174664626SKris Kennaway /* apps/s_client.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 585c87c606SMark Murray /* ==================================================================== 591f13597dSJung-uk Kim * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 605c87c606SMark Murray * 615c87c606SMark Murray * Redistribution and use in source and binary forms, with or without 625c87c606SMark Murray * modification, are permitted provided that the following conditions 635c87c606SMark Murray * are met: 645c87c606SMark Murray * 655c87c606SMark Murray * 1. Redistributions of source code must retain the above copyright 665c87c606SMark Murray * notice, this list of conditions and the following disclaimer. 675c87c606SMark Murray * 685c87c606SMark Murray * 2. Redistributions in binary form must reproduce the above copyright 695c87c606SMark Murray * notice, this list of conditions and the following disclaimer in 705c87c606SMark Murray * the documentation and/or other materials provided with the 715c87c606SMark Murray * distribution. 725c87c606SMark Murray * 735c87c606SMark Murray * 3. All advertising materials mentioning features or use of this 745c87c606SMark Murray * software must display the following acknowledgment: 755c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 765c87c606SMark Murray * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 775c87c606SMark Murray * 785c87c606SMark Murray * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 795c87c606SMark Murray * endorse or promote products derived from this software without 805c87c606SMark Murray * prior written permission. For written permission, please contact 815c87c606SMark Murray * openssl-core@openssl.org. 825c87c606SMark Murray * 835c87c606SMark Murray * 5. Products derived from this software may not be called "OpenSSL" 845c87c606SMark Murray * nor may "OpenSSL" appear in their names without prior written 855c87c606SMark Murray * permission of the OpenSSL Project. 865c87c606SMark Murray * 875c87c606SMark Murray * 6. Redistributions of any form whatsoever must retain the following 885c87c606SMark Murray * acknowledgment: 895c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 905c87c606SMark Murray * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 915c87c606SMark Murray * 925c87c606SMark Murray * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 935c87c606SMark Murray * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 945c87c606SMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 955c87c606SMark Murray * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 965c87c606SMark Murray * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 975c87c606SMark Murray * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 985c87c606SMark Murray * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 995c87c606SMark Murray * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1005c87c606SMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1015c87c606SMark Murray * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 1025c87c606SMark Murray * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 1035c87c606SMark Murray * OF THE POSSIBILITY OF SUCH DAMAGE. 1045c87c606SMark Murray * ==================================================================== 1055c87c606SMark Murray * 1065c87c606SMark Murray * This product includes cryptographic software written by Eric Young 1075c87c606SMark Murray * (eay@cryptsoft.com). This product includes software written by Tim 1085c87c606SMark Murray * Hudson (tjh@cryptsoft.com). 1095c87c606SMark Murray * 1105c87c606SMark Murray */ 1111f13597dSJung-uk Kim /* ==================================================================== 1121f13597dSJung-uk Kim * Copyright 2005 Nokia. All rights reserved. 1131f13597dSJung-uk Kim * 1141f13597dSJung-uk Kim * The portions of the attached software ("Contribution") is developed by 1151f13597dSJung-uk Kim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 1161f13597dSJung-uk Kim * license. 1171f13597dSJung-uk Kim * 1181f13597dSJung-uk Kim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 1191f13597dSJung-uk Kim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 1201f13597dSJung-uk Kim * support (see RFC 4279) to OpenSSL. 1211f13597dSJung-uk Kim * 1221f13597dSJung-uk Kim * No patent licenses or other rights except those expressly stated in 1231f13597dSJung-uk Kim * the OpenSSL open source license shall be deemed granted or received 1241f13597dSJung-uk Kim * expressly, by implication, estoppel, or otherwise. 1251f13597dSJung-uk Kim * 1261f13597dSJung-uk Kim * No assurances are provided by Nokia that the Contribution does not 1271f13597dSJung-uk Kim * infringe the patent or other intellectual property rights of any third 1281f13597dSJung-uk Kim * party or that the license provides you with all the necessary rights 1291f13597dSJung-uk Kim * to make use of the Contribution. 1301f13597dSJung-uk Kim * 1311f13597dSJung-uk Kim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 1321f13597dSJung-uk Kim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 1331f13597dSJung-uk Kim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 1341f13597dSJung-uk Kim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 1351f13597dSJung-uk Kim * OTHERWISE. 1361f13597dSJung-uk Kim */ 13774664626SKris Kennaway 13874664626SKris Kennaway #include <assert.h> 1391f13597dSJung-uk Kim #include <ctype.h> 14074664626SKris Kennaway #include <stdio.h> 14174664626SKris Kennaway #include <stdlib.h> 14274664626SKris Kennaway #include <string.h> 1435c87c606SMark Murray #include <openssl/e_os2.h> 1445c87c606SMark Murray #ifdef OPENSSL_NO_STDIO 14574664626SKris Kennaway # define APPS_WIN16 14674664626SKris Kennaway #endif 14774664626SKris Kennaway 1486f9291ceSJung-uk Kim /* 1496f9291ceSJung-uk Kim * With IPv6, it looks like Digital has mixed up the proper order of 1506f9291ceSJung-uk Kim * recursive header file inclusion, resulting in the compiler complaining 1516f9291ceSJung-uk Kim * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is 1526f9291ceSJung-uk Kim * needed to have fileno() declared correctly... So let's define u_int 1536f9291ceSJung-uk Kim */ 1545c87c606SMark Murray #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 15574664626SKris Kennaway # define __U_INT 15674664626SKris Kennaway typedef unsigned int u_int; 15774664626SKris Kennaway #endif 15874664626SKris Kennaway 15974664626SKris Kennaway #define USE_SOCKETS 16074664626SKris Kennaway #include "apps.h" 16174664626SKris Kennaway #include <openssl/x509.h> 16274664626SKris Kennaway #include <openssl/ssl.h> 16374664626SKris Kennaway #include <openssl/err.h> 16474664626SKris Kennaway #include <openssl/pem.h> 1655740a5e3SKris Kennaway #include <openssl/rand.h> 166db522d3aSSimon L. B. Nielsen #include <openssl/ocsp.h> 1671f13597dSJung-uk Kim #include <openssl/bn.h> 1681f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 1691f13597dSJung-uk Kim # include <openssl/srp.h> 1701f13597dSJung-uk Kim #endif 17174664626SKris Kennaway #include "s_apps.h" 1723b4e3dcbSSimon L. B. Nielsen #include "timeouts.h" 17374664626SKris Kennaway 1745c87c606SMark Murray #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) 17574664626SKris Kennaway /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 17674664626SKris Kennaway # undef FIONBIO 17774664626SKris Kennaway #endif 17874664626SKris Kennaway 1791f13597dSJung-uk Kim #if defined(OPENSSL_SYS_BEOS_R5) 1801f13597dSJung-uk Kim # include <fcntl.h> 1811f13597dSJung-uk Kim #endif 1821f13597dSJung-uk Kim 18374664626SKris Kennaway #undef PROG 18474664626SKris Kennaway #define PROG s_client_main 18574664626SKris Kennaway 1866f9291ceSJung-uk Kim /* 1876f9291ceSJung-uk Kim * #define SSL_HOST_NAME "www.netscape.com" 1886f9291ceSJung-uk Kim */ 1896f9291ceSJung-uk Kim /* 1906f9291ceSJung-uk Kim * #define SSL_HOST_NAME "193.118.187.102" 1916f9291ceSJung-uk Kim */ 19274664626SKris Kennaway #define SSL_HOST_NAME "localhost" 19374664626SKris Kennaway 1946f9291ceSJung-uk Kim /* no default cert. */ 1956f9291ceSJung-uk Kim /* 1966f9291ceSJung-uk Kim * #define TEST_CERT "client.pem" 1976f9291ceSJung-uk Kim */ 19874664626SKris Kennaway 19974664626SKris Kennaway #undef BUFSIZZ 20074664626SKris Kennaway #define BUFSIZZ 1024*8 20174664626SKris Kennaway 20274664626SKris Kennaway extern int verify_depth; 20374664626SKris Kennaway extern int verify_error; 2041f13597dSJung-uk Kim extern int verify_return_error; 2057bded2dbSJung-uk Kim extern int verify_quiet; 20674664626SKris Kennaway 20774664626SKris Kennaway #ifdef FIONBIO 20874664626SKris Kennaway static int c_nbio = 0; 20974664626SKris Kennaway #endif 21074664626SKris Kennaway static int c_Pause = 0; 21174664626SKris Kennaway static int c_debug = 0; 212db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 213db522d3aSSimon L. B. Nielsen static int c_tlsextdebug = 0; 214db522d3aSSimon L. B. Nielsen static int c_status_req = 0; 215db522d3aSSimon L. B. Nielsen #endif 2165c87c606SMark Murray static int c_msg = 0; 21774664626SKris Kennaway static int c_showcerts = 0; 21874664626SKris Kennaway 2191f13597dSJung-uk Kim static char *keymatexportlabel = NULL; 2201f13597dSJung-uk Kim static int keymatexportlen = 20; 2211f13597dSJung-uk Kim 22274664626SKris Kennaway static void sc_usage(void); 22374664626SKris Kennaway static void print_stuff(BIO *berr, SSL *con, int full); 224db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 225db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg); 226db522d3aSSimon L. B. Nielsen #endif 22774664626SKris Kennaway static BIO *bio_c_out = NULL; 2287bded2dbSJung-uk Kim static BIO *bio_c_msg = NULL; 22974664626SKris Kennaway static int c_quiet = 0; 230f579bf8eSKris Kennaway static int c_ign_eof = 0; 2317bded2dbSJung-uk Kim static int c_brief = 0; 23274664626SKris Kennaway 2331f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 2341f13597dSJung-uk Kim /* Default PSK identity and key */ 2351f13597dSJung-uk Kim static char *psk_identity = "Client_identity"; 2366f9291ceSJung-uk Kim /* 2376f9291ceSJung-uk Kim * char *psk_key=NULL; by default PSK is not used 2386f9291ceSJung-uk Kim */ 2391f13597dSJung-uk Kim 2401f13597dSJung-uk Kim static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, 2416f9291ceSJung-uk Kim unsigned int max_identity_len, 2426f9291ceSJung-uk Kim unsigned char *psk, 2431f13597dSJung-uk Kim unsigned int max_psk_len) 2441f13597dSJung-uk Kim { 2451f13597dSJung-uk Kim unsigned int psk_len = 0; 2461f13597dSJung-uk Kim int ret; 2471f13597dSJung-uk Kim BIGNUM *bn = NULL; 2481f13597dSJung-uk Kim 2491f13597dSJung-uk Kim if (c_debug) 2501f13597dSJung-uk Kim BIO_printf(bio_c_out, "psk_client_cb\n"); 2516f9291ceSJung-uk Kim if (!hint) { 2521f13597dSJung-uk Kim /* no ServerKeyExchange message */ 2531f13597dSJung-uk Kim if (c_debug) 2546f9291ceSJung-uk Kim BIO_printf(bio_c_out, 2556f9291ceSJung-uk Kim "NULL received PSK identity hint, continuing anyway\n"); 2566f9291ceSJung-uk Kim } else if (c_debug) 2571f13597dSJung-uk Kim BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); 2581f13597dSJung-uk Kim 2596f9291ceSJung-uk Kim /* 2606f9291ceSJung-uk Kim * lookup PSK identity and PSK key based on the given identity hint here 2616f9291ceSJung-uk Kim */ 2621f13597dSJung-uk Kim ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); 2631f13597dSJung-uk Kim if (ret < 0 || (unsigned int)ret > max_identity_len) 2641f13597dSJung-uk Kim goto out_err; 2651f13597dSJung-uk Kim if (c_debug) 2666f9291ceSJung-uk Kim BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, 2676f9291ceSJung-uk Kim ret); 2681f13597dSJung-uk Kim ret = BN_hex2bn(&bn, psk_key); 2696f9291ceSJung-uk Kim if (!ret) { 2706f9291ceSJung-uk Kim BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", 2716f9291ceSJung-uk Kim psk_key); 2721f13597dSJung-uk Kim if (bn) 2731f13597dSJung-uk Kim BN_free(bn); 2741f13597dSJung-uk Kim return 0; 2751f13597dSJung-uk Kim } 2761f13597dSJung-uk Kim 2776f9291ceSJung-uk Kim if ((unsigned int)BN_num_bytes(bn) > max_psk_len) { 2786f9291ceSJung-uk Kim BIO_printf(bio_err, 2796f9291ceSJung-uk Kim "psk buffer of callback is too small (%d) for key (%d)\n", 2801f13597dSJung-uk Kim max_psk_len, BN_num_bytes(bn)); 2811f13597dSJung-uk Kim BN_free(bn); 2821f13597dSJung-uk Kim return 0; 2831f13597dSJung-uk Kim } 2841f13597dSJung-uk Kim 2851f13597dSJung-uk Kim psk_len = BN_bn2bin(bn, psk); 2861f13597dSJung-uk Kim BN_free(bn); 2871f13597dSJung-uk Kim if (psk_len == 0) 2881f13597dSJung-uk Kim goto out_err; 2891f13597dSJung-uk Kim 2901f13597dSJung-uk Kim if (c_debug) 2911f13597dSJung-uk Kim BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); 2921f13597dSJung-uk Kim 2931f13597dSJung-uk Kim return psk_len; 2941f13597dSJung-uk Kim out_err: 2951f13597dSJung-uk Kim if (c_debug) 2961f13597dSJung-uk Kim BIO_printf(bio_err, "Error in PSK client callback\n"); 2971f13597dSJung-uk Kim return 0; 2981f13597dSJung-uk Kim } 2991f13597dSJung-uk Kim #endif 3001f13597dSJung-uk Kim 30174664626SKris Kennaway static void sc_usage(void) 30274664626SKris Kennaway { 30374664626SKris Kennaway BIO_printf(bio_err, "usage: s_client args\n"); 30474664626SKris Kennaway BIO_printf(bio_err, "\n"); 30574664626SKris Kennaway BIO_printf(bio_err, " -host host - use -connect instead\n"); 30674664626SKris Kennaway BIO_printf(bio_err, " -port port - use -connect instead\n"); 3076f9291ceSJung-uk Kim BIO_printf(bio_err, 3086f9291ceSJung-uk Kim " -connect host:port - who to connect to (default is %s:%s)\n", 3096f9291ceSJung-uk Kim SSL_HOST_NAME, PORT_STR); 3107bded2dbSJung-uk Kim BIO_printf(bio_err, 3117bded2dbSJung-uk Kim " -verify_host host - check peer certificate matches \"host\"\n"); 3127bded2dbSJung-uk Kim BIO_printf(bio_err, 3137bded2dbSJung-uk Kim " -verify_email email - check peer certificate matches \"email\"\n"); 3147bded2dbSJung-uk Kim BIO_printf(bio_err, 3157bded2dbSJung-uk Kim " -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n"); 31674664626SKris Kennaway 3176f9291ceSJung-uk Kim BIO_printf(bio_err, 3186f9291ceSJung-uk Kim " -verify arg - turn on peer certificate verification\n"); 3196f9291ceSJung-uk Kim BIO_printf(bio_err, 3206f9291ceSJung-uk Kim " -verify_return_error - return verification errors\n"); 3216f9291ceSJung-uk Kim BIO_printf(bio_err, 3226f9291ceSJung-uk Kim " -cert arg - certificate file to use, PEM format assumed\n"); 3236f9291ceSJung-uk Kim BIO_printf(bio_err, 3246f9291ceSJung-uk Kim " -certform arg - certificate format (PEM or DER) PEM default\n"); 3256f9291ceSJung-uk Kim BIO_printf(bio_err, 3266f9291ceSJung-uk Kim " -key arg - Private key file to use, in cert file if\n"); 32774664626SKris Kennaway BIO_printf(bio_err, " not specified but cert file is.\n"); 3286f9291ceSJung-uk Kim BIO_printf(bio_err, 3296f9291ceSJung-uk Kim " -keyform arg - key format (PEM or DER) PEM default\n"); 3306f9291ceSJung-uk Kim BIO_printf(bio_err, 3316f9291ceSJung-uk Kim " -pass arg - private key file pass phrase source\n"); 33274664626SKris Kennaway BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); 33374664626SKris Kennaway BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); 3346f9291ceSJung-uk Kim BIO_printf(bio_err, 335ed6b93beSJung-uk Kim " -no_alt_chains - only ever use the first certificate chain found\n"); 336ed6b93beSJung-uk Kim BIO_printf(bio_err, 3376f9291ceSJung-uk Kim " -reconnect - Drop and re-make the connection with the same Session-ID\n"); 3386f9291ceSJung-uk Kim BIO_printf(bio_err, 3396f9291ceSJung-uk Kim " -pause - sleep(1) after each read(2) and write(2) system call\n"); 3406f9291ceSJung-uk Kim BIO_printf(bio_err, 3416f9291ceSJung-uk Kim " -prexit - print session information even on connection failure\n"); 3426f9291ceSJung-uk Kim BIO_printf(bio_err, 3436f9291ceSJung-uk Kim " -showcerts - show all certificates in the chain\n"); 34474664626SKris Kennaway BIO_printf(bio_err, " -debug - extra output\n"); 3453b4e3dcbSSimon L. B. Nielsen #ifdef WATT32 3463b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); 3473b4e3dcbSSimon L. B. Nielsen #endif 3485c87c606SMark Murray BIO_printf(bio_err, " -msg - Show protocol messages\n"); 34974664626SKris Kennaway BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); 35074664626SKris Kennaway BIO_printf(bio_err, " -state - print the 'ssl' states\n"); 35174664626SKris Kennaway #ifdef FIONBIO 35274664626SKris Kennaway BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); 35374664626SKris Kennaway #endif 3546f9291ceSJung-uk Kim BIO_printf(bio_err, 3556f9291ceSJung-uk Kim " -crlf - convert LF from terminal into CRLF\n"); 35674664626SKris Kennaway BIO_printf(bio_err, " -quiet - no s_client output\n"); 3576f9291ceSJung-uk Kim BIO_printf(bio_err, 3586f9291ceSJung-uk Kim " -ign_eof - ignore input eof (default when -quiet)\n"); 359db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); 3601f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 3611f13597dSJung-uk Kim BIO_printf(bio_err, " -psk_identity arg - PSK identity\n"); 3621f13597dSJung-uk Kim BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); 3631f13597dSJung-uk Kim # ifndef OPENSSL_NO_JPAKE 3641f13597dSJung-uk Kim BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); 3651f13597dSJung-uk Kim # endif 3661f13597dSJung-uk Kim #endif 3671f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 3686f9291ceSJung-uk Kim BIO_printf(bio_err, 3696f9291ceSJung-uk Kim " -srpuser user - SRP authentification for 'user'\n"); 3701f13597dSJung-uk Kim BIO_printf(bio_err, " -srppass arg - password for 'user'\n"); 3716f9291ceSJung-uk Kim BIO_printf(bio_err, 3726f9291ceSJung-uk Kim " -srp_lateuser - SRP username into second ClientHello message\n"); 3736f9291ceSJung-uk Kim BIO_printf(bio_err, 3746f9291ceSJung-uk Kim " -srp_moregroups - Tolerate other than the known g N values.\n"); 3756f9291ceSJung-uk Kim BIO_printf(bio_err, 3766f9291ceSJung-uk Kim " -srp_strength int - minimal length in bits for N (default %d).\n", 3776f9291ceSJung-uk Kim SRP_MINIMAL_N); 3781f13597dSJung-uk Kim #endif 37974664626SKris Kennaway BIO_printf(bio_err, " -ssl2 - just use SSLv2\n"); 380751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 38174664626SKris Kennaway BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); 382751d2991SJung-uk Kim #endif 3831f13597dSJung-uk Kim BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); 3841f13597dSJung-uk Kim BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); 38574664626SKris Kennaway BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); 3863b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); 387fa5fddf1SJung-uk Kim BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n"); 3886a599222SSimon L. B. Nielsen BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); 3896f9291ceSJung-uk Kim BIO_printf(bio_err, 3906f9291ceSJung-uk Kim " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); 3916f9291ceSJung-uk Kim BIO_printf(bio_err, 3926f9291ceSJung-uk Kim " -bugs - Switch on all SSL implementation bug workarounds\n"); 3936f9291ceSJung-uk Kim BIO_printf(bio_err, 3946f9291ceSJung-uk Kim " -serverpref - Use server's cipher preferences (only SSLv2)\n"); 3956f9291ceSJung-uk Kim BIO_printf(bio_err, 3966f9291ceSJung-uk Kim " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); 3976f9291ceSJung-uk Kim BIO_printf(bio_err, 3986f9291ceSJung-uk Kim " command to see what is available\n"); 3996f9291ceSJung-uk Kim BIO_printf(bio_err, 4006f9291ceSJung-uk Kim " -starttls prot - use the STARTTLS command before starting TLS\n"); 4016f9291ceSJung-uk Kim BIO_printf(bio_err, 4026f9291ceSJung-uk Kim " for those protocols that support it, where\n"); 4036f9291ceSJung-uk Kim BIO_printf(bio_err, 4046f9291ceSJung-uk Kim " 'prot' defines which one to assume. Currently,\n"); 4056f9291ceSJung-uk Kim BIO_printf(bio_err, 4066f9291ceSJung-uk Kim " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); 407db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " are supported.\n"); 408fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 4096f9291ceSJung-uk Kim BIO_printf(bio_err, 4106f9291ceSJung-uk Kim " -engine id - Initialise and use the specified engine\n"); 411fceca8a3SJacques Vidrine #endif 4126f9291ceSJung-uk Kim BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, 4136f9291ceSJung-uk Kim LIST_SEPARATOR_CHAR); 414db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); 415db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); 416db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 4176f9291ceSJung-uk Kim BIO_printf(bio_err, 4186f9291ceSJung-uk Kim " -servername host - Set TLS extension servername in ClientHello\n"); 4196f9291ceSJung-uk Kim BIO_printf(bio_err, 4206f9291ceSJung-uk Kim " -tlsextdebug - hex dump of all TLS extensions received\n"); 4216f9291ceSJung-uk Kim BIO_printf(bio_err, 4226f9291ceSJung-uk Kim " -status - request certificate status from server\n"); 4236f9291ceSJung-uk Kim BIO_printf(bio_err, 4246f9291ceSJung-uk Kim " -no_ticket - disable use of RFC4507bis session tickets\n"); 4257bded2dbSJung-uk Kim BIO_printf(bio_err, 4267bded2dbSJung-uk Kim " -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); 427*80815a77SJung-uk Kim BIO_printf(bio_err, 428*80815a77SJung-uk Kim " -curves arg - Elliptic curves to advertise (colon-separated list)\n"); 429*80815a77SJung-uk Kim BIO_printf(bio_err, 430*80815a77SJung-uk Kim " -sigalgs arg - Signature algorithms to support (colon-separated list)\n"); 431*80815a77SJung-uk Kim BIO_printf(bio_err, 432*80815a77SJung-uk Kim " -client_sigalgs arg - Signature algorithms to support for client\n"); 433*80815a77SJung-uk Kim BIO_printf(bio_err, 434*80815a77SJung-uk Kim " certificate authentication (colon-separated list)\n"); 4357bded2dbSJung-uk Kim #endif 43609286989SJung-uk Kim #ifndef OPENSSL_NO_NEXTPROTONEG 4376f9291ceSJung-uk Kim BIO_printf(bio_err, 4386f9291ceSJung-uk Kim " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); 4391f13597dSJung-uk Kim #endif 4407bded2dbSJung-uk Kim BIO_printf(bio_err, 4417bded2dbSJung-uk Kim " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); 4426f9291ceSJung-uk Kim BIO_printf(bio_err, 4436f9291ceSJung-uk Kim " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 44409286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 4456f9291ceSJung-uk Kim BIO_printf(bio_err, 4466f9291ceSJung-uk Kim " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 44709286989SJung-uk Kim #endif 4486f9291ceSJung-uk Kim BIO_printf(bio_err, 4496f9291ceSJung-uk Kim " -keymatexport label - Export keying material using label\n"); 4506f9291ceSJung-uk Kim BIO_printf(bio_err, 4516f9291ceSJung-uk Kim " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 45274664626SKris Kennaway } 45374664626SKris Kennaway 454db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 455db522d3aSSimon L. B. Nielsen 456db522d3aSSimon L. B. Nielsen /* This is a context that we pass to callbacks */ 457db522d3aSSimon L. B. Nielsen typedef struct tlsextctx_st { 458db522d3aSSimon L. B. Nielsen BIO *biodebug; 459db522d3aSSimon L. B. Nielsen int ack; 460db522d3aSSimon L. B. Nielsen } tlsextctx; 461db522d3aSSimon L. B. Nielsen 462db522d3aSSimon L. B. Nielsen static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) 463db522d3aSSimon L. B. Nielsen { 464db522d3aSSimon L. B. Nielsen tlsextctx *p = (tlsextctx *) arg; 465db522d3aSSimon L. B. Nielsen const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 466db522d3aSSimon L. B. Nielsen if (SSL_get_servername_type(s) != -1) 467db522d3aSSimon L. B. Nielsen p->ack = !SSL_session_reused(s) && hn != NULL; 468db522d3aSSimon L. B. Nielsen else 469db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Can't use SSL_get_servername\n"); 470db522d3aSSimon L. B. Nielsen 471db522d3aSSimon L. B. Nielsen return SSL_TLSEXT_ERR_OK; 472db522d3aSSimon L. B. Nielsen } 4731f13597dSJung-uk Kim 4741f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP 4751f13597dSJung-uk Kim 4761f13597dSJung-uk Kim /* This is a context that we pass to all callbacks */ 4776f9291ceSJung-uk Kim typedef struct srp_arg_st { 4781f13597dSJung-uk Kim char *srppassin; 4791f13597dSJung-uk Kim char *srplogin; 4801f13597dSJung-uk Kim int msg; /* copy from c_msg */ 4811f13597dSJung-uk Kim int debug; /* copy from c_debug */ 4821f13597dSJung-uk Kim int amp; /* allow more groups */ 4831f13597dSJung-uk Kim int strength /* minimal size for N */ ; 4841f13597dSJung-uk Kim } SRP_ARG; 4851f13597dSJung-uk Kim 4861f13597dSJung-uk Kim # define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 4871f13597dSJung-uk Kim 4881f13597dSJung-uk Kim static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g) 4891f13597dSJung-uk Kim { 4901f13597dSJung-uk Kim BN_CTX *bn_ctx = BN_CTX_new(); 4911f13597dSJung-uk Kim BIGNUM *p = BN_new(); 4921f13597dSJung-uk Kim BIGNUM *r = BN_new(); 4931f13597dSJung-uk Kim int ret = 4941f13597dSJung-uk Kim g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && 4951f13597dSJung-uk Kim BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 4961f13597dSJung-uk Kim p != NULL && BN_rshift1(p, N) && 4971f13597dSJung-uk Kim /* p = (N-1)/2 */ 4981f13597dSJung-uk Kim BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 4991f13597dSJung-uk Kim r != NULL && 5001f13597dSJung-uk Kim /* verify g^((N-1)/2) == -1 (mod N) */ 5011f13597dSJung-uk Kim BN_mod_exp(r, g, p, N, bn_ctx) && 5026f9291ceSJung-uk Kim BN_add_word(r, 1) && BN_cmp(r, N) == 0; 5031f13597dSJung-uk Kim 5041f13597dSJung-uk Kim if (r) 5051f13597dSJung-uk Kim BN_free(r); 5061f13597dSJung-uk Kim if (p) 5071f13597dSJung-uk Kim BN_free(p); 5081f13597dSJung-uk Kim if (bn_ctx) 5091f13597dSJung-uk Kim BN_CTX_free(bn_ctx); 5101f13597dSJung-uk Kim return ret; 5111f13597dSJung-uk Kim } 5121f13597dSJung-uk Kim 5136f9291ceSJung-uk Kim /*- 5146f9291ceSJung-uk Kim * This callback is used here for two purposes: 5156f9291ceSJung-uk Kim * - extended debugging 5166f9291ceSJung-uk Kim * - making some primality tests for unknown groups 5176f9291ceSJung-uk Kim * The callback is only called for a non default group. 5186f9291ceSJung-uk Kim * 5196f9291ceSJung-uk Kim * An application does not need the call back at all if 5206f9291ceSJung-uk Kim * only the stanard groups are used. In real life situations, 5216f9291ceSJung-uk Kim * client and server already share well known groups, 5226f9291ceSJung-uk Kim * thus there is no need to verify them. 5236f9291ceSJung-uk Kim * Furthermore, in case that a server actually proposes a group that 5246f9291ceSJung-uk Kim * is not one of those defined in RFC 5054, it is more appropriate 5256f9291ceSJung-uk Kim * to add the group to a static list and then compare since 5266f9291ceSJung-uk Kim * primality tests are rather cpu consuming. 5271f13597dSJung-uk Kim */ 5281f13597dSJung-uk Kim 5291f13597dSJung-uk Kim static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg) 5301f13597dSJung-uk Kim { 5311f13597dSJung-uk Kim SRP_ARG *srp_arg = (SRP_ARG *)arg; 5321f13597dSJung-uk Kim BIGNUM *N = NULL, *g = NULL; 5331f13597dSJung-uk Kim if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s))) 5341f13597dSJung-uk Kim return 0; 5356f9291ceSJung-uk Kim if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) { 5361f13597dSJung-uk Kim BIO_printf(bio_err, "SRP parameters:\n"); 5376f9291ceSJung-uk Kim BIO_printf(bio_err, "\tN="); 5386f9291ceSJung-uk Kim BN_print(bio_err, N); 5396f9291ceSJung-uk Kim BIO_printf(bio_err, "\n\tg="); 5406f9291ceSJung-uk Kim BN_print(bio_err, g); 5411f13597dSJung-uk Kim BIO_printf(bio_err, "\n"); 5421f13597dSJung-uk Kim } 5431f13597dSJung-uk Kim 5441f13597dSJung-uk Kim if (SRP_check_known_gN_param(g, N)) 5451f13597dSJung-uk Kim return 1; 5461f13597dSJung-uk Kim 5476f9291ceSJung-uk Kim if (srp_arg->amp == 1) { 5481f13597dSJung-uk Kim if (srp_arg->debug) 5496f9291ceSJung-uk Kim BIO_printf(bio_err, 5506f9291ceSJung-uk Kim "SRP param N and g are not known params, going to check deeper.\n"); 5511f13597dSJung-uk Kim 5526f9291ceSJung-uk Kim /* 5536f9291ceSJung-uk Kim * The srp_moregroups is a real debugging feature. Implementors 5546f9291ceSJung-uk Kim * should rather add the value to the known ones. The minimal size 5556f9291ceSJung-uk Kim * has already been tested. 5561f13597dSJung-uk Kim */ 5571f13597dSJung-uk Kim if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g)) 5581f13597dSJung-uk Kim return 1; 5591f13597dSJung-uk Kim } 5601f13597dSJung-uk Kim BIO_printf(bio_err, "SRP param N and g rejected.\n"); 5611f13597dSJung-uk Kim return 0; 5621f13597dSJung-uk Kim } 5631f13597dSJung-uk Kim 5641f13597dSJung-uk Kim # define PWD_STRLEN 1024 5651f13597dSJung-uk Kim 5661f13597dSJung-uk Kim static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) 5671f13597dSJung-uk Kim { 5681f13597dSJung-uk Kim SRP_ARG *srp_arg = (SRP_ARG *)arg; 5691f13597dSJung-uk Kim char *pass = (char *)OPENSSL_malloc(PWD_STRLEN + 1); 5701f13597dSJung-uk Kim PW_CB_DATA cb_tmp; 5711f13597dSJung-uk Kim int l; 5721f13597dSJung-uk Kim 5736f9291ceSJung-uk Kim if (!pass) { 5746f9291ceSJung-uk Kim BIO_printf(bio_err, "Malloc failure\n"); 5756f9291ceSJung-uk Kim return NULL; 5766f9291ceSJung-uk Kim } 5776f9291ceSJung-uk Kim 5781f13597dSJung-uk Kim cb_tmp.password = (char *)srp_arg->srppassin; 5791f13597dSJung-uk Kim cb_tmp.prompt_info = "SRP user"; 5806f9291ceSJung-uk Kim if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { 5811f13597dSJung-uk Kim BIO_printf(bio_err, "Can't read Password\n"); 5821f13597dSJung-uk Kim OPENSSL_free(pass); 5831f13597dSJung-uk Kim return NULL; 5841f13597dSJung-uk Kim } 5851f13597dSJung-uk Kim *(pass + l) = '\0'; 5861f13597dSJung-uk Kim 5871f13597dSJung-uk Kim return pass; 5881f13597dSJung-uk Kim } 5891f13597dSJung-uk Kim 590db522d3aSSimon L. B. Nielsen # endif 59109286989SJung-uk Kim # ifndef OPENSSL_NO_SRTP 5921f13597dSJung-uk Kim char *srtp_profiles = NULL; 59309286989SJung-uk Kim # endif 5941f13597dSJung-uk Kim 5951f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 5961f13597dSJung-uk Kim /* This the context that we pass to next_proto_cb */ 5971f13597dSJung-uk Kim typedef struct tlsextnextprotoctx_st { 5981f13597dSJung-uk Kim unsigned char *data; 5991f13597dSJung-uk Kim unsigned short len; 6001f13597dSJung-uk Kim int status; 6011f13597dSJung-uk Kim } tlsextnextprotoctx; 6021f13597dSJung-uk Kim 6031f13597dSJung-uk Kim static tlsextnextprotoctx next_proto; 6041f13597dSJung-uk Kim 6056f9291ceSJung-uk Kim static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, 6066f9291ceSJung-uk Kim const unsigned char *in, unsigned int inlen, 6076f9291ceSJung-uk Kim void *arg) 6081f13597dSJung-uk Kim { 6091f13597dSJung-uk Kim tlsextnextprotoctx *ctx = arg; 6101f13597dSJung-uk Kim 6116f9291ceSJung-uk Kim if (!c_quiet) { 6121f13597dSJung-uk Kim /* We can assume that |in| is syntactically valid. */ 6131f13597dSJung-uk Kim unsigned i; 6141f13597dSJung-uk Kim BIO_printf(bio_c_out, "Protocols advertised by server: "); 6156f9291ceSJung-uk Kim for (i = 0; i < inlen;) { 6161f13597dSJung-uk Kim if (i) 6171f13597dSJung-uk Kim BIO_write(bio_c_out, ", ", 2); 6181f13597dSJung-uk Kim BIO_write(bio_c_out, &in[i + 1], in[i]); 6191f13597dSJung-uk Kim i += in[i] + 1; 6201f13597dSJung-uk Kim } 6211f13597dSJung-uk Kim BIO_write(bio_c_out, "\n", 1); 6221f13597dSJung-uk Kim } 6231f13597dSJung-uk Kim 6246f9291ceSJung-uk Kim ctx->status = 6256f9291ceSJung-uk Kim SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); 6261f13597dSJung-uk Kim return SSL_TLSEXT_ERR_OK; 6271f13597dSJung-uk Kim } 62809286989SJung-uk Kim # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 6297bded2dbSJung-uk Kim 6307bded2dbSJung-uk Kim static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, 6317bded2dbSJung-uk Kim const unsigned char *in, size_t inlen, 6327bded2dbSJung-uk Kim int *al, void *arg) 6337bded2dbSJung-uk Kim { 6347bded2dbSJung-uk Kim char pem_name[100]; 6357bded2dbSJung-uk Kim unsigned char ext_buf[4 + 65536]; 6367bded2dbSJung-uk Kim 6377bded2dbSJung-uk Kim /* Reconstruct the type/len fields prior to extension data */ 6387bded2dbSJung-uk Kim ext_buf[0] = ext_type >> 8; 6397bded2dbSJung-uk Kim ext_buf[1] = ext_type & 0xFF; 6407bded2dbSJung-uk Kim ext_buf[2] = inlen >> 8; 6417bded2dbSJung-uk Kim ext_buf[3] = inlen & 0xFF; 6427bded2dbSJung-uk Kim memcpy(ext_buf + 4, in, inlen); 6437bded2dbSJung-uk Kim 6447bded2dbSJung-uk Kim BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d", 6457bded2dbSJung-uk Kim ext_type); 6467bded2dbSJung-uk Kim PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen); 6477bded2dbSJung-uk Kim return 1; 6487bded2dbSJung-uk Kim } 6497bded2dbSJung-uk Kim 6501f13597dSJung-uk Kim #endif 6511f13597dSJung-uk Kim 6526f9291ceSJung-uk Kim enum { 6535471f83eSSimon L. B. Nielsen PROTO_OFF = 0, 6545471f83eSSimon L. B. Nielsen PROTO_SMTP, 6555471f83eSSimon L. B. Nielsen PROTO_POP3, 6565471f83eSSimon L. B. Nielsen PROTO_IMAP, 657db522d3aSSimon L. B. Nielsen PROTO_FTP, 658db522d3aSSimon L. B. Nielsen PROTO_XMPP 6595471f83eSSimon L. B. Nielsen }; 6605471f83eSSimon L. B. Nielsen 661f579bf8eSKris Kennaway int MAIN(int, char **); 662f579bf8eSKris Kennaway 66374664626SKris Kennaway int MAIN(int argc, char **argv) 66474664626SKris Kennaway { 6657bded2dbSJung-uk Kim int build_chain = 0; 6661f13597dSJung-uk Kim SSL *con = NULL; 6671f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5 6681f13597dSJung-uk Kim KSSL_CTX *kctx; 6691f13597dSJung-uk Kim #endif 67074664626SKris Kennaway int s, k, width, state = 0; 6715c87c606SMark Murray char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; 67274664626SKris Kennaway int cbuf_len, cbuf_off; 67374664626SKris Kennaway int sbuf_len, sbuf_off; 67474664626SKris Kennaway fd_set readfds, writefds; 67574664626SKris Kennaway short port = PORT; 67674664626SKris Kennaway int full_log = 1; 67774664626SKris Kennaway char *host = SSL_HOST_NAME; 6787bded2dbSJung-uk Kim char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; 6793b4e3dcbSSimon L. B. Nielsen int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; 6803b4e3dcbSSimon L. B. Nielsen char *passarg = NULL, *pass = NULL; 6813b4e3dcbSSimon L. B. Nielsen X509 *cert = NULL; 6823b4e3dcbSSimon L. B. Nielsen EVP_PKEY *key = NULL; 6837bded2dbSJung-uk Kim STACK_OF(X509) *chain = NULL; 6847bded2dbSJung-uk Kim char *CApath = NULL, *CAfile = NULL; 6857bded2dbSJung-uk Kim char *chCApath = NULL, *chCAfile = NULL; 6867bded2dbSJung-uk Kim char *vfyCApath = NULL, *vfyCAfile = NULL; 6877bded2dbSJung-uk Kim int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE; 68874664626SKris Kennaway int crlf = 0; 68974664626SKris Kennaway int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; 69074664626SKris Kennaway SSL_CTX *ctx = NULL; 69174664626SKris Kennaway int ret = 1, in_init = 1, i, nbio_test = 0; 6925471f83eSSimon L. B. Nielsen int starttls_proto = PROTO_OFF; 6931f13597dSJung-uk Kim int prexit = 0; 6941f13597dSJung-uk Kim X509_VERIFY_PARAM *vpm = NULL; 6951f13597dSJung-uk Kim int badarg = 0; 6961f13597dSJung-uk Kim const SSL_METHOD *meth = NULL; 6971f13597dSJung-uk Kim int socket_type = SOCK_STREAM; 69874664626SKris Kennaway BIO *sbio; 6995740a5e3SKris Kennaway char *inrand = NULL; 7005471f83eSSimon L. B. Nielsen int mbuf_len = 0; 7016a599222SSimon L. B. Nielsen struct timeval timeout, *timeoutp; 702fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 7035c87c606SMark Murray char *engine_id = NULL; 704db522d3aSSimon L. B. Nielsen char *ssl_client_engine_id = NULL; 705db522d3aSSimon L. B. Nielsen ENGINE *ssl_client_engine = NULL; 706fceca8a3SJacques Vidrine #endif 707db522d3aSSimon L. B. Nielsen ENGINE *e = NULL; 7081f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 709f579bf8eSKris Kennaway struct timeval tv; 7101f13597dSJung-uk Kim # if defined(OPENSSL_SYS_BEOS_R5) 7111f13597dSJung-uk Kim int stdin_set = 0; 712f579bf8eSKris Kennaway # endif 7131f13597dSJung-uk Kim #endif 714db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 715db522d3aSSimon L. B. Nielsen char *servername = NULL; 7166f9291ceSJung-uk Kim tlsextctx tlsextcbp = { NULL, 0 }; 7171f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 7181f13597dSJung-uk Kim const char *next_proto_neg_in = NULL; 7191f13597dSJung-uk Kim # endif 7207bded2dbSJung-uk Kim const char *alpn_in = NULL; 7217bded2dbSJung-uk Kim # define MAX_SI_TYPES 100 7227bded2dbSJung-uk Kim unsigned short serverinfo_types[MAX_SI_TYPES]; 7237bded2dbSJung-uk Kim int serverinfo_types_count = 0; 724db522d3aSSimon L. B. Nielsen #endif 725db522d3aSSimon L. B. Nielsen char *sess_in = NULL; 726db522d3aSSimon L. B. Nielsen char *sess_out = NULL; 7273b4e3dcbSSimon L. B. Nielsen struct sockaddr peer; 7283b4e3dcbSSimon L. B. Nielsen int peerlen = sizeof(peer); 729fa5fddf1SJung-uk Kim int fallback_scsv = 0; 7303b4e3dcbSSimon L. B. Nielsen int enable_timeouts = 0; 7316a599222SSimon L. B. Nielsen long socket_mtu = 0; 732db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 7337bded2dbSJung-uk Kim static char *jpake_secret = NULL; 7347bded2dbSJung-uk Kim # define no_jpake !jpake_secret 7357bded2dbSJung-uk Kim #else 7367bded2dbSJung-uk Kim # define no_jpake 1 737db522d3aSSimon L. B. Nielsen #endif 7381f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 7391f13597dSJung-uk Kim char *srppass = NULL; 7401f13597dSJung-uk Kim int srp_lateuser = 0; 7411f13597dSJung-uk Kim SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; 7421f13597dSJung-uk Kim #endif 7437bded2dbSJung-uk Kim SSL_EXCERT *exc = NULL; 7447bded2dbSJung-uk Kim 7457bded2dbSJung-uk Kim SSL_CONF_CTX *cctx = NULL; 7467bded2dbSJung-uk Kim STACK_OF(OPENSSL_STRING) *ssl_args = NULL; 7477bded2dbSJung-uk Kim 7487bded2dbSJung-uk Kim char *crl_file = NULL; 7497bded2dbSJung-uk Kim int crl_format = FORMAT_PEM; 7507bded2dbSJung-uk Kim int crl_download = 0; 7517bded2dbSJung-uk Kim STACK_OF(X509_CRL) *crls = NULL; 7523b4e3dcbSSimon L. B. Nielsen 75374664626SKris Kennaway meth = SSLv23_client_method(); 75474664626SKris Kennaway 75574664626SKris Kennaway apps_startup(); 75674664626SKris Kennaway c_Pause = 0; 75774664626SKris Kennaway c_quiet = 0; 758f579bf8eSKris Kennaway c_ign_eof = 0; 75974664626SKris Kennaway c_debug = 0; 7605c87c606SMark Murray c_msg = 0; 76174664626SKris Kennaway c_showcerts = 0; 76274664626SKris Kennaway 76374664626SKris Kennaway if (bio_err == NULL) 76474664626SKris Kennaway bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 76574664626SKris Kennaway 7665c87c606SMark Murray if (!load_config(bio_err, NULL)) 7675c87c606SMark Murray goto end; 7685c87c606SMark Murray 7697bded2dbSJung-uk Kim cctx = SSL_CONF_CTX_new(); 7707bded2dbSJung-uk Kim if (!cctx) 7717bded2dbSJung-uk Kim goto end; 7727bded2dbSJung-uk Kim SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); 7737bded2dbSJung-uk Kim SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE); 7747bded2dbSJung-uk Kim 775ddd58736SKris Kennaway if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || 7765c87c606SMark Murray ((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || 7776f9291ceSJung-uk Kim ((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) { 77874664626SKris Kennaway BIO_printf(bio_err, "out of memory\n"); 77974664626SKris Kennaway goto end; 78074664626SKris Kennaway } 78174664626SKris Kennaway 78274664626SKris Kennaway verify_depth = 0; 78374664626SKris Kennaway verify_error = X509_V_OK; 78474664626SKris Kennaway #ifdef FIONBIO 78574664626SKris Kennaway c_nbio = 0; 78674664626SKris Kennaway #endif 78774664626SKris Kennaway 78874664626SKris Kennaway argc--; 78974664626SKris Kennaway argv++; 7906f9291ceSJung-uk Kim while (argc >= 1) { 7916f9291ceSJung-uk Kim if (strcmp(*argv, "-host") == 0) { 7926f9291ceSJung-uk Kim if (--argc < 1) 7936f9291ceSJung-uk Kim goto bad; 79474664626SKris Kennaway host = *(++argv); 7956f9291ceSJung-uk Kim } else if (strcmp(*argv, "-port") == 0) { 7966f9291ceSJung-uk Kim if (--argc < 1) 7976f9291ceSJung-uk Kim goto bad; 79874664626SKris Kennaway port = atoi(*(++argv)); 7996f9291ceSJung-uk Kim if (port == 0) 8006f9291ceSJung-uk Kim goto bad; 8016f9291ceSJung-uk Kim } else if (strcmp(*argv, "-connect") == 0) { 8026f9291ceSJung-uk Kim if (--argc < 1) 8036f9291ceSJung-uk Kim goto bad; 80474664626SKris Kennaway if (!extract_host_port(*(++argv), &host, NULL, &port)) 80574664626SKris Kennaway goto bad; 8066f9291ceSJung-uk Kim } else if (strcmp(*argv, "-verify") == 0) { 80774664626SKris Kennaway verify = SSL_VERIFY_PEER; 8086f9291ceSJung-uk Kim if (--argc < 1) 8096f9291ceSJung-uk Kim goto bad; 81074664626SKris Kennaway verify_depth = atoi(*(++argv)); 8117bded2dbSJung-uk Kim if (!c_quiet) 81274664626SKris Kennaway BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 8136f9291ceSJung-uk Kim } else if (strcmp(*argv, "-cert") == 0) { 8146f9291ceSJung-uk Kim if (--argc < 1) 8156f9291ceSJung-uk Kim goto bad; 81674664626SKris Kennaway cert_file = *(++argv); 8177bded2dbSJung-uk Kim } else if (strcmp(*argv, "-CRL") == 0) { 8187bded2dbSJung-uk Kim if (--argc < 1) 8197bded2dbSJung-uk Kim goto bad; 8207bded2dbSJung-uk Kim crl_file = *(++argv); 8217bded2dbSJung-uk Kim } else if (strcmp(*argv, "-crl_download") == 0) 8227bded2dbSJung-uk Kim crl_download = 1; 8237bded2dbSJung-uk Kim else if (strcmp(*argv, "-sess_out") == 0) { 8246f9291ceSJung-uk Kim if (--argc < 1) 8256f9291ceSJung-uk Kim goto bad; 826db522d3aSSimon L. B. Nielsen sess_out = *(++argv); 8276f9291ceSJung-uk Kim } else if (strcmp(*argv, "-sess_in") == 0) { 8286f9291ceSJung-uk Kim if (--argc < 1) 8296f9291ceSJung-uk Kim goto bad; 830db522d3aSSimon L. B. Nielsen sess_in = *(++argv); 8316f9291ceSJung-uk Kim } else if (strcmp(*argv, "-certform") == 0) { 8326f9291ceSJung-uk Kim if (--argc < 1) 8336f9291ceSJung-uk Kim goto bad; 8343b4e3dcbSSimon L. B. Nielsen cert_format = str2fmt(*(++argv)); 8357bded2dbSJung-uk Kim } else if (strcmp(*argv, "-CRLform") == 0) { 8367bded2dbSJung-uk Kim if (--argc < 1) 8377bded2dbSJung-uk Kim goto bad; 8387bded2dbSJung-uk Kim crl_format = str2fmt(*(++argv)); 8396f9291ceSJung-uk Kim } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { 8401f13597dSJung-uk Kim if (badarg) 8411f13597dSJung-uk Kim goto bad; 8421f13597dSJung-uk Kim continue; 8436f9291ceSJung-uk Kim } else if (strcmp(*argv, "-verify_return_error") == 0) 8441f13597dSJung-uk Kim verify_return_error = 1; 8457bded2dbSJung-uk Kim else if (strcmp(*argv, "-verify_quiet") == 0) 8467bded2dbSJung-uk Kim verify_quiet = 1; 8477bded2dbSJung-uk Kim else if (strcmp(*argv, "-brief") == 0) { 8487bded2dbSJung-uk Kim c_brief = 1; 8497bded2dbSJung-uk Kim verify_quiet = 1; 8507bded2dbSJung-uk Kim c_quiet = 1; 8517bded2dbSJung-uk Kim } else if (args_excert(&argv, &argc, &badarg, bio_err, &exc)) { 8527bded2dbSJung-uk Kim if (badarg) 8537bded2dbSJung-uk Kim goto bad; 8547bded2dbSJung-uk Kim continue; 8557bded2dbSJung-uk Kim } else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args)) { 8567bded2dbSJung-uk Kim if (badarg) 8577bded2dbSJung-uk Kim goto bad; 8587bded2dbSJung-uk Kim continue; 8597bded2dbSJung-uk Kim } else if (strcmp(*argv, "-prexit") == 0) 860f579bf8eSKris Kennaway prexit = 1; 86174664626SKris Kennaway else if (strcmp(*argv, "-crlf") == 0) 86274664626SKris Kennaway crlf = 1; 8636f9291ceSJung-uk Kim else if (strcmp(*argv, "-quiet") == 0) { 86474664626SKris Kennaway c_quiet = 1; 865f579bf8eSKris Kennaway c_ign_eof = 1; 8666f9291ceSJung-uk Kim } else if (strcmp(*argv, "-ign_eof") == 0) 867f579bf8eSKris Kennaway c_ign_eof = 1; 868db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-no_ign_eof") == 0) 869db522d3aSSimon L. B. Nielsen c_ign_eof = 0; 87074664626SKris Kennaway else if (strcmp(*argv, "-pause") == 0) 87174664626SKris Kennaway c_Pause = 1; 87274664626SKris Kennaway else if (strcmp(*argv, "-debug") == 0) 87374664626SKris Kennaway c_debug = 1; 874db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 875db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-tlsextdebug") == 0) 876db522d3aSSimon L. B. Nielsen c_tlsextdebug = 1; 877db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "-status") == 0) 878db522d3aSSimon L. B. Nielsen c_status_req = 1; 879db522d3aSSimon L. B. Nielsen #endif 8803b4e3dcbSSimon L. B. Nielsen #ifdef WATT32 8813b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv, "-wdebug") == 0) 8823b4e3dcbSSimon L. B. Nielsen dbug_init(); 8833b4e3dcbSSimon L. B. Nielsen #endif 8845c87c606SMark Murray else if (strcmp(*argv, "-msg") == 0) 8855c87c606SMark Murray c_msg = 1; 8867bded2dbSJung-uk Kim else if (strcmp(*argv, "-msgfile") == 0) { 8877bded2dbSJung-uk Kim if (--argc < 1) 8887bded2dbSJung-uk Kim goto bad; 8897bded2dbSJung-uk Kim bio_c_msg = BIO_new_file(*(++argv), "w"); 8907bded2dbSJung-uk Kim } 8917bded2dbSJung-uk Kim #ifndef OPENSSL_NO_SSL_TRACE 8927bded2dbSJung-uk Kim else if (strcmp(*argv, "-trace") == 0) 8937bded2dbSJung-uk Kim c_msg = 2; 8947bded2dbSJung-uk Kim #endif 89574664626SKris Kennaway else if (strcmp(*argv, "-showcerts") == 0) 89674664626SKris Kennaway c_showcerts = 1; 89774664626SKris Kennaway else if (strcmp(*argv, "-nbio_test") == 0) 89874664626SKris Kennaway nbio_test = 1; 89974664626SKris Kennaway else if (strcmp(*argv, "-state") == 0) 90074664626SKris Kennaway state = 1; 9011f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 9026f9291ceSJung-uk Kim else if (strcmp(*argv, "-psk_identity") == 0) { 9036f9291ceSJung-uk Kim if (--argc < 1) 9046f9291ceSJung-uk Kim goto bad; 9051f13597dSJung-uk Kim psk_identity = *(++argv); 9066f9291ceSJung-uk Kim } else if (strcmp(*argv, "-psk") == 0) { 9071f13597dSJung-uk Kim size_t j; 9081f13597dSJung-uk Kim 9096f9291ceSJung-uk Kim if (--argc < 1) 9106f9291ceSJung-uk Kim goto bad; 9111f13597dSJung-uk Kim psk_key = *(++argv); 9126f9291ceSJung-uk Kim for (j = 0; j < strlen(psk_key); j++) { 9131f13597dSJung-uk Kim if (isxdigit((unsigned char)psk_key[j])) 9141f13597dSJung-uk Kim continue; 9151f13597dSJung-uk Kim BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); 9161f13597dSJung-uk Kim goto bad; 9171f13597dSJung-uk Kim } 9181f13597dSJung-uk Kim } 9191f13597dSJung-uk Kim #endif 9201f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 9216f9291ceSJung-uk Kim else if (strcmp(*argv, "-srpuser") == 0) { 9226f9291ceSJung-uk Kim if (--argc < 1) 9236f9291ceSJung-uk Kim goto bad; 9241f13597dSJung-uk Kim srp_arg.srplogin = *(++argv); 9251f13597dSJung-uk Kim meth = TLSv1_client_method(); 9266f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srppass") == 0) { 9276f9291ceSJung-uk Kim if (--argc < 1) 9286f9291ceSJung-uk Kim goto bad; 9291f13597dSJung-uk Kim srppass = *(++argv); 9301f13597dSJung-uk Kim meth = TLSv1_client_method(); 9316f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_strength") == 0) { 9326f9291ceSJung-uk Kim if (--argc < 1) 9336f9291ceSJung-uk Kim goto bad; 9341f13597dSJung-uk Kim srp_arg.strength = atoi(*(++argv)); 9356f9291ceSJung-uk Kim BIO_printf(bio_err, "SRP minimal length for N is %d\n", 9366f9291ceSJung-uk Kim srp_arg.strength); 9371f13597dSJung-uk Kim meth = TLSv1_client_method(); 9386f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_lateuser") == 0) { 9391f13597dSJung-uk Kim srp_lateuser = 1; 9401f13597dSJung-uk Kim meth = TLSv1_client_method(); 9416f9291ceSJung-uk Kim } else if (strcmp(*argv, "-srp_moregroups") == 0) { 9421f13597dSJung-uk Kim srp_arg.amp = 1; 9431f13597dSJung-uk Kim meth = TLSv1_client_method(); 9441f13597dSJung-uk Kim } 9451f13597dSJung-uk Kim #endif 9465c87c606SMark Murray #ifndef OPENSSL_NO_SSL2 94774664626SKris Kennaway else if (strcmp(*argv, "-ssl2") == 0) 94874664626SKris Kennaway meth = SSLv2_client_method(); 94974664626SKris Kennaway #endif 950751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 95174664626SKris Kennaway else if (strcmp(*argv, "-ssl3") == 0) 95274664626SKris Kennaway meth = SSLv3_client_method(); 95374664626SKris Kennaway #endif 9545c87c606SMark Murray #ifndef OPENSSL_NO_TLS1 9551f13597dSJung-uk Kim else if (strcmp(*argv, "-tls1_2") == 0) 9561f13597dSJung-uk Kim meth = TLSv1_2_client_method(); 9571f13597dSJung-uk Kim else if (strcmp(*argv, "-tls1_1") == 0) 9581f13597dSJung-uk Kim meth = TLSv1_1_client_method(); 95974664626SKris Kennaway else if (strcmp(*argv, "-tls1") == 0) 96074664626SKris Kennaway meth = TLSv1_client_method(); 96174664626SKris Kennaway #endif 9623b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_DTLS1 9637bded2dbSJung-uk Kim else if (strcmp(*argv, "-dtls") == 0) { 9647bded2dbSJung-uk Kim meth = DTLS_client_method(); 9657bded2dbSJung-uk Kim socket_type = SOCK_DGRAM; 9667bded2dbSJung-uk Kim } else if (strcmp(*argv, "-dtls1") == 0) { 9673b4e3dcbSSimon L. B. Nielsen meth = DTLSv1_client_method(); 9681f13597dSJung-uk Kim socket_type = SOCK_DGRAM; 9697bded2dbSJung-uk Kim } else if (strcmp(*argv, "-dtls1_2") == 0) { 9707bded2dbSJung-uk Kim meth = DTLSv1_2_client_method(); 9717bded2dbSJung-uk Kim socket_type = SOCK_DGRAM; 9726f9291ceSJung-uk Kim } else if (strcmp(*argv, "-timeout") == 0) 9733b4e3dcbSSimon L. B. Nielsen enable_timeouts = 1; 9746f9291ceSJung-uk Kim else if (strcmp(*argv, "-mtu") == 0) { 9756f9291ceSJung-uk Kim if (--argc < 1) 9766f9291ceSJung-uk Kim goto bad; 9776a599222SSimon L. B. Nielsen socket_mtu = atol(*(++argv)); 9783b4e3dcbSSimon L. B. Nielsen } 9793b4e3dcbSSimon L. B. Nielsen #endif 9807bded2dbSJung-uk Kim else if (strcmp(*argv, "-fallback_scsv") == 0) { 9817bded2dbSJung-uk Kim fallback_scsv = 1; 9827bded2dbSJung-uk Kim } else if (strcmp(*argv, "-keyform") == 0) { 9836f9291ceSJung-uk Kim if (--argc < 1) 9846f9291ceSJung-uk Kim goto bad; 9853b4e3dcbSSimon L. B. Nielsen key_format = str2fmt(*(++argv)); 9866f9291ceSJung-uk Kim } else if (strcmp(*argv, "-pass") == 0) { 9876f9291ceSJung-uk Kim if (--argc < 1) 9886f9291ceSJung-uk Kim goto bad; 9893b4e3dcbSSimon L. B. Nielsen passarg = *(++argv); 9907bded2dbSJung-uk Kim } else if (strcmp(*argv, "-cert_chain") == 0) { 9917bded2dbSJung-uk Kim if (--argc < 1) 9927bded2dbSJung-uk Kim goto bad; 9937bded2dbSJung-uk Kim chain_file = *(++argv); 9946f9291ceSJung-uk Kim } else if (strcmp(*argv, "-key") == 0) { 9956f9291ceSJung-uk Kim if (--argc < 1) 9966f9291ceSJung-uk Kim goto bad; 99774664626SKris Kennaway key_file = *(++argv); 9986f9291ceSJung-uk Kim } else if (strcmp(*argv, "-reconnect") == 0) { 99974664626SKris Kennaway reconnect = 5; 10006f9291ceSJung-uk Kim } else if (strcmp(*argv, "-CApath") == 0) { 10016f9291ceSJung-uk Kim if (--argc < 1) 10026f9291ceSJung-uk Kim goto bad; 100374664626SKris Kennaway CApath = *(++argv); 10047bded2dbSJung-uk Kim } else if (strcmp(*argv, "-chainCApath") == 0) { 10057bded2dbSJung-uk Kim if (--argc < 1) 10067bded2dbSJung-uk Kim goto bad; 10077bded2dbSJung-uk Kim chCApath = *(++argv); 10087bded2dbSJung-uk Kim } else if (strcmp(*argv, "-verifyCApath") == 0) { 10097bded2dbSJung-uk Kim if (--argc < 1) 10107bded2dbSJung-uk Kim goto bad; 10117bded2dbSJung-uk Kim vfyCApath = *(++argv); 10127bded2dbSJung-uk Kim } else if (strcmp(*argv, "-build_chain") == 0) 10137bded2dbSJung-uk Kim build_chain = 1; 10147bded2dbSJung-uk Kim else if (strcmp(*argv, "-CAfile") == 0) { 10156f9291ceSJung-uk Kim if (--argc < 1) 10166f9291ceSJung-uk Kim goto bad; 101774664626SKris Kennaway CAfile = *(++argv); 10187bded2dbSJung-uk Kim } else if (strcmp(*argv, "-chainCAfile") == 0) { 10197bded2dbSJung-uk Kim if (--argc < 1) 10207bded2dbSJung-uk Kim goto bad; 10217bded2dbSJung-uk Kim chCAfile = *(++argv); 10227bded2dbSJung-uk Kim } else if (strcmp(*argv, "-verifyCAfile") == 0) { 10237bded2dbSJung-uk Kim if (--argc < 1) 10247bded2dbSJung-uk Kim goto bad; 10257bded2dbSJung-uk Kim vfyCAfile = *(++argv); 10266f9291ceSJung-uk Kim } 1027db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 10281f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 10296f9291ceSJung-uk Kim else if (strcmp(*argv, "-nextprotoneg") == 0) { 10306f9291ceSJung-uk Kim if (--argc < 1) 10316f9291ceSJung-uk Kim goto bad; 10321f13597dSJung-uk Kim next_proto_neg_in = *(++argv); 10331f13597dSJung-uk Kim } 10341f13597dSJung-uk Kim # endif 10357bded2dbSJung-uk Kim else if (strcmp(*argv, "-alpn") == 0) { 10366f9291ceSJung-uk Kim if (--argc < 1) 10376f9291ceSJung-uk Kim goto bad; 10387bded2dbSJung-uk Kim alpn_in = *(++argv); 10397bded2dbSJung-uk Kim } else if (strcmp(*argv, "-serverinfo") == 0) { 10407bded2dbSJung-uk Kim char *c; 10417bded2dbSJung-uk Kim int start = 0; 10427bded2dbSJung-uk Kim int len; 10437bded2dbSJung-uk Kim 10447bded2dbSJung-uk Kim if (--argc < 1) 10457bded2dbSJung-uk Kim goto bad; 10467bded2dbSJung-uk Kim c = *(++argv); 10477bded2dbSJung-uk Kim serverinfo_types_count = 0; 10487bded2dbSJung-uk Kim len = strlen(c); 10497bded2dbSJung-uk Kim for (i = 0; i <= len; ++i) { 10507bded2dbSJung-uk Kim if (i == len || c[i] == ',') { 10517bded2dbSJung-uk Kim serverinfo_types[serverinfo_types_count] 10527bded2dbSJung-uk Kim = atoi(c + start); 10537bded2dbSJung-uk Kim serverinfo_types_count++; 10547bded2dbSJung-uk Kim start = i + 1; 105574664626SKris Kennaway } 10567bded2dbSJung-uk Kim if (serverinfo_types_count == MAX_SI_TYPES) 10577bded2dbSJung-uk Kim break; 10587bded2dbSJung-uk Kim } 10597bded2dbSJung-uk Kim } 10607bded2dbSJung-uk Kim #endif 106174664626SKris Kennaway #ifdef FIONBIO 10626f9291ceSJung-uk Kim else if (strcmp(*argv, "-nbio") == 0) { 10636f9291ceSJung-uk Kim c_nbio = 1; 10646f9291ceSJung-uk Kim } 106574664626SKris Kennaway #endif 10666f9291ceSJung-uk Kim else if (strcmp(*argv, "-starttls") == 0) { 10676f9291ceSJung-uk Kim if (--argc < 1) 10686f9291ceSJung-uk Kim goto bad; 10695c87c606SMark Murray ++argv; 10705c87c606SMark Murray if (strcmp(*argv, "smtp") == 0) 10715471f83eSSimon L. B. Nielsen starttls_proto = PROTO_SMTP; 107250ef0093SJacques Vidrine else if (strcmp(*argv, "pop3") == 0) 10735471f83eSSimon L. B. Nielsen starttls_proto = PROTO_POP3; 10745471f83eSSimon L. B. Nielsen else if (strcmp(*argv, "imap") == 0) 10755471f83eSSimon L. B. Nielsen starttls_proto = PROTO_IMAP; 10765471f83eSSimon L. B. Nielsen else if (strcmp(*argv, "ftp") == 0) 10775471f83eSSimon L. B. Nielsen starttls_proto = PROTO_FTP; 1078db522d3aSSimon L. B. Nielsen else if (strcmp(*argv, "xmpp") == 0) 1079db522d3aSSimon L. B. Nielsen starttls_proto = PROTO_XMPP; 10805c87c606SMark Murray else 10815c87c606SMark Murray goto bad; 10825c87c606SMark Murray } 1083fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 10846f9291ceSJung-uk Kim else if (strcmp(*argv, "-engine") == 0) { 10856f9291ceSJung-uk Kim if (--argc < 1) 10866f9291ceSJung-uk Kim goto bad; 10875c87c606SMark Murray engine_id = *(++argv); 10886f9291ceSJung-uk Kim } else if (strcmp(*argv, "-ssl_client_engine") == 0) { 10896f9291ceSJung-uk Kim if (--argc < 1) 10906f9291ceSJung-uk Kim goto bad; 1091db522d3aSSimon L. B. Nielsen ssl_client_engine_id = *(++argv); 1092db522d3aSSimon L. B. Nielsen } 1093fceca8a3SJacques Vidrine #endif 10946f9291ceSJung-uk Kim else if (strcmp(*argv, "-rand") == 0) { 10956f9291ceSJung-uk Kim if (--argc < 1) 10966f9291ceSJung-uk Kim goto bad; 10975740a5e3SKris Kennaway inrand = *(++argv); 10985740a5e3SKris Kennaway } 1099db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 11006f9291ceSJung-uk Kim else if (strcmp(*argv, "-servername") == 0) { 11016f9291ceSJung-uk Kim if (--argc < 1) 11026f9291ceSJung-uk Kim goto bad; 1103db522d3aSSimon L. B. Nielsen servername = *(++argv); 1104db522d3aSSimon L. B. Nielsen /* meth=TLSv1_client_method(); */ 1105db522d3aSSimon L. B. Nielsen } 1106db522d3aSSimon L. B. Nielsen #endif 1107db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 11086f9291ceSJung-uk Kim else if (strcmp(*argv, "-jpake") == 0) { 11096f9291ceSJung-uk Kim if (--argc < 1) 11106f9291ceSJung-uk Kim goto bad; 1111db522d3aSSimon L. B. Nielsen jpake_secret = *++argv; 1112db522d3aSSimon L. B. Nielsen } 1113db522d3aSSimon L. B. Nielsen #endif 111409286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 11156f9291ceSJung-uk Kim else if (strcmp(*argv, "-use_srtp") == 0) { 11166f9291ceSJung-uk Kim if (--argc < 1) 11176f9291ceSJung-uk Kim goto bad; 11181f13597dSJung-uk Kim srtp_profiles = *(++argv); 11191f13597dSJung-uk Kim } 112009286989SJung-uk Kim #endif 11216f9291ceSJung-uk Kim else if (strcmp(*argv, "-keymatexport") == 0) { 11226f9291ceSJung-uk Kim if (--argc < 1) 11236f9291ceSJung-uk Kim goto bad; 11241f13597dSJung-uk Kim keymatexportlabel = *(++argv); 11256f9291ceSJung-uk Kim } else if (strcmp(*argv, "-keymatexportlen") == 0) { 11266f9291ceSJung-uk Kim if (--argc < 1) 11276f9291ceSJung-uk Kim goto bad; 11281f13597dSJung-uk Kim keymatexportlen = atoi(*(++argv)); 11296f9291ceSJung-uk Kim if (keymatexportlen == 0) 11306f9291ceSJung-uk Kim goto bad; 11316f9291ceSJung-uk Kim } else { 113274664626SKris Kennaway BIO_printf(bio_err, "unknown option %s\n", *argv); 113374664626SKris Kennaway badop = 1; 113474664626SKris Kennaway break; 113574664626SKris Kennaway } 113674664626SKris Kennaway argc--; 113774664626SKris Kennaway argv++; 113874664626SKris Kennaway } 11396f9291ceSJung-uk Kim if (badop) { 114074664626SKris Kennaway bad: 114174664626SKris Kennaway sc_usage(); 114274664626SKris Kennaway goto end; 114374664626SKris Kennaway } 11441f13597dSJung-uk Kim #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 11456f9291ceSJung-uk Kim if (jpake_secret) { 11466f9291ceSJung-uk Kim if (psk_key) { 11476f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't use JPAKE and PSK together\n"); 11481f13597dSJung-uk Kim goto end; 11491f13597dSJung-uk Kim } 11501f13597dSJung-uk Kim psk_identity = "JPAKE"; 11511f13597dSJung-uk Kim } 11521f13597dSJung-uk Kim #endif 11531f13597dSJung-uk Kim 11545c87c606SMark Murray OpenSSL_add_ssl_algorithms(); 11555c87c606SMark Murray SSL_load_error_strings(); 11565c87c606SMark Murray 11571f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 11581f13597dSJung-uk Kim next_proto.status = -1; 11596f9291ceSJung-uk Kim if (next_proto_neg_in) { 11606f9291ceSJung-uk Kim next_proto.data = 11616f9291ceSJung-uk Kim next_protos_parse(&next_proto.len, next_proto_neg_in); 11626f9291ceSJung-uk Kim if (next_proto.data == NULL) { 11631f13597dSJung-uk Kim BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); 11641f13597dSJung-uk Kim goto end; 11651f13597dSJung-uk Kim } 11666f9291ceSJung-uk Kim } else 11671f13597dSJung-uk Kim next_proto.data = NULL; 11681f13597dSJung-uk Kim #endif 11691f13597dSJung-uk Kim 1170fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 11715c87c606SMark Murray e = setup_engine(bio_err, engine_id, 1); 11726f9291ceSJung-uk Kim if (ssl_client_engine_id) { 1173db522d3aSSimon L. B. Nielsen ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); 11746f9291ceSJung-uk Kim if (!ssl_client_engine) { 11756f9291ceSJung-uk Kim BIO_printf(bio_err, "Error getting client auth engine\n"); 1176db522d3aSSimon L. B. Nielsen goto end; 1177db522d3aSSimon L. B. Nielsen } 1178db522d3aSSimon L. B. Nielsen } 1179fceca8a3SJacques Vidrine #endif 11806f9291ceSJung-uk Kim if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { 11813b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "Error getting password\n"); 11823b4e3dcbSSimon L. B. Nielsen goto end; 11833b4e3dcbSSimon L. B. Nielsen } 11843b4e3dcbSSimon L. B. Nielsen 11853b4e3dcbSSimon L. B. Nielsen if (key_file == NULL) 11863b4e3dcbSSimon L. B. Nielsen key_file = cert_file; 11873b4e3dcbSSimon L. B. Nielsen 11886f9291ceSJung-uk Kim if (key_file) { 11893b4e3dcbSSimon L. B. Nielsen 11903b4e3dcbSSimon L. B. Nielsen key = load_key(bio_err, key_file, key_format, 0, pass, e, 11913b4e3dcbSSimon L. B. Nielsen "client certificate private key file"); 11926f9291ceSJung-uk Kim if (!key) { 11933b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 11943b4e3dcbSSimon L. B. Nielsen goto end; 11953b4e3dcbSSimon L. B. Nielsen } 11963b4e3dcbSSimon L. B. Nielsen 11973b4e3dcbSSimon L. B. Nielsen } 11983b4e3dcbSSimon L. B. Nielsen 11996f9291ceSJung-uk Kim if (cert_file) { 12003b4e3dcbSSimon L. B. Nielsen cert = load_cert(bio_err, cert_file, cert_format, 12013b4e3dcbSSimon L. B. Nielsen NULL, e, "client certificate file"); 12023b4e3dcbSSimon L. B. Nielsen 12036f9291ceSJung-uk Kim if (!cert) { 12043b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 12053b4e3dcbSSimon L. B. Nielsen goto end; 12063b4e3dcbSSimon L. B. Nielsen } 12073b4e3dcbSSimon L. B. Nielsen } 12085c87c606SMark Murray 12097bded2dbSJung-uk Kim if (chain_file) { 12107bded2dbSJung-uk Kim chain = load_certs(bio_err, chain_file, FORMAT_PEM, 12117bded2dbSJung-uk Kim NULL, e, "client certificate chain"); 12127bded2dbSJung-uk Kim if (!chain) 12137bded2dbSJung-uk Kim goto end; 12147bded2dbSJung-uk Kim } 12157bded2dbSJung-uk Kim 12167bded2dbSJung-uk Kim if (crl_file) { 12177bded2dbSJung-uk Kim X509_CRL *crl; 12187bded2dbSJung-uk Kim crl = load_crl(crl_file, crl_format); 12197bded2dbSJung-uk Kim if (!crl) { 12207bded2dbSJung-uk Kim BIO_puts(bio_err, "Error loading CRL\n"); 12217bded2dbSJung-uk Kim ERR_print_errors(bio_err); 12227bded2dbSJung-uk Kim goto end; 12237bded2dbSJung-uk Kim } 12247bded2dbSJung-uk Kim crls = sk_X509_CRL_new_null(); 12257bded2dbSJung-uk Kim if (!crls || !sk_X509_CRL_push(crls, crl)) { 12267bded2dbSJung-uk Kim BIO_puts(bio_err, "Error adding CRL\n"); 12277bded2dbSJung-uk Kim ERR_print_errors(bio_err); 12287bded2dbSJung-uk Kim X509_CRL_free(crl); 12297bded2dbSJung-uk Kim goto end; 12307bded2dbSJung-uk Kim } 12317bded2dbSJung-uk Kim } 12327bded2dbSJung-uk Kim 12337bded2dbSJung-uk Kim if (!load_excert(&exc, bio_err)) 12347bded2dbSJung-uk Kim goto end; 12357bded2dbSJung-uk Kim 12365740a5e3SKris Kennaway if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 12376f9291ceSJung-uk Kim && !RAND_status()) { 12386f9291ceSJung-uk Kim BIO_printf(bio_err, 12396f9291ceSJung-uk Kim "warning, not much extra random data, consider using the -rand option\n"); 12405740a5e3SKris Kennaway } 12415740a5e3SKris Kennaway if (inrand != NULL) 12425740a5e3SKris Kennaway BIO_printf(bio_err, "%ld semi-random bytes loaded\n", 12435740a5e3SKris Kennaway app_RAND_load_files(inrand)); 1244f579bf8eSKris Kennaway 12456f9291ceSJung-uk Kim if (bio_c_out == NULL) { 12467bded2dbSJung-uk Kim if (c_quiet && !c_debug) { 124774664626SKris Kennaway bio_c_out = BIO_new(BIO_s_null()); 12487bded2dbSJung-uk Kim if (c_msg && !bio_c_msg) 12497bded2dbSJung-uk Kim bio_c_msg = BIO_new_fp(stdout, BIO_NOCLOSE); 12506f9291ceSJung-uk Kim } else { 125174664626SKris Kennaway if (bio_c_out == NULL) 125274664626SKris Kennaway bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE); 125374664626SKris Kennaway } 125474664626SKris Kennaway } 12551f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 12566f9291ceSJung-uk Kim if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) { 12571f13597dSJung-uk Kim BIO_printf(bio_err, "Error getting password\n"); 12581f13597dSJung-uk Kim goto end; 12591f13597dSJung-uk Kim } 12601f13597dSJung-uk Kim #endif 12611f13597dSJung-uk Kim 126274664626SKris Kennaway ctx = SSL_CTX_new(meth); 12636f9291ceSJung-uk Kim if (ctx == NULL) { 126474664626SKris Kennaway ERR_print_errors(bio_err); 126574664626SKris Kennaway goto end; 126674664626SKris Kennaway } 126774664626SKris Kennaway 12681f13597dSJung-uk Kim if (vpm) 12691f13597dSJung-uk Kim SSL_CTX_set1_param(ctx, vpm); 12701f13597dSJung-uk Kim 12717bded2dbSJung-uk Kim if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake)) { 12727bded2dbSJung-uk Kim ERR_print_errors(bio_err); 12737bded2dbSJung-uk Kim goto end; 12747bded2dbSJung-uk Kim } 12757bded2dbSJung-uk Kim 12767bded2dbSJung-uk Kim if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, 12777bded2dbSJung-uk Kim crls, crl_download)) { 12787bded2dbSJung-uk Kim BIO_printf(bio_err, "Error loading store locations\n"); 12797bded2dbSJung-uk Kim ERR_print_errors(bio_err); 12807bded2dbSJung-uk Kim goto end; 12817bded2dbSJung-uk Kim } 1282db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_ENGINE 12836f9291ceSJung-uk Kim if (ssl_client_engine) { 12846f9291ceSJung-uk Kim if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) { 1285db522d3aSSimon L. B. Nielsen BIO_puts(bio_err, "Error setting client auth engine\n"); 1286db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1287db522d3aSSimon L. B. Nielsen ENGINE_free(ssl_client_engine); 1288db522d3aSSimon L. B. Nielsen goto end; 1289db522d3aSSimon L. B. Nielsen } 1290db522d3aSSimon L. B. Nielsen ENGINE_free(ssl_client_engine); 1291db522d3aSSimon L. B. Nielsen } 1292db522d3aSSimon L. B. Nielsen #endif 1293db522d3aSSimon L. B. Nielsen 12941f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 12951f13597dSJung-uk Kim # ifdef OPENSSL_NO_JPAKE 12961f13597dSJung-uk Kim if (psk_key != NULL) 12971f13597dSJung-uk Kim # else 12981f13597dSJung-uk Kim if (psk_key != NULL || jpake_secret) 12991f13597dSJung-uk Kim # endif 13001f13597dSJung-uk Kim { 13011f13597dSJung-uk Kim if (c_debug) 13026f9291ceSJung-uk Kim BIO_printf(bio_c_out, 13036f9291ceSJung-uk Kim "PSK key given or JPAKE in use, setting client callback\n"); 13041f13597dSJung-uk Kim SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); 13051f13597dSJung-uk Kim } 130609286989SJung-uk Kim #endif 130709286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 13081f13597dSJung-uk Kim if (srtp_profiles != NULL) 13091f13597dSJung-uk Kim SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); 13101f13597dSJung-uk Kim #endif 13117bded2dbSJung-uk Kim if (exc) 13127bded2dbSJung-uk Kim ssl_ctx_set_excert(ctx, exc); 13136a599222SSimon L. B. Nielsen 13147bded2dbSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) 13157bded2dbSJung-uk Kim # if !defined(OPENSSL_NO_NEXTPROTONEG) 13161f13597dSJung-uk Kim if (next_proto.data) 13171f13597dSJung-uk Kim SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); 13181f13597dSJung-uk Kim # endif 13197bded2dbSJung-uk Kim if (alpn_in) { 13207bded2dbSJung-uk Kim unsigned short alpn_len; 13217bded2dbSJung-uk Kim unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); 13227bded2dbSJung-uk Kim 13237bded2dbSJung-uk Kim if (alpn == NULL) { 13247bded2dbSJung-uk Kim BIO_printf(bio_err, "Error parsing -alpn argument\n"); 13257bded2dbSJung-uk Kim goto end; 13267bded2dbSJung-uk Kim } 13277bded2dbSJung-uk Kim SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); 13287bded2dbSJung-uk Kim OPENSSL_free(alpn); 13297bded2dbSJung-uk Kim } 13307bded2dbSJung-uk Kim #endif 13317bded2dbSJung-uk Kim #ifndef OPENSSL_NO_TLSEXT 13327bded2dbSJung-uk Kim for (i = 0; i < serverinfo_types_count; i++) { 13337bded2dbSJung-uk Kim SSL_CTX_add_client_custom_ext(ctx, 13347bded2dbSJung-uk Kim serverinfo_types[i], 13357bded2dbSJung-uk Kim NULL, NULL, NULL, 13367bded2dbSJung-uk Kim serverinfo_cli_parse_cb, NULL); 13377bded2dbSJung-uk Kim } 13387bded2dbSJung-uk Kim #endif 133974664626SKris Kennaway 13406f9291ceSJung-uk Kim if (state) 13416f9291ceSJung-uk Kim SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 134274664626SKris Kennaway #if 0 134374664626SKris Kennaway else 134474664626SKris Kennaway SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER")); 134574664626SKris Kennaway #endif 134674664626SKris Kennaway 134774664626SKris Kennaway SSL_CTX_set_verify(ctx, verify, verify_callback); 134874664626SKris Kennaway 1349ed6b93beSJung-uk Kim if ((CAfile || CApath) 1350ed6b93beSJung-uk Kim && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { 135174664626SKris Kennaway ERR_print_errors(bio_err); 1352ed6b93beSJung-uk Kim } 1353ed6b93beSJung-uk Kim if (!SSL_CTX_set_default_verify_paths(ctx)) { 1354ed6b93beSJung-uk Kim ERR_print_errors(bio_err); 135574664626SKris Kennaway } 13567bded2dbSJung-uk Kim 13577bded2dbSJung-uk Kim ssl_ctx_add_crls(ctx, crls, crl_download); 13587bded2dbSJung-uk Kim if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) 13597bded2dbSJung-uk Kim goto end; 13607bded2dbSJung-uk Kim 1361db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 13626f9291ceSJung-uk Kim if (servername != NULL) { 1363db522d3aSSimon L. B. Nielsen tlsextcbp.biodebug = bio_err; 1364db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1365db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1366db522d3aSSimon L. B. Nielsen } 13671f13597dSJung-uk Kim # ifndef OPENSSL_NO_SRP 13686f9291ceSJung-uk Kim if (srp_arg.srplogin) { 13696f9291ceSJung-uk Kim if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) { 13701f13597dSJung-uk Kim BIO_printf(bio_err, "Unable to set SRP username\n"); 13711f13597dSJung-uk Kim goto end; 13721f13597dSJung-uk Kim } 13731f13597dSJung-uk Kim srp_arg.msg = c_msg; 13741f13597dSJung-uk Kim srp_arg.debug = c_debug; 13751f13597dSJung-uk Kim SSL_CTX_set_srp_cb_arg(ctx, &srp_arg); 13761f13597dSJung-uk Kim SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb); 13771f13597dSJung-uk Kim SSL_CTX_set_srp_strength(ctx, srp_arg.strength); 13781f13597dSJung-uk Kim if (c_msg || c_debug || srp_arg.amp == 0) 13796f9291ceSJung-uk Kim SSL_CTX_set_srp_verify_param_callback(ctx, 13806f9291ceSJung-uk Kim ssl_srp_verify_param_cb); 13811f13597dSJung-uk Kim } 13821f13597dSJung-uk Kim # endif 1383db522d3aSSimon L. B. Nielsen #endif 138474664626SKris Kennaway 1385f579bf8eSKris Kennaway con = SSL_new(ctx); 13866f9291ceSJung-uk Kim if (sess_in) { 1387db522d3aSSimon L. B. Nielsen SSL_SESSION *sess; 1388db522d3aSSimon L. B. Nielsen BIO *stmp = BIO_new_file(sess_in, "r"); 13896f9291ceSJung-uk Kim if (!stmp) { 13906f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't open session file %s\n", sess_in); 1391db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1392db522d3aSSimon L. B. Nielsen goto end; 1393db522d3aSSimon L. B. Nielsen } 1394db522d3aSSimon L. B. Nielsen sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); 1395db522d3aSSimon L. B. Nielsen BIO_free(stmp); 13966f9291ceSJung-uk Kim if (!sess) { 13976f9291ceSJung-uk Kim BIO_printf(bio_err, "Can't open session file %s\n", sess_in); 1398db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1399db522d3aSSimon L. B. Nielsen goto end; 1400db522d3aSSimon L. B. Nielsen } 1401db522d3aSSimon L. B. Nielsen SSL_set_session(con, sess); 1402db522d3aSSimon L. B. Nielsen SSL_SESSION_free(sess); 1403db522d3aSSimon L. B. Nielsen } 1404fa5fddf1SJung-uk Kim 1405fa5fddf1SJung-uk Kim if (fallback_scsv) 1406fa5fddf1SJung-uk Kim SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); 1407fa5fddf1SJung-uk Kim 1408db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 14096f9291ceSJung-uk Kim if (servername != NULL) { 14106f9291ceSJung-uk Kim if (!SSL_set_tlsext_host_name(con, servername)) { 1411db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); 1412db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1413db522d3aSSimon L. B. Nielsen goto end; 1414db522d3aSSimon L. B. Nielsen } 1415db522d3aSSimon L. B. Nielsen } 1416db522d3aSSimon L. B. Nielsen #endif 14175c87c606SMark Murray #ifndef OPENSSL_NO_KRB5 14186f9291ceSJung-uk Kim if (con && (kctx = kssl_ctx_new()) != NULL) { 14191f13597dSJung-uk Kim SSL_set0_kssl_ctx(con, kctx); 14201f13597dSJung-uk Kim kssl_ctx_setstring(kctx, KSSL_SERVER, host); 14215c87c606SMark Murray } 14225c87c606SMark Murray #endif /* OPENSSL_NO_KRB5 */ 142374664626SKris Kennaway /* SSL_set_cipher_list(con,"RC4-MD5"); */ 14241f13597dSJung-uk Kim #if 0 14251f13597dSJung-uk Kim # ifdef TLSEXT_TYPE_opaque_prf_input 14261f13597dSJung-uk Kim SSL_set_tlsext_opaque_prf_input(con, "Test client", 11); 14271f13597dSJung-uk Kim # endif 14281f13597dSJung-uk Kim #endif 142974664626SKris Kennaway 143074664626SKris Kennaway re_start: 143174664626SKris Kennaway 14326f9291ceSJung-uk Kim if (init_client(&s, host, port, socket_type) == 0) { 143374664626SKris Kennaway BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); 143474664626SKris Kennaway SHUTDOWN(s); 143574664626SKris Kennaway goto end; 143674664626SKris Kennaway } 143774664626SKris Kennaway BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); 143874664626SKris Kennaway 143974664626SKris Kennaway #ifdef FIONBIO 14406f9291ceSJung-uk Kim if (c_nbio) { 144174664626SKris Kennaway unsigned long l = 1; 144274664626SKris Kennaway BIO_printf(bio_c_out, "turning on non blocking io\n"); 14436f9291ceSJung-uk Kim if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) { 144474664626SKris Kennaway ERR_print_errors(bio_err); 144574664626SKris Kennaway goto end; 144674664626SKris Kennaway } 144774664626SKris Kennaway } 144874664626SKris Kennaway #endif 14496f9291ceSJung-uk Kim if (c_Pause & 0x01) 14506f9291ceSJung-uk Kim SSL_set_debug(con, 1); 14513b4e3dcbSSimon L. B. Nielsen 14527bded2dbSJung-uk Kim if (socket_type == SOCK_DGRAM) { 14533b4e3dcbSSimon L. B. Nielsen 14543b4e3dcbSSimon L. B. Nielsen sbio = BIO_new_dgram(s, BIO_NOCLOSE); 14556f9291ceSJung-uk Kim if (getsockname(s, &peer, (void *)&peerlen) < 0) { 14563b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "getsockname:errno=%d\n", 14573b4e3dcbSSimon L. B. Nielsen get_last_socket_error()); 14583b4e3dcbSSimon L. B. Nielsen SHUTDOWN(s); 14593b4e3dcbSSimon L. B. Nielsen goto end; 14603b4e3dcbSSimon L. B. Nielsen } 14613b4e3dcbSSimon L. B. Nielsen 1462db522d3aSSimon L. B. Nielsen (void)BIO_ctrl_set_connected(sbio, 1, &peer); 14633b4e3dcbSSimon L. B. Nielsen 14646f9291ceSJung-uk Kim if (enable_timeouts) { 14653b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 14663b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_RCV_TIMEOUT; 14673b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 14683b4e3dcbSSimon L. B. Nielsen 14693b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 14703b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_SND_TIMEOUT; 14713b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 14723b4e3dcbSSimon L. B. Nielsen } 14733b4e3dcbSSimon L. B. Nielsen 14746f9291ceSJung-uk Kim if (socket_mtu) { 14756f9291ceSJung-uk Kim if (socket_mtu < DTLS_get_link_min_mtu(con)) { 1476751d2991SJung-uk Kim BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", 1477751d2991SJung-uk Kim DTLS_get_link_min_mtu(con)); 1478751d2991SJung-uk Kim BIO_free(sbio); 1479751d2991SJung-uk Kim goto shut; 1480751d2991SJung-uk Kim } 14813b4e3dcbSSimon L. B. Nielsen SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 14826f9291ceSJung-uk Kim if (!DTLS_set_link_mtu(con, socket_mtu)) { 1483751d2991SJung-uk Kim BIO_printf(bio_err, "Failed to set MTU\n"); 1484751d2991SJung-uk Kim BIO_free(sbio); 1485751d2991SJung-uk Kim goto shut; 1486751d2991SJung-uk Kim } 14876f9291ceSJung-uk Kim } else 14883b4e3dcbSSimon L. B. Nielsen /* want to do MTU discovery */ 14893b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 14906f9291ceSJung-uk Kim } else 149174664626SKris Kennaway sbio = BIO_new_socket(s, BIO_NOCLOSE); 149274664626SKris Kennaway 14936f9291ceSJung-uk Kim if (nbio_test) { 149474664626SKris Kennaway BIO *test; 149574664626SKris Kennaway 149674664626SKris Kennaway test = BIO_new(BIO_f_nbio_test()); 149774664626SKris Kennaway sbio = BIO_push(test, sbio); 149874664626SKris Kennaway } 149974664626SKris Kennaway 15006f9291ceSJung-uk Kim if (c_debug) { 15011f13597dSJung-uk Kim SSL_set_debug(con, 1); 15023b4e3dcbSSimon L. B. Nielsen BIO_set_callback(sbio, bio_dump_callback); 15035471f83eSSimon L. B. Nielsen BIO_set_callback_arg(sbio, (char *)bio_c_out); 150474664626SKris Kennaway } 15056f9291ceSJung-uk Kim if (c_msg) { 15067bded2dbSJung-uk Kim #ifndef OPENSSL_NO_SSL_TRACE 15077bded2dbSJung-uk Kim if (c_msg == 2) 15087bded2dbSJung-uk Kim SSL_set_msg_callback(con, SSL_trace); 15097bded2dbSJung-uk Kim else 15107bded2dbSJung-uk Kim #endif 15115c87c606SMark Murray SSL_set_msg_callback(con, msg_cb); 15127bded2dbSJung-uk Kim SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out); 15135c87c606SMark Murray } 1514db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 15156f9291ceSJung-uk Kim if (c_tlsextdebug) { 1516db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_callback(con, tlsext_cb); 1517db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_arg(con, bio_c_out); 1518db522d3aSSimon L. B. Nielsen } 15196f9291ceSJung-uk Kim if (c_status_req) { 1520db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); 1521db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); 1522db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); 1523db522d3aSSimon L. B. Nielsen # if 0 1524db522d3aSSimon L. B. Nielsen { 1525db522d3aSSimon L. B. Nielsen STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); 1526db522d3aSSimon L. B. Nielsen OCSP_RESPID *id = OCSP_RESPID_new(); 1527db522d3aSSimon L. B. Nielsen id->value.byKey = ASN1_OCTET_STRING_new(); 1528db522d3aSSimon L. B. Nielsen id->type = V_OCSP_RESPID_KEY; 1529db522d3aSSimon L. B. Nielsen ASN1_STRING_set(id->value.byKey, "Hello World", -1); 1530db522d3aSSimon L. B. Nielsen sk_OCSP_RESPID_push(ids, id); 1531db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_ids(con, ids); 1532db522d3aSSimon L. B. Nielsen } 1533db522d3aSSimon L. B. Nielsen # endif 1534db522d3aSSimon L. B. Nielsen } 1535db522d3aSSimon L. B. Nielsen #endif 1536db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 1537db522d3aSSimon L. B. Nielsen if (jpake_secret) 1538db522d3aSSimon L. B. Nielsen jpake_client_auth(bio_c_out, sbio, jpake_secret); 1539db522d3aSSimon L. B. Nielsen #endif 154074664626SKris Kennaway 154174664626SKris Kennaway SSL_set_bio(con, sbio, sbio); 154274664626SKris Kennaway SSL_set_connect_state(con); 154374664626SKris Kennaway 154474664626SKris Kennaway /* ok, lets connect */ 154574664626SKris Kennaway width = SSL_get_fd(con) + 1; 154674664626SKris Kennaway 154774664626SKris Kennaway read_tty = 1; 154874664626SKris Kennaway write_tty = 0; 154974664626SKris Kennaway tty_on = 0; 155074664626SKris Kennaway read_ssl = 1; 155174664626SKris Kennaway write_ssl = 1; 155274664626SKris Kennaway 155374664626SKris Kennaway cbuf_len = 0; 155474664626SKris Kennaway cbuf_off = 0; 155574664626SKris Kennaway sbuf_len = 0; 155674664626SKris Kennaway sbuf_off = 0; 155774664626SKris Kennaway 15585c87c606SMark Murray /* This is an ugly hack that does a lot of assumptions */ 15596f9291ceSJung-uk Kim /* 15606f9291ceSJung-uk Kim * We do have to handle multi-line responses which may come in a single 15616f9291ceSJung-uk Kim * packet or not. We therefore have to use BIO_gets() which does need a 15626f9291ceSJung-uk Kim * buffering BIO. So during the initial chitchat we do push a buffering 15636f9291ceSJung-uk Kim * BIO into the chain that is removed again later on to not disturb the 15646f9291ceSJung-uk Kim * rest of the s_client operation. 15656f9291ceSJung-uk Kim */ 15666f9291ceSJung-uk Kim if (starttls_proto == PROTO_SMTP) { 15675471f83eSSimon L. B. Nielsen int foundit = 0; 15685471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 15695471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 15705471f83eSSimon L. B. Nielsen /* wait for multi-line response to end from SMTP */ 15716f9291ceSJung-uk Kim do { 15725471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 15735471f83eSSimon L. B. Nielsen } 15745471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 15755471f83eSSimon L. B. Nielsen /* STARTTLS command requires EHLO... */ 15765471f83eSSimon L. B. Nielsen BIO_printf(fbio, "EHLO openssl.client.net\r\n"); 1577db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 15785471f83eSSimon L. B. Nielsen /* wait for multi-line response to end EHLO SMTP response */ 15796f9291ceSJung-uk Kim do { 15805471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 15815471f83eSSimon L. B. Nielsen if (strstr(mbuf, "STARTTLS")) 15825471f83eSSimon L. B. Nielsen foundit = 1; 15835471f83eSSimon L. B. Nielsen } 15845471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 1585db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 15865471f83eSSimon L. B. Nielsen BIO_pop(fbio); 15875471f83eSSimon L. B. Nielsen BIO_free(fbio); 15885471f83eSSimon L. B. Nielsen if (!foundit) 15895471f83eSSimon L. B. Nielsen BIO_printf(bio_err, 15905471f83eSSimon L. B. Nielsen "didn't found starttls in server response," 15915471f83eSSimon L. B. Nielsen " try anyway...\n"); 15925c87c606SMark Murray BIO_printf(sbio, "STARTTLS\r\n"); 15935c87c606SMark Murray BIO_read(sbio, sbuf, BUFSIZZ); 15946f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_POP3) { 159550ef0093SJacques Vidrine BIO_read(sbio, mbuf, BUFSIZZ); 159650ef0093SJacques Vidrine BIO_printf(sbio, "STLS\r\n"); 159750ef0093SJacques Vidrine BIO_read(sbio, sbuf, BUFSIZZ); 15986f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_IMAP) { 15995471f83eSSimon L. B. Nielsen int foundit = 0; 16005471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 16015471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 16025471f83eSSimon L. B. Nielsen BIO_gets(fbio, mbuf, BUFSIZZ); 16035471f83eSSimon L. B. Nielsen /* STARTTLS command requires CAPABILITY... */ 16045471f83eSSimon L. B. Nielsen BIO_printf(fbio, ". CAPABILITY\r\n"); 1605db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16065471f83eSSimon L. B. Nielsen /* wait for multi-line CAPABILITY response */ 16076f9291ceSJung-uk Kim do { 16085471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 16095471f83eSSimon L. B. Nielsen if (strstr(mbuf, "STARTTLS")) 16105471f83eSSimon L. B. Nielsen foundit = 1; 16115471f83eSSimon L. B. Nielsen } 16125471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[0] != '.'); 1613db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16145471f83eSSimon L. B. Nielsen BIO_pop(fbio); 16155471f83eSSimon L. B. Nielsen BIO_free(fbio); 16165471f83eSSimon L. B. Nielsen if (!foundit) 16175471f83eSSimon L. B. Nielsen BIO_printf(bio_err, 16185471f83eSSimon L. B. Nielsen "didn't found STARTTLS in server response," 16195471f83eSSimon L. B. Nielsen " try anyway...\n"); 16205471f83eSSimon L. B. Nielsen BIO_printf(sbio, ". STARTTLS\r\n"); 16215471f83eSSimon L. B. Nielsen BIO_read(sbio, sbuf, BUFSIZZ); 16226f9291ceSJung-uk Kim } else if (starttls_proto == PROTO_FTP) { 16235471f83eSSimon L. B. Nielsen BIO *fbio = BIO_new(BIO_f_buffer()); 16245471f83eSSimon L. B. Nielsen BIO_push(fbio, sbio); 16255471f83eSSimon L. B. Nielsen /* wait for multi-line response to end from FTP */ 16266f9291ceSJung-uk Kim do { 16275471f83eSSimon L. B. Nielsen mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); 16285471f83eSSimon L. B. Nielsen } 16295471f83eSSimon L. B. Nielsen while (mbuf_len > 3 && mbuf[3] == '-'); 1630db522d3aSSimon L. B. Nielsen (void)BIO_flush(fbio); 16315471f83eSSimon L. B. Nielsen BIO_pop(fbio); 16325471f83eSSimon L. B. Nielsen BIO_free(fbio); 16335471f83eSSimon L. B. Nielsen BIO_printf(sbio, "AUTH TLS\r\n"); 16345471f83eSSimon L. B. Nielsen BIO_read(sbio, sbuf, BUFSIZZ); 16355471f83eSSimon L. B. Nielsen } 16366f9291ceSJung-uk Kim if (starttls_proto == PROTO_XMPP) { 1637db522d3aSSimon L. B. Nielsen int seen = 0; 1638db522d3aSSimon L. B. Nielsen BIO_printf(sbio, "<stream:stream " 1639db522d3aSSimon L. B. Nielsen "xmlns:stream='http://etherx.jabber.org/streams' " 1640db522d3aSSimon L. B. Nielsen "xmlns='jabber:client' to='%s' version='1.0'>", host); 1641db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, mbuf, BUFSIZZ); 1642db522d3aSSimon L. B. Nielsen mbuf[seen] = 0; 16436f9291ceSJung-uk Kim while (!strstr 16446f9291ceSJung-uk Kim (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) { 1645db522d3aSSimon L. B. Nielsen if (strstr(mbuf, "/stream:features>")) 1646db522d3aSSimon L. B. Nielsen goto shut; 1647db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, mbuf, BUFSIZZ); 1648db522d3aSSimon L. B. Nielsen mbuf[seen] = 0; 1649db522d3aSSimon L. B. Nielsen } 16506f9291ceSJung-uk Kim BIO_printf(sbio, 16516f9291ceSJung-uk Kim "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); 1652db522d3aSSimon L. B. Nielsen seen = BIO_read(sbio, sbuf, BUFSIZZ); 1653db522d3aSSimon L. B. Nielsen sbuf[seen] = 0; 1654db522d3aSSimon L. B. Nielsen if (!strstr(sbuf, "<proceed")) 1655db522d3aSSimon L. B. Nielsen goto shut; 1656db522d3aSSimon L. B. Nielsen mbuf[0] = 0; 1657db522d3aSSimon L. B. Nielsen } 16585c87c606SMark Murray 16596f9291ceSJung-uk Kim for (;;) { 166074664626SKris Kennaway FD_ZERO(&readfds); 166174664626SKris Kennaway FD_ZERO(&writefds); 166274664626SKris Kennaway 16636a599222SSimon L. B. Nielsen if ((SSL_version(con) == DTLS1_VERSION) && 16646a599222SSimon L. B. Nielsen DTLSv1_get_timeout(con, &timeout)) 16656a599222SSimon L. B. Nielsen timeoutp = &timeout; 16666a599222SSimon L. B. Nielsen else 16676a599222SSimon L. B. Nielsen timeoutp = NULL; 16686a599222SSimon L. B. Nielsen 16696f9291ceSJung-uk Kim if (SSL_in_init(con) && !SSL_total_renegotiations(con)) { 167074664626SKris Kennaway in_init = 1; 167174664626SKris Kennaway tty_on = 0; 16726f9291ceSJung-uk Kim } else { 167374664626SKris Kennaway tty_on = 1; 16746f9291ceSJung-uk Kim if (in_init) { 167574664626SKris Kennaway in_init = 0; 16766f9291ceSJung-uk Kim #if 0 /* This test doesn't really work as intended 16776f9291ceSJung-uk Kim * (needs to be fixed) */ 16781f13597dSJung-uk Kim # ifndef OPENSSL_NO_TLSEXT 16796f9291ceSJung-uk Kim if (servername != NULL && !SSL_session_reused(con)) { 16806f9291ceSJung-uk Kim BIO_printf(bio_c_out, 16816f9291ceSJung-uk Kim "Server did %sacknowledge servername extension.\n", 16826f9291ceSJung-uk Kim tlsextcbp.ack ? "" : "not "); 16831f13597dSJung-uk Kim } 16841f13597dSJung-uk Kim # endif 16851f13597dSJung-uk Kim #endif 16866f9291ceSJung-uk Kim if (sess_out) { 1687db522d3aSSimon L. B. Nielsen BIO *stmp = BIO_new_file(sess_out, "w"); 16886f9291ceSJung-uk Kim if (stmp) { 1689db522d3aSSimon L. B. Nielsen PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); 1690db522d3aSSimon L. B. Nielsen BIO_free(stmp); 16916f9291ceSJung-uk Kim } else 16926f9291ceSJung-uk Kim BIO_printf(bio_err, "Error writing session file %s\n", 16936f9291ceSJung-uk Kim sess_out); 1694db522d3aSSimon L. B. Nielsen } 16957bded2dbSJung-uk Kim if (c_brief) { 16967bded2dbSJung-uk Kim BIO_puts(bio_err, "CONNECTION ESTABLISHED\n"); 16977bded2dbSJung-uk Kim print_ssl_summary(bio_err, con); 16987bded2dbSJung-uk Kim } 16997bded2dbSJung-uk Kim 170074664626SKris Kennaway print_stuff(bio_c_out, con, full_log); 17016f9291ceSJung-uk Kim if (full_log > 0) 17026f9291ceSJung-uk Kim full_log--; 170374664626SKris Kennaway 17046f9291ceSJung-uk Kim if (starttls_proto) { 17055c87c606SMark Murray BIO_printf(bio_err, "%s", mbuf); 17065c87c606SMark Murray /* We don't need to know any more */ 17075471f83eSSimon L. B. Nielsen starttls_proto = PROTO_OFF; 17085c87c606SMark Murray } 17095c87c606SMark Murray 17106f9291ceSJung-uk Kim if (reconnect) { 171174664626SKris Kennaway reconnect--; 17126f9291ceSJung-uk Kim BIO_printf(bio_c_out, 17136f9291ceSJung-uk Kim "drop connection and then reconnect\n"); 171474664626SKris Kennaway SSL_shutdown(con); 171574664626SKris Kennaway SSL_set_connect_state(con); 171674664626SKris Kennaway SHUTDOWN(SSL_get_fd(con)); 171774664626SKris Kennaway goto re_start; 171874664626SKris Kennaway } 171974664626SKris Kennaway } 172074664626SKris Kennaway } 172174664626SKris Kennaway 172274664626SKris Kennaway ssl_pending = read_ssl && SSL_pending(con); 172374664626SKris Kennaway 17246f9291ceSJung-uk Kim if (!ssl_pending) { 17251f13597dSJung-uk Kim #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5) 17266f9291ceSJung-uk Kim if (tty_on) { 17276f9291ceSJung-uk Kim if (read_tty) 17286f9291ceSJung-uk Kim openssl_fdset(fileno(stdin), &readfds); 17296f9291ceSJung-uk Kim if (write_tty) 17306f9291ceSJung-uk Kim openssl_fdset(fileno(stdout), &writefds); 173174664626SKris Kennaway } 173274664626SKris Kennaway if (read_ssl) 17331f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &readfds); 173474664626SKris Kennaway if (write_ssl) 17351f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &writefds); 1736f579bf8eSKris Kennaway #else 1737f579bf8eSKris Kennaway if (!tty_on || !write_tty) { 1738f579bf8eSKris Kennaway if (read_ssl) 17391f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &readfds); 1740f579bf8eSKris Kennaway if (write_ssl) 17411f13597dSJung-uk Kim openssl_fdset(SSL_get_fd(con), &writefds); 1742f579bf8eSKris Kennaway } 1743f579bf8eSKris Kennaway #endif 17446f9291ceSJung-uk Kim /*- printf("mode tty(%d %d%d) ssl(%d%d)\n", 174574664626SKris Kennaway tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ 174674664626SKris Kennaway 17476f9291ceSJung-uk Kim /* 17486f9291ceSJung-uk Kim * Note: under VMS with SOCKETSHR the second parameter is 17496f9291ceSJung-uk Kim * currently of type (int *) whereas under other systems it is 17506f9291ceSJung-uk Kim * (void *) if you don't have a cast it will choke the compiler: 17516f9291ceSJung-uk Kim * if you do have a cast then you can either go for (int *) or 17526f9291ceSJung-uk Kim * (void *). 175374664626SKris Kennaway */ 175450ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 17556f9291ceSJung-uk Kim /* 17566f9291ceSJung-uk Kim * Under Windows/DOS we make the assumption that we can always 17576f9291ceSJung-uk Kim * write to the tty: therefore if we need to write to the tty we 17586f9291ceSJung-uk Kim * just fall through. Otherwise we timeout the select every 17596f9291ceSJung-uk Kim * second and see if there are any keypresses. Note: this is a 17606f9291ceSJung-uk Kim * hack, in a proper Windows application we wouldn't do this. 1761f579bf8eSKris Kennaway */ 1762f579bf8eSKris Kennaway i = 0; 1763f579bf8eSKris Kennaway if (!write_tty) { 1764f579bf8eSKris Kennaway if (read_tty) { 1765f579bf8eSKris Kennaway tv.tv_sec = 1; 1766f579bf8eSKris Kennaway tv.tv_usec = 0; 1767f579bf8eSKris Kennaway i = select(width, (void *)&readfds, (void *)&writefds, 1768f579bf8eSKris Kennaway NULL, &tv); 176950ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) 17706f9291ceSJung-uk Kim if (!i && (!_kbhit() || !read_tty)) 17716f9291ceSJung-uk Kim continue; 17725c87c606SMark Murray # else 17736f9291ceSJung-uk Kim if (!i && (!((_kbhit()) 17746f9291ceSJung-uk Kim || (WAIT_OBJECT_0 == 17756f9291ceSJung-uk Kim WaitForSingleObject(GetStdHandle 17766f9291ceSJung-uk Kim (STD_INPUT_HANDLE), 17776f9291ceSJung-uk Kim 0))) 17786f9291ceSJung-uk Kim || !read_tty)) 17796f9291ceSJung-uk Kim continue; 17805c87c606SMark Murray # endif 17816f9291ceSJung-uk Kim } else 17826f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 17836a599222SSimon L. B. Nielsen NULL, timeoutp); 1784f579bf8eSKris Kennaway } 17853b4e3dcbSSimon L. B. Nielsen #elif defined(OPENSSL_SYS_NETWARE) 17863b4e3dcbSSimon L. B. Nielsen if (!write_tty) { 17873b4e3dcbSSimon L. B. Nielsen if (read_tty) { 17883b4e3dcbSSimon L. B. Nielsen tv.tv_sec = 1; 17893b4e3dcbSSimon L. B. Nielsen tv.tv_usec = 0; 17903b4e3dcbSSimon L. B. Nielsen i = select(width, (void *)&readfds, (void *)&writefds, 17913b4e3dcbSSimon L. B. Nielsen NULL, &tv); 17926f9291ceSJung-uk Kim } else 17936f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 17946a599222SSimon L. B. Nielsen NULL, timeoutp); 17953b4e3dcbSSimon L. B. Nielsen } 17961f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 17971f13597dSJung-uk Kim /* Under BeOS-R5 the situation is similar to DOS */ 17981f13597dSJung-uk Kim i = 0; 17991f13597dSJung-uk Kim stdin_set = 0; 18001f13597dSJung-uk Kim (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); 18011f13597dSJung-uk Kim if (!write_tty) { 18021f13597dSJung-uk Kim if (read_tty) { 18031f13597dSJung-uk Kim tv.tv_sec = 1; 18041f13597dSJung-uk Kim tv.tv_usec = 0; 18051f13597dSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 18061f13597dSJung-uk Kim NULL, &tv); 18071f13597dSJung-uk Kim if (read(fileno(stdin), sbuf, 0) >= 0) 18081f13597dSJung-uk Kim stdin_set = 1; 18091f13597dSJung-uk Kim if (!i && (stdin_set != 1 || !read_tty)) 18101f13597dSJung-uk Kim continue; 18116f9291ceSJung-uk Kim } else 18126f9291ceSJung-uk Kim i = select(width, (void *)&readfds, (void *)&writefds, 18131f13597dSJung-uk Kim NULL, timeoutp); 18141f13597dSJung-uk Kim } 18151f13597dSJung-uk Kim (void)fcntl(fileno(stdin), F_SETFL, 0); 1816f579bf8eSKris Kennaway #else 181774664626SKris Kennaway i = select(width, (void *)&readfds, (void *)&writefds, 18186a599222SSimon L. B. Nielsen NULL, timeoutp); 1819f579bf8eSKris Kennaway #endif 18206f9291ceSJung-uk Kim if (i < 0) { 182174664626SKris Kennaway BIO_printf(bio_err, "bad select %d\n", 182274664626SKris Kennaway get_last_socket_error()); 182374664626SKris Kennaway goto shut; 182474664626SKris Kennaway /* goto end; */ 182574664626SKris Kennaway } 182674664626SKris Kennaway } 182774664626SKris Kennaway 18286f9291ceSJung-uk Kim if ((SSL_version(con) == DTLS1_VERSION) 18296f9291ceSJung-uk Kim && DTLSv1_handle_timeout(con) > 0) { 18306a599222SSimon L. B. Nielsen BIO_printf(bio_err, "TIMEOUT occured\n"); 18316a599222SSimon L. B. Nielsen } 18326a599222SSimon L. B. Nielsen 18336f9291ceSJung-uk Kim if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { 18346f9291ceSJung-uk Kim k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); 18356f9291ceSJung-uk Kim switch (SSL_get_error(con, k)) { 183674664626SKris Kennaway case SSL_ERROR_NONE: 183774664626SKris Kennaway cbuf_off += k; 183874664626SKris Kennaway cbuf_len -= k; 18396f9291ceSJung-uk Kim if (k <= 0) 18406f9291ceSJung-uk Kim goto end; 184174664626SKris Kennaway /* we have done a write(con,NULL,0); */ 18426f9291ceSJung-uk Kim if (cbuf_len <= 0) { 184374664626SKris Kennaway read_tty = 1; 184474664626SKris Kennaway write_ssl = 0; 18456f9291ceSJung-uk Kim } else { /* if (cbuf_len > 0) */ 18466f9291ceSJung-uk Kim 184774664626SKris Kennaway read_tty = 0; 184874664626SKris Kennaway write_ssl = 1; 184974664626SKris Kennaway } 185074664626SKris Kennaway break; 185174664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 185274664626SKris Kennaway BIO_printf(bio_c_out, "write W BLOCK\n"); 185374664626SKris Kennaway write_ssl = 1; 185474664626SKris Kennaway read_tty = 0; 185574664626SKris Kennaway break; 185674664626SKris Kennaway case SSL_ERROR_WANT_READ: 185774664626SKris Kennaway BIO_printf(bio_c_out, "write R BLOCK\n"); 185874664626SKris Kennaway write_tty = 0; 185974664626SKris Kennaway read_ssl = 1; 186074664626SKris Kennaway write_ssl = 0; 186174664626SKris Kennaway break; 186274664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 186374664626SKris Kennaway BIO_printf(bio_c_out, "write X BLOCK\n"); 186474664626SKris Kennaway break; 186574664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 18666f9291ceSJung-uk Kim if (cbuf_len != 0) { 186774664626SKris Kennaway BIO_printf(bio_c_out, "shutdown\n"); 18681f13597dSJung-uk Kim ret = 0; 186974664626SKris Kennaway goto shut; 18706f9291ceSJung-uk Kim } else { 187174664626SKris Kennaway read_tty = 1; 187274664626SKris Kennaway write_ssl = 0; 187374664626SKris Kennaway break; 187474664626SKris Kennaway } 187574664626SKris Kennaway 187674664626SKris Kennaway case SSL_ERROR_SYSCALL: 18776f9291ceSJung-uk Kim if ((k != 0) || (cbuf_len != 0)) { 187874664626SKris Kennaway BIO_printf(bio_err, "write:errno=%d\n", 187974664626SKris Kennaway get_last_socket_error()); 188074664626SKris Kennaway goto shut; 18816f9291ceSJung-uk Kim } else { 188274664626SKris Kennaway read_tty = 1; 188374664626SKris Kennaway write_ssl = 0; 188474664626SKris Kennaway } 188574664626SKris Kennaway break; 188674664626SKris Kennaway case SSL_ERROR_SSL: 188774664626SKris Kennaway ERR_print_errors(bio_err); 188874664626SKris Kennaway goto shut; 188974664626SKris Kennaway } 189074664626SKris Kennaway } 18911f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 18921f13597dSJung-uk Kim /* Assume Windows/DOS/BeOS can always write */ 1893f579bf8eSKris Kennaway else if (!ssl_pending && write_tty) 1894f579bf8eSKris Kennaway #else 189574664626SKris Kennaway else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds)) 1896f579bf8eSKris Kennaway #endif 189774664626SKris Kennaway { 189874664626SKris Kennaway #ifdef CHARSET_EBCDIC 189974664626SKris Kennaway ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len); 190074664626SKris Kennaway #endif 19011f13597dSJung-uk Kim i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len); 190274664626SKris Kennaway 19036f9291ceSJung-uk Kim if (i <= 0) { 190474664626SKris Kennaway BIO_printf(bio_c_out, "DONE\n"); 19051f13597dSJung-uk Kim ret = 0; 190674664626SKris Kennaway goto shut; 190774664626SKris Kennaway /* goto end; */ 190874664626SKris Kennaway } 190974664626SKris Kennaway 191074664626SKris Kennaway sbuf_len -= i;; 191174664626SKris Kennaway sbuf_off += i; 19126f9291ceSJung-uk Kim if (sbuf_len <= 0) { 191374664626SKris Kennaway read_ssl = 1; 191474664626SKris Kennaway write_tty = 0; 191574664626SKris Kennaway } 19166f9291ceSJung-uk Kim } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) { 191774664626SKris Kennaway #ifdef RENEG 19186f9291ceSJung-uk Kim { 19196f9291ceSJung-uk Kim static int iiii; 19206f9291ceSJung-uk Kim if (++iiii == 52) { 19216f9291ceSJung-uk Kim SSL_renegotiate(con); 19226f9291ceSJung-uk Kim iiii = 0; 19236f9291ceSJung-uk Kim } 19246f9291ceSJung-uk Kim } 192574664626SKris Kennaway #endif 192674664626SKris Kennaway #if 1 192774664626SKris Kennaway k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); 192874664626SKris Kennaway #else 192974664626SKris Kennaway /* Demo for pending and peek :-) */ 193074664626SKris Kennaway k = SSL_read(con, sbuf, 16); 19316f9291ceSJung-uk Kim { 19326f9291ceSJung-uk Kim char zbuf[10240]; 19336f9291ceSJung-uk Kim printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), 19346f9291ceSJung-uk Kim SSL_peek(con, zbuf, 10240)); 193574664626SKris Kennaway } 193674664626SKris Kennaway #endif 193774664626SKris Kennaway 19386f9291ceSJung-uk Kim switch (SSL_get_error(con, k)) { 193974664626SKris Kennaway case SSL_ERROR_NONE: 194074664626SKris Kennaway if (k <= 0) 194174664626SKris Kennaway goto end; 194274664626SKris Kennaway sbuf_off = 0; 194374664626SKris Kennaway sbuf_len = k; 194474664626SKris Kennaway 194574664626SKris Kennaway read_ssl = 0; 194674664626SKris Kennaway write_tty = 1; 194774664626SKris Kennaway break; 194874664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 194974664626SKris Kennaway BIO_printf(bio_c_out, "read W BLOCK\n"); 195074664626SKris Kennaway write_ssl = 1; 195174664626SKris Kennaway read_tty = 0; 195274664626SKris Kennaway break; 195374664626SKris Kennaway case SSL_ERROR_WANT_READ: 195474664626SKris Kennaway BIO_printf(bio_c_out, "read R BLOCK\n"); 195574664626SKris Kennaway write_tty = 0; 195674664626SKris Kennaway read_ssl = 1; 195774664626SKris Kennaway if ((read_tty == 0) && (write_ssl == 0)) 195874664626SKris Kennaway write_ssl = 1; 195974664626SKris Kennaway break; 196074664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 196174664626SKris Kennaway BIO_printf(bio_c_out, "read X BLOCK\n"); 196274664626SKris Kennaway break; 196374664626SKris Kennaway case SSL_ERROR_SYSCALL: 19641f13597dSJung-uk Kim ret = get_last_socket_error(); 19657bded2dbSJung-uk Kim if (c_brief) 19667bded2dbSJung-uk Kim BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n"); 19677bded2dbSJung-uk Kim else 19681f13597dSJung-uk Kim BIO_printf(bio_err, "read:errno=%d\n", ret); 196974664626SKris Kennaway goto shut; 197074664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 197174664626SKris Kennaway BIO_printf(bio_c_out, "closed\n"); 19721f13597dSJung-uk Kim ret = 0; 197374664626SKris Kennaway goto shut; 197474664626SKris Kennaway case SSL_ERROR_SSL: 197574664626SKris Kennaway ERR_print_errors(bio_err); 197674664626SKris Kennaway goto shut; 197774664626SKris Kennaway /* break; */ 197874664626SKris Kennaway } 197974664626SKris Kennaway } 198050ef0093SJacques Vidrine #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 198150ef0093SJacques Vidrine # if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) 19825c87c606SMark Murray else if (_kbhit()) 19835c87c606SMark Murray # else 19846f9291ceSJung-uk Kim else if ((_kbhit()) 19856f9291ceSJung-uk Kim || (WAIT_OBJECT_0 == 19866f9291ceSJung-uk Kim WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) 19875c87c606SMark Murray # endif 19883b4e3dcbSSimon L. B. Nielsen #elif defined (OPENSSL_SYS_NETWARE) 19893b4e3dcbSSimon L. B. Nielsen else if (_kbhit()) 19901f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 19911f13597dSJung-uk Kim else if (stdin_set) 1992f579bf8eSKris Kennaway #else 199374664626SKris Kennaway else if (FD_ISSET(fileno(stdin), &readfds)) 1994f579bf8eSKris Kennaway #endif 199574664626SKris Kennaway { 19966f9291ceSJung-uk Kim if (crlf) { 199774664626SKris Kennaway int j, lf_num; 199874664626SKris Kennaway 19991f13597dSJung-uk Kim i = raw_read_stdin(cbuf, BUFSIZZ / 2); 200074664626SKris Kennaway lf_num = 0; 200174664626SKris Kennaway /* both loops are skipped when i <= 0 */ 200274664626SKris Kennaway for (j = 0; j < i; j++) 200374664626SKris Kennaway if (cbuf[j] == '\n') 200474664626SKris Kennaway lf_num++; 20056f9291ceSJung-uk Kim for (j = i - 1; j >= 0; j--) { 200674664626SKris Kennaway cbuf[j + lf_num] = cbuf[j]; 20076f9291ceSJung-uk Kim if (cbuf[j] == '\n') { 200874664626SKris Kennaway lf_num--; 200974664626SKris Kennaway i++; 201074664626SKris Kennaway cbuf[j + lf_num] = '\r'; 201174664626SKris Kennaway } 201274664626SKris Kennaway } 201374664626SKris Kennaway assert(lf_num == 0); 20146f9291ceSJung-uk Kim } else 20151f13597dSJung-uk Kim i = raw_read_stdin(cbuf, BUFSIZZ); 201674664626SKris Kennaway 20176f9291ceSJung-uk Kim if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { 201874664626SKris Kennaway BIO_printf(bio_err, "DONE\n"); 20191f13597dSJung-uk Kim ret = 0; 202074664626SKris Kennaway goto shut; 202174664626SKris Kennaway } 202274664626SKris Kennaway 20236f9291ceSJung-uk Kim if ((!c_ign_eof) && (cbuf[0] == 'R')) { 202474664626SKris Kennaway BIO_printf(bio_err, "RENEGOTIATING\n"); 202574664626SKris Kennaway SSL_renegotiate(con); 202674664626SKris Kennaway cbuf_len = 0; 202774664626SKris Kennaway } 20281f13597dSJung-uk Kim #ifndef OPENSSL_NO_HEARTBEATS 20296f9291ceSJung-uk Kim else if ((!c_ign_eof) && (cbuf[0] == 'B')) { 20301f13597dSJung-uk Kim BIO_printf(bio_err, "HEARTBEATING\n"); 20311f13597dSJung-uk Kim SSL_heartbeat(con); 20321f13597dSJung-uk Kim cbuf_len = 0; 20331f13597dSJung-uk Kim } 20341f13597dSJung-uk Kim #endif 20356f9291ceSJung-uk Kim else { 203674664626SKris Kennaway cbuf_len = i; 203774664626SKris Kennaway cbuf_off = 0; 203874664626SKris Kennaway #ifdef CHARSET_EBCDIC 203974664626SKris Kennaway ebcdic2ascii(cbuf, cbuf, i); 204074664626SKris Kennaway #endif 204174664626SKris Kennaway } 204274664626SKris Kennaway 204374664626SKris Kennaway write_ssl = 1; 204474664626SKris Kennaway read_tty = 0; 204574664626SKris Kennaway } 204674664626SKris Kennaway } 20471f13597dSJung-uk Kim 20481f13597dSJung-uk Kim ret = 0; 204974664626SKris Kennaway shut: 20501f13597dSJung-uk Kim if (in_init) 20511f13597dSJung-uk Kim print_stuff(bio_c_out, con, full_log); 205274664626SKris Kennaway SSL_shutdown(con); 205374664626SKris Kennaway SHUTDOWN(SSL_get_fd(con)); 205474664626SKris Kennaway end: 20556f9291ceSJung-uk Kim if (con != NULL) { 20561f13597dSJung-uk Kim if (prexit != 0) 20571f13597dSJung-uk Kim print_stuff(bio_c_out, con, 1); 20581f13597dSJung-uk Kim SSL_free(con); 20591f13597dSJung-uk Kim } 206009286989SJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 206109286989SJung-uk Kim if (next_proto.data) 206209286989SJung-uk Kim OPENSSL_free(next_proto.data); 206309286989SJung-uk Kim #endif 20646f9291ceSJung-uk Kim if (ctx != NULL) 20656f9291ceSJung-uk Kim SSL_CTX_free(ctx); 20663b4e3dcbSSimon L. B. Nielsen if (cert) 20673b4e3dcbSSimon L. B. Nielsen X509_free(cert); 20687bded2dbSJung-uk Kim if (crls) 20697bded2dbSJung-uk Kim sk_X509_CRL_pop_free(crls, X509_CRL_free); 20703b4e3dcbSSimon L. B. Nielsen if (key) 20713b4e3dcbSSimon L. B. Nielsen EVP_PKEY_free(key); 20727bded2dbSJung-uk Kim if (chain) 20737bded2dbSJung-uk Kim sk_X509_pop_free(chain, X509_free); 20743b4e3dcbSSimon L. B. Nielsen if (pass) 20753b4e3dcbSSimon L. B. Nielsen OPENSSL_free(pass); 2076*80815a77SJung-uk Kim #ifndef OPENSSL_NO_SRP 2077*80815a77SJung-uk Kim OPENSSL_free(srp_arg.srppassin); 2078*80815a77SJung-uk Kim #endif 207909286989SJung-uk Kim if (vpm) 208009286989SJung-uk Kim X509_VERIFY_PARAM_free(vpm); 20817bded2dbSJung-uk Kim ssl_excert_free(exc); 20827bded2dbSJung-uk Kim if (ssl_args) 20837bded2dbSJung-uk Kim sk_OPENSSL_STRING_free(ssl_args); 20847bded2dbSJung-uk Kim if (cctx) 20857bded2dbSJung-uk Kim SSL_CONF_CTX_free(cctx); 20867bded2dbSJung-uk Kim #ifndef OPENSSL_NO_JPAKE 20877bded2dbSJung-uk Kim if (jpake_secret && psk_key) 20887bded2dbSJung-uk Kim OPENSSL_free(psk_key); 20897bded2dbSJung-uk Kim #endif 20906f9291ceSJung-uk Kim if (cbuf != NULL) { 20916f9291ceSJung-uk Kim OPENSSL_cleanse(cbuf, BUFSIZZ); 20926f9291ceSJung-uk Kim OPENSSL_free(cbuf); 20936f9291ceSJung-uk Kim } 20946f9291ceSJung-uk Kim if (sbuf != NULL) { 20956f9291ceSJung-uk Kim OPENSSL_cleanse(sbuf, BUFSIZZ); 20966f9291ceSJung-uk Kim OPENSSL_free(sbuf); 20976f9291ceSJung-uk Kim } 20986f9291ceSJung-uk Kim if (mbuf != NULL) { 20996f9291ceSJung-uk Kim OPENSSL_cleanse(mbuf, BUFSIZZ); 21006f9291ceSJung-uk Kim OPENSSL_free(mbuf); 21016f9291ceSJung-uk Kim } 21026f9291ceSJung-uk Kim if (bio_c_out != NULL) { 210374664626SKris Kennaway BIO_free(bio_c_out); 210474664626SKris Kennaway bio_c_out = NULL; 210574664626SKris Kennaway } 21067bded2dbSJung-uk Kim if (bio_c_msg != NULL) { 21077bded2dbSJung-uk Kim BIO_free(bio_c_msg); 21087bded2dbSJung-uk Kim bio_c_msg = NULL; 21097bded2dbSJung-uk Kim } 21105c87c606SMark Murray apps_shutdown(); 21115c87c606SMark Murray OPENSSL_EXIT(ret); 211274664626SKris Kennaway } 211374664626SKris Kennaway 211474664626SKris Kennaway static void print_stuff(BIO *bio, SSL *s, int full) 211574664626SKris Kennaway { 211674664626SKris Kennaway X509 *peer = NULL; 211774664626SKris Kennaway char *p; 21183b4e3dcbSSimon L. B. Nielsen static const char *space = " "; 211974664626SKris Kennaway char buf[BUFSIZ]; 212074664626SKris Kennaway STACK_OF(X509) *sk; 212174664626SKris Kennaway STACK_OF(X509_NAME) *sk2; 21221f13597dSJung-uk Kim const SSL_CIPHER *c; 212374664626SKris Kennaway X509_NAME *xn; 212474664626SKris Kennaway int j, i; 21253b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 21263b4e3dcbSSimon L. B. Nielsen const COMP_METHOD *comp, *expansion; 21273b4e3dcbSSimon L. B. Nielsen #endif 21281f13597dSJung-uk Kim unsigned char *exportedkeymat; 212974664626SKris Kennaway 21306f9291ceSJung-uk Kim if (full) { 213174664626SKris Kennaway int got_a_chain = 0; 213274664626SKris Kennaway 213374664626SKris Kennaway sk = SSL_get_peer_cert_chain(s); 21346f9291ceSJung-uk Kim if (sk != NULL) { 213574664626SKris Kennaway got_a_chain = 1; /* we don't have it for SSL2 (yet) */ 213674664626SKris Kennaway 213774664626SKris Kennaway BIO_printf(bio, "---\nCertificate chain\n"); 21386f9291ceSJung-uk Kim for (i = 0; i < sk_X509_num(sk); i++) { 21396f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), 21406f9291ceSJung-uk Kim buf, sizeof buf); 214174664626SKris Kennaway BIO_printf(bio, "%2d s:%s\n", i, buf); 21426f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), 21436f9291ceSJung-uk Kim buf, sizeof buf); 214474664626SKris Kennaway BIO_printf(bio, " i:%s\n", buf); 214574664626SKris Kennaway if (c_showcerts) 214674664626SKris Kennaway PEM_write_bio_X509(bio, sk_X509_value(sk, i)); 214774664626SKris Kennaway } 214874664626SKris Kennaway } 214974664626SKris Kennaway 215074664626SKris Kennaway BIO_printf(bio, "---\n"); 215174664626SKris Kennaway peer = SSL_get_peer_certificate(s); 21526f9291ceSJung-uk Kim if (peer != NULL) { 215374664626SKris Kennaway BIO_printf(bio, "Server certificate\n"); 21546f9291ceSJung-uk Kim 21556f9291ceSJung-uk Kim /* Redundant if we showed the whole chain */ 21566f9291ceSJung-uk Kim if (!(c_showcerts && got_a_chain)) 215774664626SKris Kennaway PEM_write_bio_X509(bio, peer); 21586f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); 215974664626SKris Kennaway BIO_printf(bio, "subject=%s\n", buf); 21606f9291ceSJung-uk Kim X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); 216174664626SKris Kennaway BIO_printf(bio, "issuer=%s\n", buf); 21626f9291ceSJung-uk Kim } else 216374664626SKris Kennaway BIO_printf(bio, "no peer certificate available\n"); 216474664626SKris Kennaway 216574664626SKris Kennaway sk2 = SSL_get_client_CA_list(s); 21666f9291ceSJung-uk Kim if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) { 216774664626SKris Kennaway BIO_printf(bio, "---\nAcceptable client certificate CA names\n"); 21686f9291ceSJung-uk Kim for (i = 0; i < sk_X509_NAME_num(sk2); i++) { 216974664626SKris Kennaway xn = sk_X509_NAME_value(sk2, i); 217074664626SKris Kennaway X509_NAME_oneline(xn, buf, sizeof(buf)); 217174664626SKris Kennaway BIO_write(bio, buf, strlen(buf)); 217274664626SKris Kennaway BIO_write(bio, "\n", 1); 217374664626SKris Kennaway } 21746f9291ceSJung-uk Kim } else { 217574664626SKris Kennaway BIO_printf(bio, "---\nNo client certificate CA names sent\n"); 217674664626SKris Kennaway } 21775c87c606SMark Murray p = SSL_get_shared_ciphers(s, buf, sizeof buf); 21786f9291ceSJung-uk Kim if (p != NULL) { 21796f9291ceSJung-uk Kim /* 21806f9291ceSJung-uk Kim * This works only for SSL 2. In later protocol versions, the 21816f9291ceSJung-uk Kim * client does not know what other ciphers (in addition to the 21826f9291ceSJung-uk Kim * one to be used in the current connection) the server supports. 21836f9291ceSJung-uk Kim */ 218474664626SKris Kennaway 21856f9291ceSJung-uk Kim BIO_printf(bio, 21866f9291ceSJung-uk Kim "---\nCiphers common between both SSL endpoints:\n"); 218774664626SKris Kennaway j = i = 0; 21886f9291ceSJung-uk Kim while (*p) { 21896f9291ceSJung-uk Kim if (*p == ':') { 219074664626SKris Kennaway BIO_write(bio, space, 15 - j % 25); 219174664626SKris Kennaway i++; 219274664626SKris Kennaway j = 0; 219374664626SKris Kennaway BIO_write(bio, ((i % 3) ? " " : "\n"), 1); 21946f9291ceSJung-uk Kim } else { 219574664626SKris Kennaway BIO_write(bio, p, 1); 219674664626SKris Kennaway j++; 219774664626SKris Kennaway } 219874664626SKris Kennaway p++; 219974664626SKris Kennaway } 220074664626SKris Kennaway BIO_write(bio, "\n", 1); 220174664626SKris Kennaway } 220274664626SKris Kennaway 22037bded2dbSJung-uk Kim ssl_print_sigalgs(bio, s); 22047bded2dbSJung-uk Kim ssl_print_tmp_key(bio, s); 22057bded2dbSJung-uk Kim 22066f9291ceSJung-uk Kim BIO_printf(bio, 22076f9291ceSJung-uk Kim "---\nSSL handshake has read %ld bytes and written %ld bytes\n", 220874664626SKris Kennaway BIO_number_read(SSL_get_rbio(s)), 220974664626SKris Kennaway BIO_number_written(SSL_get_wbio(s))); 221074664626SKris Kennaway } 22111f13597dSJung-uk Kim BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, ")); 221274664626SKris Kennaway c = SSL_get_current_cipher(s); 221374664626SKris Kennaway BIO_printf(bio, "%s, Cipher is %s\n", 22146f9291ceSJung-uk Kim SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); 221574664626SKris Kennaway if (peer != NULL) { 221674664626SKris Kennaway EVP_PKEY *pktmp; 221774664626SKris Kennaway pktmp = X509_get_pubkey(peer); 221874664626SKris Kennaway BIO_printf(bio, "Server public key is %d bit\n", 221974664626SKris Kennaway EVP_PKEY_bits(pktmp)); 222074664626SKris Kennaway EVP_PKEY_free(pktmp); 222174664626SKris Kennaway } 22226a599222SSimon L. B. Nielsen BIO_printf(bio, "Secure Renegotiation IS%s supported\n", 22236a599222SSimon L. B. Nielsen SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); 22243b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 22253b4e3dcbSSimon L. B. Nielsen comp = SSL_get_current_compression(s); 22263b4e3dcbSSimon L. B. Nielsen expansion = SSL_get_current_expansion(s); 22273b4e3dcbSSimon L. B. Nielsen BIO_printf(bio, "Compression: %s\n", 22283b4e3dcbSSimon L. B. Nielsen comp ? SSL_COMP_get_name(comp) : "NONE"); 22293b4e3dcbSSimon L. B. Nielsen BIO_printf(bio, "Expansion: %s\n", 22303b4e3dcbSSimon L. B. Nielsen expansion ? SSL_COMP_get_name(expansion) : "NONE"); 22313b4e3dcbSSimon L. B. Nielsen #endif 22321f13597dSJung-uk Kim 22331f13597dSJung-uk Kim #ifdef SSL_DEBUG 22341f13597dSJung-uk Kim { 22351f13597dSJung-uk Kim /* Print out local port of connection: useful for debugging */ 22361f13597dSJung-uk Kim int sock; 22371f13597dSJung-uk Kim struct sockaddr_in ladd; 22381f13597dSJung-uk Kim socklen_t ladd_size = sizeof(ladd); 22391f13597dSJung-uk Kim sock = SSL_get_fd(s); 22401f13597dSJung-uk Kim getsockname(sock, (struct sockaddr *)&ladd, &ladd_size); 22411f13597dSJung-uk Kim BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); 22421f13597dSJung-uk Kim } 22431f13597dSJung-uk Kim #endif 22441f13597dSJung-uk Kim 22457bded2dbSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) 22467bded2dbSJung-uk Kim # if !defined(OPENSSL_NO_NEXTPROTONEG) 22471f13597dSJung-uk Kim if (next_proto.status != -1) { 22481f13597dSJung-uk Kim const unsigned char *proto; 22491f13597dSJung-uk Kim unsigned int proto_len; 22501f13597dSJung-uk Kim SSL_get0_next_proto_negotiated(s, &proto, &proto_len); 22511f13597dSJung-uk Kim BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); 22521f13597dSJung-uk Kim BIO_write(bio, proto, proto_len); 22531f13597dSJung-uk Kim BIO_write(bio, "\n", 1); 22541f13597dSJung-uk Kim } 22551f13597dSJung-uk Kim # endif 22567bded2dbSJung-uk Kim { 22577bded2dbSJung-uk Kim const unsigned char *proto; 22587bded2dbSJung-uk Kim unsigned int proto_len; 22597bded2dbSJung-uk Kim SSL_get0_alpn_selected(s, &proto, &proto_len); 22607bded2dbSJung-uk Kim if (proto_len > 0) { 22617bded2dbSJung-uk Kim BIO_printf(bio, "ALPN protocol: "); 22627bded2dbSJung-uk Kim BIO_write(bio, proto, proto_len); 22637bded2dbSJung-uk Kim BIO_write(bio, "\n", 1); 22647bded2dbSJung-uk Kim } else 22657bded2dbSJung-uk Kim BIO_printf(bio, "No ALPN negotiated\n"); 22667bded2dbSJung-uk Kim } 22677bded2dbSJung-uk Kim #endif 22681f13597dSJung-uk Kim 226909286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 22701f13597dSJung-uk Kim { 22716f9291ceSJung-uk Kim SRTP_PROTECTION_PROFILE *srtp_profile = 22726f9291ceSJung-uk Kim SSL_get_selected_srtp_profile(s); 22731f13597dSJung-uk Kim 22741f13597dSJung-uk Kim if (srtp_profile) 22751f13597dSJung-uk Kim BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n", 22761f13597dSJung-uk Kim srtp_profile->name); 22771f13597dSJung-uk Kim } 227809286989SJung-uk Kim #endif 22791f13597dSJung-uk Kim 228074664626SKris Kennaway SSL_SESSION_print(bio, SSL_get_session(s)); 22816f9291ceSJung-uk Kim if (keymatexportlabel != NULL) { 22821f13597dSJung-uk Kim BIO_printf(bio, "Keying material exporter:\n"); 22831f13597dSJung-uk Kim BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); 22841f13597dSJung-uk Kim BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); 22851f13597dSJung-uk Kim exportedkeymat = OPENSSL_malloc(keymatexportlen); 22866f9291ceSJung-uk Kim if (exportedkeymat != NULL) { 22871f13597dSJung-uk Kim if (!SSL_export_keying_material(s, exportedkeymat, 22881f13597dSJung-uk Kim keymatexportlen, 22891f13597dSJung-uk Kim keymatexportlabel, 22901f13597dSJung-uk Kim strlen(keymatexportlabel), 22916f9291ceSJung-uk Kim NULL, 0, 0)) { 22921f13597dSJung-uk Kim BIO_printf(bio, " Error\n"); 22936f9291ceSJung-uk Kim } else { 22941f13597dSJung-uk Kim BIO_printf(bio, " Keying material: "); 22951f13597dSJung-uk Kim for (i = 0; i < keymatexportlen; i++) 22966f9291ceSJung-uk Kim BIO_printf(bio, "%02X", exportedkeymat[i]); 22971f13597dSJung-uk Kim BIO_printf(bio, "\n"); 22981f13597dSJung-uk Kim } 22991f13597dSJung-uk Kim OPENSSL_free(exportedkeymat); 23001f13597dSJung-uk Kim } 23011f13597dSJung-uk Kim } 230274664626SKris Kennaway BIO_printf(bio, "---\n"); 230374664626SKris Kennaway if (peer != NULL) 230474664626SKris Kennaway X509_free(peer); 2305a21b1b38SKris Kennaway /* flush, or debugging output gets mixed with http response */ 2306db522d3aSSimon L. B. Nielsen (void)BIO_flush(bio); 230774664626SKris Kennaway } 230874664626SKris Kennaway 2309db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 2310db522d3aSSimon L. B. Nielsen 2311db522d3aSSimon L. B. Nielsen static int ocsp_resp_cb(SSL *s, void *arg) 2312db522d3aSSimon L. B. Nielsen { 2313db522d3aSSimon L. B. Nielsen const unsigned char *p; 2314db522d3aSSimon L. B. Nielsen int len; 2315db522d3aSSimon L. B. Nielsen OCSP_RESPONSE *rsp; 2316db522d3aSSimon L. B. Nielsen len = SSL_get_tlsext_status_ocsp_resp(s, &p); 2317db522d3aSSimon L. B. Nielsen BIO_puts(arg, "OCSP response: "); 23186f9291ceSJung-uk Kim if (!p) { 2319db522d3aSSimon L. B. Nielsen BIO_puts(arg, "no response sent\n"); 2320db522d3aSSimon L. B. Nielsen return 1; 2321db522d3aSSimon L. B. Nielsen } 2322db522d3aSSimon L. B. Nielsen rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 23236f9291ceSJung-uk Kim if (!rsp) { 2324db522d3aSSimon L. B. Nielsen BIO_puts(arg, "response parse error\n"); 2325db522d3aSSimon L. B. Nielsen BIO_dump_indent(arg, (char *)p, len, 4); 2326db522d3aSSimon L. B. Nielsen return 0; 2327db522d3aSSimon L. B. Nielsen } 2328db522d3aSSimon L. B. Nielsen BIO_puts(arg, "\n======================================\n"); 2329db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_print(arg, rsp, 0); 2330db522d3aSSimon L. B. Nielsen BIO_puts(arg, "======================================\n"); 2331db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_free(rsp); 2332db522d3aSSimon L. B. Nielsen return 1; 2333db522d3aSSimon L. B. Nielsen } 23341f13597dSJung-uk Kim 23351f13597dSJung-uk Kim #endif 2336