diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-22 02:47:42 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:52:55 +0000 |
commit | 40720ce3caf44294b5b87a18856b7aef06123314 (patch) | |
tree | 30d57dec407c05fe6ea57275517805e8c79a7dcc /apps/s_client.c | |
parent | 9d03aabea3ead1fe6a194297ddffd4a87f89b93c (diff) |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 2562 |
1 files changed, 1256 insertions, 1306 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 5ebbd2c709..0e410feb62 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -115,15 +115,17 @@ #include <string.h> #include <openssl/e_os2.h> #ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 +# define APPS_WIN16 #endif -/* With IPv6, it looks like Digital has mixed up the proper order of - recursive header file inclusion, resulting in the compiler complaining - that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which - is needed to have fileno() declared correctly... So let's define u_int */ +/* + * With IPv6, it looks like Digital has mixed up the proper order of + * recursive header file inclusion, resulting in the compiler complaining + * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is + * needed to have fileno() declared correctly... So let's define u_int + */ #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -#define __U_INT +# define __U_INT typedef unsigned int u_int; #endif @@ -139,28 +141,36 @@ typedef unsigned int u_int; #include "timeouts.h" #ifdef OPENSSL_SYS_WINCE -/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ -#ifdef fileno -#undef fileno -#endif -#define fileno(a) (int)_fileno(a) +/* + * Windows CE incorrectly defines fileno as returning void*, so to avoid + * problems below... + */ +# ifdef fileno +# undef fileno +# endif +# define fileno(a) (int)_fileno(a) #endif - #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ -#undef FIONBIO +# undef FIONBIO #endif #undef PROG -#define PROG s_client_main +#define PROG s_client_main -/*#define SSL_HOST_NAME "www.netscape.com" */ -/*#define SSL_HOST_NAME "193.118.187.102" */ -#define SSL_HOST_NAME "localhost" +/* + * #define SSL_HOST_NAME "www.netscape.com" + */ +/* + * #define SSL_HOST_NAME "193.118.187.102" + */ +#define SSL_HOST_NAME "localhost" /* no default cert. */ -/*#define TEST_CERT "client.pem" */ +/* + * #define TEST_CERT "client.pem" + */ #undef BUFSIZZ #define BUFSIZZ 1024*8 @@ -169,1419 +179,1359 @@ extern int verify_depth; extern int verify_error; #ifdef FIONBIO -static int c_nbio=0; +static int c_nbio = 0; #endif -static int c_Pause=0; -static int c_debug=0; +static int c_Pause = 0; +static int c_debug = 0; #ifndef OPENSSL_NO_TLSEXT -static int c_tlsextdebug=0; -static int c_status_req=0; +static int c_tlsextdebug = 0; +static int c_status_req = 0; #endif -static int c_msg=0; -static int c_showcerts=0; +static int c_msg = 0; +static int c_showcerts = 0; static void sc_usage(void); -static void print_stuff(BIO *berr,SSL *con,int full); +static void print_stuff(BIO *berr, SSL *con, int full); #ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg); #endif -static BIO *bio_c_out=NULL; -static int c_quiet=0; -static int c_ign_eof=0; +static BIO *bio_c_out = NULL; +static int c_quiet = 0; +static int c_ign_eof = 0; static void sc_usage(void) - { - BIO_printf(bio_err,"usage: s_client args\n"); - BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -host host - use -connect instead\n"); - BIO_printf(bio_err," -port port - use -connect instead\n"); - BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); - - BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n"); - BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); - BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); - BIO_printf(bio_err," not specified but cert file is.\n"); - BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); - BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); - BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); - BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); - BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); - BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); - BIO_printf(bio_err," -debug - extra output\n"); +{ + BIO_printf(bio_err, "usage: s_client args\n"); + BIO_printf(bio_err, "\n"); + BIO_printf(bio_err, " -host host - use -connect instead\n"); + BIO_printf(bio_err, " -port port - use -connect instead\n"); + BIO_printf(bio_err, + " -connect host:port - who to connect to (default is %s:%s)\n", + SSL_HOST_NAME, PORT_STR); + + BIO_printf(bio_err, + " -verify depth - turn on peer certificate verification\n"); + BIO_printf(bio_err, + " -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err, + " -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, + " -key arg - Private key file to use, in cert file if\n"); + BIO_printf(bio_err, " not specified but cert file is.\n"); + BIO_printf(bio_err, + " -keyform arg - key format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, + " -pass arg - private key file pass phrase source\n"); + BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, + " -reconnect - Drop and re-make the connection with the same Session-ID\n"); + BIO_printf(bio_err, + " -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err, + " -showcerts - show all certificates in the chain\n"); + BIO_printf(bio_err, " -debug - extra output\n"); #ifdef WATT32 - BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); + BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); #endif - BIO_printf(bio_err," -msg - Show protocol messages\n"); - BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); - BIO_printf(bio_err," -state - print the 'ssl' states\n"); + BIO_printf(bio_err, " -msg - Show protocol messages\n"); + BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); + BIO_printf(bio_err, " -state - print the 'ssl' states\n"); #ifdef FIONBIO - BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); + BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); #endif - BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); - BIO_printf(bio_err," -quiet - no s_client output\n"); - BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); - BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); - BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); - BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); - BIO_printf(bio_err," -tls1 - just use TLSv1\n"); - BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); - BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); - BIO_printf(bio_err," -mtu - set the link layer MTU\n"); - BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); - BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); - BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); - BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); - BIO_printf(bio_err," command to see what is available\n"); - BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); - BIO_printf(bio_err," for those protocols that support it, where\n"); - BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); - BIO_printf(bio_err," are supported.\n"); + BIO_printf(bio_err, + " -crlf - convert LF from terminal into CRLF\n"); + BIO_printf(bio_err, " -quiet - no s_client output\n"); + BIO_printf(bio_err, + " -ign_eof - ignore input eof (default when -quiet)\n"); + BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); + BIO_printf(bio_err, " -ssl2 - just use SSLv2\n"); + BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); + BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); + BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n"); + BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); + BIO_printf(bio_err, + " -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); + BIO_printf(bio_err, + " -bugs - Switch on all SSL implementation bug workarounds\n"); + BIO_printf(bio_err, + " -serverpref - Use server's cipher preferences (only SSLv2)\n"); + BIO_printf(bio_err, + " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); + BIO_printf(bio_err, + " command to see what is available\n"); + BIO_printf(bio_err, + " -starttls prot - use the STARTTLS command before starting TLS\n"); + BIO_printf(bio_err, + " for those protocols that support it, where\n"); + BIO_printf(bio_err, + " 'prot' defines which one to assume. Currently,\n"); + BIO_printf(bio_err, + " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); + BIO_printf(bio_err, " are supported.\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + BIO_printf(bio_err, + " -engine id - Initialise and use the specified engine\n"); #endif - BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); - BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); - BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); + BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, + LIST_SEPARATOR_CHAR); + BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); + BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); #ifndef OPENSSL_NO_TLSEXT - BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); - BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); - BIO_printf(bio_err," -status - request certificate status from server\n"); - BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); + BIO_printf(bio_err, + " -servername host - Set TLS extension servername in ClientHello\n"); + BIO_printf(bio_err, + " -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err, + " -status - request certificate status from server\n"); + BIO_printf(bio_err, + " -no_ticket - disable use of RFC4507bis session tickets\n"); #endif - BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); - } + BIO_printf(bio_err, + " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +} #ifndef OPENSSL_NO_TLSEXT /* This is a context that we pass to callbacks */ typedef struct tlsextctx_st { - BIO * biodebug; - int ack; + BIO *biodebug; + int ack; } tlsextctx; - static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) - { - tlsextctx * p = (tlsextctx *) arg; - const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (SSL_get_servername_type(s) != -1) - p->ack = !SSL_session_reused(s) && hn != NULL; - else - BIO_printf(bio_err,"Can't use SSL_get_servername\n"); - - return SSL_TLSEXT_ERR_OK; - } -#endif -enum { - PROTO_OFF = 0, - PROTO_SMTP, - PROTO_POP3, - PROTO_IMAP, - PROTO_FTP, - PROTO_XMPP + tlsextctx *p = (tlsextctx *) arg; + const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + if (SSL_get_servername_type(s) != -1) + p->ack = !SSL_session_reused(s) && hn != NULL; + else + BIO_printf(bio_err, "Can't use SSL_get_servername\n"); + + return SSL_TLSEXT_ERR_OK; +} +#endif +enum { + PROTO_OFF = 0, + PROTO_SMTP, + PROTO_POP3, + PROTO_IMAP, + PROTO_FTP, + PROTO_XMPP }; int MAIN(int, char **); int MAIN(int argc, char **argv) - { - int off=0, clr = 0; - SSL *con=NULL,*con2=NULL; - X509_STORE *store = NULL; - int s,k,width,state=0; - char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; - int cbuf_len,cbuf_off; - int sbuf_len,sbuf_off; - fd_set readfds,writefds; - short port=PORT; - int full_log=1; - char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; - int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; - char *passarg = NULL, *pass = NULL; - X509 *cert = NULL; - EVP_PKEY *key = NULL; - char *CApath=NULL,*CAfile=NULL,*cipher=NULL; - int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; - int crlf=0; - int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; - SSL_CTX *ctx=NULL; - int ret=1,in_init=1,i,nbio_test=0; - int starttls_proto = PROTO_OFF; - int prexit = 0, vflags = 0; - SSL_METHOD *meth=NULL; +{ + int off = 0, clr = 0; + SSL *con = NULL, *con2 = NULL; + X509_STORE *store = NULL; + int s, k, width, state = 0; + char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; + int cbuf_len, cbuf_off; + int sbuf_len, sbuf_off; + fd_set readfds, writefds; + short port = PORT; + int full_log = 1; + char *host = SSL_HOST_NAME; + char *cert_file = NULL, *key_file = NULL; + int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; + char *passarg = NULL, *pass = NULL; + X509 *cert = NULL; + EVP_PKEY *key = NULL; + char *CApath = NULL, *CAfile = NULL, *cipher = NULL; + int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0; + int crlf = 0; + int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; + SSL_CTX *ctx = NULL; + int ret = 1, in_init = 1, i, nbio_test = 0; + int starttls_proto = PROTO_OFF; + int prexit = 0, vflags = 0; + SSL_METHOD *meth = NULL; #ifdef sock_type -#undef sock_type +# undef sock_type #endif - int sock_type=SOCK_STREAM; - BIO *sbio; - char *inrand=NULL; - int mbuf_len=0; - struct timeval timeout, *timeoutp; + int sock_type = SOCK_STREAM; + BIO *sbio; + char *inrand = NULL; + int mbuf_len = 0; + struct timeval timeout, *timeoutp; #ifndef OPENSSL_NO_ENGINE - char *engine_id=NULL; - char *ssl_client_engine_id=NULL; - ENGINE *ssl_client_engine=NULL; + char *engine_id = NULL; + char *ssl_client_engine_id = NULL; + ENGINE *ssl_client_engine = NULL; #endif - ENGINE *e=NULL; + ENGINE *e = NULL; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) - struct timeval tv; + struct timeval tv; #endif #ifndef OPENSSL_NO_TLSEXT - char *servername = NULL; - tlsextctx tlsextcbp = - {NULL,0}; + char *servername = NULL; + tlsextctx tlsextcbp = { NULL, 0 }; #endif - char *sess_in = NULL; - char *sess_out = NULL; - struct sockaddr peer; - int peerlen = sizeof(peer); - int fallback_scsv = 0; - int enable_timeouts = 0 ; - long socket_mtu = 0; + char *sess_in = NULL; + char *sess_out = NULL; + struct sockaddr peer; + int peerlen = sizeof(peer); + int fallback_scsv = 0; + int enable_timeouts = 0; + long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE - char *jpake_secret = NULL; + char *jpake_secret = NULL; #endif - meth=SSLv23_client_method(); + meth = SSLv23_client_method(); - apps_startup(); - c_Pause=0; - c_quiet=0; - c_ign_eof=0; - c_debug=0; - c_msg=0; - c_showcerts=0; + apps_startup(); + c_Pause = 0; + c_quiet = 0; + c_ign_eof = 0; + c_debug = 0; + c_msg = 0; + c_showcerts = 0; - if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + if (bio_err == NULL) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); - if (!load_config(bio_err, NULL)) - goto end; + if (!load_config(bio_err, NULL)) + goto end; - if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || - ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || - ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) - { - BIO_printf(bio_err,"out of memory\n"); - goto end; - } + if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || + ((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || + ((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) { + BIO_printf(bio_err, "out of memory\n"); + goto end; + } - verify_depth=0; - verify_error=X509_V_OK; + verify_depth = 0; + verify_error = X509_V_OK; #ifdef FIONBIO - c_nbio=0; + c_nbio = 0; #endif - argc--; - argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-host") == 0) - { - if (--argc < 1) goto bad; - host= *(++argv); - } - else if (strcmp(*argv,"-port") == 0) - { - if (--argc < 1) goto bad; - port=atoi(*(++argv)); - if (port == 0) goto bad; - } - else if (strcmp(*argv,"-connect") == 0) - { - if (--argc < 1) goto bad; - if (!extract_host_port(*(++argv),&host,NULL,&port)) - goto bad; - } - else if (strcmp(*argv,"-verify") == 0) - { - verify=SSL_VERIFY_PEER; - if (--argc < 1) goto bad; - verify_depth=atoi(*(++argv)); - BIO_printf(bio_err,"verify depth is %d\n",verify_depth); - } - else if (strcmp(*argv,"-cert") == 0) - { - if (--argc < 1) goto bad; - cert_file= *(++argv); - } - else if (strcmp(*argv,"-sess_out") == 0) - { - if (--argc < 1) goto bad; - sess_out = *(++argv); - } - else if (strcmp(*argv,"-sess_in") == 0) - { - if (--argc < 1) goto bad; - sess_in = *(++argv); - } - else if (strcmp(*argv,"-certform") == 0) - { - if (--argc < 1) goto bad; - cert_format = str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-crl_check") == 0) - vflags |= X509_V_FLAG_CRL_CHECK; - else if (strcmp(*argv,"-crl_check_all") == 0) - vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; - else if (strcmp(*argv,"-prexit") == 0) - prexit=1; - else if (strcmp(*argv,"-crlf") == 0) - crlf=1; - else if (strcmp(*argv,"-quiet") == 0) - { - c_quiet=1; - c_ign_eof=1; - } - else if (strcmp(*argv,"-ign_eof") == 0) - c_ign_eof=1; - else if (strcmp(*argv,"-no_ign_eof") == 0) - c_ign_eof=0; - else if (strcmp(*argv,"-pause") == 0) - c_Pause=1; - else if (strcmp(*argv,"-debug") == 0) - c_debug=1; + argc--; + argv++; + while (argc >= 1) { + if (strcmp(*argv, "-host") == 0) { + if (--argc < 1) + goto bad; + host = *(++argv); + } else if (strcmp(*argv, "-port") == 0) { + if (--argc < 1) + goto bad; + port = atoi(*(++argv)); + if (port == 0) + goto bad; + } else if (strcmp(*argv, "-connect") == 0) { + if (--argc < 1) + goto bad; + if (!extract_host_port(*(++argv), &host, NULL, &port)) + goto bad; + } else if (strcmp(*argv, "-verify") == 0) { + verify = SSL_VERIFY_PEER; + if (--argc < 1) + goto bad; + verify_depth = atoi(*(++argv)); + BIO_printf(bio_err, "verify depth is %d\n", verify_depth); + } else if (strcmp(*argv, "-cert") == 0) { + if (--argc < 1) + goto bad; + cert_file = *(++argv); + } else if (strcmp(*argv, "-sess_out") == 0) { + if (--argc < 1) + goto bad; + sess_out = *(++argv); + } else if (strcmp(*argv, "-sess_in") == 0) { + if (--argc < 1) + goto bad; + sess_in = *(++argv); + } else if (strcmp(*argv, "-certform") == 0) { + if (--argc < 1) + goto bad; + cert_format = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-crl_check") == 0) + vflags |= X509_V_FLAG_CRL_CHECK; + else if (strcmp(*argv, "-crl_check_all") == 0) + vflags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL; + else if (strcmp(*argv, "-prexit") == 0) + prexit = 1; + else if (strcmp(*argv, "-crlf") == 0) + crlf = 1; + else if (strcmp(*argv, "-quiet") == 0) { + c_quiet = 1; + c_ign_eof = 1; + } else if (strcmp(*argv, "-ign_eof") == 0) + c_ign_eof = 1; + else if (strcmp(*argv, "-no_ign_eof") == 0) + c_ign_eof = 0; + else if (strcmp(*argv, "-pause") == 0) + c_Pause = 1; + else if (strcmp(*argv, "-debug") == 0) + c_debug = 1; #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-tlsextdebug") == 0) - c_tlsextdebug=1; - else if (strcmp(*argv,"-status") == 0) - c_status_req=1; + else if (strcmp(*argv, "-tlsextdebug") == 0) + c_tlsextdebug = 1; + else if (strcmp(*argv, "-status") == 0) + c_status_req = 1; #endif #ifdef WATT32 - else if (strcmp(*argv,"-wdebug") == 0) - dbug_init(); + else if (strcmp(*argv, "-wdebug") == 0) + dbug_init(); #endif - else if (strcmp(*argv,"-msg") == 0) - c_msg=1; - else if (strcmp(*argv,"-showcerts") == 0) - c_showcerts=1; - else if (strcmp(*argv,"-nbio_test") == 0) - nbio_test=1; - else if (strcmp(*argv,"-state") == 0) - state=1; + else if (strcmp(*argv, "-msg") == 0) + c_msg = 1; + else if (strcmp(*argv, "-showcerts") == 0) + c_showcerts = 1; + else if (strcmp(*argv, "-nbio_test") == 0) + nbio_test = 1; + else if (strcmp(*argv, "-state") == 0) + state = 1; #ifndef OPENSSL_NO_SSL2 - else if (strcmp(*argv,"-ssl2") == 0) - meth=SSLv2_client_method(); + else if (strcmp(*argv, "-ssl2") == 0) + meth = SSLv2_client_method(); #endif #ifndef OPENSSL_NO_SSL3 - else if (strcmp(*argv,"-ssl3") == 0) - meth=SSLv3_client_method(); + else if (strcmp(*argv, "-ssl3") == 0) + meth = SSLv3_client_method(); #endif #ifndef OPENSSL_NO_TLS1 - else if (strcmp(*argv,"-tls1") == 0) - meth=TLSv1_client_method(); + else if (strcmp(*argv, "-tls1") == 0) + meth = TLSv1_client_method(); #endif #ifndef OPENSSL_NO_DTLS1 - else if (strcmp(*argv,"-dtls1") == 0) - { - meth=DTLSv1_client_method(); - sock_type=SOCK_DGRAM; - } - else if (strcmp(*argv,"-timeout") == 0) - enable_timeouts=1; - else if (strcmp(*argv,"-mtu") == 0) - { - if (--argc < 1) goto bad; - socket_mtu = atol(*(++argv)); - } + else if (strcmp(*argv, "-dtls1") == 0) { + meth = DTLSv1_client_method(); + sock_type = SOCK_DGRAM; + } else if (strcmp(*argv, "-timeout") == 0) + enable_timeouts = 1; + else if (strcmp(*argv, "-mtu") == 0) { + if (--argc < 1) + goto bad; + socket_mtu = atol(*(++argv)); + } #endif - else if (strcmp(*argv,"-fallback_scsv") == 0) - { - fallback_scsv = 1; - } - else if (strcmp(*argv,"-bugs") == 0) - bugs=1; - else if (strcmp(*argv,"-keyform") == 0) - { - if (--argc < 1) goto bad; - key_format = str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-pass") == 0) - { - if (--argc < 1) goto bad; - passarg = *(++argv); - } - else if (strcmp(*argv,"-key") == 0) - { - if (--argc < 1) goto bad; - key_file= *(++argv); - } - else if (strcmp(*argv,"-reconnect") == 0) - { - reconnect=5; - } - else if (strcmp(*argv,"-CApath") == 0) - { - if (--argc < 1) goto bad; - CApath= *(++argv); - } - else if (strcmp(*argv,"-CAfile") == 0) - { - if (--argc < 1) goto bad; - CAfile= *(++argv); - } - else if (strcmp(*argv,"-no_tls1") == 0) - off|=SSL_OP_NO_TLSv1; - else if (strcmp(*argv,"-no_ssl3") == 0) - off|=SSL_OP_NO_SSLv3; - else if (strcmp(*argv,"-no_ssl2") == 0) - off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv, "-fallback_scsv") == 0) { + fallback_scsv = 1; + } else if (strcmp(*argv, "-bugs") == 0) + bugs = 1; + else if (strcmp(*argv, "-keyform") == 0) { + if (--argc < 1) + goto bad; + key_format = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-pass") == 0) { + if (--argc < 1) + goto bad; + passarg = *(++argv); + } else if (strcmp(*argv, "-key") == 0) { + if (--argc < 1) + goto bad; + key_file = *(++argv); + } else if (strcmp(*argv, "-reconnect") == 0) { + reconnect = 5; + } else if (strcmp(*argv, "-CApath") == 0) { + if (--argc < 1) + goto bad; + CApath = *(++argv); + } else if (strcmp(*argv, "-CAfile") == 0) { + if (--argc < 1) + goto bad; + CAfile = *(++argv); + } else if (strcmp(*argv, "-no_tls1") == 0) + off |= SSL_OP_NO_TLSv1; + else if (strcmp(*argv, "-no_ssl3") == 0) + off |= SSL_OP_NO_SSLv3; + else if (strcmp(*argv, "-no_ssl2") == 0) + off |= SSL_OP_NO_SSLv2; #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-no_ticket") == 0) - { off|=SSL_OP_NO_TICKET; } + else if (strcmp(*argv, "-no_ticket") == 0) { + off |= SSL_OP_NO_TICKET; + } #endif - else if (strcmp(*argv,"-serverpref") == 0) - off|=SSL_OP_CIPHER_SERVER_PREFERENCE; - else if (strcmp(*argv,"-legacy_renegotiation") == 0) - off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; - else if (strcmp(*argv,"-legacy_server_connect") == 0) - { off|=SSL_OP_LEGACY_SERVER_CONNECT; } - else if (strcmp(*argv,"-no_legacy_server_connect") == 0) - { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } - else if (strcmp(*argv,"-cipher") == 0) - { - if (--argc < 1) goto bad; - cipher= *(++argv); - } + else if (strcmp(*argv, "-serverpref") == 0) + off |= SSL_OP_CIPHER_SERVER_PREFERENCE; + else if (strcmp(*argv, "-legacy_renegotiation") == 0) + off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv, "-legacy_server_connect") == 0) { + off |= SSL_OP_LEGACY_SERVER_CONNECT; + } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) { + clr |= SSL_OP_LEGACY_SERVER_CONNECT; + } else if (strcmp(*argv, "-cipher") == 0) { + if (--argc < 1) + goto bad; + cipher = *(++argv); + } #ifdef FIONBIO - else if (strcmp(*argv,"-nbio") == 0) - { c_nbio=1; } + else if (strcmp(*argv, "-nbio") == 0) { + c_nbio = 1; + } #endif - else if (strcmp(*argv,"-starttls") == 0) - { - if (--argc < 1) goto bad; - ++argv; - if (strcmp(*argv,"smtp") == 0) - starttls_proto = PROTO_SMTP; - else if (strcmp(*argv,"pop3") == 0) - starttls_proto = PROTO_POP3; - else if (strcmp(*argv,"imap") == 0) - starttls_proto = PROTO_IMAP; - else if (strcmp(*argv,"ftp") == 0) - starttls_proto = PROTO_FTP; - else if (strcmp(*argv, "xmpp") == 0) - starttls_proto = PROTO_XMPP; - else - goto bad; - } + else if (strcmp(*argv, "-starttls") == 0) { + if (--argc < 1) + goto bad; + ++argv; + if (strcmp(*argv, "smtp") == 0) + starttls_proto = PROTO_SMTP; + else if (strcmp(*argv, "pop3") == 0) + starttls_proto = PROTO_POP3; + else if (strcmp(*argv, "imap") == 0) + starttls_proto = PROTO_IMAP; + else if (strcmp(*argv, "ftp") == 0) + starttls_proto = PROTO_FTP; + else if (strcmp(*argv, "xmpp") == 0) + starttls_proto = PROTO_XMPP; + else + goto bad; + } #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine_id = *(++argv); - } - else if (strcmp(*argv,"-ssl_client_engine") == 0) - { - if (--argc < 1) goto bad; - ssl_client_engine_id = *(++argv); - } + else if (strcmp(*argv, "-engine") == 0) { + if (--argc < 1) + goto bad; + engine_id = *(++argv); + } else if (strcmp(*argv, "-ssl_client_engine") == 0) { + if (--argc < 1) + goto bad; + ssl_client_engine_id = *(++argv); + } #endif - else if (strcmp(*argv,"-rand") == 0) - { - if (--argc < 1) goto bad; - inrand= *(++argv); - } + else if (strcmp(*argv, "-rand") == 0) { + if (--argc < 1) + goto bad; + inrand = *(++argv); + } #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-servername") == 0) - { - if (--argc < 1) goto bad; - servername= *(++argv); - /* meth=TLSv1_client_method(); */ - } + else if (strcmp(*argv, "-servername") == 0) { + if (--argc < 1) + goto bad; + servername = *(++argv); + /* meth=TLSv1_client_method(); */ + } #endif #ifndef OPENSSL_NO_JPAKE - else if (strcmp(*argv,"-jpake") == 0) - { - if (--argc < 1) goto bad; - jpake_secret = *++argv; - } + else if (strcmp(*argv, "-jpake") == 0) { + if (--argc < 1) + goto bad; + jpake_secret = *++argv; + } #endif - else - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badop=1; - break; - } - argc--; - argv++; - } - if (badop) - { -bad: - sc_usage(); - goto end; - } - - OpenSSL_add_ssl_algorithms(); - SSL_load_error_strings(); + else { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badop = 1; + break; + } + argc--; + argv++; + } + if (badop) { + bad: + sc_usage(); + goto end; + } + + OpenSSL_add_ssl_algorithms(); + SSL_load_error_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine_id, 1); - if (ssl_client_engine_id) - { - ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); - if (!ssl_client_engine) - { - BIO_printf(bio_err, - "Error getting client auth engine\n"); - goto end; - } - } + e = setup_engine(bio_err, engine_id, 1); + if (ssl_client_engine_id) { + ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); + if (!ssl_client_engine) { + BIO_printf(bio_err, "Error getting client auth engine\n"); + goto end; + } + } #endif - if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) - { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - if (key_file == NULL) - key_file = cert_file; - - - if (key_file) - - { - - key = load_key(bio_err, key_file, key_format, 0, pass, e, - "client certificate private key file"); - if (!key) - { - ERR_print_errors(b |