174664626SKris Kennaway /* apps/s_client.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 585c87c606SMark Murray /* ==================================================================== 591f13597dSJung-uk Kim * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 605c87c606SMark Murray * 615c87c606SMark Murray * Redistribution and use in source and binary forms, with or without 625c87c606SMark Murray * modification, are permitted provided that the following conditions 635c87c606SMark Murray * are met: 645c87c606SMark Murray * 655c87c606SMark Murray * 1. Redistributions of source code must retain the above copyright 665c87c606SMark Murray * notice, this list of conditions and the following disclaimer. 675c87c606SMark Murray * 685c87c606SMark Murray * 2. Redistributions in binary form must reproduce the above copyright 695c87c606SMark Murray * notice, this list of conditions and the following disclaimer in 705c87c606SMark Murray * the documentation and/or other materials provided with the 715c87c606SMark Murray * distribution. 725c87c606SMark Murray * 735c87c606SMark Murray * 3. All advertising materials mentioning features or use of this 745c87c606SMark Murray * software must display the following acknowledgment: 755c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 765c87c606SMark Murray * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 775c87c606SMark Murray * 785c87c606SMark Murray * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 795c87c606SMark Murray * endorse or promote products derived from this software without 805c87c606SMark Murray * prior written permission. For written permission, please contact 815c87c606SMark Murray * openssl-core@openssl.org. 825c87c606SMark Murray * 835c87c606SMark Murray * 5. Products derived from this software may not be called "OpenSSL" 845c87c606SMark Murray * nor may "OpenSSL" appear in their names without prior written 855c87c606SMark Murray * permission of the OpenSSL Project. 865c87c606SMark Murray * 875c87c606SMark Murray * 6. Redistributions of any form whatsoever must retain the following 885c87c606SMark Murray * acknowledgment: 895c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 905c87c606SMark Murray * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 915c87c606SMark Murray * 925c87c606SMark Murray * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 935c87c606SMark Murray * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 945c87c606SMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 955c87c606SMark Murray * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 965c87c606SMark Murray * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 975c87c606SMark Murray * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 985c87c606SMark Murray * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 995c87c606SMark Murray * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1005c87c606SMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1015c87c606SMark Murray * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 1025c87c606SMark Murray * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 1035c87c606SMark Murray * OF THE POSSIBILITY OF SUCH DAMAGE. 1045c87c606SMark Murray * ==================================================================== 1055c87c606SMark Murray * 1065c87c606SMark Murray * This product includes cryptographic software written by Eric Young 1075c87c606SMark Murray * (eay@cryptsoft.com). This product includes software written by Tim 1085c87c606SMark Murray * Hudson (tjh@cryptsoft.com). 1095c87c606SMark Murray * 1105c87c606SMark Murray */ 1111f13597dSJung-uk Kim /* ==================================================================== 1121f13597dSJung-uk Kim * Copyright 2005 Nokia. All rights reserved. 1131f13597dSJung-uk Kim * 1141f13597dSJung-uk Kim * The portions of the attached software ("Contribution") is developed by 1151f13597dSJung-uk Kim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 1161f13597dSJung-uk Kim * license. 1171f13597dSJung-uk Kim * 1181f13597dSJung-uk Kim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 1191f13597dSJung-uk Kim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 1201f13597dSJung-uk Kim * support (see RFC 4279) to OpenSSL. 1211f13597dSJung-uk Kim * 1221f13597dSJung-uk Kim * No patent licenses or other rights except those expressly stated in 1231f13597dSJung-uk Kim * the OpenSSL open source license shall be deemed granted or received 1241f13597dSJung-uk Kim * expressly, by implication, estoppel, or otherwise. 1251f13597dSJung-uk Kim * 1261f13597dSJung-uk Kim * No assurances are provided by Nokia that the Contribution does not 1271f13597dSJung-uk Kim * infringe the patent or other intellectual property rights of any third 1281f13597dSJung-uk Kim * party or that the license provides you with all the necessary rights 1291f13597dSJung-uk Kim * to make use of the Contribution. 1301f13597dSJung-uk Kim * 1311f13597dSJung-uk Kim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 1321f13597dSJung-uk Kim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 1331f13597dSJung-uk Kim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 1341f13597dSJung-uk Kim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 1351f13597dSJung-uk Kim * OTHERWISE. 1361f13597dSJung-uk Kim */ 13774664626SKris Kennaway 13874664626SKris Kennaway #include <assert.h> 1391f13597dSJung-uk Kim #include <ctype.h> 14074664626SKris Kennaway #include <stdio.h> 14174664626SKris Kennaway #include <stdlib.h> 14274664626SKris Kennaway #include <string.h> 1435c87c606SMark Murray #include <openssl/e_os2.h> 1445c87c606SMark Murray #ifdef OPENSSL_NO_STDIO 14574664626SKris Kennaway # define APPS_WIN16 14674664626SKris Kennaway #endif 14774664626SKris Kennaway 1486f9291ceSJung-uk Kim /* 1496f9291ceSJung-uk Kim * With IPv6, it looks like Digital has mixed up the proper order of 1506f9291ceSJung-uk Kim * recursive header file inclusion, resulting in the compiler complaining 1516f9291ceSJung-uk Kim * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is 1526f9291ceSJung-uk Kim * needed to have fileno() declared correctly... So let's define u_int 1536f9291ceSJung-uk Kim */ 1545c87c606SMark Murray #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 15574664626SKris Kennaway # define __U_INT 15674664626SKris Kennaway typedef unsigned int u_int; 15774664626SKris Kennaway #endif 15874664626SKris Kennaway 15974664626SKris Kennaway #define USE_SOCKETS 16074664626SKris Kennaway #include "apps.h" 16174664626SKris Kennaway #include <openssl/x509.h> 16274664626SKris Kennaway #include <openssl/ssl.h> 16374664626SKris Kennaway #include <openssl/err.h> 16474664626SKris Kennaway #include <openssl/pem.h> 1655740a5e3SKris Kennaway #include <openssl/rand.h> 166db522d3aSSimon L. B. Nielsen #include <openssl/ocsp.h> 1671f13597dSJung-uk Kim #include <openssl/bn.h> 1681f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 1691f13597dSJung-uk Kim # include <openssl/srp.h> 1701f13597dSJung-uk Kim #endif 17174664626SKris Kennaway #include "s_apps.h" 1723b4e3dcbSSimon L. B. Nielsen #include "timeouts.h" 17374664626SKris Kennaway 1745c87c606SMark Murray #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) 17574664626SKris Kennaway /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 17674664626SKris Kennaway # undef FIONBIO 17774664626SKris Kennaway #endif 17874664626SKris Kennaway 1791f13597dSJung-uk Kim #if defined(OPENSSL_SYS_BEOS_R5) 1801f13597dSJung-uk Kim # include <fcntl.h> 1811f13597dSJung-uk Kim #endif 1821f13597dSJung-uk Kim 18374664626SKris Kennaway #undef PROG 18474664626SKris Kennaway #define PROG s_client_main 18574664626SKris Kennaway 1866f9291ceSJung-uk Kim /* 1876f9291ceSJung-uk Kim * #define SSL_HOST_NAME "www.netscape.com" 1886f9291ceSJung-uk Kim */ 1896f9291ceSJung-uk Kim /* 1906f9291ceSJung-uk Kim * #define SSL_HOST_NAME "193.118.187.102" 1916f9291ceSJung-uk Kim */ 19274664626SKris Kennaway #define SSL_HOST_NAME "localhost" 19374664626SKris Kennaway 1946f9291ceSJung-uk Kim /* no default cert. */ 1956f9291ceSJung-uk Kim /* 1966f9291ceSJung-uk Kim * #define TEST_CERT "client.pem" 1976f9291ceSJung-uk Kim */ 19874664626SKris Kennaway 19974664626SKris Kennaway #undef BUFSIZZ 20074664626SKris Kennaway #define BUFSIZZ 1024*8 20174664626SKris Kennaway 20274664626SKris Kennaway extern int verify_depth; 20374664626SKris Kennaway extern int verify_error; 2041f13597dSJung-uk Kim extern int verify_return_error; 205*7bded2dbSJung-uk Kim extern int verify_quiet; 20674664626SKris Kennaway 20774664626SKris Kennaway #ifdef FIONBIO 20874664626SKris Kennaway static int c_nbio = 0; 20974664626SKris Kennaway #endif 21074664626SKris Kennaway static int c_Pause = 0; 21174664626SKris Kennaway static int c_debug = 0; 212db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 213db522d3aSSimon L. B. Nielsen static int c_tlsextdebug = 0; 214db522d3aSSimon L. B. Nielsen static int c_status_req = 0; 215db522d3aSSimon L. B. Nielsen #endif 2165c87c606SMark Murray static int c_msg = 0; 21774664626SKris Kennaway static int c_showcerts = 0; 21874664626SKris Kennaway 2191f13597dSJung-uk Kim static char *keymatexportlabel = NULL; 2201f13597dSJung-uk Kim static int keymatexportlen = 20; 2211f13597dSJung-uk Kim 22274664626SKris Kennaway static void sc_usage(void); 22374664626SKris Kennaway static void print_stuff(BIO *berr, SSL *con, int full); 224db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 225db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg); 226db522d3aSSimon L. B. Nielsen #endif 22774664626SKris Kennaway static BIO *bio_c_out = NULL; 228*7bded2dbSJung-uk Kim static BIO *bio_c_msg = NULL; 22974664626SKris Kennaway static int c_quiet = 0; 230f579bf8eSKris Kennaway static int c_ign_eof = 0; 231*7bded2dbSJung-uk Kim static int c_brief = 0; 23274664626SKris Kennaway 2331f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 2341f13597dSJung-uk Kim /* Default PSK identity and key */ 2351f13597dSJung-uk Kim static char *psk_identity = "Client_identity"; 2366f9291ceSJung-uk Kim /* 2376f9291ceSJung-uk Kim * char *psk_key=NULL; by default PSK is not used 2386f9291ceSJung-uk Kim */ 2391f13597dSJung-uk Kim 2401f13597dSJung-uk Kim static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, 2416f9291ceSJung-uk Kim unsigned int max_identity_len, 2426f9291ceSJung-uk Kim unsigned char *psk, 2431f13597dSJung-uk Kim unsigned int max_psk_len) 2441f13597dSJung-uk Kim { 2451f13597dSJung-uk Kim unsigned int psk_len = 0; 2461f13597dSJung-uk Kim int ret; 2471f13597dSJung-uk Kim BIGNUM *bn = NULL; 2481f13597dSJung-uk Kim 2491f13597dSJung-uk Kim if (c_debug) 2501f13597dSJung-uk Kim BIO_printf(bio_c_out, "psk_client_cb\n"); 2516f9291ceSJung-uk Kim if (!hint) { 2521f13597dSJung-uk Kim /* no ServerKeyExchange message */ 2531f13597dSJung-uk Kim if (c_debug) 2546f9291ceSJung-uk Kim BIO_printf(bio_c_out, 2556f9291ceSJung-uk Kim "NULL received PSK identity hint, continuing anyway\n"); 2566f9291ceSJung-uk Kim } else if (c_debug) 2571f13597dSJung-uk Kim BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); 2581f13597dSJung-uk Kim 2596f9291ceSJung-uk Kim /* 2606f9291ceSJung-uk Kim * lookup PSK identity and PSK key based on the given identity hint here 2616f9291ceSJung-uk Kim */ 2621f13597dSJung-uk Kim ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); 2631f13597dSJung-uk Kim if (ret < 0 || (unsigned int)ret > max_identity_len) 2641f13597dSJung-uk Kim goto out_err; 2651f13597dSJung-uk Kim if (c_debug) 2666f9291ceSJung-uk Kim BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, 2676f9291ceSJung-uk Kim ret); 2681f13597dSJung-uk Kim ret = BN_hex2bn(&bn, psk_key); 2696f9291ceSJung-uk Kim if (!ret) { 2706f9291ceSJung-uk Kim BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", 2716f9291ceSJung-uk Kim psk_key); 2721f13597dSJung-uk Kim if (bn) 2731f13597dSJung-uk Kim BN_free(bn); 2741f13597dSJung-uk Kim return 0; 2751f13597dSJung-uk Kim } 2761f13597dSJung-uk Kim 2776f9291ceSJung-uk Kim if ((unsigned int)BN_num_bytes(bn) > max_psk_len) { 2786f9291ceSJung-uk Kim BIO_printf(bio_err, 2796f9291ceSJung-uk Kim "psk buffer of callback is too small (%d) for key (%d)\n", 2801f13597dSJung-uk Kim max_psk_len, BN_num_bytes(bn)); 2811f13597dSJung-uk Kim BN_free(bn); 2821f13597dSJung-uk Kim return 0; 2831f13597dSJung-uk Kim } 2841f13597dSJung-uk Kim 2851f13597dSJung-uk Kim psk_len = BN_bn2bin(bn, psk); 2861f13597dSJung-uk Kim BN_free(bn); 2871f13597dSJung-uk Kim if (psk_len == 0) 2881f13597dSJung-uk Kim goto out_err; 2891f13597dSJung-uk Kim 2901f13597dSJung-uk Kim if (c_debug) 2911f13597dSJung-uk Kim BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); 2921f13597dSJung-uk Kim 2931f13597dSJung-uk Kim return psk_len; 2941f13597dSJung-uk Kim out_err: 2951f13597dSJung-uk Kim if (c_debug) 2961f13597dSJung-uk Kim BIO_printf(bio_err, "Error in PSK client callback\n"); 2971f13597dSJung-uk Kim return 0; 2981f13597dSJung-uk Kim } 2991f13597dSJung-uk Kim #endif 3001f13597dSJung-uk Kim 30174664626SKris Kennaway static void sc_usage(void) 30274664626SKris Kennaway { 30374664626SKris Kennaway BIO_printf(bio_err, "usage: s_client args\n"); 30474664626SKris Kennaway BIO_printf(bio_err, "\n"); 30574664626SKris Kennaway BIO_printf(bio_err, " -host host - use -connect instead\n"); 30674664626SKris Kennaway BIO_printf(bio_err, " -port port - use -connect instead\n"); 3076f9291ceSJung-uk Kim BIO_printf(bio_err, 3086f9291ceSJung-uk Kim " -connect host:port - who to connect to (default is %s:%s)\n", 3096f9291ceSJung-uk Kim SSL_HOST_NAME, PORT_STR); 310*7bded2dbSJung-uk Kim BIO_printf(bio_err, 311*7bded2dbSJung-uk Kim " -verify_host host - check peer certificate matches \"host\"\n"); 312*7bded2dbSJung-uk Kim BIO_printf(bio_err, 313*7bded2dbSJung-uk Kim " -verify_email email - check peer certificate matches \"email\"\n"); 314*7bded2dbSJung-uk Kim BIO_printf(bio_err, 315*7bded2dbSJung-uk Kim " -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n"); 31674664626SKris Kennaway 3176f9291ceSJung-uk Kim BIO_printf(bio_err, 3186f9291ceSJung-uk Kim " -verify arg - turn on peer certificate verification\n"); 3196f9291ceSJung-uk Kim BIO_printf(bio_err, 3206f9291ceSJung-uk Kim " -verify_return_error - return verification errors\n"); 3216f9291ceSJung-uk Kim BIO_printf(bio_err, 3226f9291ceSJung-uk Kim " -cert arg - certificate file to use, PEM format assumed\n"); 3236f9291ceSJung-uk Kim BIO_printf(bio_err, 3246f9291ceSJung-uk Kim " -certform arg - certificate format (PEM or DER) PEM default\n"); 3256f9291ceSJung-uk Kim BIO_printf(bio_err, 3266f9291ceSJung-uk Kim " -key arg - Private key file to use, in cert file if\n"); 32774664626SKris Kennaway BIO_printf(bio_err, " not specified but cert file is.\n"); 3286f9291ceSJung-uk Kim BIO_printf(bio_err, 3296f9291ceSJung-uk Kim " -keyform arg - key format (PEM or DER) PEM default\n"); 3306f9291ceSJung-uk Kim BIO_printf(bio_err, 3316f9291ceSJung-uk Kim " -pass arg - private key file pass phrase source\n"); 33274664626SKris Kennaway BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); 33374664626SKris Kennaway BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); 3346f9291ceSJung-uk Kim BIO_printf(bio_err, 335ed6b93beSJung-uk Kim " -no_alt_chains - only ever use the first certificate chain found\n"); 336ed6b93beSJung-uk Kim BIO_printf(bio_err, 3376f9291ceSJung-uk Kim " -reconnect - Drop and re-make the connection with the same Session-ID\n"); 3386f9291ceSJung-uk Kim BIO_printf(bio_err, 3396f9291ceSJung-uk Kim " -pause - sleep(1) after each read(2) and write(2) system call\n"); 3406f9291ceSJung-uk Kim BIO_printf(bio_err, 3416f9291ceSJung-uk Kim " -prexit - print session information even on connection failure\n"); 3426f9291ceSJung-uk Kim BIO_printf(bio_err, 3436f9291ceSJung-uk Kim " -showcerts - show all certificates in the chain\n"); 34474664626SKris Kennaway BIO_printf(bio_err, " -debug - extra output\n"); 3453b4e3dcbSSimon L. B. Nielsen #ifdef WATT32 3463b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); 3473b4e3dcbSSimon L. B. Nielsen #endif 3485c87c606SMark Murray BIO_printf(bio_err, " -msg - Show protocol messages\n"); 34974664626SKris Kennaway BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); 35074664626SKris Kennaway BIO_printf(bio_err, " -state - print the 'ssl' states\n"); 35174664626SKris Kennaway #ifdef FIONBIO 35274664626SKris Kennaway BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); 35374664626SKris Kennaway #endif 3546f9291ceSJung-uk Kim BIO_printf(bio_err, 3556f9291ceSJung-uk Kim " -crlf - convert LF from terminal into CRLF\n"); 35674664626SKris Kennaway BIO_printf(bio_err, " -quiet - no s_client output\n"); 3576f9291ceSJung-uk Kim BIO_printf(bio_err, 3586f9291ceSJung-uk Kim " -ign_eof - ignore input eof (default when -quiet)\n"); 359db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); 3601f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 3611f13597dSJung-uk Kim BIO_printf(bio_err, " -psk_identity arg - PSK identity\n"); 3621f13597dSJung-uk Kim BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); 3631f13597dSJung-uk Kim # ifndef OPENSSL_NO_JPAKE 3641f13597dSJung-uk Kim BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); 3651f13597dSJung-uk Kim # endif 3661f13597dSJung-uk Kim #endif 3671f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 3686f9291ceSJung-uk Kim BIO_printf(bio_err, 3696f9291ceSJung-uk Kim " -srpuser user - SRP authentification for 'user'\n"); 3701f13597dSJung-uk Kim BIO_printf(bio_err, " -srppass arg - password for 'user'\n"); 3716f9291ceSJung-uk Kim BIO_printf(bio_err, 3726f9291ceSJung-uk Kim " -srp_lateuser - SRP username into second ClientHello message\n"); 3736f9291ceSJung-uk Kim BIO_printf(bio_err, 3746f9291ceSJung-uk Kim " -srp_moregroups - Tolerate other than the known g N values.\n"); 3756f9291ceSJung-uk Kim BIO_printf(bio_err, 3766f9291ceSJung-uk Kim " -srp_strength int - minimal length in bits for N (default %d).\n", 3776f9291ceSJung-uk Kim SRP_MINIMAL_N); 3781f13597dSJung-uk Kim #endif 37974664626SKris Kennaway BIO_printf(bio_err, " -ssl2 - just use SSLv2\n"); 380751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 38174664626SKris Kennaway BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); 382751d2991SJung-uk Kim #endif 3831f13597dSJung-uk Kim BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); 3841f13597dSJung-uk Kim BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); 38574664626SKris Kennaway BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); 3863b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); 387fa5fddf1SJung-uk Kim BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n"); 3886a599222SSimon L. B. Nielsen BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); 3896f9291ceSJung-uk Kim BIO_printf(bio_err, 3906f9291ceSJung-uk Kim " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); 3916f9291ceSJung-uk Kim BIO_printf(bio_err, 3926f9291ceSJung-uk Kim " -bugs - Switch on all SSL implementation bug workarounds\n"); 3936f9291ceSJung-uk Kim BIO_printf(bio_err, 3946f9291ceSJung-uk Kim " -serverpref - Use server's cipher preferences (only SSLv2)\n"); 3956f9291ceSJung-uk Kim BIO_printf(bio_err, 3966f9291ceSJung-uk Kim " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); 3976f9291ceSJung-uk Kim BIO_printf(bio_err, 3986f9291ceSJung-uk Kim " command to see what is available\n"); 3996f9291ceSJung-uk Kim BIO_printf(bio_err, 4006f9291ceSJung-uk Kim " -starttls prot - use the STARTTLS command before starting TLS\n"); 4016f9291ceSJung-uk Kim BIO_printf(bio_err, 4026f9291ceSJung-uk Kim " for those protocols that support it, where\n"); 4036f9291ceSJung-uk Kim BIO_printf(bio_err, 4046f9291ceSJung-uk Kim " 'prot' defines which one to assume. Currently,\n"); 4056f9291ceSJung-uk Kim BIO_printf(bio_err, 4066f9291ceSJung-uk Kim " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); 407db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " are supported.\n"); 408fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 4096f9291ceSJung-uk Kim BIO_printf(bio_err, 4106f9291ceSJung-uk Kim " -engine id - Initialise and use the specified engine\n"); 411fceca8a3SJacques Vidrine #endif 4126f9291ceSJung-uk Kim BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, 4136f9291ceSJung-uk Kim LIST_SEPARATOR_CHAR); 414db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); 415db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); 416db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 4176f9291ceSJung-uk Kim BIO_printf(bio_err, 4186f9291ceSJung-uk Kim " -servername host - Set TLS extension servername in ClientHello\n"); 4196f9291ceSJung-uk Kim BIO_printf(bio_err, 4206f9291ceSJung-uk Kim " -tlsextdebug - hex dump of all TLS extensions received\n"); 4216f9291ceSJung-uk Kim BIO_printf(bio_err, 4226f9291ceSJung-uk Kim " -status - request certificate status from server\n"); 4236f9291ceSJung-uk Kim BIO_printf(bio_err, 4246f9291ceSJung-uk Kim " -no_ticket - disable use of RFC4507bis session tickets\n"); 425*7bded2dbSJung-uk Kim BIO_printf(bio_err, 426*7bded2dbSJung-uk Kim " -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); 427*7bded2dbSJung-uk Kim #endif 42809286989SJung-uk Kim #ifndef OPENSSL_NO_NEXTPROTONEG 4296f9291ceSJung-uk Kim BIO_printf(bio_err, 4306f9291ceSJung-uk Kim " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); 4311f13597dSJung-uk Kim #endif 432*7bded2dbSJung-uk Kim BIO_printf(bio_err, 433*7bded2dbSJung-uk Kim " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); 4346f9291ceSJung-uk Kim BIO_printf(bio_err, 4356f9291ceSJung-uk Kim " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 43609286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 4376f9291ceSJung-uk Kim BIO_printf(bio_err, 4386f9291ceSJung-uk Kim " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 43909286989SJung-uk Kim #endif 4406f9291ceSJung-uk Kim BIO_printf(bio_err, 4416f9291ceSJung-uk Kim " -keymatexport label - Export keying material using label\n"); 4426f9291ceSJung-uk Kim BIO_printf(bio_err, 4436f9291ceSJung-uk Kim " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 44474664626SKris Kennaway } 44574664626SKris Kennaway 446db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 447db522d3aSSimon L. B. Nielsen 448db522d3aSSimon L. B. Nielsen /* This is a context that we pass to callbacks */ 449db522d3aSSimon L. B. Nielsen typedef struct tlsextctx_st { 450db522d3aSSimon L. B. Nielsen BIO *biodebug; 451db522d3aSSimon L. B. Nielsen int ack; 452db522d3aSSimon L. B. Nielsen } tlsextctx; 453db522d3aSSimon L. B. Nielsen 454db522d3aSSimon L. B. Nielsen static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) 455db522d3aSSimon L. B. Nielsen { 456db522d3aSSimon L. B. Nielsen tlsextctx *p = (tlsextctx *) arg; 457db522d3aSSimon L. B. Nielsen const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 458db522d3aSSimon L. B. Nielsen if (SSL_get_servername_type(s) != -1) 459db522d3aSSimon L. B. Nielsen p->ack = !SSL_session_reused(s) && hn != NULL; 460db522d3aSSimon L. B. Nielsen else 461db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Can't use SSL_get_servername\n"); 462db522d3aSSimon L. B. Nielsen 463db522d3aSSimon L. B. Nielsen return SSL_TLSEXT_ERR_OK; 464db522d3aSSimon L. B. Nielsen } 4651f13597dSJung-uk Kim 4661f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP 4671f13597dSJung-uk Kim 4681f13597dSJung-uk Kim /* This is a context that we pass to all callbacks */ 4696f9291ceSJung-uk Kim typedef struct srp_arg_st { 4701f13597dSJung-uk Kim char *srppassin; 4711f13597dSJung-uk Kim char *srplogin; 4721f13597dSJung-uk Kim int msg; /* copy from c_msg */ 4731f13597dSJung-uk Kim int debug; /* copy from c_debug */ 4741f13597dSJung-uk Kim int amp; /* allow more groups */ 4751f13597dSJung-uk Kim int strength /* minimal size for N */ ; 4761f13597dSJung-uk Kim } SRP_ARG; 4771f13597dSJung-uk Kim 4781f13597dSJung-uk Kim # define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 4791f13597dSJung-uk Kim 4801f13597dSJung-uk Kim static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g) 4811f13597dSJung-uk Kim { 4821f13597dSJung-uk Kim BN_CTX *bn_ctx = BN_CTX_new(); 4831f13597dSJung-uk Kim BIGNUM *p = BN_new(); 4841f13597dSJung-uk Kim BIGNUM *r = BN_new(); 4851f13597dSJung-uk Kim int ret = 4861f13597dSJung-uk Kim g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && 4871f13597dSJung-uk Kim BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 4881f13597dSJung-uk Kim p != NULL && BN_rshift1(p, N) && 4891f13597dSJung-uk Kim /* p = (N-1)/2 */ 4901f13597dSJung-uk Kim BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 4911f13597dSJung-uk Kim r != NULL && 4921f13597dSJung-uk Kim /* verify g^((N-1)/2) == -1 (mod N) */ 4931f13597dSJung-uk Kim BN_mod_exp(r, g, p, N, bn_ctx) && 4946f9291ceSJung-uk Kim BN_add_word(r, 1) && BN_cmp(r, N) == 0; 4951f13597dSJung-uk Kim 4961f13597dSJung-uk Kim if (r) 4971f13597dSJung-uk Kim BN_free(r); 4981f13597dSJung-uk Kim if (p) 4991f13597dSJung-uk Kim BN_free(p); 5001f13597dSJung-uk Kim if (bn_ctx) 5011f13597dSJung-uk Kim BN_CTX_free(bn_ctx); 5021f13597dSJung-uk Kim return ret; 5031f13597dSJung-uk Kim } 5041f13597dSJung-uk Kim 5056f9291ceSJung-uk Kim /*- 5066f9291ceSJung-uk Kim * This callback is used here for two purposes: 5076f9291ceSJung-uk Kim * - extended debugging 5086f9291ceSJung-uk Kim * - making some primality tests for unknown groups 5096f9291ceSJung-uk Kim * The callback is only called for a non default group. 5106f9291ceSJung-uk Kim * 5116f9291ceSJung-uk Kim * An application does not need the call back at all if 5126f9291ceSJung-uk Kim * only the stanard groups are used. In real life situations, 5136f9291ceSJung-uk Kim * client and server already share well known groups, 5146f9291ceSJung-uk Kim * thus there is no need to verify them. 5156f9291ceSJung-uk Kim * Furthermore, in case that a server actually proposes a group that 5166f9291ceSJung-uk Kim * is not one of those defined in RFC 5054, it is more appropriate 5176f9291ceSJung-uk Kim * to add the group to a static list and then compare since 5186f9291ceSJung-uk Kim * primality tests are rather cpu consuming. 5191f13597dSJung-uk Kim */ 5201f13597dSJung-uk Kim 5211f13597dSJung-uk Kim static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg) 5221f13597dSJung-uk Kim { 5231f13597dSJung-uk Kim SRP_ARG *srp_arg = (SRP_ARG *)arg; 5241f13597dSJung-uk Kim BIGNUM *N = NULL, *g = NULL; 5251f13597dSJung-uk Kim if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s))) 5261f13597dSJung-uk Kim return 0; 5276f9291ceSJung-uk Kim if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) { 5281f13597dSJung-uk Kim BIO_printf(bio_err, "SRP parameters:\n"); 5296f9291ceSJung-uk Kim BIO_printf(bio_err, "\tN="); 5306f9291ceSJung-uk Kim BN_print(bio_err, N); 5316f9291ceSJung-uk Kim BIO_printf(bio_err, "\n\tg="); 5326f9291ceSJung-uk Kim BN_print(bio_err, g); 5331f13597dSJung-uk Kim BIO_printf(bio_err, "\n"); 5341f13597dSJung-uk Kim } 5351f13597dSJung-uk Kim 5361f13597dSJung-uk Kim if (SRP_check_known_gN_param(g, N)) 5371f13597dSJung-uk Kim return 1; 5381f13597dSJung-uk Kim 5396f9291ceSJung-uk Kim if (srp_arg->amp == 1) { 5401f13597dSJung-uk Kim if (srp_arg->debug) 5416f9291ceSJung-uk Kim BIO_printf(bio_err, 5426f9291ceSJung-uk Kim "SRP param N and g are not known params, going to check deeper.\n"); 5431f13597dSJung-uk Kim 5446f9291ceSJung-uk Kim /* 5456f9291ceSJung-uk Kim * The srp_moregroups is a real debugging feature. Implementors 5466f9291ceSJung-uk Kim * should rather add the value to the known ones. The minimal size 5476f9291ceSJung-uk Kim * has already been tested. 5481f13597dSJung-uk Kim */ 5491f13597dSJung-uk Kim if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g)) 5501f13597dSJung-uk Kim return 1; 5511f13597dSJung-uk Kim } 5521f13597dSJung-uk Kim BIO_printf(bio_err, "SRP param N and g rejected.\n"); 5531f13597dSJung-uk Kim return 0; 5541f13597dSJung-uk Kim } 5551f13597dSJung-uk Kim 5561f13597dSJung-uk Kim # define PWD_STRLEN 1024 5571f13597dSJung-uk Kim 5581f13597dSJung-uk Kim static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) 5591f13597dSJung-uk Kim { 5601f13597dSJung-uk Kim SRP_ARG *srp_arg = (SRP_ARG *)arg; 5611f13597dSJung-uk Kim char *pass = (char *)OPENSSL_malloc(PWD_STRLEN + 1); 5621f13597dSJung-uk Kim PW_CB_DATA cb_tmp; 5631f13597dSJung-uk Kim int l; 5641f13597dSJung-uk Kim 5656f9291ceSJung-uk Kim if (!pass) { 5666f9291ceSJung-uk Kim BIO_printf(bio_err, "Malloc failure\n"); 5676f9291ceSJung-uk Kim return NULL; 5686f9291ceSJung-uk Kim } 5696f9291ceSJung-uk Kim 5701f13597dSJung-uk Kim cb_tmp.password = (char *)srp_arg->srppassin; 5711f13597dSJung-uk Kim cb_tmp.prompt_info = "SRP user"; 5726f9291ceSJung-uk Kim if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { 5731f13597dSJung-uk Kim BIO_printf(bio_err, "Can't read Password\n"); 5741f13597dSJung-uk Kim OPENSSL_free(pass); 5751f13597dSJung-uk Kim return NULL; 5761f13597dSJung-uk Kim } 5771f13597dSJung-uk Kim *(pass + l) = '\0'; 5781f13597dSJung-uk Kim 5791f13597dSJung-uk Kim return pass; 5801f13597dSJung-uk Kim } 5811f13597dSJung-uk Kim 582db522d3aSSimon L. B. Nielsen # endif 58309286989SJung-uk Kim # ifndef OPENSSL_NO_SRTP 5841f13597dSJung-uk Kim char *srtp_profiles = NULL; 58509286989SJung-uk Kim # endif 5861f13597dSJung-uk Kim 5871f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 5881f13597dSJung-uk Kim /* This the context that we pass to next_proto_cb */ 5891f13597dSJung-uk Kim typedef struct tlsextnextprotoctx_st { 5901f13597dSJung-uk Kim unsigned char *data; 5911f13597dSJung-uk Kim unsigned short len; 5921f13597dSJung-uk Kim int status; 5931f13597dSJung-uk Kim } tlsextnextprotoctx; 5941f13597dSJung-uk Kim 5951f13597dSJung-uk Kim static tlsextnextprotoctx next_proto; 5961f13597dSJung-uk Kim 5976f9291ceSJung-uk Kim static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, 5986f9291ceSJung-uk Kim const unsigned char *in, unsigned int inlen, 5996f9291ceSJung-uk Kim void *arg) 6001f13597dSJung-uk Kim { 6011f13597dSJung-uk Kim tlsextnextprotoctx *ctx = arg; 6021f13597dSJung-uk Kim 6036f9291ceSJung-uk Kim if (!c_quiet) { 6041f13597dSJung-uk Kim /* We can assume that |in| is syntactically valid. */ 6051f13597dSJung-uk Kim unsigned i; 6061f13597dSJung-uk Kim BIO_printf(bio_c_out, "Protocols advertised by server: "); 6076f9291ceSJung-uk Kim for (i = 0; i < inlen;) { 6081f13597dSJung-uk Kim if (i) 6091f13597dSJung-uk Kim BIO_write(bio_c_out, ", ", 2); 6101f13597dSJung-uk Kim BIO_write(bio_c_out, &in[i + 1], in[i]); 6111f13597dSJung-uk Kim i += in[i] + 1; 6121f13597dSJung-uk Kim } 6131f13597dSJung-uk Kim BIO_write(bio_c_out, "\n", 1); 6141f13597dSJung-uk Kim } 6151f13597dSJung-uk Kim 6166f9291ceSJung-uk Kim ctx->status = 6176f9291ceSJung-uk Kim SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); 6181f13597dSJung-uk Kim return SSL_TLSEXT_ERR_OK; 6191f13597dSJung-uk Kim } 62009286989SJung-uk Kim # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 621*7bded2dbSJung-uk Kim 622*7bded2dbSJung-uk Kim static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, 623*7bded2dbSJung-uk Kim const unsigned char *in, size_t inlen, 624*7bded2dbSJung-uk Kim int *al, void *arg) 625*7bded2dbSJung-uk Kim { 626*7bded2dbSJung-uk Kim char pem_name[100]; 627*7bded2dbSJung-uk Kim unsigned char ext_buf[4 + 65536]; 628*7bded2dbSJung-uk Kim 629*7bded2dbSJung-uk Kim /* Reconstruct the type/len fields prior to extension data */ 630*7bded2dbSJung-uk Kim ext_buf[0] = ext_type >> 8; 631*7bded2dbSJung-uk Kim ext_buf[1] = ext_type & 0xFF; 632*7bded2dbSJung-uk Kim ext_buf[2] = inlen >> 8; 633*7bded2dbSJung-uk Kim ext_buf[3] = inlen & 0xFF; 634*7bded2dbSJung-uk Kim memcpy(ext_buf + 4, in, inlen); 635*7bded2dbSJung-uk Kim 636*7bded2dbSJung-uk Kim BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d", 637*7bded2dbSJung-uk Kim ext_type); 638*7bded2dbSJung-uk Kim PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen); 639*7bded2dbSJung-uk Kim return 1; 640*7bded2dbSJung-uk Kim } 641*7bded2dbSJung-uk Kim 6421f13597dSJung-uk Kim #endif 6431f13597dSJung-uk Kim 6446f9291ceSJung-uk Kim enum { 6455471f83eSSimon L. B. Nielsen PROTO_OFF = 0, 6465471f83eSSimon L. B. Nielsen PROTO_SMTP, 6475471f83eSSimon L. B. Nielsen PROTO_POP3, 6485471f83eSSimon L. B. Nielsen PROTO_IMAP, 649db522d3aSSimon L. B. Nielsen PROTO_FTP, 650db522d3aSSimon L. B. Nielsen PROTO_XMPP 6515471f83eSSimon L. B. Nielsen }; 6525471f83eSSimon L. B. Nielsen 653f579bf8eSKris Kennaway int MAIN(int, char **); 654f579bf8eSKris Kennaway 65574664626SKris Kennaway int MAIN(int argc, char **argv) 65674664626SKris Kennaway { 657*7bded2dbSJung-uk Kim int build_chain = 0; 6581f13597dSJung-uk Kim SSL *con = NULL; 6591f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5 6601f13597dSJung-uk Kim KSSL_CTX *kctx; 6611f13597dSJung-uk Kim #endif 66274664626SKris Kennaway int s, k, width, state = 0; 6635c87c606SMark Murray char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; 66474664626SKris Kennaway int cbuf_len, cbuf_off; 66574664626SKris Kennaway int sbuf_len, sbuf_off; 66674664626SKris Kennaway fd_set readfds, writefds; 66774664626SKris Kennaway short port = PORT; 66874664626SKris Kennaway int full_log = 1; 66974664626SKris Kennaway char *host = SSL_HOST_NAME; 670*7bded2dbSJung-uk Kim char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; 6713b4e3dcbSSimon L. B. Nielsen int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; 6723b4e3dcbSSimon L. B. Nielsen char *passarg = NULL, *pass = NULL; 6733b4e3dcbSSimon L. B. Nielsen X509 *cert = NULL; 6743b4e3dcbSSimon L. B. Nielsen EVP_PKEY *key = NULL; 675*7bded2dbSJung-uk Kim STACK_OF(X509) *chain = NULL; 676*7bded2dbSJung-uk Kim char *CApath = NULL, *CAfile = NULL; 677*7bded2dbSJung-uk Kim char *chCApath = NULL, *chCAfile = NULL; 678*7bded2dbSJung-uk Kim char *vfyCApath = NULL, *vfyCAfile = NULL; 679*7bded2dbSJung-uk Kim int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE; 68074664626SKris Kennaway int crlf = 0; 68174664626SKris Kennaway int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; 68274664626SKris Kennaway SSL_CTX *ctx = NULL; 68374664626SKris Kennaway int ret = 1, in_init = 1, i, nbio_test = 0; 6845471f83eSSimon L. B. Nielsen int starttls_proto = PROTO_OFF; 6851f13597dSJung-uk Kim int prexit = 0; 6861f13597dSJung-uk Kim X509_VERIFY_PARAM *vpm = NULL; 6871f13597dSJung-uk Kim int badarg = 0; 6881f13597dSJung-uk Kim const SSL_METHOD *meth = NULL; 6891f13597dSJung-uk Kim int socket_type = SOCK_STREAM; 69074664626SKris Kennaway BIO *sbio; 6915740a5e3SKris Kennaway char *inrand = NULL; 6925471f83eSSimon L. B. Nielsen int mbuf_len = 0; 6936a599222SSimon L. B. Nielsen struct timeval timeout, *timeoutp; 694fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 6955c87c606SMark Murray char *engine_id = NULL; 696db522d3aSSimon L. B. Nielsen char *ssl_client_engine_id = NULL; 697db522d3aSSimon L. B. Nielsen ENGINE *ssl_client_engine = NULL; 698fceca8a3SJacques Vidrine #endif 699db522d3aSSimon L. B. Nielsen ENGINE *e = NULL; 7001f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 701f579bf8eSKris Kennaway struct timeval tv; 7021f13597dSJung-uk Kim # if defined(OPENSSL_SYS_BEOS_R5) 7031f13597dSJung-uk Kim int stdin_set = 0; 704f579bf8eSKris Kennaway # endif 7051f13597dSJung-uk Kim #endif 706db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 707db522d3aSSimon L. B. Nielsen char *servername = NULL; 7086f9291ceSJung-uk Kim tlsextctx tlsextcbp = { NULL, 0 }; 7091f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 7101f13597dSJung-uk Kim const char *next_proto_neg_in = NULL; 7111f13597dSJung-uk Kim # endif 712*7bded2dbSJung-uk Kim const char *alpn_in = NULL; 713*7bded2dbSJung-uk Kim # define MAX_SI_TYPES 100 714*7bded2dbSJung-uk Kim unsigned short serverinfo_types[MAX_SI_TYPES]; 715*7bded2dbSJung-uk Kim int serverinfo_types_count = 0; 716db522d3aSSimon L. B. Nielsen #endif 717db522d3aSSimon L. B. Nielsen char *sess_in = NULL; 718db522d3aSSimon L. B. Nielsen char *sess_out = NULL; 7193b4e3dcbSSimon L. B. Nielsen struct sockaddr peer; 7203b4e3dcbSSimon L. B. Nielsen int peerlen = sizeof(peer); 721fa5fddf1SJung-uk Kim int fallback_scsv = 0; 7223b4e3dcbSSimon L. B. Nielsen int enable_timeouts = 0; 7236a599222SSimon L. B. Nielsen long socket_mtu = 0; 724db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 725*7bded2dbSJung-uk Kim static char *jpake_secret = NULL; 726*7bded2dbSJung-uk Kim # define no_jpake !jpake_secret 727*7bded2dbSJung-uk Kim #else 728*7bded2dbSJung-uk Kim # define no_jpake 1 729db522d3aSSimon L. B. Nielsen #endif 7301f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 7311f13597dSJung-uk Kim char *srppass = NULL; 7321f13597dSJung-uk Kim int srp_lateuser = 0; 7331f13597dSJung-uk Kim SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; 7341f13597dSJung-uk Kim #endif 735*7bded2dbSJung-uk Kim SSL_EXCERT *exc = NULL; 736*7bded2dbSJung-uk Kim 737*7bded2dbSJung-uk Kim SSL_CONF_CTX *cctx = NULL; 738*7bded2dbSJung-uk Kim STACK_OF(OPENSSL_STRING) *ssl_args = NULL; 739*7bded2dbSJung-uk Kim 740*7bded2dbSJung-uk Kim char *crl_file = NULL; 741*7bded2dbSJung-uk Kim int crl_format = FORMAT_PEM; 742*7bded2dbSJung-uk Kim int crl_download = 0; 743*7bded2dbSJung-uk Kim STACK_OF(X509_CRL) *crls = NULL; 7443b4e3dcbSSimon L. B. Nielsen 74574664626SKris Kennaway meth = SSLv23_client_method(); 74674664626SKris Kennaway 74774664626SKris Kennaway apps_startup(); 74874664626SKris Kennaway c_Pause = 0; 74974664626SKris Kennaway c_quiet = 0; 750f579bf8eSKris Kennaway c_ign_eof = 0; 75174664626SKris Kennaway c_debug = 0; 7525c87c606SMark Murray c_msg = 0; 75374664626SKris Kennaway c_showcerts = 0; 75474664626SKris Kennaway 75574664626SKris Kennaway if (bio_err == NULL) 75674664626SKris Kennaway bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 75774664626SKris Kennaway 7585c87c606SMark Murray if (!load_config(bio_err, NULL)) 7595c87c606SMark Murray goto end; 7605c87c606SMark Murray 761*7bded2dbSJung-uk Kim cctx = SSL_CONF_CTX_new(); 762*7bded2dbSJung-uk Kim if (!cctx) 763*7bded2dbSJung-uk Kim goto end; 764*7bded2dbSJung-uk Kim SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); 765*7bded2dbSJung-uk Kim SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE); 766*7bded2dbSJung-uk Kim 767ddd58736SKris Kennaway if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || 7685c87c606SMark Murray ((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || 7696f9291ceSJung-uk Kim ((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) { 77074664626SKris Kennaway BIO_printf(bio_err, "out of memory\n"); 77174664626SKris Kennaway goto end; 77274664626SKris Kennaway } 77374664626SKris Kennaway 77474664626SKris Kennaway verify_depth = 0; 77574664626SKris Kennaway verify_error = X509_V_OK; 77674664626SKris Kennaway #ifdef FIONBIO 77774664626SKris Kennaway c_nbio = 0; 77874664626SKris Kennaway #endif 77974664626SKris Kennaway 78074664626SKris Kennaway argc--; 78174664626SKris Kennaway argv++; 7826f9291ceSJung-uk Kim while (argc >= 1) { 7836f9291ceSJung-uk Kim if (strcmp(*argv, "-host") == 0) { 7846f9291ceSJung-uk Kim if (--argc < 1) 7856f9291ceSJung-uk Kim goto bad; 78674664626SKris Kennaway host = *(++argv); 7876f9291ceSJung-uk Kim } else if (strcmp(*argv, "-port") == 0) { 7886f9291ceSJung-uk Kim if (--argc < 1) 7896f9291ceSJung-uk Kim goto bad; 79074664626SKris Kennaway port = atoi(*(++argv)); 7916f9291ceSJung-uk Kim if (port == 0) 7926f9291ceSJung-uk Kim goto bad; 7936f9291ceSJung-uk Kim } else if (strcmp(*argv, "-connect") == 0) { 7946f9291ceSJung-uk Kim if (--argc < 1) 7956f9291ceSJung-uk Kim goto bad; 79674664626SKris Kennaway if (!extract_host_port(*(++argv), &host, NULL, &port)) 79774664626SKris Kennaway goto bad; 7986f9291ceSJung-uk Kim } else if (strcmp(*argv, "-verify") == 0) { 79974664626SKris Kennaway verify = SSL_VERIFY_PEER; 8006f9291ceSJung-uk Kim if (--argc < 1) 8016f9291ceSJung-uk Kim goto bad; 80274664626SKris Kennaway verify_depth = atoi(*(++argv)); 803*7bded2dbSJung-uk Kim if (!c_quiet) 80474664626SKris Kennaway BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 8056f9291ceSJung-uk Kim } else if (strcmp(*argv, "-cert") == 0) { 8066f9291ceSJung-uk Kim if (--argc < 1) 8076f9291ceSJung-uk Kim goto bad; 80874664626SKris Kennaway cert_file = *(++argv); 809*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-CRL") == 0) { 810*7bded2dbSJung-uk Kim if (--argc < 1) 811*7bded2dbSJung-uk Kim goto bad; 812*7bded2dbSJung-uk Kim crl_file = *(++argv); 813*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-crl_download") == 0) 814*7bded2dbSJung-uk Kim crl_download = 1; 815*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-sess_out") == 0) { 8166f9291ceSJung-uk Kim if (--argc < 1) 8176f9291ceSJung-uk Kim goto bad; 818db522d3aSSimon L. B. Nielsen sess_out = *(++argv); 8196f9291ceSJung-uk Kim } else if (strcmp(*argv, "-sess_in") == 0) { 8206f9291ceSJung-uk Kim if (--argc < 1) 8216f9291ceSJung-uk Kim goto bad; 822db522d3aSSimon L. B. Nielsen sess_in = *(++argv); 8236f9291ceSJung-uk Kim } else if (strcmp(*argv, "-certform") == 0) { 8246f9291ceSJung-uk Kim if (--argc < 1) 8256f9291ceSJung-uk Kim goto bad; 8263b4e3dcbSSimon L. B. Nielsen cert_format = str2fmt(*(++argv)); 827*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-CRLform") == 0) { 828*7bded2dbSJung-uk Kim if (--argc < 1) 829*7bded2dbSJung-uk Kim goto bad; 830*7bded2dbSJung-uk Kim crl_format = str2fmt(*(++argv)); 8316f9291ceSJung-uk Kim } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { 8321f13597dSJung-uk Kim if (badarg) 8331f13597dSJung-uk Kim goto bad; 8341f13597dSJung-uk Kim continue; 8356f9291ceSJung-uk Kim } else if (strcmp(*argv, "-verify_return_error") == 0) 8361f13597dSJung-uk Kim verify_return_error = 1; 837*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-verify_quiet") == 0) 838*7bded2dbSJung-uk Kim verify_quiet = 1; 839*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-brief") == 0) { 840*7bded2dbSJung-uk Kim c_brief = 1; 841*7bded2dbSJung-uk Kim verify_quiet = 1; 842*7bded2dbSJung-uk Kim c_quiet = 1; 843*7bded2dbSJung-uk Kim } else if (args_excert(&argv, &argc, &badarg, bio_err, &exc)) { 844*7bded2dbSJung-uk Kim if (badarg) 845*7bded2dbSJung-uk Kim goto bad; 846*7bded2dbSJung-uk Kim continue; 847*7bded2dbSJung-uk Kim } else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args)) { 848*7bded2dbSJung-uk Kim if (badarg) 849*7bded2dbSJung-uk Kim goto bad; 850*7bded2dbSJung-uk Kim continue; 851*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-prexit") == 0) 852f579bf8eSKris Kennaway prexit = 1; 85374664626SKris Kennaway else if (strcmp(*argv, "-crlf") == 0) 85474664626SKris Kennaway crlf = 1; 8556f9291ceSJung-uk Kim else if (strcmp(*argv, "-quiet") == 0) { 85674664626SKris Kennaway c_quiet = 1; 857f579bf8eSKris Kennaway c_ign_eof = 1; 8586f9291ceSJung-uk Kim } else if (strcmp(*argv, "-ign_eof") == 0) 859f579bf8eSKris Kennaway c_ign_eof = 1; 860db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-no_ign_eof") == 0) 861db522d3aSSimon L. B. Nielsen c_ign_eof = 0; 86274664626SKris Kennaway else if (strcmp(*argv, "-pause") == 0) 86374664626SKris Kennaway c_Pause = 1; 86474664626SKris Kennaway else if (strcmp(*argv, "-debug") == 0) 86574664626SKris Kennaway c_debug = 1; 866db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 867db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-tlsextdebug") == 0) 868db522d3aSSimon L. B. Nielsen c_tlsextdebug = 1; 869db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-status") == 0) 870db522d3aSSimon L. B. Nielsen c_status_req = 1; 871db522d3aSSimon L. B. Nielsen #endif 8723b4e3dcbSSimon L. B. Nielsen #ifdef WATT32 8733b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv, "-wdebug") == 0) 8743b4e3dcbSSimon L. B. Nielsen dbug_init(); 8753b4e3dcbSSimon L. B. Nielsen #endif 8765c87c606SMark Murray else if (strcmp(*argv, "-msg") == 0) 8775c87c606SMark Murray c_msg = 1; 878*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-msgfile") == 0) { 879*7bded2dbSJung-uk Kim if (--argc < 1) 880*7bded2dbSJung-uk Kim goto bad; 881*7bded2dbSJung-uk Kim bio_c_msg = BIO_new_file(*(++argv), "w"); 882*7bded2dbSJung-uk Kim } 883*7bded2dbSJung-uk Kim #ifndef OPENSSL_NO_SSL_TRACE 884*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-trace") == 0) 885*7bded2dbSJung-uk Kim c_msg = 2; 886*7bded2dbSJung-uk Kim #endif 88774664626SKris Kennaway else if (strcmp(*argv, "-showcerts") == 0) 88874664626SKris Kennaway c_showcerts = 1; 88974664626SKris Kennaway else if (strcmp(*argv, "-nbio_test") == 0) 89074664626SKris Kennaway nbio_test = 1; 89174664626SKris Kennaway else if (strcmp(*argv, "-state") == 0) 89274664626SKris Kennaway state = 1; 8931f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 8946f9291ceSJung-uk Kim else if (strcmp(*argv, "-psk_identity") == 0) { 8956f9291ceSJung-uk Kim if (--argc < 1) 8966f9291ceSJung-uk Kim goto bad; 8971f13597dSJung-uk Kim psk_identity = *(++argv); 8986f9291ceSJung-uk Kim } else if (strcmp(*argv, "-psk") == 0) { 8991f13597dSJung-uk Kim size_t j; 9001f13597dSJung-uk Kim 9016f9291ceSJung-uk Kim if (--argc < 1) 9026f9291ceSJung-uk Kim goto bad; 9031f13597dSJung-uk Kim psk_key = *(++argv); 9046f9291ceSJung-uk Kim for (j = 0; j < strlen(psk_key); j++) { 9051f13597dSJung-uk Kim if (isxdigit((unsigned char)psk_key[j])) 9061f13597dSJung-uk Kim continue; 9071f13597dSJung-uk Kim BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); 9081f13597dSJung-uk Kim goto bad; 9091f13597dSJung-uk Kim } 9101f13597dSJung-uk Kim } 9111f13597dSJung-uk Kim #endif 9121f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 9136f9291ceSJung-uk Kim else if (strcmp(*argv, "-srpuser") == 0) { 9146f9291ceSJung-uk Kim if (--argc < 1) 9156f9291ceSJung-uk Kim goto bad; 9161f13597dSJung-uk Kim srp_arg.srplogin = *(++argv); 9171f13597dSJung-uk Kim meth = TLSv1_client_method(); 9186f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srppass") == 0) { 9196f9291ceSJung-uk Kim if (--argc < 1) 9206f9291ceSJung-uk Kim goto bad; 9211f13597dSJung-uk Kim srppass = *(++argv); 9221f13597dSJung-uk Kim meth = TLSv1_client_method(); 9236f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_strength") == 0) { 9246f9291ceSJung-uk Kim if (--argc < 1) 9256f9291ceSJung-uk Kim goto bad; 9261f13597dSJung-uk Kim srp_arg.strength = atoi(*(++argv)); 9276f9291ceSJung-uk Kim BIO_printf(bio_err, "SRP minimal length for N is %d\n", 9286f9291ceSJung-uk Kim srp_arg.strength); 9291f13597dSJung-uk Kim meth = TLSv1_client_method(); 9306f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_lateuser") == 0) { 9311f13597dSJung-uk Kim srp_lateuser = 1; 9321f13597dSJung-uk Kim meth = TLSv1_client_method(); 9336f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_moregroups") == 0) { 9341f13597dSJung-uk Kim srp_arg.amp = 1; 9351f13597dSJung-uk Kim meth = TLSv1_client_method(); 9361f13597dSJung-uk Kim } 9371f13597dSJung-uk Kim #endif 9385c87c606SMark Murray #ifndef OPENSSL_NO_SSL2 93974664626SKris Kennaway else if (strcmp(*argv, "-ssl2") == 0) 94074664626SKris Kennaway meth = SSLv2_client_method(); 94174664626SKris Kennaway #endif 942751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 94374664626SKris Kennaway else if (strcmp(*argv, "-ssl3") == 0) 94474664626SKris Kennaway meth = SSLv3_client_method(); 94574664626SKris Kennaway #endif 9465c87c606SMark Murray #ifndef OPENSSL_NO_TLS1 9471f13597dSJung-uk Kim else if (strcmp(*argv, "-tls1_2") == 0) 9481f13597dSJung-uk Kim meth = TLSv1_2_client_method(); 9491f13597dSJung-uk Kim else if (strcmp(*argv, "-tls1_1") == 0) 9501f13597dSJung-uk Kim meth = TLSv1_1_client_method(); 95174664626SKris Kennaway else if (strcmp(*argv, "-tls1") == 0) 95274664626SKris Kennaway meth = TLSv1_client_method(); 95374664626SKris Kennaway #endif 9543b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_DTLS1 955*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-dtls") == 0) { 956*7bded2dbSJung-uk Kim meth = DTLS_client_method(); 957*7bded2dbSJung-uk Kim socket_type = SOCK_DGRAM; 958*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-dtls1") == 0) { 9593b4e3dcbSSimon L. B. Nielsen meth = DTLSv1_client_method(); 9601f13597dSJung-uk Kim socket_type = SOCK_DGRAM; 961*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-dtls1_2") == 0) { 962*7bded2dbSJung-uk Kim meth = DTLSv1_2_client_method(); 963*7bded2dbSJung-uk Kim socket_type = SOCK_DGRAM; 9646f9291ceSJung-uk Kim } else if (strcmp(*argv, "-timeout") == 0) 9653b4e3dcbSSimon L. B. Nielsen enable_timeouts = 1; 9666f9291ceSJung-uk Kim else if (strcmp(*argv, "-mtu") == 0) { 9676f9291ceSJung-uk Kim if (--argc < 1) 9686f9291ceSJung-uk Kim goto bad; 9696a599222SSimon L. B. Nielsen socket_mtu = atol(*(++argv)); 9703b4e3dcbSSimon L. B. Nielsen } 9713b4e3dcbSSimon L. B. Nielsen #endif 972*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-fallback_scsv") == 0) { 973*7bded2dbSJung-uk Kim fallback_scsv = 1; 974*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-keyform") == 0) { 9756f9291ceSJung-uk Kim if (--argc < 1) 9766f9291ceSJung-uk Kim goto bad; 9773b4e3dcbSSimon L. B. Nielsen key_format = str2fmt(*(++argv)); 9786f9291ceSJung-uk Kim } else if (strcmp(*argv, "-pass") == 0) { 9796f9291ceSJung-uk Kim if (--argc < 1) 9806f9291ceSJung-uk Kim goto bad; 9813b4e3dcbSSimon L. B. Nielsen passarg = *(++argv); 982*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-cert_chain") == 0) { 983*7bded2dbSJung-uk Kim if (--argc < 1) 984*7bded2dbSJung-uk Kim goto bad; 985*7bded2dbSJung-uk Kim chain_file = *(++argv); 9866f9291ceSJung-uk Kim } else if (strcmp(*argv, "-key") == 0) { 9876f9291ceSJung-uk Kim if (--argc < 1) 9886f9291ceSJung-uk Kim goto bad; 98974664626SKris Kennaway key_file = *(++argv); 9906f9291ceSJung-uk Kim } else if (strcmp(*argv, "-reconnect") == 0) { 99174664626SKris Kennaway reconnect = 5; 9926f9291ceSJung-uk Kim } else if (strcmp(*argv, "-CApath") == 0) { 9936f9291ceSJung-uk Kim if (--argc < 1) 9946f9291ceSJung-uk Kim goto bad; 99574664626SKris Kennaway CApath = *(++argv); 996*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-chainCApath") == 0) { 997*7bded2dbSJung-uk Kim if (--argc < 1) 998*7bded2dbSJung-uk Kim goto bad; 999*7bded2dbSJung-uk Kim chCApath = *(++argv); 1000*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-verifyCApath") == 0) { 1001*7bded2dbSJung-uk Kim if (--argc < 1) 1002*7bded2dbSJung-uk Kim goto bad; 1003*7bded2dbSJung-uk Kim vfyCApath = *(++argv); 1004*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-build_chain") == 0) 1005*7bded2dbSJung-uk Kim build_chain = 1; 1006*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-CAfile") == 0) { 10076f9291ceSJung-uk Kim if (--argc < 1) 10086f9291ceSJung-uk Kim goto bad; 100974664626SKris Kennaway CAfile = *(++argv); 1010*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-chainCAfile") == 0) { 1011*7bded2dbSJung-uk Kim if (--argc < 1) 1012*7bded2dbSJung-uk Kim goto bad; 1013*7bded2dbSJung-uk Kim chCAfile = *(++argv); 1014*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-verifyCAfile") == 0) { 1015*7bded2dbSJung-uk Kim if (--argc < 1) 1016*7bded2dbSJung-uk Kim goto bad; 1017*7bded2dbSJung-uk Kim vfyCAfile = *(++argv); 10186f9291ceSJung-uk Kim } 1019db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 10201f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 10216f9291ceSJung-uk Kim else if (strcmp(*argv, "-nextprotoneg") == 0) { 10226f9291ceSJung-uk Kim if (--argc < 1) 10236f9291ceSJung-uk Kim goto bad; 10241f13597dSJung-uk Kim next_proto_neg_in = *(++argv); 10251f13597dSJung-uk Kim } 10261f13597dSJung-uk Kim # endif 1027*7bded2dbSJung-uk Kim else if (strcmp(*argv, "-alpn") == 0) { 10286f9291ceSJung-uk Kim if (--argc < 1) 10296f9291ceSJung-uk Kim goto bad; 1030*7bded2dbSJung-uk Kim alpn_in = *(++argv); 1031*7bded2dbSJung-uk Kim } else if (strcmp(*argv, "-serverinfo") == 0) { 1032*7bded2dbSJung-uk Kim char *c; 1033*7bded2dbSJung-uk Kim int start = 0; 1034*7bded2dbSJung-uk Kim int len; 1035*7bded2dbSJung-uk Kim 1036*7bded2dbSJung-uk Kim if (--argc < 1) 1037*7bded2dbSJung-uk Kim goto bad; 1038*7bded2dbSJung-uk Kim c = *(++argv); 1039*7bded2dbSJung-uk Kim serverinfo_types_count = 0; 1040*7bded2dbSJung-uk Kim len = strlen(c); 1041*7bded2dbSJung-uk Kim for (i = 0; i <= len; ++i) { 1042*7bded2dbSJung-uk Kim if (i == len || c[i] == ',') { 1043*7bded2dbSJung-uk Kim serverinfo_types[serverinfo_types_count] 1044*7bded2dbSJung-uk Kim = atoi(c + start); 1045*7bded2dbSJung-uk Kim serverinfo_types_count++; 1046*7bded2dbSJung-uk Kim start = i + 1; 104774664626SKris Kennaway } 1048*7bded2dbSJung-uk Kim if (serverinfo_types_count == MAX_SI_TYPES) 1049*7bded2dbSJung-uk Kim break; 1050*7bded2dbSJung-uk Kim } 1051*7bded2dbSJung-uk Kim } 1052*7bded2dbSJung-uk Kim #endif 105374664626SKris Kennaway #ifdef FIONBIO 10546f9291ceSJung-uk Kim else if (strcmp(*argv, "-nbio") == 0) { 10556f9291ceSJung-uk Kim c_nbio = 1; 10566f9291ceSJung-uk Kim } 105774664626SKris Kennaway #endif 10586f9291ceSJung-uk Kim else if (strcmp(*argv, "-starttls") == 0) { 10596f9291ceSJung-uk Kim if (--argc < 1) 10606f9291ceSJung-uk Kim goto bad; 10615c87c606SMark Murray ++argv; 10625c87c606SMark Murray if (strcmp(*argv, "smtp") == 0) 10635471f83eSSimon L. B. Nielsen starttls_proto = PROTO_SMTP; 106450ef0093SJacques Vidrine else if (strcmp(*argv, "pop3") == 0) 10655471f83eSSimon L. B. Nielsen starttls_proto = PROTO_POP3; 10665471f83eSSimon L. B. Nielsen else if (strcmp(*argv, "imap") == 0) 10675471f83eSSimon L. B. Nielsen starttls_proto = PROTO_IMAP; 10685471f83eSSimon L. B. Nielsen else if (strcmp(*argv, "ftp") == 0) 10695471f83eSSimon L. B. Nielsen starttls_proto = PROTO_FTP; 1070db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "xmpp") == 0) 1071db522d3aSSimon L. B. Nielsen starttls_proto = PROTO_XMPP; 10725c87c606SMark Murray else 10735c87c606SMark Murray goto bad; 10745c87c606SMark Murray } 1075fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 10766f9291ceSJung-uk Kim else if (strcmp(*argv, "-engine") == 0) { 10776f9291ceSJung-uk Kim if (--argc < 1) 10786f9291ceSJung-uk Kim goto bad; 10795c87c606SMark Murray engine_id = *(++argv); 10806f9291ceSJung-uk Kim } else if (strcmp(*argv, "-ssl_client_engine") == 0) { 10816f9291ceSJung-uk Kim if (--argc < 1) 10826f9291ceSJung-uk Kim goto bad; 1083db522d3aSSimon L. B. Nielsen ssl_client_engine_id = *(++argv); 1084db522d3aSSimon L. B. Nielsen } 1085fceca8a3SJacques Vidrine #endif 10866f9291ceSJung-uk Kim else if (strcmp(*argv, "-rand") == 0) { 10876f9291ceSJung-uk Kim if (--argc < 1) 10886f9291ceSJung-uk Kim goto bad; 10895740a5e3SKris Kennaway inrand = *(++argv); 10905740a5e3SKris Kennaway } 1091db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 10926f9291ceSJung-uk Kim else if (strcmp(*argv, "-servername") == 0) { 10936f9291ceSJung-uk Kim if (--argc < 1) 10946f9291ceSJung-uk Kim goto bad; 1095db522d3aSSimon L. B. Nielsen servername = *(++argv); 1096db522d3aSSimon L. B. Nielsen /* meth=TLSv1_client_method(); */ 1097db522d3aSSimon L. B. Nielsen } 1098db522d3aSSimon L. B. Nielsen #endif 1099db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 11006f9291ceSJung-uk Kim else if (strcmp(*argv, "-jpake") == 0) { 11016f9291ceSJung-uk Kim if (--argc < 1) 11026f9291ceSJung-uk Kim goto bad; 1103db522d3aSSimon L. B. Nielsen jpake_secret = *++argv; 1104db522d3aSSimon L. B. Nielsen } 1105db522d3aSSimon L. B. Nielsen #endif 110609286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 11076f9291ceSJung-uk Kim else if (strcmp(*argv, "-use_srtp") == 0) { 11086f9291ceSJung-uk Kim if (--argc < 1) 11096f9291ceSJung-uk Kim goto bad; 11101f13597dSJung-uk Kim srtp_profiles = *(++argv); 11111f13597dSJung-uk Kim } 111209286989SJung-uk Kim #endif 11136f9291ceSJung-uk Kim else if (strcmp(*argv, "-keymatexport") == 0) { 11146f9291ceSJung-uk Kim if (--argc < 1) 11156f9291ceSJung-uk Kim goto bad; 11161f13597dSJung-uk Kim keymatexportlabel = *(++argv); 11176f9291ceSJung-uk Kim } else if (strcmp(*argv, "-keymatexportlen") == 0) { 11186f9291ceSJung-uk Kim if (--argc < 1) 11196f9291ceSJung-uk Kim goto bad; 11201f13597dSJung-uk Kim keymatexportlen = atoi(*(++argv)); 11216f9291ceSJung-uk Kim if (keymatexportlen == 0) 11226f9291ceSJung-uk Kim goto bad; 11236f9291ceSJung-uk Kim } else { 112474664626SKris Kennaway BIO_printf(bio_err, "unknown option %s\n", *argv); 112574664626SKris Kennaway badop = 1; 112674664626SKris Kennaway break; 112774664626SKris Kennaway } 112874664626SKris Kennaway argc--; 112974664626SKris Kennaway argv++; 113074664626SKris Kennaway } 11316f9291ceSJung-uk Kim if (badop) { 113274664626SKris Kennaway bad: 113374664626SKris Kennaway sc_usage(); 113474664626SKris Kennaway goto end; 113574664626SKris Kennaway } 11361f13597dSJung-uk Kim #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 11376f9291ceSJung-uk Kim if (jpake_secret) { 11386f9291ceSJung-uk Kim if (psk_key) { 11396f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't use JPAKE and PSK together\n"); 11401f13597dSJung-uk Kim goto end; 11411f13597dSJung-uk Kim } 11421f13597dSJung-uk Kim psk_identity = "JPAKE"; 11431f13597dSJung-uk Kim } 11441f13597dSJung-uk Kim #endif 11451f13597dSJung-uk Kim 11465c87c606SMark Murray OpenSSL_add_ssl_algorithms(); 11475c87c606SMark Murray SSL_load_error_strings(); 11485c87c606SMark Murray 11491f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 11501f13597dSJung-uk Kim next_proto.status = -1; 11516f9291ceSJung-uk Kim if (next_proto_neg_in) { 11526f9291ceSJung-uk Kim next_proto.data = 11536f9291ceSJung-uk Kim next_protos_parse(&next_proto.len, next_proto_neg_in); 11546f9291ceSJung-uk Kim if (next_proto.data == NULL) { 11551f13597dSJung-uk Kim BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); 11561f13597dSJung-uk Kim goto end; 11571f13597dSJung-uk Kim } 11586f9291ceSJung-uk Kim } else 11591f13597dSJung-uk Kim next_proto.data = NULL; 11601f13597dSJung-uk Kim #endif 11611f13597dSJung-uk Kim 1162fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 11635c87c606SMark Murray e = setup_engine(bio_err, engine_id, 1); 11646f9291ceSJung-uk Kim if (ssl_client_engine_id) { 1165db522d3aSSimon L. B. Nielsen ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); 11666f9291ceSJung-uk Kim if (!ssl_client_engine) { 11676f9291ceSJung-uk Kim BIO_printf(bio_err, "Error getting client auth engine\n"); 1168db522d3aSSimon L. B. Nielsen goto end; 1169db522d3aSSimon L. B. Nielsen } 1170db522d3aSSimon L. B. Nielsen } 1171fceca8a3SJacques Vidrine #endif 11726f9291ceSJung-uk Kim if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { 11733b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "Error getting password\n"); 11743b4e3dcbSSimon L. B. Nielsen goto end; 11753b4e3dcbSSimon L. B. Nielsen } 11763b4e3dcbSSimon L. B. Nielsen 11773b4e3dcbSSimon L. B. Nielsen if (key_file == NULL) 11783b4e3dcbSSimon L. B. Nielsen key_file = cert_file; 11793b4e3dcbSSimon L. B. Nielsen 11806f9291ceSJung-uk Kim if (key_file) { 11813b4e3dcbSSimon L. B. Nielsen 11823b4e3dcbSSimon L. B. Nielsen key = load_key(bio_err, key_file, key_format, 0, pass, e, 11833b4e3dcbSSimon L. B. Nielsen "client certificate private key file"); 11846f9291ceSJung-uk Kim if (!key) { 11853b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 11863b4e3dcbSSimon L. B. Nielsen goto end; 11873b4e3dcbSSimon L. B. Nielsen } 11883b4e3dcbSSimon L. B. Nielsen 11893b4e3dcbSSimon L. B. Nielsen } 11903b4e3dcbSSimon L. B. Nielsen 11916f9291ceSJung-uk Kim if (cert_file) { 11923b4e3dcbSSimon L. B. Nielsen cert = load_cert(bio_err, cert_file, cert_format, 11933b4e3dcbSSimon L. B. Nielsen NULL, e, "client certificate file"); 11943b4e3dcbSSimon L. B. Nielsen 11956f9291ceSJung-uk Kim if (!cert) { 11963b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 11973b4e3dcbSSimon L. B. Nielsen goto end; 11983b4e3dcbSSimon L. B. Nielsen } 11993b4e3dcbSSimon L. B. Nielsen } 12005c87c606SMark Murray 1201*7bded2dbSJung-uk Kim if (chain_file) { 1202*7bded2dbSJung-uk Kim chain = load_certs(bio_err, chain_file, FORMAT_PEM, 1203*7bded2dbSJung-uk Kim NULL, e, "client certificate chain"); 1204*7bded2dbSJung-uk Kim if (!chain) 1205*7bded2dbSJung-uk Kim goto end; 1206*7bded2dbSJung-uk Kim } 1207*7bded2dbSJung-uk Kim 1208*7bded2dbSJung-uk Kim if (crl_file) { 1209*7bded2dbSJung-uk Kim X509_CRL *crl; 1210*7bded2dbSJung-uk Kim crl = load_crl(crl_file, crl_format); 1211*7bded2dbSJung-uk Kim if (!crl) { 1212*7bded2dbSJung-uk Kim BIO_puts(bio_err, "Error loading CRL\n"); 1213*7bded2dbSJung-uk Kim ERR_print_errors(bio_err); 1214*7bded2dbSJung-uk Kim goto end; 1215*7bded2dbSJung-uk Kim } 1216*7bded2dbSJung-uk Kim crls = sk_X509_CRL_new_null(); 1217*7bded2dbSJung-uk Kim if (!crls || !sk_X509_CRL_push(crls, crl)) { 1218*7bded2dbSJung-uk Kim BIO_puts(bio_err, "Error adding CRL\n"); 1219*7bded2dbSJung-uk Kim ERR_print_errors(bio_err); 1220*7bded2dbSJung-uk Kim X509_CRL_free(crl); 1221*7bded2dbSJung-uk Kim goto end; 1222*7bded2dbSJung-uk Kim } 1223*7bded2dbSJung-uk Kim } 1224*7bded2dbSJung-uk Kim 1225*7bded2dbSJung-uk Kim if (!load_excert(&exc, bio_err)) 1226*7bded2dbSJung-uk Kim goto end; 1227*7bded2dbSJung-uk Kim 12285740a5e3SKris Kennaway if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 12296f9291ceSJung-uk Kim && !RAND_status()) { 12306f9291ceSJung-uk Kim BIO_printf(bio_err, 12316f9291ceSJung-uk Kim "warning, not much extra random data, consider using the -rand option\n"); 12325740a5e3SKris Kennaway } 12335740a5e3SKris Kennaway if (inrand != NULL) 12345740a5e3SKris Kennaway BIO_printf(bio_err, "%ld semi-random bytes loaded\n", 12355740a5e3SKris Kennaway app_RAND_load_files(inrand)); 1236f579bf8eSKris Kennaway 12376f9291ceSJung-uk Kim if (bio_c_out == NULL) { 1238*7bded2dbSJung-uk Kim if (c_quiet && !c_debug) { 123974664626SKris Kennaway bio_c_out = BIO_new(BIO_s_null()); 1240*7bded2dbSJung-uk Kim if (c_msg && !bio_c_msg) 1241*7bded2dbSJung-uk Kim bio_c_msg = BIO_new_fp(stdout, BIO_NOCLOSE); 12426f9291ceSJung-uk Kim } else { 124374664626SKris Kennaway if (bio_c_out == NULL) 124474664626SKris Kennaway bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE); 124574664626SKris Kennaway } 124674664626SKris Kennaway } 12471f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 12486f9291ceSJung-uk Kim if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) { 12491f13597dSJung-uk Kim BIO_printf(bio_err, "Error getting password\n"); 12501f13597dSJung-uk Kim goto end; 12511f13597dSJung-uk Kim } 12521f13597dSJung-uk Kim #endif 12531f13597dSJung-uk Kim 125474664626SKris Kennaway ctx = SSL_CTX_new(meth); 12556f9291ceSJung-uk Kim if (ctx == NULL) { 125674664626SKris Kennaway ERR_print_errors(bio_err); 125774664626SKris Kennaway goto end; 125874664626SKris Kennaway } 125974664626SKris Kennaway 12601f13597dSJung-uk Kim if (vpm) 12611f13597dSJung-uk Kim SSL_CTX_set1_param(ctx, vpm); 12621f13597dSJung-uk Kim 1263*7bded2dbSJung-uk Kim if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake)) { 1264*7bded2dbSJung-uk Kim ERR_print_errors(bio_err); 1265*7bded2dbSJung-uk Kim goto end; 1266*7bded2dbSJung-uk Kim } 1267*7bded2dbSJung-uk Kim 1268*7bded2dbSJung-uk Kim if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, 1269*7bded2dbSJung-uk Kim crls, crl_download)) { 1270*7bded2dbSJung-uk Kim BIO_printf(bio_err, "Error loading store locations\n"); 1271*7bded2dbSJung-uk Kim ERR_print_errors(bio_err); 1272*7bded2dbSJung-uk Kim goto end; 1273*7bded2dbSJung-uk Kim } 1274db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_ENGINE 12756f9291ceSJung-uk Kim if (ssl_client_engine) { 12766f9291ceSJung-uk Kim if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) { 1277db522d3aSSimon L. B. Nielsen BIO_puts(bio_err, "Error setting client auth engine\n"); 1278db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1279db522d3aSSimon L. B. Nielsen ENGINE_free(ssl_client_engine); 1280db522d3aSSimon L. B. Nielsen goto end; 1281db522d3aSSimon L. B. Nielsen } 1282db522d3aSSimon L. B. Nielsen ENGINE_free(ssl_client_engine); 1283db522d3aSSimon L. B. Nielsen } 1284db522d3aSSimon L. B. Nielsen #endif 1285db522d3aSSimon L. B. Nielsen 12861f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 12871f13597dSJung-uk Kim # ifdef OPENSSL_NO_JPAKE 12881f13597dSJung-uk Kim if (psk_key != NULL) 12891f13597dSJung-uk Kim # else 12901f13597dSJung-uk Kim if (psk_key != NULL || jpake_secret) 12911f13597dSJung-uk Kim # endif 12921f13597dSJung-uk Kim { 12931f13597dSJung-uk Kim if (c_debug) 12946f9291ceSJung-uk Kim BIO_printf(bio_c_out, 12956f9291ceSJung-uk Kim "PSK key given or JPAKE in use, setting client callback\n"); 12961f13597dSJung-uk Kim SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); 12971f13597dSJung-uk Kim } 129809286989SJung-uk Kim #endif 129909286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 13001f13597dSJung-uk Kim if (srtp_profiles != NULL) 13011f13597dSJung-uk Kim SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); 13021f13597dSJung-uk Kim #endif 1303*7bded2dbSJung-uk Kim if (exc) 1304*7bded2dbSJung-uk Kim ssl_ctx_set_excert(ctx, exc); 13056a599222SSimon L. B. Nielsen 1306*7bded2dbSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) 1307*7bded2dbSJung-uk Kim # if !defined(OPENSSL_NO_NEXTPROTONEG) 13081f13597dSJung-uk Kim if (next_proto.data) 13091f13597dSJung-uk Kim SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); 13101f13597dSJung-uk Kim # endif 1311*7bded2dbSJung-uk Kim if (alpn_in) { 1312*7bded2dbSJung-uk Kim unsigned short alpn_len; 1313*7bded2dbSJung-uk Kim unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); 1314*7bded2dbSJung-uk Kim 1315*7bded2dbSJung-uk Kim if (alpn == NULL) { 1316*7bded2dbSJung-uk Kim BIO_printf(bio_err, "Error parsing -alpn argument\n"); 1317*7bded2dbSJung-uk Kim goto end; 1318*7bded2dbSJung-uk Kim } 1319*7bded2dbSJung-uk Kim SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); 1320*7bded2dbSJung-uk Kim OPENSSL_free(alpn); 1321*7bded2dbSJung-uk Kim } 1322*7bded2dbSJung-uk Kim #endif 1323*7bded2dbSJung-uk Kim #ifndef OPENSSL_NO_TLSEXT 1324*7bded2dbSJung-uk Kim for (i = 0; i < serverinfo_types_count; i++) { 1325*7bded2dbSJung-uk Kim SSL_CTX_add_client_custom_ext(ctx, 1326*7bded2dbSJung-uk Kim serverinfo_types[i], 1327*7bded2dbSJung-uk Kim NULL, NULL, NULL, 1328*7bded2dbSJung-uk Kim serverinfo_cli_parse_cb, NULL); 1329*7bded2dbSJung-uk Kim } 1330*7bded2dbSJung-uk Kim #endif 133174664626SKris Kennaway 13326f9291ceSJung-uk Kim if (state) 13336f9291ceSJung-uk Kim SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 133474664626SKris Kennaway #if 0 133574664626SKris Kennaway else 133674664626SKris Kennaway SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER")); 133774664626SKris Kennaway #endif 133874664626SKris Kennaway 133974664626SKris Kennaway SSL_CTX_set_verify(ctx, verify, verify_callback); 134074664626SKris Kennaway 1341ed6b93beSJung-uk Kim if ((CAfile || CApath) 1342ed6b93beSJung-uk Kim && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { 134374664626SKris Kennaway ERR_print_errors(bio_err); 1344ed6b93beSJung-uk Kim } 1345ed6b93beSJung-uk Kim if (!SSL_CTX_set_default_verify_paths(ctx)) { 1346ed6b93beSJung-uk Kim ERR_print_errors(bio_err); 134774664626SKris Kennaway } 1348*7bded2dbSJung-uk Kim 1349*7bded2dbSJung-uk Kim ssl_ctx_add_crls(ctx, crls, crl_download); 1350*7bded2dbSJung-uk Kim if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) 1351*7bded2dbSJung-uk Kim goto end; 1352*7bded2dbSJung-uk Kim 1353db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 13546f9291ceSJung-uk Kim if (servername != NULL) { 1355db522d3aSSimon L. B. Nielsen tlsextcbp.biodebug = bio_err; 1356db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1357db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1358db522d3aSSimon L. B. Nielsen } 13591f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP 13606f9291ceSJung-uk Kim if (srp_arg.srplogin) { 13616f9291ceSJung-uk Kim if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) { 13621f13597dSJung-uk Kim BIO_printf(bio_err, "Unable to set SRP username\n"); 13631f13597dSJung-uk Kim goto end; 13641f13597dSJung-uk Kim } 13651f13597dSJung-uk Kim srp_arg.msg = c_msg; 13661f13597dSJung-uk Kim srp_arg.debug = c_debug; 13671f13597dSJung-uk Kim SSL_CTX_set_srp_cb_arg(ctx, &srp_arg); 13681f13597dSJung-uk Kim SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb); 13691f13597dSJung-uk Kim SSL_CTX_set_srp_strength(ctx, srp_arg.strength); 13701f13597dSJung-uk Kim if (c_msg || c_debug || srp_arg.amp == 0) 13716f9291ceSJung-uk Kim SSL_CTX_set_srp_verify_param_callback(ctx, 13726f9291ceSJung-uk Kim ssl_srp_verify_param_cb); 13731f13597dSJung-uk Kim } 13741f13597dSJung-uk Kim # endif 1375db522d3aSSimon L. B. Nielsen #endif 137674664626SKris Kennaway 1377f579bf8eSKris Kennaway con = SSL_new(ctx); 13786f9291ceSJung-uk Kim if (sess_in) { 1379db522d3aSSimon L. B. Nielsen SSL_SESSION *sess; 1380db522d3aSSimon L. B. Nielsen BIO *stmp = BIO_new_file(sess_in, "r"); 13816f9291ceSJung-uk Kim if (!stmp) { 13826f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't open session file %s\n", sess_in); 1383db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1384db522d3aSSimon L. B. Nielsen goto end; 1385db522d3aSSimon L. B. Nielsen } 1386db522d3aSSimon L. B. Nielsen sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); 1387db522d3aSSimon L. B. Nielsen BIO_free(stmp); 13886f9291ceSJung-uk Kim if (!sess) { 13896f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't open session file %s\n", sess_in); 1390db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1391db522d3aSSimon L. B. Nielsen goto end; 1392db522d3aSSimon L. B. Nielsen } 1393db522d3aSSimon L. B. Nielsen SSL_set_session(con, sess); 1394db522d3aSSimon L. B. Nielsen SSL_SESSION_free(sess); 1395db522d3aSSimon L. B. Nielsen } 1396fa5fddf1SJung-uk Kim 1397fa5fddf1SJung-uk Kim if (fallback_scsv) 1398fa5fddf1SJung-uk Kim SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); 1399fa5fddf1SJung-uk Kim 1400db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 14016f9291ceSJung-uk Kim if (servername != NULL) { 14026f9291ceSJung-uk Kim if (!SSL_set_tlsext_host_name(con, servername)) { 1403db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); 1404db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1405db522d3aSSimon L. B. Nielsen goto end; 1406db522d3aSSimon L. B. Nielsen } 1407db522d3aSSimon L. B. Nielsen } 1408db522d3aSSimon L. B. Nielsen #endif 14095c87c606SMark Murray #ifndef OPENSSL_NO_KRB5 14106f9291ceSJung-uk Kim if (con && (kctx = kssl_ctx_new()) != NULL) { 14111f13597dSJung-uk Kim SSL_set0_kssl_ctx(con, kctx); 14121f13597dSJung-uk Kim kssl_ctx_setstring(kctx, KSSL_SERVER, host); 14135c87c606SMark Murray } 14145c87c606SMark Murray #endif /* OPENSSL_NO_KRB5 */ 141574664626SKris Kennaway /* SSL_set_cipher_list(con,"RC4-MD5"); */ 14161f13597dSJung-uk Kim #if 0 14171f13597dSJung-uk Kim # ifdef TLSEXT_TYPE_opaque_prf_input 14181f13597dSJung-uk Kim SSL_set_tlsext_opaque_prf_input(con, "Test client", 11); 14191f13597dSJung-uk Kim # endif 14201f13597dSJung-uk Kim #endif 142174664626SKris Kennaway 142274664626SKris Kennaway re_start: 142374664626SKris Kennaway 14246f9291ceSJung-uk Kim if (init_client(&s, host, port, socket_type) == 0) { 142574664626SKris Kennaway BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); 142674664626SKris Kennaway SHUTDOWN(s); 142774664626SKris Kennaway goto end; 142874664626SKris Kennaway } 142974664626SKris Kennaway BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); 143074664626SKris Kennaway 143174664626SKris Kennaway #ifdef FIONBIO 14326f9291ceSJung-uk Kim if (c_nbio) { 143374664626SKris Kennaway unsigned long l = 1; 143474664626SKris Kennaway BIO_printf(bio_c_out, "turning on non blocking io\n"); 14356f9291ceSJung-uk Kim if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) { 143674664626SKris Kennaway ERR_print_errors(bio_err); 143774664626SKris Kennaway goto end; 143874664626SKris Kennaway } 143974664626SKris Kennaway } 144074664626SKris Kennaway #endif 14416f9291ceSJung-uk Kim if (c_Pause & 0x01) 14426f9291ceSJung-uk Kim SSL_set_debug(con, 1); 14433b4e3dcbSSimon L. B. Nielsen 1444*7bded2dbSJung-uk Kim if (socket_type == SOCK_DGRAM) { 14453b4e3dcbSSimon L. B. Nielsen 14463b4e3dcbSSimon L. B. Nielsen sbio = BIO_new_dgram(s, BIO_NOCLOSE); 14476f9291ceSJung-uk Kim if (getsockname(s, &peer, (void *)&peerlen) < 0) { 14483b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "getsockname:errno=%d\n", 14493b4e3dcbSSimon L. B. Nielsen get_last_socket_error()); 14503b4e3dcbSSimon L. B. Nielsen SHUTDOWN(s); 14513b4e3dcbSSimon L. B. Nielsen goto end; 14523b4e3dcbSSimon L. B. Nielsen } 14533b4e3dcbSSimon L. B. Nielsen 1454db522d3aSSimon L. B. Nielsen (void)BIO_ctrl_set_connected(sbio, 1, &peer); 14553b4e3dcbSSimon L. B. Nielsen 14566f9291ceSJung-uk Kim if (enable_timeouts) { 14573b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 14583b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_RCV_TIMEOUT; 14593b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 14603b4e3dcbSSimon L. B. Nielsen 14613b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 14623b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_SND_TIMEOUT; 14633b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 14643b4e3dcbSSimon L. B. Nielsen } 14653b4e3dcbSSimon L. B. Nielsen 14666f9291ceSJung-uk Kim if (socket_mtu) { 14676f9291ceSJung-uk Kim if (socket_mtu < DTLS_get_link_min_mtu(con)) { 1468751d2991SJung-uk Kim BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", 1469751d2991SJung-uk Kim DTLS_get_link_min_mtu(con)); 1470751d2991SJung-uk Kim BIO_free(sbio); 1471751d2991SJung-uk Kim goto shut; 1472751d2991SJung-uk Kim } 14733b4e3dcbSSimon L. B. Nielsen SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 14746f9291ceSJung-uk Kim if (!DTLS_set_link_mtu(con, socket_mtu)) { 1475751d2991SJung-uk Kim BIO_printf(bio_err, "Failed to set MTU\n"); 1476751d2991SJung-uk Kim BIO_free(sbio); 1477751d2991SJung-uk Kim goto shut; 1478751d2991SJung-uk Kim } 14796f9291ceSJung-uk Kim } else 14803b4e3dcbSSimon L. B. Nielsen /* want to do MTU discovery */ 14813b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 14826f9291ceSJung-uk Kim } else 148374664626SKris Kennaway sbio = BIO_new_socket(s, BIO_NOCLOSE); 148474664626SKris Kennaway 14856f9291ceSJung-uk Kim if (nbio_test) { 148674664626SKris Kennaway BIO *test; 148774664626SKris Kennaway 148874664626SKris Kennaway test = BIO_new(BIO_f_nbio_test()); 148974664626SKris Kennaway sbio = BIO_push(test, sbio); 149074664626SKris Kennaway } 149174664626SKris Kennaway 14926f9291ceSJung-uk Kim if (c_debug) { 14931f13597dSJung-uk Kim SSL_set_debug(con, 1); 14943b4e3dcbSSimon L. B. Nielsen BIO_set_callback(sbio, bio_dump_callback); 14955471f83eSSimon L. B. Nielsen BIO_set_callback_arg(sbio, (char *)bio_c_out); 149674664626SKris Kennaway } 14976f9291ceSJung-uk Kim if (c_msg) { 1498*7bded2dbSJung-uk Kim #ifndef OPENSSL_NO_SSL_TRACE 1499*7bded2dbSJung-uk Kim if (c_msg == 2) 1500*7bded2dbSJung-uk Kim SSL_set_msg_callback(con, SSL_trace); 1501*7bded2dbSJung-uk Kim else 1502*7bded2dbSJung-uk Kim #endif 15035c87c606SMark Murray SSL_set_msg_callback(con, msg_cb); 1504*7bded2dbSJung-uk Kim SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out); 15055c87c606SMark Murray } 1506db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 15076f9291ceSJung-uk Kim if (c_tlsextdebug) { 1508db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_callback(con, tlsext_cb); 1509db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_arg(con, bio_c_out); 1510db522d3aSSimon L. B. Nielsen } 15116f9291ceSJung-uk Kim if (c_status_req) { 1512db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); 1513db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); 1514db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); 1515db522d3aSSimon L. B. Nielsen # if 0 1516db522d3aSSimon L. B. Nielsen { 1517db522d3aSSimon L. B. Nielsen STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); 1518db522d3aSSimon L. B. Nielsen OCSP_RESPID *id = OCSP_RESPID_new(); 1519db522d3aSSimon L. B. Nielsen id->value.byKey = ASN1_OCTET_STRING_new(); 1520db522d3aSSimon L. B. Nielsen id->type = V_OCSP_RESPID_KEY; 1521db522d3aSSimon L. B. Nielsen ASN1_STRING_set(id->value.byKey, "Hello World", -1); 1522db522d3aSSimon L. B. Nielsen sk_OCSP_RESPID_push(ids, id); 1523db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_ids(con, ids); 1524db522d3aSSimon L. B. Nielsen } 1525db522d3aSSimon L. B. Nielsen # endif 1526db522d3aSSimon L. B. Nielsen } 1527db522d3aSSimon L. B. Nielsen #endif 1528db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 1529db522d3aSSimon L. B. Nielsen if (jpake_secret) 1530db522d3aSSimon L. B. Nielsen jpake_client_auth(bio_c_out, sbio, jpake_secret); 1531db522d3aSSimon L. B. Nielsen #endif 153274664626SKris Kennaway 153374664626SKris Kennaway SSL_set_bio(con, sbio, sbio); 153474664626SKris Kennaway SSL_set_connect_state(con); 153574664626SKris Kennaway 153674664626SKris Kennaway /* ok, lets connect */ 153774664626SKris Kennaway width = SSL_get_fd(con) + 1; 153874664626SKris Kennaway 153974664626SKris Kennaway read_tty = 1; 154074664626SKris Kennaway write_tty = 0; 154174664626SKris Kennaway tty_on = 0; 154274664626SKris Kennaway read_ssl = 1; 154374664626SKris Kennaway write_ssl = 1; 154474664626SKris Kennaway 154574664626SKris Kennaway cbuf_len = 0; 154674664626SKris Kennaway cbuf_off = 0; 154774664626SKris Kennaway sbuf_len = 0; 154874664626SKris Kennaway sbuf_off = 0; 154974664626SKris Kennaway 15505c87c606SMark Murray /* This is an ugly hack that does a lot of assumptions */ 15516f9291ceSJung-uk Kim /* 15526f9291ceSJung-uk Kim * We do have to handle multi-line responses which may come in a single 15536f9291ceSJung-uk Kim * packet or not. We therefore have to use BIO_gets() which does need a 15546f9291ceSJung-uk Kim * buffering BIO. So during the initial chitchat we do push a buffering 15556f9291ceSJung-uk Kim * BIO into the chain that is removed again later on to not disturb the 15566f9291ceSJung-uk Kim * rest of the s_client operation. 15576f9291ceSJung-uk Kim */ 15586f9291ceSJung-uk Kim if (starttls_proto == PROTO_SMTP) { 15595471f83eSSimon L. B. Nielsen int foundit = 0; 15605471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 15615471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 15625471f83eSSimon L. B. Nielsen /* wait for multi-line response to end from SMTP */ 15636f9291ceSJung-uk Kim do { 15645471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 15655471f83eSSimon L. B. Nielsen } 15665471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 15675471f83eSSimon L. B. Nielsen /* STARTTLS command requires EHLO... */ 15685471f83eSSimon L. B. Nielsen BIO_printf(fbio, "EHLO openssl.client.net\r\n"); 1569db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 15705471f83eSSimon L. B. Nielsen /* wait for multi-line response to end EHLO SMTP response */ 15716f9291ceSJung-uk Kim do { 15725471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 15735471f83eSSimon L. B. Nielsen if (strstr(mbuf, "STARTTLS")) 15745471f83eSSimon L. B. Nielsen foundit = 1; 15755471f83eSSimon L. B. Nielsen } 15765471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 1577db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 15785471f83eSSimon L. B. Nielsen BIO_pop(fbio); 15795471f83eSSimon L. B. Nielsen BIO_free(fbio); 15805471f83eSSimon L. B. Nielsen if (!foundit) 15815471f83eSSimon L. B. Nielsen BIO_printf(bio_err, 15825471f83eSSimon L. B. Nielsen "didn't found starttls in server response," 15835471f83eSSimon L. B. Nielsen " try anyway...\n"); 15845c87c606SMark Murray BIO_printf(sbio, "STARTTLS\r\n"); 15855c87c606SMark Murray BIO_read(sbio, sbuf, BUFSIZZ); 15866f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_POP3) { 158750ef0093SJacques Vidrine BIO_read(sbio, mbuf, BUFSIZZ); 158850ef0093SJacques Vidrine BIO_printf(sbio, "STLS\r\n"); 158950ef0093SJacques Vidrine BIO_read(sbio, sbuf, BUFSIZZ); 15906f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_IMAP) { 15915471f83eSSimon L. B. Nielsen int foundit = 0; 15925471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 15935471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 15945471f83eSSimon L. B. Nielsen BIO_gets(fbio, mbuf, BUFSIZZ); 15955471f83eSSimon L. B. Nielsen /* STARTTLS command requires CAPABILITY... */ 15965471f83eSSimon L. B. Nielsen BIO_printf(fbio, ". CAPABILITY\r\n"); 1597db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 15985471f83eSSimon L. B. Nielsen /* wait for multi-line CAPABILITY response */ 15996f9291ceSJung-uk Kim do { 16005471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 16015471f83eSSimon L. B. Nielsen if (strstr(mbuf, "STARTTLS")) 16025471f83eSSimon L. B. Nielsen foundit = 1; 16035471f83eSSimon L. B. Nielsen } 16045471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[0] != '.'); 1605db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16065471f83eSSimon L. B. Nielsen BIO_pop(fbio); 16075471f83eSSimon L. B. Nielsen BIO_free(fbio); 16085471f83eSSimon L. B. Nielsen if (!foundit) 16095471f83eSSimon L. B. Nielsen BIO_printf(bio_err, 16105471f83eSSimon L. B. Nielsen "didn't found STARTTLS in server response," 16115471f83eSSimon L. B. Nielsen " try anyway...\n"); 16125471f83eSSimon L. B. Nielsen BIO_printf(sbio, ". STARTTLS\r\n"); 16135471f83eSSimon L. B. Nielsen BIO_read(sbio, sbuf, BUFSIZZ); 16146f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_FTP) { 16155471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 16165471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 16175471f83eSSimon L. B. Nielsen /* wait for multi-line response to end from FTP */ 16186f9291ceSJung-uk Kim do { 16195471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 16205471f83eSSimon L. B. Nielsen } 16215471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 1622db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16235471f83eSSimon L. B. Nielsen BIO_pop(fbio); 16245471f83eSSimon L. B. Nielsen BIO_free(fbio); 16255471f83eSSimon L. B. Nielsen BIO_printf(sbio, "AUTH TLS\r\n"); 16265471f83eSSimon L. B. Nielsen BIO_read(sbio, sbuf, BUFSIZZ); 16275471f83eSSimon L. B. Nielsen } 16286f9291ceSJung-uk Kim if (starttls_proto == PROTO_XMPP) { 1629db522d3aSSimon L. B. Nielsen int seen = 0; 1630db522d3aSSimon L. B. Nielsen BIO_printf(sbio, "<stream:stream " 1631db522d3aSSimon L. B. Nielsen "xmlns:stream='http://etherx.jabber.org/streams' " 1632db522d3aSSimon L. B. Nielsen "xmlns='jabber:client' to='%s' version='1.0'>", host); 1633db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, mbuf, BUFSIZZ); 1634db522d3aSSimon L. B. Nielsen mbuf[seen] = 0; 16356f9291ceSJung-uk Kim while (!strstr 16366f9291ceSJung-uk Kim (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) { 1637db522d3aSSimon L. B. Nielsen if (strstr(mbuf, "/stream:features>")) 1638db522d3aSSimon L. B. Nielsen goto shut; 1639db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, mbuf, BUFSIZZ); 1640db522d3aSSimon L. B. Nielsen mbuf[seen] = 0; 1641db522d3aSSimon L. B. Nielsen } 16426f9291ceSJung-uk Kim BIO_printf(sbio, 16436f9291ceSJung-uk Kim "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); 1644db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, sbuf, BUFSIZZ); 1645db522d3aSSimon L. B. Nielsen sbuf[seen] = 0; 1646db522d3aSSimon L. B. Nielsen if (!strstr(sbuf, "<proceed")) 1647db522d3aSSimon L. B. Nielsen goto shut; 1648db522d3aSSimon L. B. Nielsen mbuf[0] = 0; 1649db522d3aSSimon L. B. Nielsen } 16505c87c606SMark Murray 16516f9291ceSJung-uk Kim for (;;) { 165274664626SKris Kennaway FD_ZERO(&readfds); 165374664626SKris Kennaway FD_ZERO(&writefds); 165474664626SKris Kennaway 16556a599222SSimon L. B. Nielsen if ((SSL_version(con) == DTLS1_VERSION) && 16566a599222SSimon L. B. Nielsen DTLSv1_get_timeout(con, &timeout)) 16576a599222SSimon L. B. Nielsen timeoutp = &timeout; 16586a599222SSimon L. B. Nielsen else 16596a599222SSimon L. B. Nielsen timeoutp = NULL; 16606a599222SSimon L. B. Nielsen 16616f9291ceSJung-uk Kim if (SSL_in_init(con) && !SSL_total_renegotiations(con)) { 166274664626SKris Kennaway in_init = 1; 166374664626SKris Kennaway tty_on = 0; 16646f9291ceSJung-uk Kim } else { 166574664626SKris Kennaway tty_on = 1; 16666f9291ceSJung-uk Kim if (in_init) { 166774664626SKris Kennaway in_init = 0; 16686f9291ceSJung-uk Kim #if 0 /* This test doesn't really work as intended 16696f9291ceSJung-uk Kim * (needs to be fixed) */ 16701f13597dSJung-uk Kim # ifndef OPENSSL_NO_TLSEXT 16716f9291ceSJung-uk Kim if (servername != NULL && !SSL_session_reused(con)) { 16726f9291ceSJung-uk Kim BIO_printf(bio_c_out, 16736f9291ceSJung-uk Kim "Server did %sacknowledge servername extension.\n", 16746f9291ceSJung-uk Kim tlsextcbp.ack ? "" : "not "); 16751f13597dSJung-uk Kim } 16761f13597dSJung-uk Kim # endif 16771f13597dSJung-uk Kim #endif 16786f9291ceSJung-uk Kim if (sess_out) { 1679db522d3aSSimon L. B. Nielsen BIO *stmp = BIO_new_file(sess_out, "w"); 16806f9291ceSJung-uk Kim if (stmp) { 1681db522d3aSSimon L. B. Nielsen PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); 1682db522d3aSSimon L. B. Nielsen BIO_free(stmp); 16836f9291ceSJung-uk Kim } else 16846f9291ceSJung-uk Kim BIO_printf(bio_err, "Error writing session file %s\n", 16856f9291ceSJung-uk Kim sess_out); 1686db522d3aSSimon L. B. Nielsen } 1687*7bded2dbSJung-uk Kim if (c_brief) { 1688*7bded2dbSJung-uk Kim BIO_puts(bio_err, "CONNECTION ESTABLISHED\n"); 1689*7bded2dbSJung-uk Kim print_ssl_summary(bio_err, con); 1690*7bded2dbSJung-uk Kim } 1691*7bded2dbSJung-uk Kim 169274664626SKris Kennaway print_stuff(bio_c_out, con, full_log); 16936f9291ceSJung-uk Kim if (full_log > 0) 16946f9291ceSJung-uk Kim full_log--; 169574664626SKris Kennaway 16966f9291ceSJung-uk Kim if (starttls_proto) { 16975c87c606SMark Murray BIO_printf(bio_err, "%s", mbuf); 16985c87c606SMark Murray /* We don't need to know any more */ 16995471f83eSSimon L. B. Nielsen starttls_proto = PROTO_OFF; 17005c87c606SMark Murray } 17015c87c606SMark Murray 17026f9291ceSJung-uk Kim if (reconnect) { 170374664626SKris Kennaway reconnect--; 17046f9291ceSJung-uk Kim BIO_printf(bio_c_out, 17056f9291ceSJung-uk Kim "drop connection and then reconnect\n"); 170674664626SKris Kennaway SSL_shutdown(con); 170774664626SKris Kennaway SSL_set_connect_state(con); 170874664626SKris Kennaway SHUTDOWN(SSL_get_fd(con)); 170974664626SKris Kennaway goto re_start; 171074664626SKris Kennaway } 171174664626SKris Kennaway } 171274664626SKris Kennaway } 171374664626SKris Kennaway 171474664626SKris Kennaway ssl_pending = read_ssl && SSL_pending(con); 171574664626SKris Kennaway 17166f9291ceSJung-uk Kim if (!ssl_pending) { 17171f13597dSJung-uk Kim #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5) 17186f9291ceSJung-uk Kim if (tty_on) { 17196f9291ceSJung-uk Kim if (read_tty) 17206f9291ceSJung-uk Kim openssl_fdset(fileno(stdin), &readfds); 17216f9291ceSJung-uk Kim if (write_tty) 17226f9291ceSJung-uk Kim openssl_fdset(fileno(stdout), &writefds); 172374664626SKris Kennaway } 172474664626SKris Kennaway if (read_ssl) 17251f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &readfds); 172674664626SKris Kennaway if (write_ssl) 17271f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &writefds); 1728f579bf8eSKris Kennaway #else 1729f579bf8eSKris Kennaway if (!tty_on || !write_tty) { 1730f579bf8eSKris Kennaway if (read_ssl) 17311f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &readfds); 1732f579bf8eSKris Kennaway if (write_ssl) 17331f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &writefds); 1734f579bf8eSKris Kennaway } 1735f579bf8eSKris Kennaway #endif 17366f9291ceSJung-uk Kim /*- printf("mode tty(%d %d%d) ssl(%d%d)\n", 173774664626SKris Kennaway tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ 173874664626SKris Kennaway 17396f9291ceSJung-uk Kim /* 17406f9291ceSJung-uk Kim * Note: under VMS with SOCKETSHR the second parameter is 17416f9291ceSJung-uk Kim * currently of type (int *) whereas under other systems it is 17426f9291ceSJung-uk Kim * (void *) if you don't have a cast it will choke the compiler: 17436f9291ceSJung-uk Kim * if you do have a cast then you can either go for (int *) or 17446f9291ceSJung-uk Kim * (void *). 174574664626SKris Kennaway */ 174650ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 17476f9291ceSJung-uk Kim /* 17486f9291ceSJung-uk Kim * Under Windows/DOS we make the assumption that we can always 17496f9291ceSJung-uk Kim * write to the tty: therefore if we need to write to the tty we 17506f9291ceSJung-uk Kim * just fall through. Otherwise we timeout the select every 17516f9291ceSJung-uk Kim * second and see if there are any keypresses. Note: this is a 17526f9291ceSJung-uk Kim * hack, in a proper Windows application we wouldn't do this. 1753f579bf8eSKris Kennaway */ 1754f579bf8eSKris Kennaway i = 0; 1755f579bf8eSKris Kennaway if (!write_tty) { 1756f579bf8eSKris Kennaway if (read_tty) { 1757f579bf8eSKris Kennaway tv.tv_sec = 1; 1758f579bf8eSKris Kennaway tv.tv_usec = 0; 1759f579bf8eSKris Kennaway i = select(width, (void *)&readfds, (void *)&writefds, 1760f579bf8eSKris Kennaway NULL, &tv); 176150ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) 17626f9291ceSJung-uk Kim if (!i && (!_kbhit() || !read_tty)) 17636f9291ceSJung-uk Kim continue; 17645c87c606SMark Murray # else 17656f9291ceSJung-uk Kim if (!i && (!((_kbhit()) 17666f9291ceSJung-uk Kim || (WAIT_OBJECT_0 == 17676f9291ceSJung-uk Kim WaitForSingleObject(GetStdHandle 17686f9291ceSJung-uk Kim (STD_INPUT_HANDLE), 17696f9291ceSJung-uk Kim 0))) 17706f9291ceSJung-uk Kim || !read_tty)) 17716f9291ceSJung-uk Kim continue; 17725c87c606SMark Murray # endif 17736f9291ceSJung-uk Kim } else 17746f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 17756a599222SSimon L. B. Nielsen NULL, timeoutp); 1776f579bf8eSKris Kennaway } 17773b4e3dcbSSimon L. B. Nielsen #elif defined(OPENSSL_SYS_NETWARE) 17783b4e3dcbSSimon L. B. Nielsen if (!write_tty) { 17793b4e3dcbSSimon L. B. Nielsen if (read_tty) { 17803b4e3dcbSSimon L. B. Nielsen tv.tv_sec = 1; 17813b4e3dcbSSimon L. B. Nielsen tv.tv_usec = 0; 17823b4e3dcbSSimon L. B. Nielsen i = select(width, (void *)&readfds, (void *)&writefds, 17833b4e3dcbSSimon L. B. Nielsen NULL, &tv); 17846f9291ceSJung-uk Kim } else 17856f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 17866a599222SSimon L. B. Nielsen NULL, timeoutp); 17873b4e3dcbSSimon L. B. Nielsen } 17881f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 17891f13597dSJung-uk Kim /* Under BeOS-R5 the situation is similar to DOS */ 17901f13597dSJung-uk Kim i = 0; 17911f13597dSJung-uk Kim stdin_set = 0; 17921f13597dSJung-uk Kim (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); 17931f13597dSJung-uk Kim if (!write_tty) { 17941f13597dSJung-uk Kim if (read_tty) { 17951f13597dSJung-uk Kim tv.tv_sec = 1; 17961f13597dSJung-uk Kim tv.tv_usec = 0; 17971f13597dSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 17981f13597dSJung-uk Kim NULL, &tv); 17991f13597dSJung-uk Kim if (read(fileno(stdin), sbuf, 0) >= 0) 18001f13597dSJung-uk Kim stdin_set = 1; 18011f13597dSJung-uk Kim if (!i && (stdin_set != 1 || !read_tty)) 18021f13597dSJung-uk Kim continue; 18036f9291ceSJung-uk Kim } else 18046f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 18051f13597dSJung-uk Kim NULL, timeoutp); 18061f13597dSJung-uk Kim } 18071f13597dSJung-uk Kim (void)fcntl(fileno(stdin), F_SETFL, 0); 1808f579bf8eSKris Kennaway #else 180974664626SKris Kennaway i = select(width, (void *)&readfds, (void *)&writefds, 18106a599222SSimon L. B. Nielsen NULL, timeoutp); 1811f579bf8eSKris Kennaway #endif 18126f9291ceSJung-uk Kim if (i < 0) { 181374664626SKris Kennaway BIO_printf(bio_err, "bad select %d\n", 181474664626SKris Kennaway get_last_socket_error()); 181574664626SKris Kennaway goto shut; 181674664626SKris Kennaway /* goto end; */ 181774664626SKris Kennaway } 181874664626SKris Kennaway } 181974664626SKris Kennaway 18206f9291ceSJung-uk Kim if ((SSL_version(con) == DTLS1_VERSION) 18216f9291ceSJung-uk Kim && DTLSv1_handle_timeout(con) > 0) { 18226a599222SSimon L. B. Nielsen BIO_printf(bio_err, "TIMEOUT occured\n"); 18236a599222SSimon L. B. Nielsen } 18246a599222SSimon L. B. Nielsen 18256f9291ceSJung-uk Kim if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { 18266f9291ceSJung-uk Kim k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); 18276f9291ceSJung-uk Kim switch (SSL_get_error(con, k)) { 182874664626SKris Kennaway case SSL_ERROR_NONE: 182974664626SKris Kennaway cbuf_off += k; 183074664626SKris Kennaway cbuf_len -= k; 18316f9291ceSJung-uk Kim if (k <= 0) 18326f9291ceSJung-uk Kim goto end; 183374664626SKris Kennaway /* we have done a write(con,NULL,0); */ 18346f9291ceSJung-uk Kim if (cbuf_len <= 0) { 183574664626SKris Kennaway read_tty = 1; 183674664626SKris Kennaway write_ssl = 0; 18376f9291ceSJung-uk Kim } else { /* if (cbuf_len > 0) */ 18386f9291ceSJung-uk Kim 183974664626SKris Kennaway read_tty = 0; 184074664626SKris Kennaway write_ssl = 1; 184174664626SKris Kennaway } 184274664626SKris Kennaway break; 184374664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 184474664626SKris Kennaway BIO_printf(bio_c_out, "write W BLOCK\n"); 184574664626SKris Kennaway write_ssl = 1; 184674664626SKris Kennaway read_tty = 0; 184774664626SKris Kennaway break; 184874664626SKris Kennaway case SSL_ERROR_WANT_READ: 184974664626SKris Kennaway BIO_printf(bio_c_out, "write R BLOCK\n"); 185074664626SKris Kennaway write_tty = 0; 185174664626SKris Kennaway read_ssl = 1; 185274664626SKris Kennaway write_ssl = 0; 185374664626SKris Kennaway break; 185474664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 185574664626SKris Kennaway BIO_printf(bio_c_out, "write X BLOCK\n"); 185674664626SKris Kennaway break; 185774664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 18586f9291ceSJung-uk Kim if (cbuf_len != 0) { 185974664626SKris Kennaway BIO_printf(bio_c_out, "shutdown\n"); 18601f13597dSJung-uk Kim ret = 0; 186174664626SKris Kennaway goto shut; 18626f9291ceSJung-uk Kim } else { 186374664626SKris Kennaway read_tty = 1; 186474664626SKris Kennaway write_ssl = 0; 186574664626SKris Kennaway break; 186674664626SKris Kennaway } 186774664626SKris Kennaway 186874664626SKris Kennaway case SSL_ERROR_SYSCALL: 18696f9291ceSJung-uk Kim if ((k != 0) || (cbuf_len != 0)) { 187074664626SKris Kennaway BIO_printf(bio_err, "write:errno=%d\n", 187174664626SKris Kennaway get_last_socket_error()); 187274664626SKris Kennaway goto shut; 18736f9291ceSJung-uk Kim } else { 187474664626SKris Kennaway read_tty = 1; 187574664626SKris Kennaway write_ssl = 0; 187674664626SKris Kennaway } 187774664626SKris Kennaway break; 187874664626SKris Kennaway case SSL_ERROR_SSL: 187974664626SKris Kennaway ERR_print_errors(bio_err); 188074664626SKris Kennaway goto shut; 188174664626SKris Kennaway } 188274664626SKris Kennaway } 18831f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 18841f13597dSJung-uk Kim /* Assume Windows/DOS/BeOS can always write */ 1885f579bf8eSKris Kennaway else if (!ssl_pending && write_tty) 1886f579bf8eSKris Kennaway #else 188774664626SKris Kennaway else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds)) 1888f579bf8eSKris Kennaway #endif 188974664626SKris Kennaway { 189074664626SKris Kennaway #ifdef CHARSET_EBCDIC 189174664626SKris Kennaway ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len); 189274664626SKris Kennaway #endif 18931f13597dSJung-uk Kim i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len); 189474664626SKris Kennaway 18956f9291ceSJung-uk Kim if (i <= 0) { 189674664626SKris Kennaway BIO_printf(bio_c_out, "DONE\n"); 18971f13597dSJung-uk Kim ret = 0; 189874664626SKris Kennaway goto shut; 189974664626SKris Kennaway /* goto end; */ 190074664626SKris Kennaway } 190174664626SKris Kennaway 190274664626SKris Kennaway sbuf_len -= i;; 190374664626SKris Kennaway sbuf_off += i; 19046f9291ceSJung-uk Kim if (sbuf_len <= 0) { 190574664626SKris Kennaway read_ssl = 1; 190674664626SKris Kennaway write_tty = 0; 190774664626SKris Kennaway } 19086f9291ceSJung-uk Kim } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) { 190974664626SKris Kennaway #ifdef RENEG 19106f9291ceSJung-uk Kim { 19116f9291ceSJung-uk Kim static int iiii; 19126f9291ceSJung-uk Kim if (++iiii == 52) { 19136f9291ceSJung-uk Kim SSL_renegotiate(con); 19146f9291ceSJung-uk Kim iiii = 0; 19156f9291ceSJung-uk Kim } 19166f9291ceSJung-uk Kim } 191774664626SKris Kennaway #endif 191874664626SKris Kennaway #if 1 191974664626SKris Kennaway k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); 192074664626SKris Kennaway #else 192174664626SKris Kennaway /* Demo for pending and peek :-) */ 192274664626SKris Kennaway k = SSL_read(con, sbuf, 16); 19236f9291ceSJung-uk Kim { 19246f9291ceSJung-uk Kim char zbuf[10240]; 19256f9291ceSJung-uk Kim printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), 19266f9291ceSJung-uk Kim SSL_peek(con, zbuf, 10240)); 192774664626SKris Kennaway } 192874664626SKris Kennaway #endif 192974664626SKris Kennaway 19306f9291ceSJung-uk Kim switch (SSL_get_error(con, k)) { 193174664626SKris Kennaway case SSL_ERROR_NONE: 193274664626SKris Kennaway if (k <= 0) 193374664626SKris Kennaway goto end; 193474664626SKris Kennaway sbuf_off = 0; 193574664626SKris Kennaway sbuf_len = k; 193674664626SKris Kennaway 193774664626SKris Kennaway read_ssl = 0; 193874664626SKris Kennaway write_tty = 1; 193974664626SKris Kennaway break; 194074664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 194174664626SKris Kennaway BIO_printf(bio_c_out, "read W BLOCK\n"); 194274664626SKris Kennaway write_ssl = 1; 194374664626SKris Kennaway read_tty = 0; 194474664626SKris Kennaway break; 194574664626SKris Kennaway case SSL_ERROR_WANT_READ: 194674664626SKris Kennaway BIO_printf(bio_c_out, "read R BLOCK\n"); 194774664626SKris Kennaway write_tty = 0; 194874664626SKris Kennaway read_ssl = 1; 194974664626SKris Kennaway if ((read_tty == 0) && (write_ssl == 0)) 195074664626SKris Kennaway write_ssl = 1; 195174664626SKris Kennaway break; 195274664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 195374664626SKris Kennaway BIO_printf(bio_c_out, "read X BLOCK\n"); 195474664626SKris Kennaway break; 195574664626SKris Kennaway case SSL_ERROR_SYSCALL: 19561f13597dSJung-uk Kim ret = get_last_socket_error(); 1957*7bded2dbSJung-uk Kim if (c_brief) 1958*7bded2dbSJung-uk Kim BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n"); 1959*7bded2dbSJung-uk Kim else 19601f13597dSJung-uk Kim BIO_printf(bio_err, "read:errno=%d\n", ret); 196174664626SKris Kennaway goto shut; 196274664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 196374664626SKris Kennaway BIO_printf(bio_c_out, "closed\n"); 19641f13597dSJung-uk Kim ret = 0; 196574664626SKris Kennaway goto shut; 196674664626SKris Kennaway case SSL_ERROR_SSL: 196774664626SKris Kennaway ERR_print_errors(bio_err); 196874664626SKris Kennaway goto shut; 196974664626SKris Kennaway /* break; */ 197074664626SKris Kennaway } 197174664626SKris Kennaway } 197250ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 197350ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) 19745c87c606SMark Murray else if (_kbhit()) 19755c87c606SMark Murray # else 19766f9291ceSJung-uk Kim else if ((_kbhit()) 19776f9291ceSJung-uk Kim || (WAIT_OBJECT_0 == 19786f9291ceSJung-uk Kim WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) 19795c87c606SMark Murray # endif 19803b4e3dcbSSimon L. B. Nielsen #elif defined (OPENSSL_SYS_NETWARE) 19813b4e3dcbSSimon L. B. Nielsen else if (_kbhit()) 19821f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 19831f13597dSJung-uk Kim else if (stdin_set) 1984f579bf8eSKris Kennaway #else 198574664626SKris Kennaway else if (FD_ISSET(fileno(stdin), &readfds)) 1986f579bf8eSKris Kennaway #endif 198774664626SKris Kennaway { 19886f9291ceSJung-uk Kim if (crlf) { 198974664626SKris Kennaway int j, lf_num; 199074664626SKris Kennaway 19911f13597dSJung-uk Kim i = raw_read_stdin(cbuf, BUFSIZZ / 2); 199274664626SKris Kennaway lf_num = 0; 199374664626SKris Kennaway /* both loops are skipped when i <= 0 */ 199474664626SKris Kennaway for (j = 0; j < i; j++) 199574664626SKris Kennaway if (cbuf[j] == '\n') 199674664626SKris Kennaway lf_num++; 19976f9291ceSJung-uk Kim for (j = i - 1; j >= 0; j--) { 199874664626SKris Kennaway cbuf[j + lf_num] = cbuf[j]; 19996f9291ceSJung-uk Kim if (cbuf[j] == '\n') { 200074664626SKris Kennaway lf_num--; 200174664626SKris Kennaway i++; 200274664626SKris Kennaway cbuf[j + lf_num] = '\r'; 200374664626SKris Kennaway } 200474664626SKris Kennaway } 200574664626SKris Kennaway assert(lf_num == 0); 20066f9291ceSJung-uk Kim } else 20071f13597dSJung-uk Kim i = raw_read_stdin(cbuf, BUFSIZZ); 200874664626SKris Kennaway 20096f9291ceSJung-uk Kim if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { 201074664626SKris Kennaway BIO_printf(bio_err, "DONE\n"); 20111f13597dSJung-uk Kim ret = 0; 201274664626SKris Kennaway goto shut; 201374664626SKris Kennaway } 201474664626SKris Kennaway 20156f9291ceSJung-uk Kim if ((!c_ign_eof) && (cbuf[0] == 'R')) { 201674664626SKris Kennaway BIO_printf(bio_err, "RENEGOTIATING\n"); 201774664626SKris Kennaway SSL_renegotiate(con); 201874664626SKris Kennaway cbuf_len = 0; 201974664626SKris Kennaway } 20201f13597dSJung-uk Kim #ifndef OPENSSL_NO_HEARTBEATS 20216f9291ceSJung-uk Kim else if ((!c_ign_eof) && (cbuf[0] == 'B')) { 20221f13597dSJung-uk Kim BIO_printf(bio_err, "HEARTBEATING\n"); 20231f13597dSJung-uk Kim SSL_heartbeat(con); 20241f13597dSJung-uk Kim cbuf_len = 0; 20251f13597dSJung-uk Kim } 20261f13597dSJung-uk Kim #endif 20276f9291ceSJung-uk Kim else { 202874664626SKris Kennaway cbuf_len = i; 202974664626SKris Kennaway cbuf_off = 0; 203074664626SKris Kennaway #ifdef CHARSET_EBCDIC 203174664626SKris Kennaway ebcdic2ascii(cbuf, cbuf, i); 203274664626SKris Kennaway #endif 203374664626SKris Kennaway } 203474664626SKris Kennaway 203574664626SKris Kennaway write_ssl = 1; 203674664626SKris Kennaway read_tty = 0; 203774664626SKris Kennaway } 203874664626SKris Kennaway } 20391f13597dSJung-uk Kim 20401f13597dSJung-uk Kim ret = 0; 204174664626SKris Kennaway shut: 20421f13597dSJung-uk Kim if (in_init) 20431f13597dSJung-uk Kim print_stuff(bio_c_out, con, full_log); 204474664626SKris Kennaway SSL_shutdown(con); 204574664626SKris Kennaway SHUTDOWN(SSL_get_fd(con)); 204674664626SKris Kennaway end: 20476f9291ceSJung-uk Kim if (con != NULL) { 20481f13597dSJung-uk Kim if (prexit != 0) 20491f13597dSJung-uk Kim print_stuff(bio_c_out, con, 1); 20501f13597dSJung-uk Kim SSL_free(con); 20511f13597dSJung-uk Kim } 205209286989SJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 205309286989SJung-uk Kim if (next_proto.data) 205409286989SJung-uk Kim OPENSSL_free(next_proto.data); 205509286989SJung-uk Kim #endif 20566f9291ceSJung-uk Kim if (ctx != NULL) 20576f9291ceSJung-uk Kim SSL_CTX_free(ctx); 20583b4e3dcbSSimon L. B. Nielsen if (cert) 20593b4e3dcbSSimon L. B. Nielsen X509_free(cert); 2060*7bded2dbSJung-uk Kim if (crls) 2061*7bded2dbSJung-uk Kim sk_X509_CRL_pop_free(crls, X509_CRL_free); 20623b4e3dcbSSimon L. B. Nielsen if (key) 20633b4e3dcbSSimon L. B. Nielsen EVP_PKEY_free(key); 2064*7bded2dbSJung-uk Kim if (chain) 2065*7bded2dbSJung-uk Kim sk_X509_pop_free(chain, X509_free); 20663b4e3dcbSSimon L. B. Nielsen if (pass) 20673b4e3dcbSSimon L. B. Nielsen OPENSSL_free(pass); 206809286989SJung-uk Kim if (vpm) 206909286989SJung-uk Kim X509_VERIFY_PARAM_free(vpm); 2070*7bded2dbSJung-uk Kim ssl_excert_free(exc); 2071*7bded2dbSJung-uk Kim if (ssl_args) 2072*7bded2dbSJung-uk Kim sk_OPENSSL_STRING_free(ssl_args); 2073*7bded2dbSJung-uk Kim if (cctx) 2074*7bded2dbSJung-uk Kim SSL_CONF_CTX_free(cctx); 2075*7bded2dbSJung-uk Kim #ifndef OPENSSL_NO_JPAKE 2076*7bded2dbSJung-uk Kim if (jpake_secret && psk_key) 2077*7bded2dbSJung-uk Kim OPENSSL_free(psk_key); 2078*7bded2dbSJung-uk Kim #endif 20796f9291ceSJung-uk Kim if (cbuf != NULL) { 20806f9291ceSJung-uk Kim OPENSSL_cleanse(cbuf, BUFSIZZ); 20816f9291ceSJung-uk Kim OPENSSL_free(cbuf); 20826f9291ceSJung-uk Kim } 20836f9291ceSJung-uk Kim if (sbuf != NULL) { 20846f9291ceSJung-uk Kim OPENSSL_cleanse(sbuf, BUFSIZZ); 20856f9291ceSJung-uk Kim OPENSSL_free(sbuf); 20866f9291ceSJung-uk Kim } 20876f9291ceSJung-uk Kim if (mbuf != NULL) { 20886f9291ceSJung-uk Kim OPENSSL_cleanse(mbuf, BUFSIZZ); 20896f9291ceSJung-uk Kim OPENSSL_free(mbuf); 20906f9291ceSJung-uk Kim } 20916f9291ceSJung-uk Kim if (bio_c_out != NULL) { 209274664626SKris Kennaway BIO_free(bio_c_out); 209374664626SKris Kennaway bio_c_out = NULL; 209474664626SKris Kennaway } 2095*7bded2dbSJung-uk Kim if (bio_c_msg != NULL) { 2096*7bded2dbSJung-uk Kim BIO_free(bio_c_msg); 2097*7bded2dbSJung-uk Kim bio_c_msg = NULL; 2098*7bded2dbSJung-uk Kim } 20995c87c606SMark Murray apps_shutdown(); 21005c87c606SMark Murray OPENSSL_EXIT(ret); 210174664626SKris Kennaway } 210274664626SKris Kennaway 210374664626SKris Kennaway static void print_stuff(BIO *bio, SSL *s, int full) 210474664626SKris Kennaway { 210574664626SKris Kennaway X509 *peer = NULL; 210674664626SKris Kennaway char *p; 21073b4e3dcbSSimon L. B. Nielsen static const char *space = " "; 210874664626SKris Kennaway char buf[BUFSIZ]; 210974664626SKris Kennaway STACK_OF(X509) *sk; 211074664626SKris Kennaway STACK_OF(X509_NAME) *sk2; 21111f13597dSJung-uk Kim const SSL_CIPHER *c; 211274664626SKris Kennaway X509_NAME *xn; 211374664626SKris Kennaway int j, i; 21143b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 21153b4e3dcbSSimon L. B. Nielsen const COMP_METHOD *comp, *expansion; 21163b4e3dcbSSimon L. B. Nielsen #endif 21171f13597dSJung-uk Kim unsigned char *exportedkeymat; 211874664626SKris Kennaway 21196f9291ceSJung-uk Kim if (full) { 212074664626SKris Kennaway int got_a_chain = 0; 212174664626SKris Kennaway 212274664626SKris Kennaway sk = SSL_get_peer_cert_chain(s); 21236f9291ceSJung-uk Kim if (sk != NULL) { 212474664626SKris Kennaway got_a_chain = 1; /* we don't have it for SSL2 (yet) */ 212574664626SKris Kennaway 212674664626SKris Kennaway BIO_printf(bio, "---\nCertificate chain\n"); 21276f9291ceSJung-uk Kim for (i = 0; i < sk_X509_num(sk); i++) { 21286f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), 21296f9291ceSJung-uk Kim buf, sizeof buf); 213074664626SKris Kennaway BIO_printf(bio, "%2d s:%s\n", i, buf); 21316f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), 21326f9291ceSJung-uk Kim buf, sizeof buf); 213374664626SKris Kennaway BIO_printf(bio, " i:%s\n", buf); 213474664626SKris Kennaway if (c_showcerts) 213574664626SKris Kennaway PEM_write_bio_X509(bio, sk_X509_value(sk, i)); 213674664626SKris Kennaway } 213774664626SKris Kennaway } 213874664626SKris Kennaway 213974664626SKris Kennaway BIO_printf(bio, "---\n"); 214074664626SKris Kennaway peer = SSL_get_peer_certificate(s); 21416f9291ceSJung-uk Kim if (peer != NULL) { 214274664626SKris Kennaway BIO_printf(bio, "Server certificate\n"); 21436f9291ceSJung-uk Kim 21446f9291ceSJung-uk Kim /* Redundant if we showed the whole chain */ 21456f9291ceSJung-uk Kim if (!(c_showcerts && got_a_chain)) 214674664626SKris Kennaway PEM_write_bio_X509(bio, peer); 21476f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); 214874664626SKris Kennaway BIO_printf(bio, "subject=%s\n", buf); 21496f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); 215074664626SKris Kennaway BIO_printf(bio, "issuer=%s\n", buf); 21516f9291ceSJung-uk Kim } else 215274664626SKris Kennaway BIO_printf(bio, "no peer certificate available\n"); 215374664626SKris Kennaway 215474664626SKris Kennaway sk2 = SSL_get_client_CA_list(s); 21556f9291ceSJung-uk Kim if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) { 215674664626SKris Kennaway BIO_printf(bio, "---\nAcceptable client certificate CA names\n"); 21576f9291ceSJung-uk Kim for (i = 0; i < sk_X509_NAME_num(sk2); i++) { 215874664626SKris Kennaway xn = sk_X509_NAME_value(sk2, i); 215974664626SKris Kennaway X509_NAME_oneline(xn, buf, sizeof(buf)); 216074664626SKris Kennaway BIO_write(bio, buf, strlen(buf)); 216174664626SKris Kennaway BIO_write(bio, "\n", 1); 216274664626SKris Kennaway } 21636f9291ceSJung-uk Kim } else { 216474664626SKris Kennaway BIO_printf(bio, "---\nNo client certificate CA names sent\n"); 216574664626SKris Kennaway } 21665c87c606SMark Murray p = SSL_get_shared_ciphers(s, buf, sizeof buf); 21676f9291ceSJung-uk Kim if (p != NULL) { 21686f9291ceSJung-uk Kim /* 21696f9291ceSJung-uk Kim * This works only for SSL 2. In later protocol versions, the 21706f9291ceSJung-uk Kim * client does not know what other ciphers (in addition to the 21716f9291ceSJung-uk Kim * one to be used in the current connection) the server supports. 21726f9291ceSJung-uk Kim */ 217374664626SKris Kennaway 21746f9291ceSJung-uk Kim BIO_printf(bio, 21756f9291ceSJung-uk Kim "---\nCiphers common between both SSL endpoints:\n"); 217674664626SKris Kennaway j = i = 0; 21776f9291ceSJung-uk Kim while (*p) { 21786f9291ceSJung-uk Kim if (*p == ':') { 217974664626SKris Kennaway BIO_write(bio, space, 15 - j % 25); 218074664626SKris Kennaway i++; 218174664626SKris Kennaway j = 0; 218274664626SKris Kennaway BIO_write(bio, ((i % 3) ? " " : "\n"), 1); 21836f9291ceSJung-uk Kim } else { 218474664626SKris Kennaway BIO_write(bio, p, 1); 218574664626SKris Kennaway j++; 218674664626SKris Kennaway } 218774664626SKris Kennaway p++; 218874664626SKris Kennaway } 218974664626SKris Kennaway BIO_write(bio, "\n", 1); 219074664626SKris Kennaway } 219174664626SKris Kennaway 2192*7bded2dbSJung-uk Kim ssl_print_sigalgs(bio, s); 2193*7bded2dbSJung-uk Kim ssl_print_tmp_key(bio, s); 2194*7bded2dbSJung-uk Kim 21956f9291ceSJung-uk Kim BIO_printf(bio, 21966f9291ceSJung-uk Kim "---\nSSL handshake has read %ld bytes and written %ld bytes\n", 219774664626SKris Kennaway BIO_number_read(SSL_get_rbio(s)), 219874664626SKris Kennaway BIO_number_written(SSL_get_wbio(s))); 219974664626SKris Kennaway } 22001f13597dSJung-uk Kim BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, ")); 220174664626SKris Kennaway c = SSL_get_current_cipher(s); 220274664626SKris Kennaway BIO_printf(bio, "%s, Cipher is %s\n", 22036f9291ceSJung-uk Kim SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); 220474664626SKris Kennaway if (peer != NULL) { 220574664626SKris Kennaway EVP_PKEY *pktmp; 220674664626SKris Kennaway pktmp = X509_get_pubkey(peer); 220774664626SKris Kennaway BIO_printf(bio, "Server public key is %d bit\n", 220874664626SKris Kennaway EVP_PKEY_bits(pktmp)); 220974664626SKris Kennaway EVP_PKEY_free(pktmp); 221074664626SKris Kennaway } 22116a599222SSimon L. B. Nielsen BIO_printf(bio, "Secure Renegotiation IS%s supported\n", 22126a599222SSimon L. B. Nielsen SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); 22133b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 22143b4e3dcbSSimon L. B. Nielsen comp = SSL_get_current_compression(s); 22153b4e3dcbSSimon L. B. Nielsen expansion = SSL_get_current_expansion(s); 22163b4e3dcbSSimon L. B. Nielsen BIO_printf(bio, "Compression: %s\n", 22173b4e3dcbSSimon L. B. Nielsen comp ? SSL_COMP_get_name(comp) : "NONE"); 22183b4e3dcbSSimon L. B. Nielsen BIO_printf(bio, "Expansion: %s\n", 22193b4e3dcbSSimon L. B. Nielsen expansion ? SSL_COMP_get_name(expansion) : "NONE"); 22203b4e3dcbSSimon L. B. Nielsen #endif 22211f13597dSJung-uk Kim 22221f13597dSJung-uk Kim #ifdef SSL_DEBUG 22231f13597dSJung-uk Kim { 22241f13597dSJung-uk Kim /* Print out local port of connection: useful for debugging */ 22251f13597dSJung-uk Kim int sock; 22261f13597dSJung-uk Kim struct sockaddr_in ladd; 22271f13597dSJung-uk Kim socklen_t ladd_size = sizeof(ladd); 22281f13597dSJung-uk Kim sock = SSL_get_fd(s); 22291f13597dSJung-uk Kim getsockname(sock, (struct sockaddr *)&ladd, &ladd_size); 22301f13597dSJung-uk Kim BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); 22311f13597dSJung-uk Kim } 22321f13597dSJung-uk Kim #endif 22331f13597dSJung-uk Kim 2234*7bded2dbSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) 2235*7bded2dbSJung-uk Kim # if !defined(OPENSSL_NO_NEXTPROTONEG) 22361f13597dSJung-uk Kim if (next_proto.status != -1) { 22371f13597dSJung-uk Kim const unsigned char *proto; 22381f13597dSJung-uk Kim unsigned int proto_len; 22391f13597dSJung-uk Kim SSL_get0_next_proto_negotiated(s, &proto, &proto_len); 22401f13597dSJung-uk Kim BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); 22411f13597dSJung-uk Kim BIO_write(bio, proto, proto_len); 22421f13597dSJung-uk Kim BIO_write(bio, "\n", 1); 22431f13597dSJung-uk Kim } 22441f13597dSJung-uk Kim # endif 2245*7bded2dbSJung-uk Kim { 2246*7bded2dbSJung-uk Kim const unsigned char *proto; 2247*7bded2dbSJung-uk Kim unsigned int proto_len; 2248*7bded2dbSJung-uk Kim SSL_get0_alpn_selected(s, &proto, &proto_len); 2249*7bded2dbSJung-uk Kim if (proto_len > 0) { 2250*7bded2dbSJung-uk Kim BIO_printf(bio, "ALPN protocol: "); 2251*7bded2dbSJung-uk Kim BIO_write(bio, proto, proto_len); 2252*7bded2dbSJung-uk Kim BIO_write(bio, "\n", 1); 2253*7bded2dbSJung-uk Kim } else 2254*7bded2dbSJung-uk Kim BIO_printf(bio, "No ALPN negotiated\n"); 2255*7bded2dbSJung-uk Kim } 2256*7bded2dbSJung-uk Kim #endif 22571f13597dSJung-uk Kim 225809286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 22591f13597dSJung-uk Kim { 22606f9291ceSJung-uk Kim SRTP_PROTECTION_PROFILE *srtp_profile = 22616f9291ceSJung-uk Kim SSL_get_selected_srtp_profile(s); 22621f13597dSJung-uk Kim 22631f13597dSJung-uk Kim if (srtp_profile) 22641f13597dSJung-uk Kim BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n", 22651f13597dSJung-uk Kim srtp_profile->name); 22661f13597dSJung-uk Kim } 226709286989SJung-uk Kim #endif 22681f13597dSJung-uk Kim 226974664626SKris Kennaway SSL_SESSION_print(bio, SSL_get_session(s)); 22706f9291ceSJung-uk Kim if (keymatexportlabel != NULL) { 22711f13597dSJung-uk Kim BIO_printf(bio, "Keying material exporter:\n"); 22721f13597dSJung-uk Kim BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); 22731f13597dSJung-uk Kim BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); 22741f13597dSJung-uk Kim exportedkeymat = OPENSSL_malloc(keymatexportlen); 22756f9291ceSJung-uk Kim if (exportedkeymat != NULL) { 22761f13597dSJung-uk Kim if (!SSL_export_keying_material(s, exportedkeymat, 22771f13597dSJung-uk Kim keymatexportlen, 22781f13597dSJung-uk Kim keymatexportlabel, 22791f13597dSJung-uk Kim strlen(keymatexportlabel), 22806f9291ceSJung-uk Kim NULL, 0, 0)) { 22811f13597dSJung-uk Kim BIO_printf(bio, " Error\n"); 22826f9291ceSJung-uk Kim } else { 22831f13597dSJung-uk Kim BIO_printf(bio, " Keying material: "); 22841f13597dSJung-uk Kim for (i = 0; i < keymatexportlen; i++) 22856f9291ceSJung-uk Kim BIO_printf(bio, "%02X", exportedkeymat[i]); 22861f13597dSJung-uk Kim BIO_printf(bio, "\n"); 22871f13597dSJung-uk Kim } 22881f13597dSJung-uk Kim OPENSSL_free(exportedkeymat); 22891f13597dSJung-uk Kim } 22901f13597dSJung-uk Kim } 229174664626SKris Kennaway BIO_printf(bio, "---\n"); 229274664626SKris Kennaway if (peer != NULL) 229374664626SKris Kennaway X509_free(peer); 2294a21b1b38SKris Kennaway /* flush, or debugging output gets mixed with http response */ 2295db522d3aSSimon L. B. Nielsen (void)BIO_flush(bio); 229674664626SKris Kennaway } 229774664626SKris Kennaway 2298db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 2299db522d3aSSimon L. B. Nielsen 2300db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg) 2301db522d3aSSimon L. B. Nielsen { 2302db522d3aSSimon L. B. Nielsen const unsigned char *p; 2303db522d3aSSimon L. B. Nielsen int len; 2304db522d3aSSimon L. B. Nielsen OCSP_RESPONSE *rsp; 2305db522d3aSSimon L. B. Nielsen len = SSL_get_tlsext_status_ocsp_resp(s, &p); 2306db522d3aSSimon L. B. Nielsen BIO_puts(arg, "OCSP response: "); 23076f9291ceSJung-uk Kim if (!p) { 2308db522d3aSSimon L. B. Nielsen BIO_puts(arg, "no response sent\n"); 2309db522d3aSSimon L. B. Nielsen return 1; 2310db522d3aSSimon L. B. Nielsen } 2311db522d3aSSimon L. B. Nielsen rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 23126f9291ceSJung-uk Kim if (!rsp) { 2313db522d3aSSimon L. B. Nielsen BIO_puts(arg, "response parse error\n"); 2314db522d3aSSimon L. B. Nielsen BIO_dump_indent(arg, (char *)p, len, 4); 2315db522d3aSSimon L. B. Nielsen return 0; 2316db522d3aSSimon L. B. Nielsen } 2317db522d3aSSimon L. B. Nielsen BIO_puts(arg, "\n======================================\n"); 2318db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_print(arg, rsp, 0); 2319db522d3aSSimon L. B. Nielsen BIO_puts(arg, "======================================\n"); 2320db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_free(rsp); 2321db522d3aSSimon L. B. Nielsen return 1; 2322db522d3aSSimon L. B. Nielsen } 23231f13597dSJung-uk Kim 23241f13597dSJung-uk Kim #endif 2325