2
0

s_client.c 47 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721
  1. /* apps/s_client.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. /* ====================================================================
  112. * Copyright 2005 Nokia. All rights reserved.
  113. *
  114. * The portions of the attached software ("Contribution") is developed by
  115. * Nokia Corporation and is licensed pursuant to the OpenSSL open source
  116. * license.
  117. *
  118. * The Contribution, originally written by Mika Kousa and Pasi Eronen of
  119. * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
  120. * support (see RFC 4279) to OpenSSL.
  121. *
  122. * No patent licenses or other rights except those expressly stated in
  123. * the OpenSSL open source license shall be deemed granted or received
  124. * expressly, by implication, estoppel, or otherwise.
  125. *
  126. * No assurances are provided by Nokia that the Contribution does not
  127. * infringe the patent or other intellectual property rights of any third
  128. * party or that the license provides you with all the necessary rights
  129. * to make use of the Contribution.
  130. *
  131. * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
  132. * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
  133. * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
  134. * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
  135. * OTHERWISE.
  136. */
  137. #include <assert.h>
  138. #include <ctype.h>
  139. #include <stdio.h>
  140. #include <stdlib.h>
  141. #include <string.h>
  142. #include <openssl/e_os2.h>
  143. #ifdef OPENSSL_NO_STDIO
  144. #define APPS_WIN16
  145. #endif
  146. /* With IPv6, it looks like Digital has mixed up the proper order of
  147. recursive header file inclusion, resulting in the compiler complaining
  148. that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
  149. is needed to have fileno() declared correctly... So let's define u_int */
  150. #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
  151. #define __U_INT
  152. typedef unsigned int u_int;
  153. #endif
  154. #define USE_SOCKETS
  155. #include "apps.h"
  156. #include <openssl/x509.h>
  157. #include <openssl/ssl.h>
  158. #include <openssl/err.h>
  159. #include <openssl/pem.h>
  160. #include <openssl/rand.h>
  161. #include <openssl/ocsp.h>
  162. #include <openssl/bn.h>
  163. #include "s_apps.h"
  164. #include "timeouts.h"
  165. #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
  166. /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
  167. #undef FIONBIO
  168. #endif
  169. #if defined(OPENSSL_SYS_BEOS_R5)
  170. #include <fcntl.h>
  171. #endif
  172. #undef PROG
  173. #define PROG s_client_main
  174. /*#define SSL_HOST_NAME "www.netscape.com" */
  175. /*#define SSL_HOST_NAME "193.118.187.102" */
  176. #define SSL_HOST_NAME "localhost"
  177. /*#define TEST_CERT "client.pem" */ /* no default cert. */
  178. #undef BUFSIZZ
  179. #define BUFSIZZ 1024*8
  180. extern int verify_depth;
  181. extern int verify_error;
  182. extern int verify_return_error;
  183. #ifdef FIONBIO
  184. static int c_nbio=0;
  185. #endif
  186. static int c_Pause=0;
  187. static int c_debug=0;
  188. #ifndef OPENSSL_NO_TLSEXT
  189. static int c_tlsextdebug=0;
  190. static int c_status_req=0;
  191. #endif
  192. static int c_msg=0;
  193. static int c_showcerts=0;
  194. static void sc_usage(void);
  195. static void print_stuff(BIO *berr,SSL *con,int full);
  196. #ifndef OPENSSL_NO_TLSEXT
  197. static int ocsp_resp_cb(SSL *s, void *arg);
  198. #endif
  199. static BIO *bio_c_out=NULL;
  200. static int c_quiet=0;
  201. static int c_ign_eof=0;
  202. #ifndef OPENSSL_NO_PSK
  203. /* Default PSK identity and key */
  204. static char *psk_identity="Client_identity";
  205. static char *psk_key=NULL; /* by default PSK is not used */
  206. static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
  207. unsigned int max_identity_len, unsigned char *psk,
  208. unsigned int max_psk_len)
  209. {
  210. unsigned int psk_len = 0;
  211. int ret;
  212. BIGNUM *bn=NULL;
  213. if (c_debug)
  214. BIO_printf(bio_c_out, "psk_client_cb\n");
  215. if (!hint)
  216. {
  217. /* no ServerKeyExchange message*/
  218. if (c_debug)
  219. BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n");
  220. }
  221. else if (c_debug)
  222. BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
  223. /* lookup PSK identity and PSK key based on the given identity hint here */
  224. ret = BIO_snprintf(identity, max_identity_len, psk_identity);
  225. if (ret < 0 || (unsigned int)ret > max_identity_len)
  226. goto out_err;
  227. if (c_debug)
  228. BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret);
  229. ret=BN_hex2bn(&bn, psk_key);
  230. if (!ret)
  231. {
  232. BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
  233. if (bn)
  234. BN_free(bn);
  235. return 0;
  236. }
  237. if ((unsigned int)BN_num_bytes(bn) > max_psk_len)
  238. {
  239. BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
  240. max_psk_len, BN_num_bytes(bn));
  241. BN_free(bn);
  242. return 0;
  243. }
  244. psk_len=BN_bn2bin(bn, psk);
  245. BN_free(bn);
  246. if (psk_len == 0)
  247. goto out_err;
  248. if (c_debug)
  249. BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
  250. return psk_len;
  251. out_err:
  252. if (c_debug)
  253. BIO_printf(bio_err, "Error in PSK client callback\n");
  254. return 0;
  255. }
  256. #endif
  257. static void sc_usage(void)
  258. {
  259. BIO_printf(bio_err,"usage: s_client args\n");
  260. BIO_printf(bio_err,"\n");
  261. BIO_printf(bio_err," -host host - use -connect instead\n");
  262. BIO_printf(bio_err," -port port - use -connect instead\n");
  263. BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
  264. BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
  265. BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
  266. BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
  267. BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
  268. BIO_printf(bio_err," not specified but cert file is.\n");
  269. BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
  270. BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
  271. BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
  272. BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
  273. BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
  274. BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
  275. BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
  276. BIO_printf(bio_err," -debug - extra output\n");
  277. #ifdef WATT32
  278. BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
  279. #endif
  280. BIO_printf(bio_err," -msg - Show protocol messages\n");
  281. BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
  282. BIO_printf(bio_err," -state - print the 'ssl' states\n");
  283. #ifdef FIONBIO
  284. BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
  285. #endif
  286. BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
  287. BIO_printf(bio_err," -quiet - no s_client output\n");
  288. BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
  289. BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
  290. #ifndef OPENSSL_NO_PSK
  291. BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
  292. BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
  293. #endif
  294. BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
  295. BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
  296. BIO_printf(bio_err," -tls1 - just use TLSv1\n");
  297. BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
  298. BIO_printf(bio_err," -mtu - set the MTU\n");
  299. BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
  300. BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
  301. BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
  302. BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
  303. BIO_printf(bio_err," command to see what is available\n");
  304. BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
  305. BIO_printf(bio_err," for those protocols that support it, where\n");
  306. BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
  307. BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
  308. BIO_printf(bio_err," are supported.\n");
  309. #ifndef OPENSSL_NO_ENGINE
  310. BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
  311. #endif
  312. BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
  313. BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
  314. BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
  315. #ifndef OPENSSL_NO_TLSEXT
  316. BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n");
  317. BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
  318. BIO_printf(bio_err," -status - request certificate status from server\n");
  319. BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
  320. #endif
  321. }
  322. #ifndef OPENSSL_NO_TLSEXT
  323. /* This is a context that we pass to callbacks */
  324. typedef struct tlsextctx_st {
  325. BIO * biodebug;
  326. int ack;
  327. } tlsextctx;
  328. static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
  329. {
  330. tlsextctx * p = (tlsextctx *) arg;
  331. const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
  332. if (SSL_get_servername_type(s) != -1)
  333. p->ack = !SSL_session_reused(s) && hn != NULL;
  334. else
  335. BIO_printf(bio_err,"Can't use SSL_get_servername\n");
  336. return SSL_TLSEXT_ERR_OK;
  337. }
  338. #endif
  339. enum
  340. {
  341. PROTO_OFF = 0,
  342. PROTO_SMTP,
  343. PROTO_POP3,
  344. PROTO_IMAP,
  345. PROTO_FTP,
  346. PROTO_XMPP
  347. };
  348. int MAIN(int, char **);
  349. int MAIN(int argc, char **argv)
  350. {
  351. int off=0;
  352. SSL *con=NULL;
  353. X509_STORE *store = NULL;
  354. int s,k,width,state=0;
  355. char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
  356. int cbuf_len,cbuf_off;
  357. int sbuf_len,sbuf_off;
  358. fd_set readfds,writefds;
  359. short port=PORT;
  360. int full_log=1;
  361. char *host=SSL_HOST_NAME;
  362. char *cert_file=NULL,*key_file=NULL;
  363. int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
  364. char *passarg = NULL, *pass = NULL;
  365. X509 *cert = NULL;
  366. EVP_PKEY *key = NULL;
  367. char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
  368. int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
  369. int crlf=0;
  370. int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
  371. SSL_CTX *ctx=NULL;
  372. int ret=1,in_init=1,i,nbio_test=0;
  373. int starttls_proto = PROTO_OFF;
  374. int prexit = 0, vflags = 0;
  375. const SSL_METHOD *meth=NULL;
  376. int socket_type=SOCK_STREAM;
  377. BIO *sbio;
  378. char *inrand=NULL;
  379. int mbuf_len=0;
  380. #ifndef OPENSSL_NO_ENGINE
  381. char *engine_id=NULL;
  382. char *ssl_client_engine_id=NULL;
  383. ENGINE *e=NULL, *ssl_client_engine=NULL;
  384. #endif
  385. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
  386. struct timeval tv;
  387. #if defined(OPENSSL_SYS_BEOS_R5)
  388. int stdin_set = 0;
  389. #endif
  390. #endif
  391. #ifndef OPENSSL_NO_TLSEXT
  392. char *servername = NULL;
  393. tlsextctx tlsextcbp =
  394. {NULL,0};
  395. #endif
  396. char *sess_in = NULL;
  397. char *sess_out = NULL;
  398. struct sockaddr peer;
  399. int peerlen = sizeof(peer);
  400. int enable_timeouts = 0 ;
  401. long socket_mtu = 0;
  402. char *jpake_secret = NULL;
  403. #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
  404. meth=SSLv23_client_method();
  405. #elif !defined(OPENSSL_NO_SSL3)
  406. meth=SSLv3_client_method();
  407. #elif !defined(OPENSSL_NO_SSL2)
  408. meth=SSLv2_client_method();
  409. #endif
  410. apps_startup();
  411. c_Pause=0;
  412. c_quiet=0;
  413. c_ign_eof=0;
  414. c_debug=0;
  415. c_msg=0;
  416. c_showcerts=0;
  417. if (bio_err == NULL)
  418. bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
  419. if (!load_config(bio_err, NULL))
  420. goto end;
  421. if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
  422. ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
  423. ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
  424. {
  425. BIO_printf(bio_err,"out of memory\n");
  426. goto end;
  427. }
  428. verify_depth=0;
  429. verify_error=X509_V_OK;
  430. #ifdef FIONBIO
  431. c_nbio=0;
  432. #endif
  433. argc--;
  434. argv++;
  435. while (argc >= 1)
  436. {
  437. if (strcmp(*argv,"-host") == 0)
  438. {
  439. if (--argc < 1) goto bad;
  440. host= *(++argv);
  441. }
  442. else if (strcmp(*argv,"-port") == 0)
  443. {
  444. if (--argc < 1) goto bad;
  445. port=atoi(*(++argv));
  446. if (port == 0) goto bad;
  447. }
  448. else if (strcmp(*argv,"-connect") == 0)
  449. {
  450. if (--argc < 1) goto bad;
  451. if (!extract_host_port(*(++argv),&host,NULL,&port))
  452. goto bad;
  453. }
  454. else if (strcmp(*argv,"-verify") == 0)
  455. {
  456. verify=SSL_VERIFY_PEER;
  457. if (--argc < 1) goto bad;
  458. verify_depth=atoi(*(++argv));
  459. BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
  460. }
  461. else if (strcmp(*argv,"-cert") == 0)
  462. {
  463. if (--argc < 1) goto bad;
  464. cert_file= *(++argv);
  465. }
  466. else if (strcmp(*argv,"-sess_out") == 0)
  467. {
  468. if (--argc < 1) goto bad;
  469. sess_out = *(++argv);
  470. }
  471. else if (strcmp(*argv,"-sess_in") == 0)
  472. {
  473. if (--argc < 1) goto bad;
  474. sess_in = *(++argv);
  475. }
  476. else if (strcmp(*argv,"-certform") == 0)
  477. {
  478. if (--argc < 1) goto bad;
  479. cert_format = str2fmt(*(++argv));
  480. }
  481. else if (strcmp(*argv,"-crl_check") == 0)
  482. vflags |= X509_V_FLAG_CRL_CHECK;
  483. else if (strcmp(*argv,"-crl_check_all") == 0)
  484. vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
  485. else if (strcmp(*argv,"-verify_return_error") == 0)
  486. verify_return_error = 1;
  487. else if (strcmp(*argv,"-prexit") == 0)
  488. prexit=1;
  489. else if (strcmp(*argv,"-crlf") == 0)
  490. crlf=1;
  491. else if (strcmp(*argv,"-quiet") == 0)
  492. {
  493. c_quiet=1;
  494. c_ign_eof=1;
  495. }
  496. else if (strcmp(*argv,"-ign_eof") == 0)
  497. c_ign_eof=1;
  498. else if (strcmp(*argv,"-no_ign_eof") == 0)
  499. c_ign_eof=0;
  500. else if (strcmp(*argv,"-pause") == 0)
  501. c_Pause=1;
  502. else if (strcmp(*argv,"-debug") == 0)
  503. c_debug=1;
  504. #ifndef OPENSSL_NO_TLSEXT
  505. else if (strcmp(*argv,"-tlsextdebug") == 0)
  506. c_tlsextdebug=1;
  507. else if (strcmp(*argv,"-status") == 0)
  508. c_status_req=1;
  509. #endif
  510. #ifdef WATT32
  511. else if (strcmp(*argv,"-wdebug") == 0)
  512. dbug_init();
  513. #endif
  514. else if (strcmp(*argv,"-msg") == 0)
  515. c_msg=1;
  516. else if (strcmp(*argv,"-showcerts") == 0)
  517. c_showcerts=1;
  518. else if (strcmp(*argv,"-nbio_test") == 0)
  519. nbio_test=1;
  520. else if (strcmp(*argv,"-state") == 0)
  521. state=1;
  522. #ifndef OPENSSL_NO_PSK
  523. else if (strcmp(*argv,"-psk_identity") == 0)
  524. {
  525. if (--argc < 1) goto bad;
  526. psk_identity=*(++argv);
  527. }
  528. else if (strcmp(*argv,"-psk") == 0)
  529. {
  530. size_t j;
  531. if (--argc < 1) goto bad;
  532. psk_key=*(++argv);
  533. for (j = 0; j < strlen(psk_key); j++)
  534. {
  535. if (isxdigit((int)psk_key[j]))
  536. continue;
  537. BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
  538. goto bad;
  539. }
  540. }
  541. #endif
  542. #ifndef OPENSSL_NO_SSL2
  543. else if (strcmp(*argv,"-ssl2") == 0)
  544. meth=SSLv2_client_method();
  545. #endif
  546. #ifndef OPENSSL_NO_SSL3
  547. else if (strcmp(*argv,"-ssl3") == 0)
  548. meth=SSLv3_client_method();
  549. #endif
  550. #ifndef OPENSSL_NO_TLS1
  551. else if (strcmp(*argv,"-tls1") == 0)
  552. meth=TLSv1_client_method();
  553. #endif
  554. #ifndef OPENSSL_NO_DTLS1
  555. else if (strcmp(*argv,"-dtls1") == 0)
  556. {
  557. meth=DTLSv1_client_method();
  558. socket_type=SOCK_DGRAM;
  559. }
  560. else if (strcmp(*argv,"-timeout") == 0)
  561. enable_timeouts=1;
  562. else if (strcmp(*argv,"-mtu") == 0)
  563. {
  564. if (--argc < 1) goto bad;
  565. socket_mtu = atol(*(++argv));
  566. }
  567. #endif
  568. else if (strcmp(*argv,"-bugs") == 0)
  569. bugs=1;
  570. else if (strcmp(*argv,"-keyform") == 0)
  571. {
  572. if (--argc < 1) goto bad;
  573. key_format = str2fmt(*(++argv));
  574. }
  575. else if (strcmp(*argv,"-pass") == 0)
  576. {
  577. if (--argc < 1) goto bad;
  578. passarg = *(++argv);
  579. }
  580. else if (strcmp(*argv,"-key") == 0)
  581. {
  582. if (--argc < 1) goto bad;
  583. key_file= *(++argv);
  584. }
  585. else if (strcmp(*argv,"-reconnect") == 0)
  586. {
  587. reconnect=5;
  588. }
  589. else if (strcmp(*argv,"-CApath") == 0)
  590. {
  591. if (--argc < 1) goto bad;
  592. CApath= *(++argv);
  593. }
  594. else if (strcmp(*argv,"-CAfile") == 0)
  595. {
  596. if (--argc < 1) goto bad;
  597. CAfile= *(++argv);
  598. }
  599. else if (strcmp(*argv,"-no_tls1") == 0)
  600. off|=SSL_OP_NO_TLSv1;
  601. else if (strcmp(*argv,"-no_ssl3") == 0)
  602. off|=SSL_OP_NO_SSLv3;
  603. else if (strcmp(*argv,"-no_ssl2") == 0)
  604. off|=SSL_OP_NO_SSLv2;
  605. else if (strcmp(*argv,"-no_comp") == 0)
  606. { off|=SSL_OP_NO_COMPRESSION; }
  607. #ifndef OPENSSL_NO_TLSEXT
  608. else if (strcmp(*argv,"-no_ticket") == 0)
  609. { off|=SSL_OP_NO_TICKET; }
  610. #endif
  611. else if (strcmp(*argv,"-serverpref") == 0)
  612. off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
  613. else if (strcmp(*argv,"-cipher") == 0)
  614. {
  615. if (--argc < 1) goto bad;
  616. cipher= *(++argv);
  617. }
  618. #ifdef FIONBIO
  619. else if (strcmp(*argv,"-nbio") == 0)
  620. { c_nbio=1; }
  621. #endif
  622. else if (strcmp(*argv,"-starttls") == 0)
  623. {
  624. if (--argc < 1) goto bad;
  625. ++argv;
  626. if (strcmp(*argv,"smtp") == 0)
  627. starttls_proto = PROTO_SMTP;
  628. else if (strcmp(*argv,"pop3") == 0)
  629. starttls_proto = PROTO_POP3;
  630. else if (strcmp(*argv,"imap") == 0)
  631. starttls_proto = PROTO_IMAP;
  632. else if (strcmp(*argv,"ftp") == 0)
  633. starttls_proto = PROTO_FTP;
  634. else if (strcmp(*argv, "xmpp") == 0)
  635. starttls_proto = PROTO_XMPP;
  636. else
  637. goto bad;
  638. }
  639. #ifndef OPENSSL_NO_ENGINE
  640. else if (strcmp(*argv,"-engine") == 0)
  641. {
  642. if (--argc < 1) goto bad;
  643. engine_id = *(++argv);
  644. }
  645. else if (strcmp(*argv,"-ssl_client_engine") == 0)
  646. {
  647. if (--argc < 1) goto bad;
  648. ssl_client_engine_id = *(++argv);
  649. }
  650. #endif
  651. else if (strcmp(*argv,"-rand") == 0)
  652. {
  653. if (--argc < 1) goto bad;
  654. inrand= *(++argv);
  655. }
  656. #ifndef OPENSSL_NO_TLSEXT
  657. else if (strcmp(*argv,"-servername") == 0)
  658. {
  659. if (--argc < 1) goto bad;
  660. servername= *(++argv);
  661. /* meth=TLSv1_client_method(); */
  662. }
  663. #endif
  664. else if (strcmp(*argv,"-jpake") == 0)
  665. {
  666. if (--argc < 1) goto bad;
  667. jpake_secret = *++argv;
  668. }
  669. else
  670. {
  671. BIO_printf(bio_err,"unknown option %s\n",*argv);
  672. badop=1;
  673. break;
  674. }
  675. argc--;
  676. argv++;
  677. }
  678. if (badop)
  679. {
  680. bad:
  681. sc_usage();
  682. goto end;
  683. }
  684. OpenSSL_add_ssl_algorithms();
  685. SSL_load_error_strings();
  686. #ifndef OPENSSL_NO_ENGINE
  687. e = setup_engine(bio_err, engine_id, 1);
  688. if (ssl_client_engine_id)
  689. {
  690. ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
  691. if (!ssl_client_engine)
  692. {
  693. BIO_printf(bio_err,
  694. "Error getting client auth engine\n");
  695. goto end;
  696. }
  697. }
  698. #endif
  699. if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
  700. {
  701. BIO_printf(bio_err, "Error getting password\n");
  702. goto end;
  703. }
  704. if (key_file == NULL)
  705. key_file = cert_file;
  706. if (key_file)
  707. {
  708. key = load_key(bio_err, key_file, key_format, 0, pass, e,
  709. "client certificate private key file");
  710. if (!key)
  711. {
  712. ERR_print_errors(bio_err);
  713. goto end;
  714. }
  715. }
  716. if (cert_file)
  717. {
  718. cert = load_cert(bio_err,cert_file,cert_format,
  719. NULL, e, "client certificate file");
  720. if (!cert)
  721. {
  722. ERR_print_errors(bio_err);
  723. goto end;
  724. }
  725. }
  726. if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
  727. && !RAND_status())
  728. {
  729. BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
  730. }
  731. if (inrand != NULL)
  732. BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
  733. app_RAND_load_files(inrand));
  734. if (bio_c_out == NULL)
  735. {
  736. if (c_quiet && !c_debug && !c_msg)
  737. {
  738. bio_c_out=BIO_new(BIO_s_null());
  739. }
  740. else
  741. {
  742. if (bio_c_out == NULL)
  743. bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
  744. }
  745. }
  746. ctx=SSL_CTX_new(meth);
  747. if (ctx == NULL)
  748. {
  749. ERR_print_errors(bio_err);
  750. goto end;
  751. }
  752. #ifndef OPENSSL_NO_ENGINE
  753. if (ssl_client_engine)
  754. {
  755. if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
  756. {
  757. BIO_puts(bio_err, "Error setting client auth engine\n");
  758. ERR_print_errors(bio_err);
  759. ENGINE_free(ssl_client_engine);
  760. goto end;
  761. }
  762. ENGINE_free(ssl_client_engine);
  763. }
  764. #endif
  765. #ifndef OPENSSL_NO_PSK
  766. if (psk_key != NULL)
  767. {
  768. if (c_debug)
  769. BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
  770. SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
  771. }
  772. #endif
  773. if (bugs)
  774. SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
  775. else
  776. SSL_CTX_set_options(ctx,off);
  777. /* DTLS: partial reads end up discarding unread UDP bytes :-(
  778. * Setting read ahead solves this problem.
  779. */
  780. if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
  781. if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
  782. if (cipher != NULL)
  783. if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
  784. BIO_printf(bio_err,"error setting cipher list\n");
  785. ERR_print_errors(bio_err);
  786. goto end;
  787. }
  788. #if 0
  789. else
  790. SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
  791. #endif
  792. SSL_CTX_set_verify(ctx,verify,verify_callback);
  793. if (!set_cert_key_stuff(ctx,cert,key))
  794. goto end;
  795. if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
  796. (!SSL_CTX_set_default_verify_paths(ctx)))
  797. {
  798. /* BIO_printf(bio_err,"error setting default verify locations\n"); */
  799. ERR_print_errors(bio_err);
  800. /* goto end; */
  801. }
  802. store = SSL_CTX_get_cert_store(ctx);
  803. X509_STORE_set_flags(store, vflags);
  804. #ifndef OPENSSL_NO_TLSEXT
  805. if (servername != NULL)
  806. {
  807. tlsextcbp.biodebug = bio_err;
  808. SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
  809. SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
  810. }
  811. #endif
  812. con=SSL_new(ctx);
  813. if (sess_in)
  814. {
  815. SSL_SESSION *sess;
  816. BIO *stmp = BIO_new_file(sess_in, "r");
  817. if (!stmp)
  818. {
  819. BIO_printf(bio_err, "Can't open session file %s\n",
  820. sess_in);
  821. ERR_print_errors(bio_err);
  822. goto end;
  823. }
  824. sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
  825. BIO_free(stmp);
  826. if (!sess)
  827. {
  828. BIO_printf(bio_err, "Can't open session file %s\n",
  829. sess_in);
  830. ERR_print_errors(bio_err);
  831. goto end;
  832. }
  833. SSL_set_session(con, sess);
  834. SSL_SESSION_free(sess);
  835. }
  836. #ifndef OPENSSL_NO_TLSEXT
  837. if (servername != NULL)
  838. {
  839. if (!SSL_set_tlsext_host_name(con,servername))
  840. {
  841. BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
  842. ERR_print_errors(bio_err);
  843. goto end;
  844. }
  845. }
  846. #endif
  847. #ifndef OPENSSL_NO_KRB5
  848. if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
  849. {
  850. kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
  851. }
  852. #endif /* OPENSSL_NO_KRB5 */
  853. /* SSL_set_cipher_list(con,"RC4-MD5"); */
  854. #if 0
  855. #ifdef TLSEXT_TYPE_opaque_prf_input
  856. SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
  857. #endif
  858. #endif
  859. re_start:
  860. if (init_client(&s,host,port,socket_type) == 0)
  861. {
  862. BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
  863. SHUTDOWN(s);
  864. goto end;
  865. }
  866. BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
  867. #ifdef FIONBIO
  868. if (c_nbio)
  869. {
  870. unsigned long l=1;
  871. BIO_printf(bio_c_out,"turning on non blocking io\n");
  872. if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
  873. {
  874. ERR_print_errors(bio_err);
  875. goto end;
  876. }
  877. }
  878. #endif
  879. if (c_Pause & 0x01) con->debug=1;
  880. if ( SSL_version(con) == DTLS1_VERSION)
  881. {
  882. struct timeval timeout;
  883. sbio=BIO_new_dgram(s,BIO_NOCLOSE);
  884. if (getsockname(s, &peer, (void *)&peerlen) < 0)
  885. {
  886. BIO_printf(bio_err, "getsockname:errno=%d\n",
  887. get_last_socket_error());
  888. SHUTDOWN(s);
  889. goto end;
  890. }
  891. (void)BIO_ctrl_set_connected(sbio, 1, &peer);
  892. if (enable_timeouts)
  893. {
  894. timeout.tv_sec = 0;
  895. timeout.tv_usec = DGRAM_RCV_TIMEOUT;
  896. BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
  897. timeout.tv_sec = 0;
  898. timeout.tv_usec = DGRAM_SND_TIMEOUT;
  899. BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
  900. }
  901. if (socket_mtu > 0)
  902. {
  903. SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
  904. SSL_set_mtu(con, socket_mtu);
  905. }
  906. else
  907. /* want to do MTU discovery */
  908. BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
  909. }
  910. else
  911. sbio=BIO_new_socket(s,BIO_NOCLOSE);
  912. if (nbio_test)
  913. {
  914. BIO *test;
  915. test=BIO_new(BIO_f_nbio_test());
  916. sbio=BIO_push(test,sbio);
  917. }
  918. if (c_debug)
  919. {
  920. con->debug=1;
  921. BIO_set_callback(sbio,bio_dump_callback);
  922. BIO_set_callback_arg(sbio,(char *)bio_c_out);
  923. }
  924. if (c_msg)
  925. {
  926. SSL_set_msg_callback(con, msg_cb);
  927. SSL_set_msg_callback_arg(con, bio_c_out);
  928. }
  929. #ifndef OPENSSL_NO_TLSEXT
  930. if (c_tlsextdebug)
  931. {
  932. SSL_set_tlsext_debug_callback(con, tlsext_cb);
  933. SSL_set_tlsext_debug_arg(con, bio_c_out);
  934. }
  935. if (c_status_req)
  936. {
  937. SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
  938. SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
  939. SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
  940. #if 0
  941. {
  942. STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
  943. OCSP_RESPID *id = OCSP_RESPID_new();
  944. id->value.byKey = ASN1_OCTET_STRING_new();
  945. id->type = V_OCSP_RESPID_KEY;
  946. ASN1_STRING_set(id->value.byKey, "Hello World", -1);
  947. sk_OCSP_RESPID_push(ids, id);
  948. SSL_set_tlsext_status_ids(con, ids);
  949. }
  950. #endif
  951. }
  952. #endif
  953. if (jpake_secret)
  954. jpake_client_auth(bio_c_out, sbio, jpake_secret);
  955. SSL_set_bio(con,sbio,sbio);
  956. SSL_set_connect_state(con);
  957. /* ok, lets connect */
  958. width=SSL_get_fd(con)+1;
  959. read_tty=1;
  960. write_tty=0;
  961. tty_on=0;
  962. read_ssl=1;
  963. write_ssl=1;
  964. cbuf_len=0;
  965. cbuf_off=0;
  966. sbuf_len=0;
  967. sbuf_off=0;
  968. /* This is an ugly hack that does a lot of assumptions */
  969. /* We do have to handle multi-line responses which may come
  970. in a single packet or not. We therefore have to use
  971. BIO_gets() which does need a buffering BIO. So during
  972. the initial chitchat we do push a buffering BIO into the
  973. chain that is removed again later on to not disturb the
  974. rest of the s_client operation. */
  975. if (starttls_proto == PROTO_SMTP)
  976. {
  977. int foundit=0;
  978. BIO *fbio = BIO_new(BIO_f_buffer());
  979. BIO_push(fbio, sbio);
  980. /* wait for multi-line response to end from SMTP */
  981. do
  982. {
  983. mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
  984. }
  985. while (mbuf_len>3 && mbuf[3]=='-');
  986. /* STARTTLS command requires EHLO... */
  987. BIO_printf(fbio,"EHLO openssl.client.net\r\n");
  988. (void)BIO_flush(fbio);
  989. /* wait for multi-line response to end EHLO SMTP response */
  990. do
  991. {
  992. mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
  993. if (strstr(mbuf,"STARTTLS"))
  994. foundit=1;
  995. }
  996. while (mbuf_len>3 && mbuf[3]=='-');
  997. (void)BIO_flush(fbio);
  998. BIO_pop(fbio);
  999. BIO_free(fbio);
  1000. if (!foundit)
  1001. BIO_printf(bio_err,
  1002. "didn't found starttls in server response,"
  1003. " try anyway...\n");
  1004. BIO_printf(sbio,"STARTTLS\r\n");
  1005. BIO_read(sbio,sbuf,BUFSIZZ);
  1006. }
  1007. else if (starttls_proto == PROTO_POP3)
  1008. {
  1009. BIO_read(sbio,mbuf,BUFSIZZ);
  1010. BIO_printf(sbio,"STLS\r\n");
  1011. BIO_read(sbio,sbuf,BUFSIZZ);
  1012. }
  1013. else if (starttls_proto == PROTO_IMAP)
  1014. {
  1015. int foundit=0;
  1016. BIO *fbio = BIO_new(BIO_f_buffer());
  1017. BIO_push(fbio, sbio);
  1018. BIO_gets(fbio,mbuf,BUFSIZZ);
  1019. /* STARTTLS command requires CAPABILITY... */
  1020. BIO_printf(fbio,". CAPABILITY\r\n");
  1021. (void)BIO_flush(fbio);
  1022. /* wait for multi-line CAPABILITY response */
  1023. do
  1024. {
  1025. mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
  1026. if (strstr(mbuf,"STARTTLS"))
  1027. foundit=1;
  1028. }
  1029. while (mbuf_len>3 && mbuf[0]!='.');
  1030. (void)BIO_flush(fbio);
  1031. BIO_pop(fbio);
  1032. BIO_free(fbio);
  1033. if (!foundit)
  1034. BIO_printf(bio_err,
  1035. "didn't found STARTTLS in server response,"
  1036. " try anyway...\n");
  1037. BIO_printf(sbio,". STARTTLS\r\n");
  1038. BIO_read(sbio,sbuf,BUFSIZZ);
  1039. }
  1040. else if (starttls_proto == PROTO_FTP)
  1041. {
  1042. BIO *fbio = BIO_new(BIO_f_buffer());
  1043. BIO_push(fbio, sbio);
  1044. /* wait for multi-line response to end from FTP */
  1045. do
  1046. {
  1047. mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
  1048. }
  1049. while (mbuf_len>3 && mbuf[3]=='-');
  1050. (void)BIO_flush(fbio);
  1051. BIO_pop(fbio);
  1052. BIO_free(fbio);
  1053. BIO_printf(sbio,"AUTH TLS\r\n");
  1054. BIO_read(sbio,sbuf,BUFSIZZ);
  1055. }
  1056. if (starttls_proto == PROTO_XMPP)
  1057. {
  1058. int seen = 0;
  1059. BIO_printf(sbio,"<stream:stream "
  1060. "xmlns:stream='http://etherx.jabber.org/streams' "
  1061. "xmlns='jabber:client' to='%s' version='1.0'>", host);
  1062. seen = BIO_read(sbio,mbuf,BUFSIZZ);
  1063. mbuf[seen] = 0;
  1064. while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
  1065. {
  1066. if (strstr(mbuf, "/stream:features>"))
  1067. goto shut;
  1068. seen = BIO_read(sbio,mbuf,BUFSIZZ);
  1069. mbuf[seen] = 0;
  1070. }
  1071. BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
  1072. seen = BIO_read(sbio,sbuf,BUFSIZZ);
  1073. sbuf[seen] = 0;
  1074. if (!strstr(sbuf, "<proceed"))
  1075. goto shut;
  1076. mbuf[0] = 0;
  1077. }
  1078. for (;;)
  1079. {
  1080. FD_ZERO(&readfds);
  1081. FD_ZERO(&writefds);
  1082. if (SSL_in_init(con) && !SSL_total_renegotiations(con))
  1083. {
  1084. in_init=1;
  1085. tty_on=0;
  1086. }
  1087. else
  1088. {
  1089. tty_on=1;
  1090. if (in_init)
  1091. {
  1092. in_init=0;
  1093. #if 0 /* This test doesn't really work as intended (needs to be fixed) */
  1094. #ifndef OPENSSL_NO_TLSEXT
  1095. if (servername != NULL && !SSL_session_reused(con))
  1096. {
  1097. BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
  1098. }
  1099. #endif
  1100. #endif
  1101. if (sess_out)
  1102. {
  1103. BIO *stmp = BIO_new_file(sess_out, "w");
  1104. if (stmp)
  1105. {
  1106. PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
  1107. BIO_free(stmp);
  1108. }
  1109. else
  1110. BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
  1111. }
  1112. print_stuff(bio_c_out,con,full_log);
  1113. if (full_log > 0) full_log--;
  1114. if (starttls_proto)
  1115. {
  1116. BIO_printf(bio_err,"%s",mbuf);
  1117. /* We don't need to know any more */
  1118. starttls_proto = PROTO_OFF;
  1119. }
  1120. if (reconnect)
  1121. {
  1122. reconnect--;
  1123. BIO_printf(bio_c_out,"drop connection and then reconnect\n");
  1124. SSL_shutdown(con);
  1125. SSL_set_connect_state(con);
  1126. SHUTDOWN(SSL_get_fd(con));
  1127. goto re_start;
  1128. }
  1129. }
  1130. }
  1131. ssl_pending = read_ssl && SSL_pending(con);
  1132. if (!ssl_pending)
  1133. {
  1134. #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
  1135. if (tty_on)
  1136. {
  1137. if (read_tty) openssl_fdset(fileno(stdin),&readfds);
  1138. if (write_tty) openssl_fdset(fileno(stdout),&writefds);
  1139. }
  1140. if (read_ssl)
  1141. openssl_fdset(SSL_get_fd(con),&readfds);
  1142. if (write_ssl)
  1143. openssl_fdset(SSL_get_fd(con),&writefds);
  1144. #else
  1145. if(!tty_on || !write_tty) {
  1146. if (read_ssl)
  1147. openssl_fdset(SSL_get_fd(con),&readfds);
  1148. if (write_ssl)
  1149. openssl_fdset(SSL_get_fd(con),&writefds);
  1150. }
  1151. #endif
  1152. /* printf("mode tty(%d %d%d) ssl(%d%d)\n",
  1153. tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
  1154. /* Note: under VMS with SOCKETSHR the second parameter
  1155. * is currently of type (int *) whereas under other
  1156. * systems it is (void *) if you don't have a cast it
  1157. * will choke the compiler: if you do have a cast then
  1158. * you can either go for (int *) or (void *).
  1159. */
  1160. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
  1161. /* Under Windows/DOS we make the assumption that we can
  1162. * always write to the tty: therefore if we need to
  1163. * write to the tty we just fall through. Otherwise
  1164. * we timeout the select every second and see if there
  1165. * are any keypresses. Note: this is a hack, in a proper
  1166. * Windows application we wouldn't do this.
  1167. */
  1168. i=0;
  1169. if(!write_tty) {
  1170. if(read_tty) {
  1171. tv.tv_sec = 1;
  1172. tv.tv_usec = 0;
  1173. i=select(width,(void *)&readfds,(void *)&writefds,
  1174. NULL,&tv);
  1175. #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
  1176. if(!i && (!_kbhit() || !read_tty) ) continue;
  1177. #else
  1178. if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
  1179. #endif
  1180. } else i=select(width,(void *)&readfds,(void *)&writefds,
  1181. NULL,NULL);
  1182. }
  1183. #elif defined(OPENSSL_SYS_NETWARE)
  1184. if(!write_tty) {
  1185. if(read_tty) {
  1186. tv.tv_sec = 1;
  1187. tv.tv_usec = 0;
  1188. i=select(width,(void *)&readfds,(void *)&writefds,
  1189. NULL,&tv);
  1190. } else i=select(width,(void *)&readfds,(void *)&writefds,
  1191. NULL,NULL);
  1192. }
  1193. #elif defined(OPENSSL_SYS_BEOS_R5)
  1194. /* Under BeOS-R5 the situation is similar to DOS */
  1195. i=0;
  1196. stdin_set = 0;
  1197. (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
  1198. if(!write_tty) {
  1199. if(read_tty) {
  1200. tv.tv_sec = 1;
  1201. tv.tv_usec = 0;
  1202. i=select(width,(void *)&readfds,(void *)&writefds,
  1203. NULL,&tv);
  1204. if (read(fileno(stdin), sbuf, 0) >= 0)
  1205. stdin_set = 1;
  1206. if (!i && (stdin_set != 1 || !read_tty))
  1207. continue;
  1208. } else i=select(width,(void *)&readfds,(void *)&writefds,
  1209. NULL,NULL);
  1210. }
  1211. (void)fcntl(fileno(stdin), F_SETFL, 0);
  1212. #else
  1213. i=select(width,(void *)&readfds,(void *)&writefds,
  1214. NULL,NULL);
  1215. #endif
  1216. if ( i < 0)
  1217. {
  1218. BIO_printf(bio_err,"bad select %d\n",
  1219. get_last_socket_error());
  1220. goto shut;
  1221. /* goto end; */
  1222. }
  1223. }
  1224. if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
  1225. {
  1226. k=SSL_write(con,&(cbuf[cbuf_off]),
  1227. (unsigned int)cbuf_len);
  1228. switch (SSL_get_error(con,k))
  1229. {
  1230. case SSL_ERROR_NONE:
  1231. cbuf_off+=k;
  1232. cbuf_len-=k;
  1233. if (k <= 0) goto end;
  1234. /* we have done a write(con,NULL,0); */
  1235. if (cbuf_len <= 0)
  1236. {
  1237. read_tty=1;
  1238. write_ssl=0;
  1239. }
  1240. else /* if (cbuf_len > 0) */
  1241. {
  1242. read_tty=0;
  1243. write_ssl=1;
  1244. }
  1245. break;
  1246. case SSL_ERROR_WANT_WRITE:
  1247. BIO_printf(bio_c_out,"write W BLOCK\n");
  1248. write_ssl=1;
  1249. read_tty=0;
  1250. break;
  1251. case SSL_ERROR_WANT_READ:
  1252. BIO_printf(bio_c_out,"write R BLOCK\n");
  1253. write_tty=0;
  1254. read_ssl=1;
  1255. write_ssl=0;
  1256. break;
  1257. case SSL_ERROR_WANT_X509_LOOKUP:
  1258. BIO_printf(bio_c_out,"write X BLOCK\n");
  1259. break;
  1260. case SSL_ERROR_ZERO_RETURN:
  1261. if (cbuf_len != 0)
  1262. {
  1263. BIO_printf(bio_c_out,"shutdown\n");
  1264. ret = 0;
  1265. goto shut;
  1266. }
  1267. else
  1268. {
  1269. read_tty=1;
  1270. write_ssl=0;
  1271. break;
  1272. }
  1273. case SSL_ERROR_SYSCALL:
  1274. if ((k != 0) || (cbuf_len != 0))
  1275. {
  1276. BIO_printf(bio_err,"write:errno=%d\n",
  1277. get_last_socket_error());
  1278. goto shut;
  1279. }
  1280. else
  1281. {
  1282. read_tty=1;
  1283. write_ssl=0;
  1284. }
  1285. break;
  1286. case SSL_ERROR_SSL:
  1287. ERR_print_errors(bio_err);
  1288. goto shut;
  1289. }
  1290. }
  1291. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
  1292. /* Assume Windows/DOS/BeOS can always write */
  1293. else if (!ssl_pending && write_tty)
  1294. #else
  1295. else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
  1296. #endif
  1297. {
  1298. #ifdef CHARSET_EBCDIC
  1299. ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
  1300. #endif
  1301. i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
  1302. if (i <= 0)
  1303. {
  1304. BIO_printf(bio_c_out,"DONE\n");
  1305. ret = 0;
  1306. goto shut;
  1307. /* goto end; */
  1308. }
  1309. sbuf_len-=i;;
  1310. sbuf_off+=i;
  1311. if (sbuf_len <= 0)
  1312. {
  1313. read_ssl=1;
  1314. write_tty=0;
  1315. }
  1316. }
  1317. else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
  1318. {
  1319. #ifdef RENEG
  1320. { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
  1321. #endif
  1322. #if 1
  1323. k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
  1324. #else
  1325. /* Demo for pending and peek :-) */
  1326. k=SSL_read(con,sbuf,16);
  1327. { char zbuf[10240];
  1328. printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
  1329. }
  1330. #endif
  1331. switch (SSL_get_error(con,k))
  1332. {
  1333. case SSL_ERROR_NONE:
  1334. if (k <= 0)
  1335. goto end;
  1336. sbuf_off=0;
  1337. sbuf_len=k;
  1338. read_ssl=0;
  1339. write_tty=1;
  1340. break;
  1341. case SSL_ERROR_WANT_WRITE:
  1342. BIO_printf(bio_c_out,"read W BLOCK\n");
  1343. write_ssl=1;
  1344. read_tty=0;
  1345. break;
  1346. case SSL_ERROR_WANT_READ:
  1347. BIO_printf(bio_c_out,"read R BLOCK\n");
  1348. write_tty=0;
  1349. read_ssl=1;
  1350. if ((read_tty == 0) && (write_ssl == 0))
  1351. write_ssl=1;
  1352. break;
  1353. case SSL_ERROR_WANT_X509_LOOKUP:
  1354. BIO_printf(bio_c_out,"read X BLOCK\n");
  1355. break;
  1356. case SSL_ERROR_SYSCALL:
  1357. ret=get_last_socket_error();
  1358. BIO_printf(bio_err,"read:errno=%d\n",ret);
  1359. goto shut;
  1360. case SSL_ERROR_ZERO_RETURN:
  1361. BIO_printf(bio_c_out,"closed\n");
  1362. ret=0;
  1363. goto shut;
  1364. case SSL_ERROR_SSL:
  1365. ERR_print_errors(bio_err);
  1366. goto shut;
  1367. /* break; */
  1368. }
  1369. }
  1370. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
  1371. #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
  1372. else if (_kbhit())
  1373. #else
  1374. else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
  1375. #endif
  1376. #elif defined (OPENSSL_SYS_NETWARE)
  1377. else if (_kbhit())
  1378. #elif defined(OPENSSL_SYS_BEOS_R5)
  1379. else if (stdin_set)
  1380. #else
  1381. else if (FD_ISSET(fileno(stdin),&readfds))
  1382. #endif
  1383. {
  1384. if (crlf)
  1385. {
  1386. int j, lf_num;
  1387. i=raw_read_stdin(cbuf,BUFSIZZ/2);
  1388. lf_num = 0;
  1389. /* both loops are skipped when i <= 0 */
  1390. for (j = 0; j < i; j++)
  1391. if (cbuf[j] == '\n')
  1392. lf_num++;
  1393. for (j = i-1; j >= 0; j--)
  1394. {
  1395. cbuf[j+lf_num] = cbuf[j];
  1396. if (cbuf[j] == '\n')
  1397. {
  1398. lf_num--;
  1399. i++;
  1400. cbuf[j+lf_num] = '\r';
  1401. }
  1402. }
  1403. assert(lf_num == 0);
  1404. }
  1405. else
  1406. i=raw_read_stdin(cbuf,BUFSIZZ);
  1407. if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
  1408. {
  1409. BIO_printf(bio_err,"DONE\n");
  1410. ret=0;
  1411. goto shut;
  1412. }
  1413. if ((!c_ign_eof) && (cbuf[0] == 'R'))
  1414. {
  1415. BIO_printf(bio_err,"RENEGOTIATING\n");
  1416. SSL_renegotiate(con);
  1417. cbuf_len=0;
  1418. }
  1419. else
  1420. {
  1421. cbuf_len=i;
  1422. cbuf_off=0;
  1423. #ifdef CHARSET_EBCDIC
  1424. ebcdic2ascii(cbuf, cbuf, i);
  1425. #endif
  1426. }
  1427. write_ssl=1;
  1428. read_tty=0;
  1429. }
  1430. }
  1431. ret=0;
  1432. shut:
  1433. if (in_init)
  1434. print_stuff(bio_c_out,con,full_log);
  1435. SSL_shutdown(con);
  1436. SHUTDOWN(SSL_get_fd(con));
  1437. end:
  1438. if (con != NULL)
  1439. {
  1440. if (prexit != 0)
  1441. print_stuff(bio_c_out,con,1);
  1442. SSL_free(con);
  1443. }
  1444. if (ctx != NULL) SSL_CTX_free(ctx);
  1445. if (cert)
  1446. X509_free(cert);
  1447. if (key)
  1448. EVP_PKEY_free(key);
  1449. if (pass)
  1450. OPENSSL_free(pass);
  1451. if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
  1452. if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
  1453. if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
  1454. if (bio_c_out != NULL)
  1455. {
  1456. BIO_free(bio_c_out);
  1457. bio_c_out=NULL;
  1458. }
  1459. apps_shutdown();
  1460. OPENSSL_EXIT(ret);
  1461. }
  1462. static void print_stuff(BIO *bio, SSL *s, int full)
  1463. {
  1464. X509 *peer=NULL;
  1465. char *p;
  1466. static const char *space=" ";
  1467. char buf[BUFSIZ];
  1468. STACK_OF(X509) *sk;
  1469. STACK_OF(X509_NAME) *sk2;
  1470. const SSL_CIPHER *c;
  1471. X509_NAME *xn;
  1472. int j,i;
  1473. #ifndef OPENSSL_NO_COMP
  1474. const COMP_METHOD *comp, *expansion;
  1475. #endif
  1476. if (full)
  1477. {
  1478. int got_a_chain = 0;
  1479. sk=SSL_get_peer_cert_chain(s);
  1480. if (sk != NULL)
  1481. {
  1482. got_a_chain = 1; /* we don't have it for SSL2 (yet) */
  1483. BIO_printf(bio,"---\nCertificate chain\n");
  1484. for (i=0; i<sk_X509_num(sk); i++)
  1485. {
  1486. X509_NAME_oneline(X509_get_subject_name(
  1487. sk_X509_value(sk,i)),buf,sizeof buf);
  1488. BIO_printf(bio,"%2d s:%s\n",i,buf);
  1489. X509_NAME_oneline(X509_get_issuer_name(
  1490. sk_X509_value(sk,i)),buf,sizeof buf);
  1491. BIO_printf(bio," i:%s\n",buf);
  1492. if (c_showcerts)
  1493. PEM_write_bio_X509(bio,sk_X509_value(sk,i));
  1494. }
  1495. }
  1496. BIO_printf(bio,"---\n");
  1497. peer=SSL_get_peer_certificate(s);
  1498. if (peer != NULL)
  1499. {
  1500. BIO_printf(bio,"Server certificate\n");
  1501. if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
  1502. PEM_write_bio_X509(bio,peer);
  1503. X509_NAME_oneline(X509_get_subject_name(peer),
  1504. buf,sizeof buf);
  1505. BIO_printf(bio,"subject=%s\n",buf);
  1506. X509_NAME_oneline(X509_get_issuer_name(peer),
  1507. buf,sizeof buf);
  1508. BIO_printf(bio,"issuer=%s\n",buf);
  1509. }
  1510. else
  1511. BIO_printf(bio,"no peer certificate available\n");
  1512. sk2=SSL_get_client_CA_list(s);
  1513. if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
  1514. {
  1515. BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
  1516. for (i=0; i<sk_X509_NAME_num(sk2); i++)
  1517. {
  1518. xn=sk_X509_NAME_value(sk2,i);
  1519. X509_NAME_oneline(xn,buf,sizeof(buf));
  1520. BIO_write(bio,buf,strlen(buf));
  1521. BIO_write(bio,"\n",1);
  1522. }
  1523. }
  1524. else
  1525. {
  1526. BIO_printf(bio,"---\nNo client certificate CA names sent\n");
  1527. }
  1528. p=SSL_get_shared_ciphers(s,buf,sizeof buf);
  1529. if (p != NULL)
  1530. {
  1531. /* This works only for SSL 2. In later protocol
  1532. * versions, the client does not know what other
  1533. * ciphers (in addition to the one to be used
  1534. * in the current connection) the server supports. */
  1535. BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
  1536. j=i=0;
  1537. while (*p)
  1538. {
  1539. if (*p == ':')
  1540. {
  1541. BIO_write(bio,space,15-j%25);
  1542. i++;
  1543. j=0;
  1544. BIO_write(bio,((i%3)?" ":"\n"),1);
  1545. }
  1546. else
  1547. {
  1548. BIO_write(bio,p,1);
  1549. j++;
  1550. }
  1551. p++;
  1552. }
  1553. BIO_write(bio,"\n",1);
  1554. }
  1555. BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
  1556. BIO_number_read(SSL_get_rbio(s)),
  1557. BIO_number_written(SSL_get_wbio(s)));
  1558. }
  1559. BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
  1560. c=SSL_get_current_cipher(s);
  1561. BIO_printf(bio,"%s, Cipher is %s\n",
  1562. SSL_CIPHER_get_version(c),
  1563. SSL_CIPHER_get_name(c));
  1564. if (peer != NULL) {
  1565. EVP_PKEY *pktmp;
  1566. pktmp = X509_get_pubkey(peer);
  1567. BIO_printf(bio,"Server public key is %d bit\n",
  1568. EVP_PKEY_bits(pktmp));
  1569. EVP_PKEY_free(pktmp);
  1570. }
  1571. #ifndef OPENSSL_NO_COMP
  1572. comp=SSL_get_current_compression(s);
  1573. expansion=SSL_get_current_expansion(s);
  1574. BIO_printf(bio,"Compression: %s\n",
  1575. comp ? SSL_COMP_get_name(comp) : "NONE");
  1576. BIO_printf(bio,"Expansion: %s\n",
  1577. expansion ? SSL_COMP_get_name(expansion) : "NONE");
  1578. #endif
  1579. SSL_SESSION_print(bio,SSL_get_session(s));
  1580. BIO_printf(bio,"---\n");
  1581. if (peer != NULL)
  1582. X509_free(peer);
  1583. /* flush, or debugging output gets mixed with http response */
  1584. (void)BIO_flush(bio);
  1585. }
  1586. #ifndef OPENSSL_NO_TLSEXT
  1587. static int ocsp_resp_cb(SSL *s, void *arg)
  1588. {
  1589. const unsigned char *p;
  1590. int len;
  1591. OCSP_RESPONSE *rsp;
  1592. len = SSL_get_tlsext_status_ocsp_resp(s, &p);
  1593. BIO_puts(arg, "OCSP response: ");
  1594. if (!p)
  1595. {
  1596. BIO_puts(arg, "no response sent\n");
  1597. return 1;
  1598. }
  1599. rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
  1600. if (!rsp)
  1601. {
  1602. BIO_puts(arg, "response parse error\n");
  1603. BIO_dump_indent(arg, (char *)p, len, 4);
  1604. return 0;
  1605. }
  1606. BIO_puts(arg, "\n======================================\n");
  1607. OCSP_RESPONSE_print(arg, rsp, 0);
  1608. BIO_puts(arg, "======================================\n");
  1609. OCSP_RESPONSE_free(rsp);
  1610. return 1;
  1611. }
  1612. #endif