diff options
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 2873 |
1 files changed, 1408 insertions, 1465 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index f9d389ddc7..dff46d65a8 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -142,15 +142,17 @@ #include <string.h> #include <openssl/e_os2.h> #ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 +# define APPS_WIN16 #endif -/* With IPv6, it looks like Digital has mixed up the proper order of - recursive header file inclusion, resulting in the compiler complaining - that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which - is needed to have fileno() declared correctly... So let's define u_int */ +/* + * With IPv6, it looks like Digital has mixed up the proper order of + * recursive header file inclusion, resulting in the compiler complaining + * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is + * needed to have fileno() declared correctly... So let's define u_int + */ #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -#define __U_INT +# define __U_INT typedef unsigned int u_int; #endif @@ -168,22 +170,28 @@ typedef unsigned int u_int; #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ -#undef FIONBIO +# undef FIONBIO #endif #if defined(OPENSSL_SYS_BEOS_R5) -#include <fcntl.h> +# include <fcntl.h> #endif #undef PROG -#define PROG s_client_main +#define PROG s_client_main -/*#define SSL_HOST_NAME "www.netscape.com" */ -/*#define SSL_HOST_NAME "193.118.187.102" */ -#define SSL_HOST_NAME "localhost" +/* + * #define SSL_HOST_NAME "www.netscape.com" + */ +/* + * #define SSL_HOST_NAME "193.118.187.102" + */ +#define SSL_HOST_NAME "localhost" /* no default cert. */ -/*#define TEST_CERT "client.pem" */ +/* + * #define TEST_CERT "client.pem" + */ #undef BUFSIZZ #define BUFSIZZ 1024*8 @@ -193,1611 +201,1546 @@ extern int verify_error; extern int verify_return_error; #ifdef FIONBIO -static int c_nbio=0; +static int c_nbio = 0; #endif -static int c_Pause=0; -static int c_debug=0; +static int c_Pause = 0; +static int c_debug = 0; #ifndef OPENSSL_NO_TLSEXT -static int c_tlsextdebug=0; -static int c_status_req=0; +static int c_tlsextdebug = 0; +static int c_status_req = 0; #endif -static int c_msg=0; -static int c_showcerts=0; +static int c_msg = 0; +static int c_showcerts = 0; static void sc_usage(void); -static void print_stuff(BIO *berr,SSL *con,int full); +static void print_stuff(BIO *berr, SSL *con, int full); #ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg); #endif -static BIO *bio_c_out=NULL; -static int c_quiet=0; -static int c_ign_eof=0; +static BIO *bio_c_out = NULL; +static int c_quiet = 0; +static int c_ign_eof = 0; #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ -static char *psk_identity="Client_identity"; -/*char *psk_key=NULL; by default PSK is not used */ +static char *psk_identity = "Client_identity"; +/* + * char *psk_key=NULL; by default PSK is not used + */ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len) - { - unsigned int psk_len = 0; - int ret; - BIGNUM *bn=NULL; - - if (c_debug) - BIO_printf(bio_c_out, "psk_client_cb\n"); - if (!hint) - { - /* no ServerKeyExchange message*/ - if (c_debug) - BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n"); - } - else if (c_debug) - BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); - - /* lookup PSK identity and PSK key based on the given identity hint here */ - ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); - if (ret < 0 || (unsigned int)ret > max_identity_len) - goto out_err; - if (c_debug) - BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret); - ret=BN_hex2bn(&bn, psk_key); - if (!ret) - { - BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); - if (bn) - BN_free(bn); - return 0; - } - - if ((unsigned int)BN_num_bytes(bn) > max_psk_len) - { - BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); - BN_free(bn); - return 0; - } + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len) +{ + unsigned int psk_len = 0; + int ret; + BIGNUM *bn = NULL; + + if (c_debug) + BIO_printf(bio_c_out, "psk_client_cb\n"); + if (!hint) { + /* no ServerKeyExchange message */ + if (c_debug) + BIO_printf(bio_c_out, + "NULL received PSK identity hint, continuing anyway\n"); + } else if (c_debug) + BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); + + /* + * lookup PSK identity and PSK key based on the given identity hint here + */ + ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); + if (ret < 0 || (unsigned int)ret > max_identity_len) + goto out_err; + if (c_debug) + BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, + ret); + ret = BN_hex2bn(&bn, psk_key); + if (!ret) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", + psk_key); + if (bn) + BN_free(bn); + return 0; + } - psk_len=BN_bn2bin(bn, psk); + if ((unsigned int)BN_num_bytes(bn) > max_psk_len) { + BIO_printf(bio_err, + "psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); BN_free(bn); - if (psk_len == 0) - goto out_err; + return 0; + } - if (c_debug) - BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); + psk_len = BN_bn2bin(bn, psk); + BN_free(bn); + if (psk_len == 0) + goto out_err; - return psk_len; + if (c_debug) + BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); + + return psk_len; out_err: - if (c_debug) - BIO_printf(bio_err, "Error in PSK client callback\n"); - return 0; - } + if (c_debug) + BIO_printf(bio_err, "Error in PSK client callback\n"); + return 0; +} #endif static void sc_usage(void) - { - BIO_printf(bio_err,"usage: s_client args\n"); - BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -host host - use -connect instead\n"); - BIO_printf(bio_err," -port port - use -connect instead\n"); - BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); - - BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); - BIO_printf(bio_err," -verify_return_error - return verification errors\n"); - BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); - BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); - BIO_printf(bio_err," not specified but cert file is.\n"); - BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); - BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); - BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); - BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); - BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); - BIO_printf(bio_err," -prexit - print session information even on connection failure\n"); - BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); - BIO_printf(bio_err," -debug - extra output\n"); +{ + BIO_printf(bio_err, "usage: s_client args\n"); + BIO_printf(bio_err, "\n"); + BIO_printf(bio_err, " -host host - use -connect instead\n"); + BIO_printf(bio_err, " -port port - use -connect instead\n"); + BIO_printf(bio_err, + " -connect host:port - who to connect to (default is %s:%s)\n", + SSL_HOST_NAME, PORT_STR); + + BIO_printf(bio_err, + " -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err, + " -verify_return_error - return verification errors\n"); + BIO_printf(bio_err, + " -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err, + " -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, + " -key arg - Private key file to use, in cert file if\n"); + BIO_printf(bio_err, " not specified but cert file is.\n"); + BIO_printf(bio_err, + " -keyform arg - key format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, + " -pass arg - private key file pass phrase source\n"); + BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, + " -reconnect - Drop and re-make the connection with the same Session-ID\n"); + BIO_printf(bio_err, + " -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err, + " -prexit - print session information even on connection failure\n"); + BIO_printf(bio_err, + " -showcerts - show all certificates in the chain\n"); + BIO_printf(bio_err, " -debug - extra output\n"); #ifdef WATT32 - BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); + BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); #endif - BIO_printf(bio_err," -msg - Show protocol messages\n"); - BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); - BIO_printf(bio_err," -state - print the 'ssl' states\n"); + BIO_printf(bio_err, " -msg - Show protocol messages\n"); + BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); + BIO_printf(bio_err, " -state - print the 'ssl' states\n"); #ifdef FIONBIO - BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); + BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); #endif - BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); - BIO_printf(bio_err," -quiet - no s_client output\n"); - BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); - BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); + BIO_printf(bio_err, + " -crlf - convert LF from terminal into CRLF\n"); + BIO_printf(bio_err, " -quiet - no s_client output\n"); + BIO_printf(bio_err, + " -ign_eof - ignore input eof (default when -quiet)\n"); + BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); #ifndef OPENSSL_NO_PSK - BIO_printf(bio_err," -psk_identity arg - PSK identity\n"); - BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); + BIO_printf(bio_err, " -psk_identity arg - PSK identity\n"); + BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); # ifndef OPENSSL_NO_JPAKE - BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); + BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); # endif #endif - BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); - BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); - BIO_printf(bio_err," -tls1 - just use TLSv1\n"); - BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); - BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); - BIO_printf(bio_err," -mtu - set the link layer MTU\n"); - BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); - BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); - BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); - BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); - BIO_printf(bio_err," command to see what is available\n"); - BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); - BIO_printf(bio_err," for those protocols that support it, where\n"); - BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); - BIO_printf(bio_err," are supported.\n"); + BIO_printf(bio_err, " -ssl2 - just use SSLv2\n"); + BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); + BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); + BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n"); + BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); + BIO_printf(bio_err, + " -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); + BIO_printf(bio_err, + " -bugs - Switch on all SSL implementation bug workarounds\n"); + BIO_printf(bio_err, + " -serverpref - Use server's cipher preferences (only SSLv2)\n"); + BIO_printf(bio_err, + " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); + BIO_printf(bio_err, + " command to see what is available\n"); + BIO_printf(bio_err, + " -starttls prot - use the STARTTLS command before starting TLS\n"); + BIO_printf(bio_err, + " for those protocols that support it, where\n"); + BIO_printf(bio_err, + " 'prot' defines which one to assume. Currently,\n"); + BIO_printf(bio_err, + " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); + BIO_printf(bio_err, " are supported.\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + BIO_printf(bio_err, + " -engine id - Initialise and use the specified engine\n"); #endif - BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); - BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); - BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); + BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, + LIST_SEPARATOR_CHAR); + BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); + BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); #ifndef OPENSSL_NO_TLSEXT - BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); - BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); - BIO_printf(bio_err," -status - request certificate status from server\n"); - BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); + BIO_printf(bio_err, + " -servername host - Set TLS extension servername in ClientHello\n"); + BIO_printf(bio_err, + " -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err, + " -status - request certificate status from server\n"); + BIO_printf(bio_err, + " -no_ticket - disable use of RFC4507bis session tickets\n"); #endif - BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); - } + BIO_printf(bio_err, + " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +} #ifndef OPENSSL_NO_TLSEXT /* This is a context that we pass to callbacks */ typedef struct tlsextctx_st { - BIO * biodebug; - int ack; + BIO *biodebug; + int ack; } tlsextctx; - static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) - { - tlsextctx * p = (tlsextctx *) arg; - const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (SSL_get_servername_type(s) != -1) - p->ack = !SSL_session_reused(s) && hn != NULL; - else - BIO_printf(bio_err,"Can't use SSL_get_servername\n"); - - return SSL_TLSEXT_ERR_OK; - } +{ + tlsextctx *p = (tlsextctx *) arg; + const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + if (SSL_get_servername_type(s) != -1) + p->ack = !SSL_session_reused(s) && hn != NULL; + else + BIO_printf(bio_err, "Can't use SSL_get_servername\n"); + + return SSL_TLSEXT_ERR_OK; +} #endif -enum -{ - PROTO_OFF = 0, - PROTO_SMTP, - PROTO_POP3, - PROTO_IMAP, - PROTO_FTP, - PROTO_XMPP +enum { + PROTO_OFF = 0, + PROTO_SMTP, + PROTO_POP3, + PROTO_IMAP, + PROTO_FTP, + PROTO_XMPP }; int MAIN(int, char **); int MAIN(int argc, char **argv) - { - unsigned int off=0, clr=0; - SSL *con=NULL; - int s,k,width,state=0; - char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; - int cbuf_len,cbuf_off; - int sbuf_len,sbuf_off; - fd_set readfds,writefds; - short port=PORT; - int full_log=1; - char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; - int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; - char *passarg = NULL, *pass = NULL; - X509 *cert = NULL; - EVP_PKEY *key = NULL; - char *CApath=NULL,*CAfile=NULL,*cipher=NULL; - int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; - int crlf=0; - int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; - SSL_CTX *ctx=NULL; - int ret=1,in_init=1,i,nbio_test=0; - int starttls_proto = PROTO_OFF; - int prexit = 0; - X509_VERIFY_PARAM *vpm = NULL; - int badarg = 0; - const SSL_METHOD *meth=NULL; - int socket_type=SOCK_STREAM; - BIO *sbio; - char *inrand=NULL; - int mbuf_len=0; - struct timeval timeout, *timeoutp; +{ + unsigned int off = 0, clr = 0; + SSL *con = NULL; + int s, k, width, state = 0; + char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; + int cbuf_len, cbuf_off; + int sbuf_len, sbuf_off; + fd_set readfds, writefds; + short port = PORT; + int full_log = 1; + char *host = SSL_HOST_NAME; + char *cert_file = NULL, *key_file = NULL; + int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; + char *passarg = NULL, *pass = NULL; + X509 *cert = NULL; + EVP_PKEY *key = NULL; + char *CApath = NULL, *CAfile = NULL, *cipher = NULL; + int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0; + int crlf = 0; + int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; + SSL_CTX *ctx = NULL; + int ret = 1, in_init = 1, i, nbio_test = 0; + int starttls_proto = PROTO_OFF; + int prexit = 0; + X509_VERIFY_PARAM *vpm = NULL; + int badarg = 0; + const SSL_METHOD *meth = NULL; + int socket_type = SOCK_STREAM; + BIO *sbio; + char *inrand = NULL; + int mbuf_len = 0; + struct timeval timeout, *timeoutp; #ifndef OPENSSL_NO_ENGINE - char *engine_id=NULL; - char *ssl_client_engine_id=NULL; - ENGINE *ssl_client_engine=NULL; + char *engine_id = NULL; + char *ssl_client_engine_id = NULL; + ENGINE *ssl_client_engine = NULL; #endif - ENGINE *e=NULL; + ENGINE *e = NULL; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) - struct timeval tv; -#if defined(OPENSSL_SYS_BEOS_R5) - int stdin_set = 0; -#endif + struct timeval tv; +# if defined(OPENSSL_SYS_BEOS_R5) + int stdin_set = 0; +# endif #endif #ifndef OPENSSL_NO_TLSEXT - char *servername = NULL; - tlsextctx tlsextcbp = - {NULL,0}; + char *servername = NULL; + tlsextctx tlsextcbp = { NULL, 0 }; #endif - char *sess_in = NULL; - char *sess_out = NULL; - struct sockaddr peer; - int peerlen = sizeof(peer); - int fallback_scsv = 0; - int enable_timeouts = 0 ; - long socket_mtu = 0; + char *sess_in = NULL; + char *sess_out = NULL; + struct sockaddr peer; + int peerlen = sizeof(peer); + int fallback_scsv = 0; + int enable_timeouts = 0; + long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE - char *jpake_secret = NULL; + char *jpake_secret = NULL; #endif - meth=SSLv23_client_method(); + meth = SSLv23_client_method(); - apps_startup(); - c_Pause=0; - c_quiet=0; - c_ign_eof=0; - c_debug=0; - c_msg=0; - c_showcerts=0; + apps_startup(); + c_Pause = 0; + c_quiet = 0; + c_ign_eof = 0; + c_debug = 0; + c_msg = 0; + c_showcerts = 0; - if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + if (bio_err == NULL) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); - if (!load_config(bio_err, NULL)) - goto end; + if (!load_config(bio_err, NULL)) + goto end; - if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || - ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || - ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) - { - BIO_printf(bio_err,"out of memory\n"); - goto end; - } + if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || + ((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) || + ((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) { + BIO_printf(bio_err, "out of memory\n"); + goto end; + } - verify_depth=0; - verify_error=X509_V_OK; + verify_depth = 0; + verify_error = X509_V_OK; #ifdef FIONBIO - c_nbio=0; + c_nbio = 0; #endif - argc--; - argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-host") == 0) - { - if (--argc < 1) goto bad; - host= *(++argv); - } - else if (strcmp(*argv,"-port") == 0) - { - if (--argc < 1) goto bad; - port=atoi(*(++argv)); - if (port == 0) goto bad; - } - else if (strcmp(*argv,"-connect") == 0) - { - if (--argc < 1) goto bad; - if (!extract_host_port(*(++argv),&host,NULL,&port)) - goto bad; - } - else if (strcmp(*argv,"-verify") == 0) - { - verify=SSL_VERIFY_PEER; - if (--argc < 1) goto bad; - verify_depth=atoi(*(++argv)); - BIO_printf(bio_err,"verify depth is %d\n",verify_depth); - } - else if (strcmp(*argv,"-cert") == 0) - { - if (--argc < 1) goto bad; - cert_file= *(++argv); - } - else if (strcmp(*argv,"-sess_out") == 0) - { - if (--argc < 1) goto bad; - sess_out = *(++argv); - } - else if (strcmp(*argv,"-sess_in") == 0) - { - if (--argc < 1) goto bad; - sess_in = *(++argv); - } - else if (strcmp(*argv,"-certform") == 0) - { - if (--argc < 1) goto bad; - cert_format = str2fmt(*(++argv)); - } - else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) - { - if (badarg) - goto bad; - continue; - } - else if (strcmp(*argv,"-verify_return_error") == 0) - verify_return_error = 1; - else if (strcmp(*argv,"-prexit") == 0) - prexit=1; - else if (strcmp(*argv,"-crlf") == 0) - crlf=1; - else if (strcmp(*argv,"-quiet") == 0) - { - c_quiet=1; - c_ign_eof=1; - } - else if (strcmp(*argv,"-ign_eof") == 0) - c_ign_eof=1; - else if (strcmp(*argv,"-no_ign_eof") == 0) - c_ign_eof=0; - else if (strcmp(*argv,"-pause") == 0) - c_Pause=1; - else if (strcmp(*argv,"-debug") == 0) - c_debug=1; + argc--; + argv++; + while (argc >= 1) { + if (strcmp(*argv, "-host") == 0) { + if (--argc < 1) + goto bad; + host = *(++argv); + } else if (strcmp(*argv, "-port") == 0) { + if (--argc < 1) + goto bad; + port = atoi(*(++argv)); + if (port == 0) + goto bad; + } else if (strcmp(*argv, "-connect") == 0) { + if (--argc < 1) + goto bad; + if (!extract_host_port(*(++argv), &host, NULL, &port)) + goto bad; + } else if (strcmp(*argv, "-verify") == 0) { + verify = SSL_VERIFY_PEER; + if (--argc < 1) + goto bad; + verify_depth = atoi(*(++argv)); + BIO_printf(bio_err, "verify depth is %d\n", verify_depth); + } else if (strcmp(*argv, "-cert") == 0) { + if (--argc < 1) + goto bad; + cert_file = *(++argv); + } else if (strcmp(*argv, "-sess_out") == 0) { + if (--argc < 1) + goto bad; + sess_out = *(++argv); + } else if (strcmp(*argv, "-sess_in") == 0) { + if (--argc < 1) + goto bad; + sess_in = *(++argv); + } else if (strcmp(*argv, "-certform") == 0) { + if (--argc < 1) + goto bad; + cert_format = str2fmt(*(++argv)); + } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { + if (badarg) + goto bad; + continue; + } else if (strcmp(*argv, "-verify_return_error") == 0) + verify_return_error = 1; + else if (strcmp(*argv, "-prexit") == 0) + prexit = 1; + else if (strcmp(*argv, "-crlf") == 0) + crlf = 1; + else if (strcmp(*argv, "-quiet") == 0) { + c_quiet = 1; + c_ign_eof = 1; + } else if (strcmp(*argv, "-ign_eof") == 0) + c_ign_eof = 1; + else if (strcmp(*argv, "-no_ign_eof") == 0) + c_ign_eof = 0; + else if (strcmp(*argv, "-pause") == 0) + c_Pause = 1; + else if (strcmp(*argv, "-debug") == 0) + c_debug = 1; #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-tlsextdebug") == 0) - c_tlsextdebug=1; - else if (strcmp(*argv,"-status") == 0) - c_status_req=1; + else if (strcmp(*argv, "-tlsextdebug") == 0) + c_tlsextdebug = 1; + else if (strcmp(*argv, "-status") == 0) + c_status_req = 1; #endif #ifdef WATT32 - else if (strcmp(*argv,"-wdebug") == 0) - dbug_init(); + else if (strcmp(*argv, "-wdebug") == 0) + dbug_init(); #endif - else if (strcmp(*argv,"-msg") == 0) - c_msg=1; - else if (strcmp(*argv,"-showcerts") == 0) - c_showcerts=1; - else if (strcmp(*argv,"-nbio_test") == 0) - nbio_test=1; - else if (strcmp(*argv,"-state") == 0) - state=1; + else if (strcmp(*argv, "-msg") == 0) + c_msg = 1; + else if (strcmp(*argv, "-showcerts") == 0) + c_showcerts = 1; + else if (strcmp(*argv, "-nbio_test") == 0) + nbio_test = 1; + else if (strcmp(*argv, "-state") == 0) + state = 1; #ifndef OPENSSL_NO_PSK - else if (strcmp(*argv,"-psk_identity") == 0) - { - if (--argc < 1) goto bad; - psk_identity=*(++argv); - } - else if (strcmp(*argv,"-psk") == 0) - { - size_t j; - - if (--argc < 1) goto bad; - psk_key=*(++argv); - for (j = 0; j < strlen(psk_key); j++) - { - if (isxdigit((unsigned char)psk_key[j])) - continue; - BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); - goto bad; - } - } + else if (strcmp(*argv, "-psk_identity") == 0) { + if (--argc < 1) + goto bad; + psk_identity = *(++argv); + } else if (strcmp(*argv, "-psk") == 0) { + size_t j; + + if (--argc < 1) + goto bad; + psk_key = *(++argv); + for (j = 0; j < strlen(psk_key); j++) { + if (isxdigit((unsigned char)psk_key[j])) + continue; + BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); + goto bad; + } + } #endif #ifndef OPENSSL_NO_SSL2 - else if (strcmp(*argv,"-ssl2") == 0) - meth=SSLv2_client_method(); + else if (strcmp(*argv, "-ssl2") == 0) + meth = SSLv2_client_method(); #endif #ifndef OPENSSL_NO_SSL3 - else if (strcmp(*argv,"-ssl3") == 0) - meth=SSLv3_client_method(); + else if (strcmp(*argv, "-ssl3") == 0) + meth = SSLv3_client_method(); #endif #ifndef OPENSSL_NO_TLS1 - else if (strcmp(*argv,"-tls1") == 0) - meth=TLSv1_client_method(); + else if (strcmp(*argv, "-tls1") == 0) + meth = TLSv1_client_method(); #endif #ifndef OPENSSL_NO_DTLS1 - else if (strcmp(*argv,"-dtls1") == 0) - { - meth=DTLSv1_client_method(); - socket_type=SOCK_DGRAM; - } - else if (strcmp(*argv,"-timeout") == 0) - enable_timeouts=1; - else if (strcmp(*argv,"-mtu") == 0) - { - if (--argc < 1) goto bad; - socket_mtu = atol(*(++argv)); - } + else if (strcmp(*argv, "-dtls1") == 0) { + meth = DTLSv1_client_method(); + socket_type = SOCK_DGRAM; + } else if (strcmp(*argv, "-timeout") == 0) + enable_timeouts = 1; + else if (strcmp(*argv, "-mtu") == 0) { + if (--argc < 1) + goto bad; + socket_mtu = atol(*(++argv)); + } #endif - else if (strcmp(*argv,"-fallback_scsv") == 0) - { - fallback_scsv = 1; - } - else if (strcmp(*argv,"-bugs") == 0) - bugs=1; - else if (strcmp(*argv,"-keyform") == 0) - { - if (--argc < 1) goto bad; - key_format = str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-pass") == 0) - { - if (--argc < 1) goto bad; - passarg = *(++argv); - } - else if (strcmp(*argv,"-key") == 0) - { - if (--argc < 1) goto bad; - key_file= *(++argv); - } - else if (strcmp(*argv,"-reconnect") == 0) - { - reconnect=5; - } - else if (strcmp(*argv,"-CApath") == 0) - { - if (--argc < 1) goto bad; - CApath= *(++argv); - } - else if (strcmp(*argv,"-CAfile") == 0) - { - if (--argc < 1) goto bad; - CAfile= *(++argv); - } - else if (strcmp(*argv,"-no_tls1") == 0) - off|=SSL_OP_NO_TLSv1; - else if (strcmp(*argv,"-no_ssl3") == 0) - off|=SSL_OP_NO_SSLv3; - else if (strcmp(*argv,"-no_ssl2") == 0) - off|=SSL_OP_NO_SSLv2; - else if (strcmp(*argv,"-no_comp") == 0) - { off|=SSL_OP_NO_COMPRESSION; } + else if (strcmp(*argv, "-fallback_scsv") == 0) { + fallback_scsv = 1; + } else if (strcmp(*argv, "-bugs") == 0) + bugs = 1; + else if (strcmp(*argv, "-keyform") == 0) { + if (--argc < 1) + goto bad; + key_format = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-pass") == 0) { + if (--argc < 1) + goto bad; + passarg = *(++argv); + } else if (strcmp(*argv, "-key") == 0) { + if (--argc < 1) + goto bad; + key_file = *(++argv); + } else if (strcmp(*argv, "-reconnect") == 0) { + reconnect = 5; + } else if (strcmp(*argv, "-CApath") == 0) { + if (--argc < 1) + goto bad; + CApath = *(++argv); + } else if (strcmp(*argv, "-CAfile") == 0) { + if (--argc < 1) + goto bad; + CAfile = *(++argv); + } else if (strcmp(*argv, "-no_tls1") == 0) + off |= SSL_OP_NO_TLSv1; + else if (strcmp(*argv, "-no_ssl3") == 0) + off |= SSL_OP_NO_SSLv3; + else if (strcmp(*argv, "-no_ssl2") == 0) + off |= SSL_OP_NO_SSLv2; + else if (strcmp(*argv, "-no_comp") == 0) { + off |= SSL_OP_NO_COMPRESSION; + } #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-no_ticket") == 0) - { off|=SSL_OP_NO_TICKET; } + else if (strcmp(*argv, "-no_ticket") == 0) { + off |= SSL_OP_NO_TICKET; + } #endif - else if (strcmp(*argv,"-serverpref") == 0) - off|=SSL_OP_CIPHER_SERVER_PREFERENCE; - else if (strcmp(*argv,"-legacy_renegotiation") == 0) - off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; - else if (strcmp(*argv,"-legacy_server_connect") == 0) - { off|=SSL_OP_LEGACY_SERVER_CONNECT; } - else if (strcmp(*argv,"-no_legacy_server_connect") == 0) - { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } - else if (strcmp(*argv,"-cipher") == 0) - { - if (--argc < 1) goto bad; - cipher= *(++argv); - } + else if (strcmp(*argv, "-serverpref") == 0) + off |= SSL_OP_CIPHER_SERVER_PREFERENCE; + else if (strcmp(*argv, "-legacy_renegotiation") == 0) + off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv, "-legacy_server_connect") == 0) { + off |= SSL_OP_LEGACY_SERVER_CONNECT; + } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) { + clr |= SSL_OP_LEGACY_SERVER_CONNECT; + } else if (strcmp(*argv, "-cipher") == 0) { + if (--argc < 1) + goto bad; + cipher = *(++argv); + } #ifdef FIONBIO - else if (strcmp(*argv,"-nbio") == 0) - { c_nbio=1; } + else if (strcmp(*argv, "-nbio") == 0) { + c_nbio = 1; + } |