung-uk Kim } else 10461f13597dSJung-uk Kim next_proto.data = NULL; 10471f13597dSJung-uk Kim #endif 10481f13597dSJung-uk Kim 1049fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 10505c87c606SMark Murray e = setup_engine(bio_err, engine_id, 1); 1051*6f9291ceSJung-uk Kim if (ssl_client_engine_id) { 1052db522d3aSSimon L. B. Nielsen ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); 1053*6f9291ceSJung-uk Kim if (!ssl_client_engine) { 1054*6f9291ceSJung-uk Kim BIO_printf(bio_err, "Error getting client auth engine\n"); 1055db522d3aSSimon L. B. Nielsen goto end; 1056db522d3aSSimon L. B. Nielsen } 1057db522d3aSSimon L. B. Nielsen } 1058fceca8a3SJacques Vidrine #endif 1059*6f9291ceSJung-uk Kim if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { 10603b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "Error getting password\n"); 10613b4e3dcbSSimon L. B. Nielsen goto end; 10623b4e3dcbSSimon L. B. Nielsen } 10633b4e3dcbSSimon L. B. Nielsen 10643b4e3dcbSSimon L. B. Nielsen if (key_file == NULL) 10653b4e3dcbSSimon L. B. Nielsen key_file = cert_file; 10663b4e3dcbSSimon L. B. Nielsen 1067*6f9291ceSJung-uk Kim if (key_file) { 10683b4e3dcbSSimon L. B. Nielsen 10693b4e3dcbSSimon L. B. Nielsen key = load_key(bio_err, key_file, key_format, 0, pass, e, 10703b4e3dcbSSimon L. B. Nielsen "client certificate private key file"); 1071*6f9291ceSJung-uk Kim if (!key) { 10723b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 10733b4e3dcbSSimon L. B. Nielsen goto end; 10743b4e3dcbSSimon L. B. Nielsen } 10753b4e3dcbSSimon L. B. Nielsen 10763b4e3dcbSSimon L. B. Nielsen } 10773b4e3dcbSSimon L. B. Nielsen 1078*6f9291ceSJung-uk Kim if (cert_file) { 10793b4e3dcbSSimon L. B. Nielsen cert = load_cert(bio_err, cert_file, cert_format, 10803b4e3dcbSSimon L. B. Nielsen NULL, e, "client certificate file"); 10813b4e3dcbSSimon L. B. Nielsen 1082*6f9291ceSJung-uk Kim if (!cert) { 10833b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 10843b4e3dcbSSimon L. B. Nielsen goto end; 10853b4e3dcbSSimon L. B. Nielsen } 10863b4e3dcbSSimon L. B. Nielsen } 10875c87c606SMark Murray 10885740a5e3SKris Kennaway if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 1089*6f9291ceSJung-uk Kim && !RAND_status()) { 1090*6f9291ceSJung-uk Kim BIO_printf(bio_err, 1091*6f9291ceSJung-uk Kim "warning, not much extra random data, consider using the -rand option\n"); 10925740a5e3SKris Kennaway } 10935740a5e3SKris Kennaway if (inrand != NULL) 10945740a5e3SKris Kennaway BIO_printf(bio_err, "%ld semi-random bytes loaded\n", 10955740a5e3SKris Kennaway app_RAND_load_files(inrand)); 1096f579bf8eSKris Kennaway 1097*6f9291ceSJung-uk Kim if (bio_c_out == NULL) { 1098*6f9291ceSJung-uk Kim if (c_quiet && !c_debug && !c_msg) { 109974664626SKris Kennaway bio_c_out = BIO_new(BIO_s_null()); 1100*6f9291ceSJung-uk Kim } else { 110174664626SKris Kennaway if (bio_c_out == NULL) 110274664626SKris Kennaway bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE); 110374664626SKris Kennaway } 110474664626SKris Kennaway } 11051f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 1106*6f9291ceSJung-uk Kim if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) { 11071f13597dSJung-uk Kim BIO_printf(bio_err, "Error getting password\n"); 11081f13597dSJung-uk Kim goto end; 11091f13597dSJung-uk Kim } 11101f13597dSJung-uk Kim #endif 11111f13597dSJung-uk Kim 111274664626SKris Kennaway ctx = SSL_CTX_new(meth); 1113*6f9291ceSJung-uk Kim if (ctx == NULL) { 111474664626SKris Kennaway ERR_print_errors(bio_err); 111574664626SKris Kennaway goto end; 111674664626SKris Kennaway } 111774664626SKris Kennaway 11181f13597dSJung-uk Kim if (vpm) 11191f13597dSJung-uk Kim SSL_CTX_set1_param(ctx, vpm); 11201f13597dSJung-uk Kim 1121db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_ENGINE 1122*6f9291ceSJung-uk Kim if (ssl_client_engine) { 1123*6f9291ceSJung-uk Kim if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) { 1124db522d3aSSimon L. B. Nielsen BIO_puts(bio_err, "Error setting client auth engine\n"); 1125db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1126db522d3aSSimon L. B. Nielsen ENGINE_free(ssl_client_engine); 1127db522d3aSSimon L. B. Nielsen goto end; 1128db522d3aSSimon L. B. Nielsen } 1129db522d3aSSimon L. B. Nielsen ENGINE_free(ssl_client_engine); 1130db522d3aSSimon L. B. Nielsen } 1131db522d3aSSimon L. B. Nielsen #endif 1132db522d3aSSimon L. B. Nielsen 11331f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 11341f13597dSJung-uk Kim # ifdef OPENSSL_NO_JPAKE 11351f13597dSJung-uk Kim if (psk_key != NULL) 11361f13597dSJung-uk Kim # else 11371f13597dSJung-uk Kim if (psk_key != NULL || jpake_secret) 11381f13597dSJung-uk Kim # endif 11391f13597dSJung-uk Kim { 11401f13597dSJung-uk Kim if (c_debug) 1141*6f9291ceSJung-uk Kim BIO_printf(bio_c_out, 1142*6f9291ceSJung-uk Kim "PSK key given or JPAKE in use, setting client callback\n"); 11431f13597dSJung-uk Kim SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); 11441f13597dSJung-uk Kim } 114509286989SJung-uk Kim #endif 114609286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 11471f13597dSJung-uk Kim if (srtp_profiles != NULL) 11481f13597dSJung-uk Kim SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); 11491f13597dSJung-uk Kim #endif 115074664626SKris Kennaway if (bugs) 115174664626SKris Kennaway SSL_CTX_set_options(ctx, SSL_OP_ALL | off); 115274664626SKris Kennaway else 115374664626SKris Kennaway SSL_CTX_set_options(ctx, off); 11546a599222SSimon L. B. Nielsen 11556a599222SSimon L. B. Nielsen if (clr) 11566a599222SSimon L. B. Nielsen SSL_CTX_clear_options(ctx, clr); 11571f13597dSJung-uk Kim 11581f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 11591f13597dSJung-uk Kim if (next_proto.data) 11601f13597dSJung-uk Kim SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); 11611f13597dSJung-uk Kim #endif 116274664626SKris Kennaway 1163*6f9291ceSJung-uk Kim if (state) 1164*6f9291ceSJung-uk Kim SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 116574664626SKris Kennaway if (cipher != NULL) 1166f579bf8eSKris Kennaway if (!SSL_CTX_set_cipher_list(ctx, cipher)) { 1167f579bf8eSKris Kennaway BIO_printf(bio_err, "error setting cipher list\n"); 1168f579bf8eSKris Kennaway ERR_print_errors(bio_err); 1169f579bf8eSKris Kennaway goto end; 1170f579bf8eSKris Kennaway } 117174664626SKris Kennaway #if 0 117274664626SKris Kennaway else 117374664626SKris Kennaway SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER")); 117474664626SKris Kennaway #endif 117574664626SKris Kennaway 117674664626SKris Kennaway SSL_CTX_set_verify(ctx, verify, verify_callback); 11773b4e3dcbSSimon L. B. Nielsen if (!set_cert_key_stuff(ctx, cert, key)) 117874664626SKris Kennaway goto end; 117974664626SKris Kennaway 118074664626SKris Kennaway if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || 1181*6f9291ceSJung-uk Kim (!SSL_CTX_set_default_verify_paths(ctx))) { 1182*6f9291ceSJung-uk Kim /* 1183*6f9291ceSJung-uk Kim * BIO_printf(bio_err,"error setting default verify locations\n"); 1184*6f9291ceSJung-uk Kim */ 118574664626SKris Kennaway ERR_print_errors(bio_err); 118674664626SKris Kennaway /* goto end; */ 118774664626SKris Kennaway } 1188db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1189*6f9291ceSJung-uk Kim if (servername != NULL) { 1190db522d3aSSimon L. B. Nielsen tlsextcbp.biodebug = bio_err; 1191db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1192db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1193db522d3aSSimon L. B. Nielsen } 11941f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP 1195*6f9291ceSJung-uk Kim if (srp_arg.srplogin) { 1196*6f9291ceSJung-uk Kim if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) { 11971f13597dSJung-uk Kim BIO_printf(bio_err, "Unable to set SRP username\n"); 11981f13597dSJung-uk Kim goto end; 11991f13597dSJung-uk Kim } 12001f13597dSJung-uk Kim srp_arg.msg = c_msg; 12011f13597dSJung-uk Kim srp_arg.debug = c_debug; 12021f13597dSJung-uk Kim SSL_CTX_set_srp_cb_arg(ctx, &srp_arg); 12031f13597dSJung-uk Kim SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb); 12041f13597dSJung-uk Kim SSL_CTX_set_srp_strength(ctx, srp_arg.strength); 12051f13597dSJung-uk Kim if (c_msg || c_debug || srp_arg.amp == 0) 1206*6f9291ceSJung-uk Kim SSL_CTX_set_srp_verify_param_callback(ctx, 1207*6f9291ceSJung-uk Kim ssl_srp_verify_param_cb); 12081f13597dSJung-uk Kim } 12091f13597dSJung-uk Kim # endif 1210db522d3aSSimon L. B. Nielsen #endif 121174664626SKris Kennaway 1212f579bf8eSKris Kennaway con = SSL_new(ctx); 1213*6f9291ceSJung-uk Kim if (sess_in) { 1214db522d3aSSimon L. B. Nielsen SSL_SESSION *sess; 1215db522d3aSSimon L. B. Nielsen BIO *stmp = BIO_new_file(sess_in, "r"); 1216*6f9291ceSJung-uk Kim if (!stmp) { 1217*6f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't open session file %s\n", sess_in); 1218db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1219db522d3aSSimon L. B. Nielsen goto end; 1220db522d3aSSimon L. B. Nielsen } 1221db522d3aSSimon L. B. Nielsen sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); 1222db522d3aSSimon L. B. Nielsen BIO_free(stmp); 1223*6f9291ceSJung-uk Kim if (!sess) { 1224*6f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't open session file %s\n", sess_in); 1225db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1226db522d3aSSimon L. B. Nielsen goto end; 1227db522d3aSSimon L. B. Nielsen } 1228db522d3aSSimon L. B. Nielsen SSL_set_session(con, sess); 1229db522d3aSSimon L. B. Nielsen SSL_SESSION_free(sess); 1230db522d3aSSimon L. B. Nielsen } 1231fa5fddf1SJung-uk Kim 1232fa5fddf1SJung-uk Kim if (fallback_scsv) 1233fa5fddf1SJung-uk Kim SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); 1234fa5fddf1SJung-uk Kim 1235db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1236*6f9291ceSJung-uk Kim if (servername != NULL) { 1237*6f9291ceSJung-uk Kim if (!SSL_set_tlsext_host_name(con, servername)) { 1238db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); 1239db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1240db522d3aSSimon L. B. Nielsen goto end; 1241db522d3aSSimon L. B. Nielsen } 1242db522d3aSSimon L. B. Nielsen } 1243db522d3aSSimon L. B. Nielsen #endif 12445c87c606SMark Murray #ifndef OPENSSL_NO_KRB5 1245*6f9291ceSJung-uk Kim if (con && (kctx = kssl_ctx_new()) != NULL) { 12461f13597dSJung-uk Kim SSL_set0_kssl_ctx(con, kctx); 12471f13597dSJung-uk Kim kssl_ctx_setstring(kctx, KSSL_SERVER, host); 12485c87c606SMark Murray } 12495c87c606SMark Murray #endif /* OPENSSL_NO_KRB5 */ 125074664626SKris Kennaway /* SSL_set_cipher_list(con,"RC4-MD5"); */ 12511f13597dSJung-uk Kim #if 0 12521f13597dSJung-uk Kim # ifdef TLSEXT_TYPE_opaque_prf_input 12531f13597dSJung-uk Kim SSL_set_tlsext_opaque_prf_input(con, "Test client", 11); 12541f13597dSJung-uk Kim # endif 12551f13597dSJung-uk Kim #endif 125674664626SKris Kennaway 125774664626SKris Kennaway re_start: 125874664626SKris Kennaway 1259*6f9291ceSJung-uk Kim if (init_client(&s, host, port, socket_type) == 0) { 126074664626SKris Kennaway BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); 126174664626SKris Kennaway SHUTDOWN(s); 126274664626SKris Kennaway goto end; 126374664626SKris Kennaway } 126474664626SKris Kennaway BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); 126574664626SKris Kennaway 126674664626SKris Kennaway #ifdef FIONBIO 1267*6f9291ceSJung-uk Kim if (c_nbio) { 126874664626SKris Kennaway unsigned long l = 1; 126974664626SKris Kennaway BIO_printf(bio_c_out, "turning on non blocking io\n"); 1270*6f9291ceSJung-uk Kim if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) { 127174664626SKris Kennaway ERR_print_errors(bio_err); 127274664626SKris Kennaway goto end; 127374664626SKris Kennaway } 127474664626SKris Kennaway } 127574664626SKris Kennaway #endif 1276*6f9291ceSJung-uk Kim if (c_Pause & 0x01) 1277*6f9291ceSJung-uk Kim SSL_set_debug(con, 1); 12783b4e3dcbSSimon L. B. Nielsen 1279*6f9291ceSJung-uk Kim if (SSL_version(con) == DTLS1_VERSION) { 12803b4e3dcbSSimon L. B. Nielsen 12813b4e3dcbSSimon L. B. Nielsen sbio = BIO_new_dgram(s, BIO_NOCLOSE); 1282*6f9291ceSJung-uk Kim if (getsockname(s, &peer, (void *)&peerlen) < 0) { 12833b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "getsockname:errno=%d\n", 12843b4e3dcbSSimon L. B. Nielsen get_last_socket_error()); 12853b4e3dcbSSimon L. B. Nielsen SHUTDOWN(s); 12863b4e3dcbSSimon L. B. Nielsen goto end; 12873b4e3dcbSSimon L. B. Nielsen } 12883b4e3dcbSSimon L. B. Nielsen 1289db522d3aSSimon L. B. Nielsen (void)BIO_ctrl_set_connected(sbio, 1, &peer); 12903b4e3dcbSSimon L. B. Nielsen 1291*6f9291ceSJung-uk Kim if (enable_timeouts) { 12923b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 12933b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_RCV_TIMEOUT; 12943b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 12953b4e3dcbSSimon L. B. Nielsen 12963b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 12973b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_SND_TIMEOUT; 12983b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 12993b4e3dcbSSimon L. B. Nielsen } 13003b4e3dcbSSimon L. B. Nielsen 1301*6f9291ceSJung-uk Kim if (socket_mtu) { 1302*6f9291ceSJung-uk Kim if (socket_mtu < DTLS_get_link_min_mtu(con)) { 1303751d2991SJung-uk Kim BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", 1304751d2991SJung-uk Kim DTLS_get_link_min_mtu(con)); 1305751d2991SJung-uk Kim BIO_free(sbio); 1306751d2991SJung-uk Kim goto shut; 1307751d2991SJung-uk Kim } 13083b4e3dcbSSimon L. B. Nielsen SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 1309*6f9291ceSJung-uk Kim if (!DTLS_set_link_mtu(con, socket_mtu)) { 1310751d2991SJung-uk Kim BIO_printf(bio_err, "Failed to set MTU\n"); 1311751d2991SJung-uk Kim BIO_free(sbio); 1312751d2991SJung-uk Kim goto shut; 1313751d2991SJung-uk Kim } 1314*6f9291ceSJung-uk Kim } else 13153b4e3dcbSSimon L. B. Nielsen /* want to do MTU discovery */ 13163b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 1317*6f9291ceSJung-uk Kim } else 131874664626SKris Kennaway sbio = BIO_new_socket(s, BIO_NOCLOSE); 131974664626SKris Kennaway 1320*6f9291ceSJung-uk Kim if (nbio_test) { 132174664626SKris Kennaway BIO *test; 132274664626SKris Kennaway 132374664626SKris Kennaway test = BIO_new(BIO_f_nbio_test()); 132474664626SKris Kennaway sbio = BIO_push(test, sbio); 132574664626SKris Kennaway } 132674664626SKris Kennaway 1327*6f9291ceSJung-uk Kim if (c_debug) { 13281f13597dSJung-uk Kim SSL_set_debug(con, 1); 13293b4e3dcbSSimon L. B. Nielsen BIO_set_callback(sbio, bio_dump_callback); 13305471f83eSSimon L. B. Nielsen BIO_set_callback_arg(sbio, (char *)bio_c_out); 133174664626SKris Kennaway } 1332*6f9291ceSJung-uk Kim if (c_msg) { 13335c87c606SMark Murray SSL_set_msg_callback(con, msg_cb); 13345c87c606SMark Murray SSL_set_msg_callback_arg(con, bio_c_out); 13355c87c606SMark Murray } 1336db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1337*6f9291ceSJung-uk Kim if (c_tlsextdebug) { 1338db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_callback(con, tlsext_cb); 1339db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_arg(con, bio_c_out); 1340db522d3aSSimon L. B. Nielsen } 1341*6f9291ceSJung-uk Kim if (c_status_req) { 1342db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); 1343db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); 1344db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); 1345db522d3aSSimon L. B. Nielsen # if 0 1346db522d3aSSimon L. B. Nielsen { 1347db522d3aSSimon L. B. Nielsen STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); 1348db522d3aSSimon L. B. Nielsen OCSP_RESPID *id = OCSP_RESPID_new(); 1349db522d3aSSimon L. B. Nielsen id->value.byKey = ASN1_OCTET_STRING_new(); 1350db522d3aSSimon L. B. Nielsen id->type = V_OCSP_RESPID_KEY; 1351db522d3aSSimon L. B. Nielsen ASN1_STRING_set(id->value.byKey, "Hello World", -1); 1352db522d3aSSimon L. B. Nielsen sk_OCSP_RESPID_push(ids, id); 1353db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_ids(con, ids); 1354db522d3aSSimon L. B. Nielsen } 1355db522d3aSSimon L. B. Nielsen # endif 1356db522d3aSSimon L. B. Nielsen } 1357db522d3aSSimon L. B. Nielsen #endif 1358db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 1359db522d3aSSimon L. B. Nielsen if (jpake_secret) 1360db522d3aSSimon L. B. Nielsen jpake_client_auth(bio_c_out, sbio, jpake_secret); 1361db522d3aSSimon L. B. Nielsen #endif 136274664626SKris Kennaway 136374664626SKris Kennaway SSL_set_bio(con, sbio, sbio); 136474664626SKris Kennaway SSL_set_connect_state(con); 136574664626SKris Kennaway 136674664626SKris Kennaway /* ok, lets connect */ 136774664626SKris Kennaway width = SSL_get_fd(con) + 1; 136874664626SKris Kennaway 136974664626SKris Kennaway read_tty = 1; 137074664626SKris Kennaway write_tty = 0; 137174664626SKris Kennaway tty_on = 0; 137274664626SKris Kennaway read_ssl = 1; 137374664626SKris Kennaway write_ssl = 1; 137474664626SKris Kennaway 137574664626SKris Kennaway cbuf_len = 0; 137674664626SKris Kennaway cbuf_off = 0; 137774664626SKris Kennaway sbuf_len = 0; 137874664626SKris Kennaway sbuf_off = 0; 137974664626SKris Kennaway 13805c87c606SMark Murray /* This is an ugly hack that does a lot of assumptions */ 1381*6f9291ceSJung-uk Kim /* 1382*6f9291ceSJung-uk Kim * We do have to handle multi-line responses which may come in a single 1383*6f9291ceSJung-uk Kim * packet or not. We therefore have to use BIO_gets() which does need a 1384*6f9291ceSJung-uk Kim * buffering BIO. So during the initial chitchat we do push a buffering 1385*6f9291ceSJung-uk Kim * BIO into the chain that is removed again later on to not disturb the 1386*6f9291ceSJung-uk Kim * rest of the s_client operation. 1387*6f9291ceSJung-uk Kim */ 1388*6f9291ceSJung-uk Kim if (starttls_proto == PROTO_SMTP) { 13895471f83eSSimon L. B. Nielsen int foundit = 0; 13905471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 13915471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 13925471f83eSSimon L. B. Nielsen /* wait for multi-line response to end from SMTP */ 1393*6f9291ceSJung-uk Kim do { 13945471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 13955471f83eSSimon L. B. Nielsen } 13965471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 13975471f83eSSimon L. B. Nielsen /* STARTTLS command requires EHLO... */ 13985471f83eSSimon L. B. Nielsen BIO_printf(fbio, "EHLO openssl.client.net\r\n"); 1399db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 14005471f83eSSimon L. B. Nielsen /* wait for multi-line response to end EHLO SMTP response */ 1401*6f9291ceSJung-uk Kim do { 14025471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 14035471f83eSSimon L. B. Nielsen if (strstr(mbuf, "STARTTLS")) 14045471f83eSSimon L. B. Nielsen foundit = 1; 14055471f83eSSimon L. B. Nielsen } 14065471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 1407db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 14085471f83eSSimon L. B. Nielsen BIO_pop(fbio); 14095471f83eSSimon L. B. Nielsen BIO_free(fbio); 14105471f83eSSimon L. B. Nielsen if (!foundit) 14115471f83eSSimon L. B. Nielsen BIO_printf(bio_err, 14125471f83eSSimon L. B. Nielsen "didn't found starttls in server response," 14135471f83eSSimon L. B. Nielsen " try anyway...\n"); 14145c87c606SMark Murray BIO_printf(sbio, "STARTTLS\r\n"); 14155c87c606SMark Murray BIO_read(sbio, sbuf, BUFSIZZ); 1416*6f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_POP3) { 141750ef0093SJacques Vidrine BIO_read(sbio, mbuf, BUFSIZZ); 141850ef0093SJacques Vidrine BIO_printf(sbio, "STLS\r\n"); 141950ef0093SJacques Vidrine BIO_read(sbio, sbuf, BUFSIZZ); 1420*6f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_IMAP) { 14215471f83eSSimon L. B. Nielsen int foundit = 0; 14225471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 14235471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 14245471f83eSSimon L. B. Nielsen BIO_gets(fbio, mbuf, BUFSIZZ); 14255471f83eSSimon L. B. Nielsen /* STARTTLS command requires CAPABILITY... */ 14265471f83eSSimon L. B. Nielsen BIO_printf(fbio, ". CAPABILITY\r\n"); 1427db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 14285471f83eSSimon L. B. Nielsen /* wait for multi-line CAPABILITY response */ 1429*6f9291ceSJung-uk Kim do { 14305471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 14315471f83eSSimon L. B. Nielsen if (strstr(mbuf, "STARTTLS")) 14325471f83eSSimon L. B. Nielsen foundit = 1; 14335471f83eSSimon L. B. Nielsen } 14345471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[0] != '.'); 1435db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 14365471f83eSSimon L. B. Nielsen BIO_pop(fbio); 14375471f83eSSimon L. B. Nielsen BIO_free(fbio); 14385471f83eSSimon L. B. Nielsen if (!foundit) 14395471f83eSSimon L. B. Nielsen BIO_printf(bio_err, 14405471f83eSSimon L. B. Nielsen "didn't found STARTTLS in server response," 14415471f83eSSimon L. B. Nielsen " try anyway...\n"); 14425471f83eSSimon L. B. Nielsen BIO_printf(sbio, ". STARTTLS\r\n"); 14435471f83eSSimon L. B. Nielsen BIO_read(sbio, sbuf, BUFSIZZ); 1444*6f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_FTP) { 14455471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 14465471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 14475471f83eSSimon L. B. Nielsen /* wait for multi-line response to end from FTP */ 1448*6f9291ceSJung-uk Kim do { 14495471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 14505471f83eSSimon L. B. Nielsen } 14515471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 1452db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 14535471f83eSSimon L. B. Nielsen BIO_pop(fbio); 14545471f83eSSimon L. B. Nielsen BIO_free(fbio); 14555471f83eSSimon L. B. Nielsen BIO_printf(sbio, "AUTH TLS\r\n"); 14565471f83eSSimon L. B. Nielsen BIO_read(sbio, sbuf, BUFSIZZ); 14575471f83eSSimon L. B. Nielsen } 1458*6f9291ceSJung-uk Kim if (starttls_proto == PROTO_XMPP) { 1459db522d3aSSimon L. B. Nielsen int seen = 0; 1460db522d3aSSimon L. B. Nielsen BIO_printf(sbio, "<stream:stream " 1461db522d3aSSimon L. B. Nielsen "xmlns:stream='http://etherx.jabber.org/streams' " 1462db522d3aSSimon L. B. Nielsen "xmlns='jabber:client' to='%s' version='1.0'>", host); 1463db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, mbuf, BUFSIZZ); 1464db522d3aSSimon L. B. Nielsen mbuf[seen] = 0; 1465*6f9291ceSJung-uk Kim while (!strstr 1466*6f9291ceSJung-uk Kim (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) { 1467db522d3aSSimon L. B. Nielsen if (strstr(mbuf, "/stream:features>")) 1468db522d3aSSimon L. B. Nielsen goto shut; 1469db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, mbuf, BUFSIZZ); 1470db522d3aSSimon L. B. Nielsen mbuf[seen] = 0; 1471db522d3aSSimon L. B. Nielsen } 1472*6f9291ceSJung-uk Kim BIO_printf(sbio, 1473*6f9291ceSJung-uk Kim "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); 1474db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, sbuf, BUFSIZZ); 1475db522d3aSSimon L. B. Nielsen sbuf[seen] = 0; 1476db522d3aSSimon L. B. Nielsen if (!strstr(sbuf, "<proceed")) 1477db522d3aSSimon L. B. Nielsen goto shut; 1478db522d3aSSimon L. B. Nielsen mbuf[0] = 0; 1479db522d3aSSimon L. B. Nielsen } 14805c87c606SMark Murray 1481*6f9291ceSJung-uk Kim for (;;) { 148274664626SKris Kennaway FD_ZERO(&readfds); 148374664626SKris Kennaway FD_ZERO(&writefds); 148474664626SKris Kennaway 14856a599222SSimon L. B. Nielsen if ((SSL_version(con) == DTLS1_VERSION) && 14866a599222SSimon L. B. Nielsen DTLSv1_get_timeout(con, &timeout)) 14876a599222SSimon L. B. Nielsen timeoutp = &timeout; 14886a599222SSimon L. B. Nielsen else 14896a599222SSimon L. B. Nielsen timeoutp = NULL; 14906a599222SSimon L. B. Nielsen 1491*6f9291ceSJung-uk Kim if (SSL_in_init(con) && !SSL_total_renegotiations(con)) { 149274664626SKris Kennaway in_init = 1; 149374664626SKris Kennaway tty_on = 0; 1494*6f9291ceSJung-uk Kim } else { 149574664626SKris Kennaway tty_on = 1; 1496*6f9291ceSJung-uk Kim if (in_init) { 149774664626SKris Kennaway in_init = 0; 1498*6f9291ceSJung-uk Kim #if 0 /* This test doesn't really work as intended 1499*6f9291ceSJung-uk Kim * (needs to be fixed) */ 15001f13597dSJung-uk Kim # ifndef OPENSSL_NO_TLSEXT 1501*6f9291ceSJung-uk Kim if (servername != NULL && !SSL_session_reused(con)) { 1502*6f9291ceSJung-uk Kim BIO_printf(bio_c_out, 1503*6f9291ceSJung-uk Kim "Server did %sacknowledge servername extension.\n", 1504*6f9291ceSJung-uk Kim tlsextcbp.ack ? "" : "not "); 15051f13597dSJung-uk Kim } 15061f13597dSJung-uk Kim # endif 15071f13597dSJung-uk Kim #endif 1508*6f9291ceSJung-uk Kim if (sess_out) { 1509db522d3aSSimon L. B. Nielsen BIO *stmp = BIO_new_file(sess_out, "w"); 1510*6f9291ceSJung-uk Kim if (stmp) { 1511db522d3aSSimon L. B. Nielsen PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); 1512db522d3aSSimon L. B. Nielsen BIO_free(stmp); 1513*6f9291ceSJung-uk Kim } else 1514*6f9291ceSJung-uk Kim BIO_printf(bio_err, "Error writing session file %s\n", 1515*6f9291ceSJung-uk Kim sess_out); 1516db522d3aSSimon L. B. Nielsen } 151774664626SKris Kennaway print_stuff(bio_c_out, con, full_log); 1518*6f9291ceSJung-uk Kim if (full_log > 0) 1519*6f9291ceSJung-uk Kim full_log--; 152074664626SKris Kennaway 1521*6f9291ceSJung-uk Kim if (starttls_proto) { 15225c87c606SMark Murray BIO_printf(bio_err, "%s", mbuf); 15235c87c606SMark Murray /* We don't need to know any more */ 15245471f83eSSimon L. B. Nielsen starttls_proto = PROTO_OFF; 15255c87c606SMark Murray } 15265c87c606SMark Murray 1527*6f9291ceSJung-uk Kim if (reconnect) { 152874664626SKris Kennaway reconnect--; 1529*6f9291ceSJung-uk Kim BIO_printf(bio_c_out, 1530*6f9291ceSJung-uk Kim "drop connection and then reconnect\n"); 153174664626SKris Kennaway SSL_shutdown(con); 153274664626SKris Kennaway SSL_set_connect_state(con); 153374664626SKris Kennaway SHUTDOWN(SSL_get_fd(con)); 153474664626SKris Kennaway goto re_start; 153574664626SKris Kennaway } 153674664626SKris Kennaway } 153774664626SKris Kennaway } 153874664626SKris Kennaway 153974664626SKris Kennaway ssl_pending = read_ssl && SSL_pending(con); 154074664626SKris Kennaway 1541*6f9291ceSJung-uk Kim if (!ssl_pending) { 15421f13597dSJung-uk Kim #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5) 1543*6f9291ceSJung-uk Kim if (tty_on) { 1544*6f9291ceSJung-uk Kim if (read_tty) 1545*6f9291ceSJung-uk Kim openssl_fdset(fileno(stdin), &readfds); 1546*6f9291ceSJung-uk Kim if (write_tty) 1547*6f9291ceSJung-uk Kim openssl_fdset(fileno(stdout), &writefds); 154874664626SKris Kennaway } 154974664626SKris Kennaway if (read_ssl) 15501f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &readfds); 155174664626SKris Kennaway if (write_ssl) 15521f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &writefds); 1553f579bf8eSKris Kennaway #else 1554f579bf8eSKris Kennaway if (!tty_on || !write_tty) { 1555f579bf8eSKris Kennaway if (read_ssl) 15561f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &readfds); 1557f579bf8eSKris Kennaway if (write_ssl) 15581f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &writefds); 1559f579bf8eSKris Kennaway } 1560f579bf8eSKris Kennaway #endif 1561*6f9291ceSJung-uk Kim /*- printf("mode tty(%d %d%d) ssl(%d%d)\n", 156274664626SKris Kennaway tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ 156374664626SKris Kennaway 1564*6f9291ceSJung-uk Kim /* 1565*6f9291ceSJung-uk Kim * Note: under VMS with SOCKETSHR the second parameter is 1566*6f9291ceSJung-uk Kim * currently of type (int *) whereas under other systems it is 1567*6f9291ceSJung-uk Kim * (void *) if you don't have a cast it will choke the compiler: 1568*6f9291ceSJung-uk Kim * if you do have a cast then you can either go for (int *) or 1569*6f9291ceSJung-uk Kim * (void *). 157074664626SKris Kennaway */ 157150ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 1572*6f9291ceSJung-uk Kim /* 1573*6f9291ceSJung-uk Kim * Under Windows/DOS we make the assumption that we can always 1574*6f9291ceSJung-uk Kim * write to the tty: therefore if we need to write to the tty we 1575*6f9291ceSJung-uk Kim * just fall through. Otherwise we timeout the select every 1576*6f9291ceSJung-uk Kim * second and see if there are any keypresses. Note: this is a 1577*6f9291ceSJung-uk Kim * hack, in a proper Windows application we wouldn't do this. 1578f579bf8eSKris Kennaway */ 1579f579bf8eSKris Kennaway i = 0; 1580f579bf8eSKris Kennaway if (!write_tty) { 1581f579bf8eSKris Kennaway if (read_tty) { 1582f579bf8eSKris Kennaway tv.tv_sec = 1; 1583f579bf8eSKris Kennaway tv.tv_usec = 0; 1584f579bf8eSKris Kennaway i = select(width, (void *)&readfds, (void *)&writefds, 1585f579bf8eSKris Kennaway NULL, &tv); 158650ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) 1587*6f9291ceSJung-uk Kim if (!i && (!_kbhit() || !read_tty)) 1588*6f9291ceSJung-uk Kim continue; 15895c87c606SMark Murray # else 1590*6f9291ceSJung-uk Kim if (!i && (!((_kbhit()) 1591*6f9291ceSJung-uk Kim || (WAIT_OBJECT_0 == 1592*6f9291ceSJung-uk Kim WaitForSingleObject(GetStdHandle 1593*6f9291ceSJung-uk Kim (STD_INPUT_HANDLE), 1594*6f9291ceSJung-uk Kim 0))) 1595*6f9291ceSJung-uk Kim || !read_tty)) 1596*6f9291ceSJung-uk Kim continue; 15975c87c606SMark Murray # endif 1598*6f9291ceSJung-uk Kim } else 1599*6f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 16006a599222SSimon L. B. Nielsen NULL, timeoutp); 1601f579bf8eSKris Kennaway } 16023b4e3dcbSSimon L. B. Nielsen #elif defined(OPENSSL_SYS_NETWARE) 16033b4e3dcbSSimon L. B. Nielsen if (!write_tty) { 16043b4e3dcbSSimon L. B. Nielsen if (read_tty) { 16053b4e3dcbSSimon L. B. Nielsen tv.tv_sec = 1; 16063b4e3dcbSSimon L. B. Nielsen tv.tv_usec = 0; 16073b4e3dcbSSimon L. B. Nielsen i = select(width, (void *)&readfds, (void *)&writefds, 16083b4e3dcbSSimon L. B. Nielsen NULL, &tv); 1609*6f9291ceSJung-uk Kim } else 1610*6f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 16116a599222SSimon L. B. Nielsen NULL, timeoutp); 16123b4e3dcbSSimon L. B. Nielsen } 16131f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 16141f13597dSJung-uk Kim /* Under BeOS-R5 the situation is similar to DOS */ 16151f13597dSJung-uk Kim i = 0; 16161f13597dSJung-uk Kim stdin_set = 0; 16171f13597dSJung-uk Kim (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); 16181f13597dSJung-uk Kim if (!write_tty) { 16191f13597dSJung-uk Kim if (read_tty) { 16201f13597dSJung-uk Kim tv.tv_sec = 1; 16211f13597dSJung-uk Kim tv.tv_usec = 0; 16221f13597dSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 16231f13597dSJung-uk Kim NULL, &tv); 16241f13597dSJung-uk Kim if (read(fileno(stdin), sbuf, 0) >= 0) 16251f13597dSJung-uk Kim stdin_set = 1; 16261f13597dSJung-uk Kim if (!i && (stdin_set != 1 || !read_tty)) 16271f13597dSJung-uk Kim continue; 1628*6f9291ceSJung-uk Kim } else 1629*6f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 16301f13597dSJung-uk Kim NULL, timeoutp); 16311f13597dSJung-uk Kim } 16321f13597dSJung-uk Kim (void)fcntl(fileno(stdin), F_SETFL, 0); 1633f579bf8eSKris Kennaway #else 163474664626SKris Kennaway i = select(width, (void *)&readfds, (void *)&writefds, 16356a599222SSimon L. B. Nielsen NULL, timeoutp); 1636f579bf8eSKris Kennaway #endif 1637*6f9291ceSJung-uk Kim if (i < 0) { 163874664626SKris Kennaway BIO_printf(bio_err, "bad select %d\n", 163974664626SKris Kennaway get_last_socket_error()); 164074664626SKris Kennaway goto shut; 164174664626SKris Kennaway /* goto end; */ 164274664626SKris Kennaway } 164374664626SKris Kennaway } 164474664626SKris Kennaway 1645*6f9291ceSJung-uk Kim if ((SSL_version(con) == DTLS1_VERSION) 1646*6f9291ceSJung-uk Kim && DTLSv1_handle_timeout(con) > 0) { 16476a599222SSimon L. B. Nielsen BIO_printf(bio_err, "TIMEOUT occured\n"); 16486a599222SSimon L. B. Nielsen } 16496a599222SSimon L. B. Nielsen 1650*6f9291ceSJung-uk Kim if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { 1651*6f9291ceSJung-uk Kim k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); 1652*6f9291ceSJung-uk Kim switch (SSL_get_error(con, k)) { 165374664626SKris Kennaway case SSL_ERROR_NONE: 165474664626SKris Kennaway cbuf_off += k; 165574664626SKris Kennaway cbuf_len -= k; 1656*6f9291ceSJung-uk Kim if (k <= 0) 1657*6f9291ceSJung-uk Kim goto end; 165874664626SKris Kennaway /* we have done a write(con,NULL,0); */ 1659*6f9291ceSJung-uk Kim if (cbuf_len <= 0) { 166074664626SKris Kennaway read_tty = 1; 166174664626SKris Kennaway write_ssl = 0; 1662*6f9291ceSJung-uk Kim } else { /* if (cbuf_len > 0) */ 1663*6f9291ceSJung-uk Kim 166474664626SKris Kennaway read_tty = 0; 166574664626SKris Kennaway write_ssl = 1; 166674664626SKris Kennaway } 166774664626SKris Kennaway break; 166874664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 166974664626SKris Kennaway BIO_printf(bio_c_out, "write W BLOCK\n"); 167074664626SKris Kennaway write_ssl = 1; 167174664626SKris Kennaway read_tty = 0; 167274664626SKris Kennaway break; 167374664626SKris Kennaway case SSL_ERROR_WANT_READ: 167474664626SKris Kennaway BIO_printf(bio_c_out, "write R BLOCK\n"); 167574664626SKris Kennaway write_tty = 0; 167674664626SKris Kennaway read_ssl = 1; 167774664626SKris Kennaway write_ssl = 0; 167874664626SKris Kennaway break; 167974664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 168074664626SKris Kennaway BIO_printf(bio_c_out, "write X BLOCK\n"); 168174664626SKris Kennaway break; 168274664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 1683*6f9291ceSJung-uk Kim if (cbuf_len != 0) { 168474664626SKris Kennaway BIO_printf(bio_c_out, "shutdown\n"); 16851f13597dSJung-uk Kim ret = 0; 168674664626SKris Kennaway goto shut; 1687*6f9291ceSJung-uk Kim } else { 168874664626SKris Kennaway read_tty = 1; 168974664626SKris Kennaway write_ssl = 0; 169074664626SKris Kennaway break; 169174664626SKris Kennaway } 169274664626SKris Kennaway 169374664626SKris Kennaway case SSL_ERROR_SYSCALL: 1694*6f9291ceSJung-uk Kim if ((k != 0) || (cbuf_len != 0)) { 169574664626SKris Kennaway BIO_printf(bio_err, "write:errno=%d\n", 169674664626SKris Kennaway get_last_socket_error()); 169774664626SKris Kennaway goto shut; 1698*6f9291ceSJung-uk Kim } else { 169974664626SKris Kennaway read_tty = 1; 170074664626SKris Kennaway write_ssl = 0; 170174664626SKris Kennaway } 170274664626SKris Kennaway break; 170374664626SKris Kennaway case SSL_ERROR_SSL: 170474664626SKris Kennaway ERR_print_errors(bio_err); 170574664626SKris Kennaway goto shut; 170674664626SKris Kennaway } 170774664626SKris Kennaway } 17081f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 17091f13597dSJung-uk Kim /* Assume Windows/DOS/BeOS can always write */ 1710f579bf8eSKris Kennaway else if (!ssl_pending && write_tty) 1711f579bf8eSKris Kennaway #else 171274664626SKris Kennaway else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds)) 1713f579bf8eSKris Kennaway #endif 171474664626SKris Kennaway { 171574664626SKris Kennaway #ifdef CHARSET_EBCDIC 171674664626SKris Kennaway ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len); 171774664626SKris Kennaway #endif 17181f13597dSJung-uk Kim i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len); 171974664626SKris Kennaway 1720*6f9291ceSJung-uk Kim if (i <= 0) { 172174664626SKris Kennaway BIO_printf(bio_c_out, "DONE\n"); 17221f13597dSJung-uk Kim ret = 0; 172374664626SKris Kennaway goto shut; 172474664626SKris Kennaway /* goto end; */ 172574664626SKris Kennaway } 172674664626SKris Kennaway 172774664626SKris Kennaway sbuf_len -= i;; 172874664626SKris Kennaway sbuf_off += i; 1729*6f9291ceSJung-uk Kim if (sbuf_len <= 0) { 173074664626SKris Kennaway read_ssl = 1; 173174664626SKris Kennaway write_tty = 0; 173274664626SKris Kennaway } 1733*6f9291ceSJung-uk Kim } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) { 173474664626SKris Kennaway #ifdef RENEG 1735*6f9291ceSJung-uk Kim { 1736*6f9291ceSJung-uk Kim static int iiii; 1737*6f9291ceSJung-uk Kim if (++iiii == 52) { 1738*6f9291ceSJung-uk Kim SSL_renegotiate(con); 1739*6f9291ceSJung-uk Kim iiii = 0; 1740*6f9291ceSJung-uk Kim } 1741*6f9291ceSJung-uk Kim } 174274664626SKris Kennaway #endif 174374664626SKris Kennaway #if 1 174474664626SKris Kennaway k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); 174574664626SKris Kennaway #else 174674664626SKris Kennaway /* Demo for pending and peek :-) */ 174774664626SKris Kennaway k = SSL_read(con, sbuf, 16); 1748*6f9291ceSJung-uk Kim { 1749*6f9291ceSJung-uk Kim char zbuf[10240]; 1750*6f9291ceSJung-uk Kim printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), 1751*6f9291ceSJung-uk Kim SSL_peek(con, zbuf, 10240)); 175274664626SKris Kennaway } 175374664626SKris Kennaway #endif 175474664626SKris Kennaway 1755*6f9291ceSJung-uk Kim switch (SSL_get_error(con, k)) { 175674664626SKris Kennaway case SSL_ERROR_NONE: 175774664626SKris Kennaway if (k <= 0) 175874664626SKris Kennaway goto end; 175974664626SKris Kennaway sbuf_off = 0; 176074664626SKris Kennaway sbuf_len = k; 176174664626SKris Kennaway 176274664626SKris Kennaway read_ssl = 0; 176374664626SKris Kennaway write_tty = 1; 176474664626SKris Kennaway break; 176574664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 176674664626SKris Kennaway BIO_printf(bio_c_out, "read W BLOCK\n"); 176774664626SKris Kennaway write_ssl = 1; 176874664626SKris Kennaway read_tty = 0; 176974664626SKris Kennaway break; 177074664626SKris Kennaway case SSL_ERROR_WANT_READ: 177174664626SKris Kennaway BIO_printf(bio_c_out, "read R BLOCK\n"); 177274664626SKris Kennaway write_tty = 0; 177374664626SKris Kennaway read_ssl = 1; 177474664626SKris Kennaway if ((read_tty == 0) && (write_ssl == 0)) 177574664626SKris Kennaway write_ssl = 1; 177674664626SKris Kennaway break; 177774664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 177874664626SKris Kennaway BIO_printf(bio_c_out, "read X BLOCK\n"); 177974664626SKris Kennaway break; 178074664626SKris Kennaway case SSL_ERROR_SYSCALL: 17811f13597dSJung-uk Kim ret = get_last_socket_error(); 17821f13597dSJung-uk Kim BIO_printf(bio_err, "read:errno=%d\n", ret); 178374664626SKris Kennaway goto shut; 178474664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 178574664626SKris Kennaway BIO_printf(bio_c_out, "closed\n"); 17861f13597dSJung-uk Kim ret = 0; 178774664626SKris Kennaway goto shut; 178874664626SKris Kennaway case SSL_ERROR_SSL: 178974664626SKris Kennaway ERR_print_errors(bio_err); 179074664626SKris Kennaway goto shut; 179174664626SKris Kennaway /* break; */ 179274664626SKris Kennaway } 179374664626SKris Kennaway } 179450ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 179550ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) 17965c87c606SMark Murray else if (_kbhit()) 17975c87c606SMark Murray # else 1798*6f9291ceSJung-uk Kim else if ((_kbhit()) 1799*6f9291ceSJung-uk Kim || (WAIT_OBJECT_0 == 1800*6f9291ceSJung-uk Kim WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) 18015c87c606SMark Murray # endif 18023b4e3dcbSSimon L. B. Nielsen #elif defined (OPENSSL_SYS_NETWARE) 18033b4e3dcbSSimon L. B. Nielsen else if (_kbhit()) 18041f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 18051f13597dSJung-uk Kim else if (stdin_set) 1806f579bf8eSKris Kennaway #else 180774664626SKris Kennaway else if (FD_ISSET(fileno(stdin), &readfds)) 1808f579bf8eSKris Kennaway #endif 180974664626SKris Kennaway { 1810*6f9291ceSJung-uk Kim if (crlf) { 181174664626SKris Kennaway int j, lf_num; 181274664626SKris Kennaway 18131f13597dSJung-uk Kim i = raw_read_stdin(cbuf, BUFSIZZ / 2); 181474664626SKris Kennaway lf_num = 0; 181574664626SKris Kennaway /* both loops are skipped when i <= 0 */ 181674664626SKris Kennaway for (j = 0; j < i; j++) 181774664626SKris Kennaway if (cbuf[j] == '\n') 181874664626SKris Kennaway lf_num++; 1819*6f9291ceSJung-uk Kim for (j = i - 1; j >= 0; j--) { 182074664626SKris Kennaway cbuf[j + lf_num] = cbuf[j]; 1821*6f9291ceSJung-uk Kim if (cbuf[j] == '\n') { 182274664626SKris Kennaway lf_num--; 182374664626SKris Kennaway i++; 182474664626SKris Kennaway cbuf[j + lf_num] = '\r'; 182574664626SKris Kennaway } 182674664626SKris Kennaway } 182774664626SKris Kennaway assert(lf_num == 0); 1828*6f9291ceSJung-uk Kim } else 18291f13597dSJung-uk Kim i = raw_read_stdin(cbuf, BUFSIZZ); 183074664626SKris Kennaway 1831*6f9291ceSJung-uk Kim if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { 183274664626SKris Kennaway BIO_printf(bio_err, "DONE\n"); 18331f13597dSJung-uk Kim ret = 0; 183474664626SKris Kennaway goto shut; 183574664626SKris Kennaway } 183674664626SKris Kennaway 1837*6f9291ceSJung-uk Kim if ((!c_ign_eof) && (cbuf[0] == 'R')) { 183874664626SKris Kennaway BIO_printf(bio_err, "RENEGOTIATING\n"); 183974664626SKris Kennaway SSL_renegotiate(con); 184074664626SKris Kennaway cbuf_len = 0; 184174664626SKris Kennaway } 18421f13597dSJung-uk Kim #ifndef OPENSSL_NO_HEARTBEATS 1843*6f9291ceSJung-uk Kim else if ((!c_ign_eof) && (cbuf[0] == 'B')) { 18441f13597dSJung-uk Kim BIO_printf(bio_err, "HEARTBEATING\n"); 18451f13597dSJung-uk Kim SSL_heartbeat(con); 18461f13597dSJung-uk Kim cbuf_len = 0; 18471f13597dSJung-uk Kim } 18481f13597dSJung-uk Kim #endif 1849*6f9291ceSJung-uk Kim else { 185074664626SKris Kennaway cbuf_len = i; 185174664626SKris Kennaway cbuf_off = 0; 185274664626SKris Kennaway #ifdef CHARSET_EBCDIC 185374664626SKris Kennaway ebcdic2ascii(cbuf, cbuf, i); 185474664626SKris Kennaway #endif 185574664626SKris Kennaway } 185674664626SKris Kennaway 185774664626SKris Kennaway write_ssl = 1; 185874664626SKris Kennaway read_tty = 0; 185974664626SKris Kennaway } 186074664626SKris Kennaway } 18611f13597dSJung-uk Kim 18621f13597dSJung-uk Kim ret = 0; 186374664626SKris Kennaway shut: 18641f13597dSJung-uk Kim if (in_init) 18651f13597dSJung-uk Kim print_stuff(bio_c_out, con, full_log); 186674664626SKris Kennaway SSL_shutdown(con); 186774664626SKris Kennaway SHUTDOWN(SSL_get_fd(con)); 186874664626SKris Kennaway end: 1869*6f9291ceSJung-uk Kim if (con != NULL) { 18701f13597dSJung-uk Kim if (prexit != 0) 18711f13597dSJung-uk Kim print_stuff(bio_c_out, con, 1); 18721f13597dSJung-uk Kim SSL_free(con); 18731f13597dSJung-uk Kim } 187409286989SJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 187509286989SJung-uk Kim if (next_proto.data) 187609286989SJung-uk Kim OPENSSL_free(next_proto.data); 187709286989SJung-uk Kim #endif 1878*6f9291ceSJung-uk Kim if (ctx != NULL) 1879*6f9291ceSJung-uk Kim SSL_CTX_free(ctx); 18803b4e3dcbSSimon L. B. Nielsen if (cert) 18813b4e3dcbSSimon L. B. Nielsen X509_free(cert); 18823b4e3dcbSSimon L. B. Nielsen if (key) 18833b4e3dcbSSimon L. B. Nielsen EVP_PKEY_free(key); 18843b4e3dcbSSimon L. B. Nielsen if (pass) 18853b4e3dcbSSimon L. B. Nielsen OPENSSL_free(pass); 188609286989SJung-uk Kim if (vpm) 188709286989SJung-uk Kim X509_VERIFY_PARAM_free(vpm); 1888*6f9291ceSJung-uk Kim if (cbuf != NULL) { 1889*6f9291ceSJung-uk Kim OPENSSL_cleanse(cbuf, BUFSIZZ); 1890*6f9291ceSJung-uk Kim OPENSSL_free(cbuf); 1891*6f9291ceSJung-uk Kim } 1892*6f9291ceSJung-uk Kim if (sbuf != NULL) { 1893*6f9291ceSJung-uk Kim OPENSSL_cleanse(sbuf, BUFSIZZ); 1894*6f9291ceSJung-uk Kim OPENSSL_free(sbuf); 1895*6f9291ceSJung-uk Kim } 1896*6f9291ceSJung-uk Kim if (mbuf != NULL) { 1897*6f9291ceSJung-uk Kim OPENSSL_cleanse(mbuf, BUFSIZZ); 1898*6f9291ceSJung-uk Kim OPENSSL_free(mbuf); 1899*6f9291ceSJung-uk Kim } 1900*6f9291ceSJung-uk Kim if (bio_c_out != NULL) { 190174664626SKris Kennaway BIO_free(bio_c_out); 190274664626SKris Kennaway bio_c_out = NULL; 190374664626SKris Kennaway } 19045c87c606SMark Murray apps_shutdown(); 19055c87c606SMark Murray OPENSSL_EXIT(ret); 190674664626SKris Kennaway } 190774664626SKris Kennaway 190874664626SKris Kennaway static void print_stuff(BIO *bio, SSL *s, int full) 190974664626SKris Kennaway { 191074664626SKris Kennaway X509 *peer = NULL; 191174664626SKris Kennaway char *p; 19123b4e3dcbSSimon L. B. Nielsen static const char *space = " "; 191374664626SKris Kennaway char buf[BUFSIZ]; 191474664626SKris Kennaway STACK_OF(X509) *sk; 191574664626SKris Kennaway STACK_OF(X509_NAME) *sk2; 19161f13597dSJung-uk Kim const SSL_CIPHER *c; 191774664626SKris Kennaway X509_NAME *xn; 191874664626SKris Kennaway int j, i; 19193b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 19203b4e3dcbSSimon L. B. Nielsen const COMP_METHOD *comp, *expansion; 19213b4e3dcbSSimon L. B. Nielsen #endif 19221f13597dSJung-uk Kim unsigned char *exportedkeymat; 192374664626SKris Kennaway 1924*6f9291ceSJung-uk Kim if (full) { 192574664626SKris Kennaway int got_a_chain = 0; 192674664626SKris Kennaway 192774664626SKris Kennaway sk = SSL_get_peer_cert_chain(s); 1928*6f9291ceSJung-uk Kim if (sk != NULL) { 192974664626SKris Kennaway got_a_chain = 1; /* we don't have it for SSL2 (yet) */ 193074664626SKris Kennaway 193174664626SKris Kennaway BIO_printf(bio, "---\nCertificate chain\n"); 1932*6f9291ceSJung-uk Kim for (i = 0; i < sk_X509_num(sk); i++) { 1933*6f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), 1934*6f9291ceSJung-uk Kim buf, sizeof buf); 193574664626SKris Kennaway BIO_printf(bio, "%2d s:%s\n", i, buf); 1936*6f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), 1937*6f9291ceSJung-uk Kim buf, sizeof buf); 193874664626SKris Kennaway BIO_printf(bio, " i:%s\n", buf); 193974664626SKris Kennaway if (c_showcerts) 194074664626SKris Kennaway PEM_write_bio_X509(bio, sk_X509_value(sk, i)); 194174664626SKris Kennaway } 194274664626SKris Kennaway } 194374664626SKris Kennaway 194474664626SKris Kennaway BIO_printf(bio, "---\n"); 194574664626SKris Kennaway peer = SSL_get_peer_certificate(s); 1946*6f9291ceSJung-uk Kim if (peer != NULL) { 194774664626SKris Kennaway BIO_printf(bio, "Server certificate\n"); 1948*6f9291ceSJung-uk Kim 1949*6f9291ceSJung-uk Kim /* Redundant if we showed the whole chain */ 1950*6f9291ceSJung-uk Kim if (!(c_showcerts && got_a_chain)) 195174664626SKris Kennaway PEM_write_bio_X509(bio, peer); 1952*6f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); 195374664626SKris Kennaway BIO_printf(bio, "subject=%s\n", buf); 1954*6f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); 195574664626SKris Kennaway BIO_printf(bio, "issuer=%s\n", buf); 1956*6f9291ceSJung-uk Kim } else 195774664626SKris Kennaway BIO_printf(bio, "no peer certificate available\n"); 195874664626SKris Kennaway 195974664626SKris Kennaway sk2 = SSL_get_client_CA_list(s); 1960*6f9291ceSJung-uk Kim if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) { 196174664626SKris Kennaway BIO_printf(bio, "---\nAcceptable client certificate CA names\n"); 1962*6f9291ceSJung-uk Kim for (i = 0; i < sk_X509_NAME_num(sk2); i++) { 196374664626SKris Kennaway xn = sk_X509_NAME_value(sk2, i); 196474664626SKris Kennaway X509_NAME_oneline(xn, buf, sizeof(buf)); 196574664626SKris Kennaway BIO_write(bio, buf, strlen(buf)); 196674664626SKris Kennaway BIO_write(bio, "\n", 1); 196774664626SKris Kennaway } 1968*6f9291ceSJung-uk Kim } else { 196974664626SKris Kennaway BIO_printf(bio, "---\nNo client certificate CA names sent\n"); 197074664626SKris Kennaway } 19715c87c606SMark Murray p = SSL_get_shared_ciphers(s, buf, sizeof buf); 1972*6f9291ceSJung-uk Kim if (p != NULL) { 1973*6f9291ceSJung-uk Kim /* 1974*6f9291ceSJung-uk Kim * This works only for SSL 2. In later protocol versions, the 1975*6f9291ceSJung-uk Kim * client does not know what other ciphers (in addition to the 1976*6f9291ceSJung-uk Kim * one to be used in the current connection) the server supports. 1977*6f9291ceSJung-uk Kim */ 197874664626SKris Kennaway 1979*6f9291ceSJung-uk Kim BIO_printf(bio, 1980*6f9291ceSJung-uk Kim "---\nCiphers common between both SSL endpoints:\n"); 198174664626SKris Kennaway j = i = 0; 1982*6f9291ceSJung-uk Kim while (*p) { 1983*6f9291ceSJung-uk Kim if (*p == ':') { 198474664626SKris Kennaway BIO_write(bio, space, 15 - j % 25); 198574664626SKris Kennaway i++; 198674664626SKris Kennaway j = 0; 198774664626SKris Kennaway BIO_write(bio, ((i % 3) ? " " : "\n"), 1); 1988*6f9291ceSJung-uk Kim } else { 198974664626SKris Kennaway BIO_write(bio, p, 1); 199074664626SKris Kennaway j++; 199174664626SKris Kennaway } 199274664626SKris Kennaway p++; 199374664626SKris Kennaway } 199474664626SKris Kennaway BIO_write(bio, "\n", 1); 199574664626SKris Kennaway } 199674664626SKris Kennaway 1997*6f9291ceSJung-uk Kim BIO_printf(bio, 1998*6f9291ceSJung-uk Kim "---\nSSL handshake has read %ld bytes and written %ld bytes\n", 199974664626SKris Kennaway BIO_number_read(SSL_get_rbio(s)), 200074664626SKris Kennaway BIO_number_written(SSL_get_wbio(s))); 200174664626SKris Kennaway } 20021f13597dSJung-uk Kim BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, ")); 200374664626SKris Kennaway c = SSL_get_current_cipher(s); 200474664626SKris Kennaway BIO_printf(bio, "%s, Cipher is %s\n", 2005*6f9291ceSJung-uk Kim SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); 200674664626SKris Kennaway if (peer != NULL) { 200774664626SKris Kennaway EVP_PKEY *pktmp; 200874664626SKris Kennaway pktmp = X509_get_pubkey(peer); 200974664626SKris Kennaway BIO_printf(bio, "Server public key is %d bit\n", 201074664626SKris Kennaway EVP_PKEY_bits(pktmp)); 201174664626SKris Kennaway EVP_PKEY_free(pktmp); 201274664626SKris Kennaway } 20136a599222SSimon L. B. Nielsen BIO_printf(bio, "Secure Renegotiation IS%s supported\n", 20146a599222SSimon L. B. Nielsen SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); 20153b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 20163b4e3dcbSSimon L. B. Nielsen comp = SSL_get_current_compression(s); 20173b4e3dcbSSimon L. B. Nielsen expansion = SSL_get_current_expansion(s); 20183b4e3dcbSSimon L. B. Nielsen BIO_printf(bio, "Compression: %s\n", 20193b4e3dcbSSimon L. B. Nielsen comp ? SSL_COMP_get_name(comp) : "NONE"); 20203b4e3dcbSSimon L. B. Nielsen BIO_printf(bio, "Expansion: %s\n", 20213b4e3dcbSSimon L. B. Nielsen expansion ? SSL_COMP_get_name(expansion) : "NONE"); 20223b4e3dcbSSimon L. B. Nielsen #endif 20231f13597dSJung-uk Kim 20241f13597dSJung-uk Kim #ifdef SSL_DEBUG 20251f13597dSJung-uk Kim { 20261f13597dSJung-uk Kim /* Print out local port of connection: useful for debugging */ 20271f13597dSJung-uk Kim int sock; 20281f13597dSJung-uk Kim struct sockaddr_in ladd; 20291f13597dSJung-uk Kim socklen_t ladd_size = sizeof(ladd); 20301f13597dSJung-uk Kim sock = SSL_get_fd(s); 20311f13597dSJung-uk Kim getsockname(sock, (struct sockaddr *)&ladd, &ladd_size); 20321f13597dSJung-uk Kim BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); 20331f13597dSJung-uk Kim } 20341f13597dSJung-uk Kim #endif 20351f13597dSJung-uk Kim 20361f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 20371f13597dSJung-uk Kim if (next_proto.status != -1) { 20381f13597dSJung-uk Kim const unsigned char *proto; 20391f13597dSJung-uk Kim unsigned int proto_len; 20401f13597dSJung-uk Kim SSL_get0_next_proto_negotiated(s, &proto, &proto_len); 20411f13597dSJung-uk Kim BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); 20421f13597dSJung-uk Kim BIO_write(bio, proto, proto_len); 20431f13597dSJung-uk Kim BIO_write(bio, "\n", 1); 20441f13597dSJung-uk Kim } 20451f13597dSJung-uk Kim #endif 20461f13597dSJung-uk Kim 204709286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 20481f13597dSJung-uk Kim { 2049*6f9291ceSJung-uk Kim SRTP_PROTECTION_PROFILE *srtp_profile = 2050*6f9291ceSJung-uk Kim SSL_get_selected_srtp_profile(s); 20511f13597dSJung-uk Kim 20521f13597dSJung-uk Kim if (srtp_profile) 20531f13597dSJung-uk Kim BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n", 20541f13597dSJung-uk Kim srtp_profile->name); 20551f13597dSJung-uk Kim } 205609286989SJung-uk Kim #endif 20571f13597dSJung-uk Kim 205874664626SKris Kennaway SSL_SESSION_print(bio, SSL_get_session(s)); 2059*6f9291ceSJung-uk Kim if (keymatexportlabel != NULL) { 20601f13597dSJung-uk Kim BIO_printf(bio, "Keying material exporter:\n"); 20611f13597dSJung-uk Kim BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); 20621f13597dSJung-uk Kim BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); 20631f13597dSJung-uk Kim exportedkeymat = OPENSSL_malloc(keymatexportlen); 2064*6f9291ceSJung-uk Kim if (exportedkeymat != NULL) { 20651f13597dSJung-uk Kim if (!SSL_export_keying_material(s, exportedkeymat, 20661f13597dSJung-uk Kim keymatexportlen, 20671f13597dSJung-uk Kim keymatexportlabel, 20681f13597dSJung-uk Kim strlen(keymatexportlabel), 2069*6f9291ceSJung-uk Kim NULL, 0, 0)) { 20701f13597dSJung-uk Kim BIO_printf(bio, " Error\n"); 2071*6f9291ceSJung-uk Kim } else { 20721f13597dSJung-uk Kim BIO_printf(bio, " Keying material: "); 20731f13597dSJung-uk Kim for (i = 0; i < keymatexportlen; i++) 2074*6f9291ceSJung-uk Kim BIO_printf(bio, "%02X", exportedkeymat[i]); 20751f13597dSJung-uk Kim BIO_printf(bio, "\n"); 20761f13597dSJung-uk Kim } 20771f13597dSJung-uk Kim OPENSSL_free(exportedkeymat); 20781f13597dSJung-uk Kim } 20791f13597dSJung-uk Kim } 208074664626SKris Kennaway BIO_printf(bio, "---\n"); 208174664626SKris Kennaway if (peer != NULL) 208274664626SKris Kennaway X509_free(peer); 2083a21b1b38SKris Kennaway /* flush, or debugging output gets mixed with http response */ 2084db522d3aSSimon L. B. Nielsen (void)BIO_flush(bio); 208574664626SKris Kennaway } 208674664626SKris Kennaway 2087db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 2088db522d3aSSimon L. B. Nielsen 2089db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg) 2090db522d3aSSimon L. B. Nielsen { 2091db522d3aSSimon L. B. Nielsen const unsigned char *p; 2092db522d3aSSimon L. B. Nielsen int len; 2093db522d3aSSimon L. B. Nielsen OCSP_RESPONSE *rsp; 2094db522d3aSSimon L. B. Nielsen len = SSL_get_tlsext_status_ocsp_resp(s, &p); 2095db522d3aSSimon L. B. Nielsen BIO_puts(arg, "OCSP response: "); 2096*6f9291ceSJung-uk Kim if (!p) { 2097db522d3aSSimon L. B. Nielsen BIO_puts(arg, "no response sent\n"); 2098db522d3aSSimon L. B. Nielsen return 1; 2099db522d3aSSimon L. B. Nielsen } 2100db522d3aSSimon L. B. Nielsen rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 2101*6f9291ceSJung-uk Kim if (!rsp) { 2102db522d3aSSimon L. B. Nielsen BIO_puts(arg, "response parse error\n"); 2103db522d3aSSimon L. B. Nielsen BIO_dump_indent(arg, (char *)p, len, 4); 2104db522d3aSSimon L. B. Nielsen return 0; 2105db522d3aSSimon L. B. Nielsen } 2106db522d3aSSimon L. B. Nielsen BIO_puts(arg, "\n======================================\n"); 2107db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_print(arg, rsp, 0); 2108db522d3aSSimon L. B. Nielsen BIO_puts(arg, "======================================\n"); 2109db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_free(rsp); 2110db522d3aSSimon L. B. Nielsen return 1; 2111db522d3aSSimon L. B. Nielsen } 21121f13597dSJung-uk Kim 21131f13597dSJung-uk Kim #endif 2114