s_client.c 47 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769
  1. /* apps/s_client.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. /* ====================================================================
  112. * Copyright 2005 Nokia. All rights reserved.
  113. *
  114. * The portions of the attached software ("Contribution") is developed by
  115. * Nokia Corporation and is licensed pursuant to the OpenSSL open source
  116. * license.
  117. *
  118. * The Contribution, originally written by Mika Kousa and Pasi Eronen of
  119. * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
  120. * support (see RFC 4279) to OpenSSL.
  121. *
  122. * No patent licenses or other rights except those expressly stated in
  123. * the OpenSSL open source license shall be deemed granted or received
  124. * expressly, by implication, estoppel, or otherwise.
  125. *
  126. * No assurances are provided by Nokia that the Contribution does not
  127. * infringe the patent or other intellectual property rights of any third
  128. * party or that the license provides you with all the necessary rights
  129. * to make use of the Contribution.
  130. *
  131. * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
  132. * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
  133. * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
  134. * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
  135. * OTHERWISE.
  136. */
  137. #include <assert.h>
  138. #include <ctype.h>
  139. #include <stdio.h>
  140. #include <stdlib.h>
  141. #include <string.h>
  142. #include <openssl/e_os2.h>
  143. #ifdef OPENSSL_NO_STDIO
  144. #define APPS_WIN16
  145. #endif
  146. /* With IPv6, it looks like Digital has mixed up the proper order of
  147. recursive header file inclusion, resulting in the compiler complaining
  148. that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
  149. is needed to have fileno() declared correctly... So let's define u_int */
  150. #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
  151. #define __U_INT
  152. typedef unsigned int u_int;
  153. #endif
  154. #define USE_SOCKETS
  155. #include "apps.h"
  156. #include <openssl/x509.h>
  157. #include <openssl/ssl.h>
  158. #include <openssl/err.h>
  159. #include <openssl/pem.h>
  160. #include <openssl/rand.h>
  161. #include <openssl/ocsp.h>
  162. #include <openssl/bn.h>
  163. #include "s_apps.h"
  164. #include "timeouts.h"
  165. #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
  166. /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
  167. #undef FIONBIO
  168. #endif
  169. #if defined(OPENSSL_SYS_BEOS_R5)
  170. #include <fcntl.h>
  171. #endif
  172. #undef PROG
  173. #define PROG s_client_main
  174. /*#define SSL_HOST_NAME "www.netscape.com" */
  175. /*#define SSL_HOST_NAME "193.118.187.102" */
  176. #define SSL_HOST_NAME "localhost"
  177. /*#define TEST_CERT "client.pem" */ /* no default cert. */
  178. #undef BUFSIZZ
  179. #define BUFSIZZ 1024*8
  180. extern int verify_depth;
  181. extern int verify_error;
  182. extern int verify_return_error;
  183. #ifdef FIONBIO
  184. static int c_nbio=0;
  185. #endif
  186. static int c_Pause=0;
  187. static int c_debug=0;
  188. #ifndef OPENSSL_NO_TLSEXT
  189. static int c_tlsextdebug=0;
  190. static int c_status_req=0;
  191. #endif
  192. static int c_msg=0;
  193. static int c_showcerts=0;
  194. static void sc_usage(void);
  195. static void print_stuff(BIO *berr,SSL *con,int full);
  196. #ifndef OPENSSL_NO_TLSEXT
  197. static int ocsp_resp_cb(SSL *s, void *arg);
  198. #endif
  199. static BIO *bio_c_out=NULL;
  200. static int c_quiet=0;
  201. static int c_ign_eof=0;
  202. #ifndef OPENSSL_NO_PSK
  203. /* Default PSK identity and key */
  204. static char *psk_identity="Client_identity";
  205. /*char *psk_key=NULL; by default PSK is not used */
  206. static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
  207. unsigned int max_identity_len, unsigned char *psk,
  208. unsigned int max_psk_len)
  209. {
  210. unsigned int psk_len = 0;
  211. int ret;
  212. BIGNUM *bn=NULL;
  213. if (c_debug)
  214. BIO_printf(bio_c_out, "psk_client_cb\n");
  215. if (!hint)
  216. {
  217. /* no ServerKeyExchange message*/
  218. if (c_debug)
  219. BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n");
  220. }
  221. else if (c_debug)
  222. BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
  223. /* lookup PSK identity and PSK key based on the given identity hint here */
  224. ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
  225. if (ret < 0 || (unsigned int)ret > max_identity_len)
  226. goto out_err;
  227. if (c_debug)
  228. BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret);
  229. ret=BN_hex2bn(&bn, psk_key);
  230. if (!ret)
  231. {
  232. BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
  233. if (bn)
  234. BN_free(bn);
  235. return 0;
  236. }
  237. if ((unsigned int)BN_num_bytes(bn) > max_psk_len)
  238. {
  239. BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
  240. max_psk_len, BN_num_bytes(bn));
  241. BN_free(bn);
  242. return 0;
  243. }
  244. psk_len=BN_bn2bin(bn, psk);
  245. BN_free(bn);
  246. if (psk_len == 0)
  247. goto out_err;
  248. if (c_debug)
  249. BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
  250. return psk_len;
  251. out_err:
  252. if (c_debug)
  253. BIO_printf(bio_err, "Error in PSK client callback\n");
  254. return 0;
  255. }
  256. #endif
  257. static void sc_usage(void)
  258. {
  259. BIO_printf(bio_err,"usage: s_client args\n");
  260. BIO_printf(bio_err,"\n");
  261. BIO_printf(bio_err," -host host - use -connect instead\n");
  262. BIO_printf(bio_err," -port port - use -connect instead\n");
  263. BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
  264. BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
  265. BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
  266. BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
  267. BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
  268. BIO_printf(bio_err," not specified but cert file is.\n");
  269. BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
  270. BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
  271. BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
  272. BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
  273. BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
  274. BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
  275. BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
  276. BIO_printf(bio_err," -debug - extra output\n");
  277. #ifdef WATT32
  278. BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
  279. #endif
  280. BIO_printf(bio_err," -msg - Show protocol messages\n");
  281. BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
  282. BIO_printf(bio_err," -state - print the 'ssl' states\n");
  283. #ifdef FIONBIO
  284. BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
  285. #endif
  286. BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
  287. BIO_printf(bio_err," -quiet - no s_client output\n");
  288. BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
  289. BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
  290. #ifndef OPENSSL_NO_PSK
  291. BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
  292. BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
  293. # ifndef OPENSSL_NO_JPAKE
  294. BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
  295. # endif
  296. #endif
  297. BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
  298. BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
  299. BIO_printf(bio_err," -tls1 - just use TLSv1\n");
  300. BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
  301. BIO_printf(bio_err," -mtu - set the link layer MTU\n");
  302. BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
  303. BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
  304. BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
  305. BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
  306. BIO_printf(bio_err," command to see what is available\n");
  307. BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
  308. BIO_printf(bio_err," for those protocols that support it, where\n");
  309. BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
  310. BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
  311. BIO_printf(bio_err," are supported.\n");
  312. #ifndef OPENSSL_NO_ENGINE
  313. BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
  314. #endif
  315. BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
  316. BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
  317. BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
  318. #ifndef OPENSSL_NO_TLSEXT
  319. BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n");
  320. BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
  321. BIO_printf(bio_err," -status - request certificate status from server\n");
  322. BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
  323. #endif
  324. }
  325. #ifndef OPENSSL_NO_TLSEXT
  326. /* This is a context that we pass to callbacks */
  327. typedef struct tlsextctx_st {
  328. BIO * biodebug;
  329. int ack;
  330. } tlsextctx;
  331. static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
  332. {
  333. tlsextctx * p = (tlsextctx *) arg;
  334. const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
  335. if (SSL_get_servername_type(s) != -1)
  336. p->ack = !SSL_session_reused(s) && hn != NULL;
  337. else
  338. BIO_printf(bio_err,"Can't use SSL_get_servername\n");
  339. return SSL_TLSEXT_ERR_OK;
  340. }
  341. #endif
  342. enum
  343. {
  344. PROTO_OFF = 0,
  345. PROTO_SMTP,
  346. PROTO_POP3,
  347. PROTO_IMAP,
  348. PROTO_FTP,
  349. PROTO_XMPP
  350. };
  351. int MAIN(int, char **);
  352. int MAIN(int argc, char **argv)
  353. {
  354. int off=0;
  355. SSL *con=NULL;
  356. int s,k,width,state=0;
  357. char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
  358. int cbuf_len,cbuf_off;
  359. int sbuf_len,sbuf_off;
  360. fd_set readfds,writefds;
  361. short port=PORT;
  362. int full_log=1;
  363. char *host=SSL_HOST_NAME;
  364. char *cert_file=NULL,*key_file=NULL;
  365. int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
  366. char *passarg = NULL, *pass = NULL;
  367. X509 *cert = NULL;
  368. EVP_PKEY *key = NULL;
  369. char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
  370. int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
  371. int crlf=0;
  372. int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
  373. SSL_CTX *ctx=NULL;
  374. int ret=1,in_init=1,i,nbio_test=0;
  375. int starttls_proto = PROTO_OFF;
  376. int prexit = 0;
  377. X509_VERIFY_PARAM *vpm = NULL;
  378. int badarg = 0;
  379. const SSL_METHOD *meth=NULL;
  380. int socket_type=SOCK_STREAM;
  381. BIO *sbio;
  382. char *inrand=NULL;
  383. int mbuf_len=0;
  384. struct timeval timeout, *timeoutp;
  385. #ifndef OPENSSL_NO_ENGINE
  386. char *engine_id=NULL;
  387. char *ssl_client_engine_id=NULL;
  388. ENGINE *ssl_client_engine=NULL;
  389. #endif
  390. ENGINE *e=NULL;
  391. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
  392. struct timeval tv;
  393. #if defined(OPENSSL_SYS_BEOS_R5)
  394. int stdin_set = 0;
  395. #endif
  396. #endif
  397. #ifndef OPENSSL_NO_TLSEXT
  398. char *servername = NULL;
  399. tlsextctx tlsextcbp =
  400. {NULL,0};
  401. #endif
  402. char *sess_in = NULL;
  403. char *sess_out = NULL;
  404. struct sockaddr peer;
  405. int peerlen = sizeof(peer);
  406. int enable_timeouts = 0 ;
  407. long socket_mtu = 0;
  408. #ifndef OPENSSL_NO_JPAKE
  409. char *jpake_secret = NULL;
  410. #endif
  411. #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
  412. meth=SSLv23_client_method();
  413. #elif !defined(OPENSSL_NO_SSL3)
  414. meth=SSLv3_client_method();
  415. #elif !defined(OPENSSL_NO_SSL2)
  416. meth=SSLv2_client_method();
  417. #endif
  418. apps_startup();
  419. c_Pause=0;
  420. c_quiet=0;
  421. c_ign_eof=0;
  422. c_debug=0;
  423. c_msg=0;
  424. c_showcerts=0;
  425. if (bio_err == NULL)
  426. bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
  427. if (!load_config(bio_err, NULL))
  428. goto end;
  429. if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
  430. ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
  431. ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
  432. {
  433. BIO_printf(bio_err,"out of memory\n");
  434. goto end;
  435. }
  436. verify_depth=0;
  437. verify_error=X509_V_OK;
  438. #ifdef FIONBIO
  439. c_nbio=0;
  440. #endif
  441. argc--;
  442. argv++;
  443. while (argc >= 1)
  444. {
  445. if (strcmp(*argv,"-host") == 0)
  446. {
  447. if (--argc < 1) goto bad;
  448. host= *(++argv);
  449. }
  450. else if (strcmp(*argv,"-port") == 0)
  451. {
  452. if (--argc < 1) goto bad;
  453. port=atoi(*(++argv));
  454. if (port == 0) goto bad;
  455. }
  456. else if (strcmp(*argv,"-connect") == 0)
  457. {
  458. if (--argc < 1) goto bad;
  459. if (!extract_host_port(*(++argv),&host,NULL,&port))
  460. goto bad;
  461. }
  462. else if (strcmp(*argv,"-verify") == 0)
  463. {
  464. verify=SSL_VERIFY_PEER;
  465. if (--argc < 1) goto bad;
  466. verify_depth=atoi(*(++argv));
  467. BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
  468. }
  469. else if (strcmp(*argv,"-cert") == 0)
  470. {
  471. if (--argc < 1) goto bad;
  472. cert_file= *(++argv);
  473. }
  474. else if (strcmp(*argv,"-sess_out") == 0)
  475. {
  476. if (--argc < 1) goto bad;
  477. sess_out = *(++argv);
  478. }
  479. else if (strcmp(*argv,"-sess_in") == 0)
  480. {
  481. if (--argc < 1) goto bad;
  482. sess_in = *(++argv);
  483. }
  484. else if (strcmp(*argv,"-certform") == 0)
  485. {
  486. if (--argc < 1) goto bad;
  487. cert_format = str2fmt(*(++argv));
  488. }
  489. else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
  490. {
  491. if (badarg)
  492. goto bad;
  493. continue;
  494. }
  495. else if (strcmp(*argv,"-verify_return_error") == 0)
  496. verify_return_error = 1;
  497. else if (strcmp(*argv,"-prexit") == 0)
  498. prexit=1;
  499. else if (strcmp(*argv,"-crlf") == 0)
  500. crlf=1;
  501. else if (strcmp(*argv,"-quiet") == 0)
  502. {
  503. c_quiet=1;
  504. c_ign_eof=1;
  505. }
  506. else if (strcmp(*argv,"-ign_eof") == 0)
  507. c_ign_eof=1;
  508. else if (strcmp(*argv,"-no_ign_eof") == 0)
  509. c_ign_eof=0;
  510. else if (strcmp(*argv,"-pause") == 0)
  511. c_Pause=1;
  512. else if (strcmp(*argv,"-debug") == 0)
  513. c_debug=1;
  514. #ifndef OPENSSL_NO_TLSEXT
  515. else if (strcmp(*argv,"-tlsextdebug") == 0)
  516. c_tlsextdebug=1;
  517. else if (strcmp(*argv,"-status") == 0)
  518. c_status_req=1;
  519. #endif
  520. #ifdef WATT32
  521. else if (strcmp(*argv,"-wdebug") == 0)
  522. dbug_init();
  523. #endif
  524. else if (strcmp(*argv,"-msg") == 0)
  525. c_msg=1;
  526. else if (strcmp(*argv,"-showcerts") == 0)
  527. c_showcerts=1;
  528. else if (strcmp(*argv,"-nbio_test") == 0)
  529. nbio_test=1;
  530. else if (strcmp(*argv,"-state") == 0)
  531. state=1;
  532. #ifndef OPENSSL_NO_PSK
  533. else if (strcmp(*argv,"-psk_identity") == 0)
  534. {
  535. if (--argc < 1) goto bad;
  536. psk_identity=*(++argv);
  537. }
  538. else if (strcmp(*argv,"-psk") == 0)
  539. {
  540. size_t j;
  541. if (--argc < 1) goto bad;
  542. psk_key=*(++argv);
  543. for (j = 0; j < strlen(psk_key); j++)
  544. {
  545. if (isxdigit((int)psk_key[j]))
  546. continue;
  547. BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
  548. goto bad;
  549. }
  550. }
  551. #endif
  552. #ifndef OPENSSL_NO_SSL2
  553. else if (strcmp(*argv,"-ssl2") == 0)
  554. meth=SSLv2_client_method();
  555. #endif
  556. #ifndef OPENSSL_NO_SSL3
  557. else if (strcmp(*argv,"-ssl3") == 0)
  558. meth=SSLv3_client_method();
  559. #endif
  560. #ifndef OPENSSL_NO_TLS1
  561. else if (strcmp(*argv,"-tls1") == 0)
  562. meth=TLSv1_client_method();
  563. #endif
  564. #ifndef OPENSSL_NO_DTLS1
  565. else if (strcmp(*argv,"-dtls1") == 0)
  566. {
  567. meth=DTLSv1_client_method();
  568. socket_type=SOCK_DGRAM;
  569. }
  570. else if (strcmp(*argv,"-timeout") == 0)
  571. enable_timeouts=1;
  572. else if (strcmp(*argv,"-mtu") == 0)
  573. {
  574. if (--argc < 1) goto bad;
  575. socket_mtu = atol(*(++argv));
  576. }
  577. #endif
  578. else if (strcmp(*argv,"-bugs") == 0)
  579. bugs=1;
  580. else if (strcmp(*argv,"-keyform") == 0)
  581. {
  582. if (--argc < 1) goto bad;
  583. key_format = str2fmt(*(++argv));
  584. }
  585. else if (strcmp(*argv,"-pass") == 0)
  586. {
  587. if (--argc < 1) goto bad;
  588. passarg = *(++argv);
  589. }
  590. else if (strcmp(*argv,"-key") == 0)
  591. {
  592. if (--argc < 1) goto bad;
  593. key_file= *(++argv);
  594. }
  595. else if (strcmp(*argv,"-reconnect") == 0)
  596. {
  597. reconnect=5;
  598. }
  599. else if (strcmp(*argv,"-CApath") == 0)
  600. {
  601. if (--argc < 1) goto bad;
  602. CApath= *(++argv);
  603. }
  604. else if (strcmp(*argv,"-CAfile") == 0)
  605. {
  606. if (--argc < 1) goto bad;
  607. CAfile= *(++argv);
  608. }
  609. else if (strcmp(*argv,"-no_tls1") == 0)
  610. off|=SSL_OP_NO_TLSv1;
  611. else if (strcmp(*argv,"-no_ssl3") == 0)
  612. off|=SSL_OP_NO_SSLv3;
  613. else if (strcmp(*argv,"-no_ssl2") == 0)
  614. off|=SSL_OP_NO_SSLv2;
  615. else if (strcmp(*argv,"-no_comp") == 0)
  616. { off|=SSL_OP_NO_COMPRESSION; }
  617. #ifndef OPENSSL_NO_TLSEXT
  618. else if (strcmp(*argv,"-no_ticket") == 0)
  619. { off|=SSL_OP_NO_TICKET; }
  620. #endif
  621. else if (strcmp(*argv,"-serverpref") == 0)
  622. off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
  623. else if (strcmp(*argv,"-cipher") == 0)
  624. {
  625. if (--argc < 1) goto bad;
  626. cipher= *(++argv);
  627. }
  628. #ifdef FIONBIO
  629. else if (strcmp(*argv,"-nbio") == 0)
  630. { c_nbio=1; }
  631. #endif
  632. else if (strcmp(*argv,"-starttls") == 0)
  633. {
  634. if (--argc < 1) goto bad;
  635. ++argv;
  636. if (strcmp(*argv,"smtp") == 0)
  637. starttls_proto = PROTO_SMTP;
  638. else if (strcmp(*argv,"pop3") == 0)
  639. starttls_proto = PROTO_POP3;
  640. else if (strcmp(*argv,"imap") == 0)
  641. starttls_proto = PROTO_IMAP;
  642. else if (strcmp(*argv,"ftp") == 0)
  643. starttls_proto = PROTO_FTP;
  644. else if (strcmp(*argv, "xmpp") == 0)
  645. starttls_proto = PROTO_XMPP;
  646. else
  647. goto bad;
  648. }
  649. #ifndef OPENSSL_NO_ENGINE
  650. else if (strcmp(*argv,"-engine") == 0)
  651. {
  652. if (--argc < 1) goto bad;
  653. engine_id = *(++argv);
  654. }
  655. else if (strcmp(*argv,"-ssl_client_engine") == 0)
  656. {
  657. if (--argc < 1) goto bad;
  658. ssl_client_engine_id = *(++argv);
  659. }
  660. #endif
  661. else if (strcmp(*argv,"-rand") == 0)
  662. {
  663. if (--argc < 1) goto bad;
  664. inrand= *(++argv);
  665. }
  666. #ifndef OPENSSL_NO_TLSEXT
  667. else if (strcmp(*argv,"-servername") == 0)
  668. {
  669. if (--argc < 1) goto bad;
  670. servername= *(++argv);
  671. /* meth=TLSv1_client_method(); */
  672. }
  673. #endif
  674. #ifndef OPENSSL_NO_JPAKE
  675. else if (strcmp(*argv,"-jpake") == 0)
  676. {
  677. if (--argc < 1) goto bad;
  678. jpake_secret = *++argv;
  679. }
  680. #endif
  681. else
  682. {
  683. BIO_printf(bio_err,"unknown option %s\n",*argv);
  684. badop=1;
  685. break;
  686. }
  687. argc--;
  688. argv++;
  689. }
  690. if (badop)
  691. {
  692. bad:
  693. sc_usage();
  694. goto end;
  695. }
  696. #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
  697. if (jpake_secret)
  698. {
  699. if (psk_key)
  700. {
  701. BIO_printf(bio_err,
  702. "Can't use JPAKE and PSK together\n");
  703. goto end;
  704. }
  705. psk_identity = "JPAKE";
  706. }
  707. if (cipher)
  708. {
  709. BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
  710. goto end;
  711. }
  712. cipher = "PSK";
  713. #endif
  714. OpenSSL_add_ssl_algorithms();
  715. SSL_load_error_strings();
  716. #ifndef OPENSSL_NO_ENGINE
  717. e = setup_engine(bio_err, engine_id, 1);
  718. if (ssl_client_engine_id)
  719. {
  720. ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
  721. if (!ssl_client_engine)
  722. {
  723. BIO_printf(bio_err,
  724. "Error getting client auth engine\n");
  725. goto end;
  726. }
  727. }
  728. #endif
  729. if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
  730. {
  731. BIO_printf(bio_err, "Error getting password\n");
  732. goto end;
  733. }
  734. if (key_file == NULL)
  735. key_file = cert_file;
  736. if (key_file)
  737. {
  738. key = load_key(bio_err, key_file, key_format, 0, pass, e,
  739. "client certificate private key file");
  740. if (!key)
  741. {
  742. ERR_print_errors(bio_err);
  743. goto end;
  744. }
  745. }
  746. if (cert_file)
  747. {
  748. cert = load_cert(bio_err,cert_file,cert_format,
  749. NULL, e, "client certificate file");
  750. if (!cert)
  751. {
  752. ERR_print_errors(bio_err);
  753. goto end;
  754. }
  755. }
  756. if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
  757. && !RAND_status())
  758. {
  759. BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
  760. }
  761. if (inrand != NULL)
  762. BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
  763. app_RAND_load_files(inrand));
  764. if (bio_c_out == NULL)
  765. {
  766. if (c_quiet && !c_debug && !c_msg)
  767. {
  768. bio_c_out=BIO_new(BIO_s_null());
  769. }
  770. else
  771. {
  772. if (bio_c_out == NULL)
  773. bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
  774. }
  775. }
  776. ctx=SSL_CTX_new(meth);
  777. if (ctx == NULL)
  778. {
  779. ERR_print_errors(bio_err);
  780. goto end;
  781. }
  782. if (vpm)
  783. SSL_CTX_set1_param(ctx, vpm);
  784. #ifndef OPENSSL_NO_ENGINE
  785. if (ssl_client_engine)
  786. {
  787. if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
  788. {
  789. BIO_puts(bio_err, "Error setting client auth engine\n");
  790. ERR_print_errors(bio_err);
  791. ENGINE_free(ssl_client_engine);
  792. goto end;
  793. }
  794. ENGINE_free(ssl_client_engine);
  795. }
  796. #endif
  797. #ifndef OPENSSL_NO_PSK
  798. #ifdef OPENSSL_NO_JPAKE
  799. if (psk_key != NULL)
  800. #else
  801. if (psk_key != NULL || jpake_secret)
  802. #endif
  803. {
  804. if (c_debug)
  805. BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
  806. SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
  807. }
  808. #endif
  809. if (bugs)
  810. SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
  811. else
  812. SSL_CTX_set_options(ctx,off);
  813. /* DTLS: partial reads end up discarding unread UDP bytes :-(
  814. * Setting read ahead solves this problem.
  815. */
  816. if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
  817. if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
  818. if (cipher != NULL)
  819. if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
  820. BIO_printf(bio_err,"error setting cipher list\n");
  821. ERR_print_errors(bio_err);
  822. goto end;
  823. }
  824. #if 0
  825. else
  826. SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
  827. #endif
  828. SSL_CTX_set_verify(ctx,verify,verify_callback);
  829. if (!set_cert_key_stuff(ctx,cert,key))
  830. goto end;
  831. if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
  832. (!SSL_CTX_set_default_verify_paths(ctx)))
  833. {
  834. /* BIO_printf(bio_err,"error setting default verify locations\n"); */
  835. ERR_print_errors(bio_err);
  836. /* goto end; */
  837. }
  838. #ifndef OPENSSL_NO_TLSEXT
  839. if (servername != NULL)
  840. {
  841. tlsextcbp.biodebug = bio_err;
  842. SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
  843. SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
  844. }
  845. #endif
  846. con=SSL_new(ctx);
  847. if (sess_in)
  848. {
  849. SSL_SESSION *sess;
  850. BIO *stmp = BIO_new_file(sess_in, "r");
  851. if (!stmp)
  852. {
  853. BIO_printf(bio_err, "Can't open session file %s\n",
  854. sess_in);
  855. ERR_print_errors(bio_err);
  856. goto end;
  857. }
  858. sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
  859. BIO_free(stmp);
  860. if (!sess)
  861. {
  862. BIO_printf(bio_err, "Can't open session file %s\n",
  863. sess_in);
  864. ERR_print_errors(bio_err);
  865. goto end;
  866. }
  867. SSL_set_session(con, sess);
  868. SSL_SESSION_free(sess);
  869. }
  870. #ifndef OPENSSL_NO_TLSEXT
  871. if (servername != NULL)
  872. {
  873. if (!SSL_set_tlsext_host_name(con,servername))
  874. {
  875. BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
  876. ERR_print_errors(bio_err);
  877. goto end;
  878. }
  879. }
  880. #endif
  881. #ifndef OPENSSL_NO_KRB5
  882. if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
  883. {
  884. kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
  885. }
  886. #endif /* OPENSSL_NO_KRB5 */
  887. /* SSL_set_cipher_list(con,"RC4-MD5"); */
  888. #if 0
  889. #ifdef TLSEXT_TYPE_opaque_prf_input
  890. SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
  891. #endif
  892. #endif
  893. re_start:
  894. if (init_client(&s,host,port,socket_type) == 0)
  895. {
  896. BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
  897. SHUTDOWN(s);
  898. goto end;
  899. }
  900. BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
  901. #ifdef FIONBIO
  902. if (c_nbio)
  903. {
  904. unsigned long l=1;
  905. BIO_printf(bio_c_out,"turning on non blocking io\n");
  906. if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
  907. {
  908. ERR_print_errors(bio_err);
  909. goto end;
  910. }
  911. }
  912. #endif
  913. if (c_Pause & 0x01) con->debug=1;
  914. if ( SSL_version(con) == DTLS1_VERSION)
  915. {
  916. sbio=BIO_new_dgram(s,BIO_NOCLOSE);
  917. if (getsockname(s, &peer, (void *)&peerlen) < 0)
  918. {
  919. BIO_printf(bio_err, "getsockname:errno=%d\n",
  920. get_last_socket_error());
  921. SHUTDOWN(s);
  922. goto end;
  923. }
  924. (void)BIO_ctrl_set_connected(sbio, 1, &peer);
  925. if (enable_timeouts)
  926. {
  927. timeout.tv_sec = 0;
  928. timeout.tv_usec = DGRAM_RCV_TIMEOUT;
  929. BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
  930. timeout.tv_sec = 0;
  931. timeout.tv_usec = DGRAM_SND_TIMEOUT;
  932. BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
  933. }
  934. if (socket_mtu > 28)
  935. {
  936. SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
  937. SSL_set_mtu(con, socket_mtu - 28);
  938. }
  939. else
  940. /* want to do MTU discovery */
  941. BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
  942. }
  943. else
  944. sbio=BIO_new_socket(s,BIO_NOCLOSE);
  945. if (nbio_test)
  946. {
  947. BIO *test;
  948. test=BIO_new(BIO_f_nbio_test());
  949. sbio=BIO_push(test,sbio);
  950. }
  951. if (c_debug)
  952. {
  953. con->debug=1;
  954. BIO_set_callback(sbio,bio_dump_callback);
  955. BIO_set_callback_arg(sbio,(char *)bio_c_out);
  956. }
  957. if (c_msg)
  958. {
  959. SSL_set_msg_callback(con, msg_cb);
  960. SSL_set_msg_callback_arg(con, bio_c_out);
  961. }
  962. #ifndef OPENSSL_NO_TLSEXT
  963. if (c_tlsextdebug)
  964. {
  965. SSL_set_tlsext_debug_callback(con, tlsext_cb);
  966. SSL_set_tlsext_debug_arg(con, bio_c_out);
  967. }
  968. if (c_status_req)
  969. {
  970. SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
  971. SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
  972. SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
  973. #if 0
  974. {
  975. STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
  976. OCSP_RESPID *id = OCSP_RESPID_new();
  977. id->value.byKey = ASN1_OCTET_STRING_new();
  978. id->type = V_OCSP_RESPID_KEY;
  979. ASN1_STRING_set(id->value.byKey, "Hello World", -1);
  980. sk_OCSP_RESPID_push(ids, id);
  981. SSL_set_tlsext_status_ids(con, ids);
  982. }
  983. #endif
  984. }
  985. #endif
  986. #ifndef OPENSSL_NO_JPAKE
  987. if (jpake_secret)
  988. jpake_client_auth(bio_c_out, sbio, jpake_secret);
  989. #endif
  990. SSL_set_bio(con,sbio,sbio);
  991. SSL_set_connect_state(con);
  992. /* ok, lets connect */
  993. width=SSL_get_fd(con)+1;
  994. read_tty=1;
  995. write_tty=0;
  996. tty_on=0;
  997. read_ssl=1;
  998. write_ssl=1;
  999. cbuf_len=0;
  1000. cbuf_off=0;
  1001. sbuf_len=0;
  1002. sbuf_off=0;
  1003. /* This is an ugly hack that does a lot of assumptions */
  1004. /* We do have to handle multi-line responses which may come
  1005. in a single packet or not. We therefore have to use
  1006. BIO_gets() which does need a buffering BIO. So during
  1007. the initial chitchat we do push a buffering BIO into the
  1008. chain that is removed again later on to not disturb the
  1009. rest of the s_client operation. */
  1010. if (starttls_proto == PROTO_SMTP)
  1011. {
  1012. int foundit=0;
  1013. BIO *fbio = BIO_new(BIO_f_buffer());
  1014. BIO_push(fbio, sbio);
  1015. /* wait for multi-line response to end from SMTP */
  1016. do
  1017. {
  1018. mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
  1019. }
  1020. while (mbuf_len>3 && mbuf[3]=='-');
  1021. /* STARTTLS command requires EHLO... */
  1022. BIO_printf(fbio,"EHLO openssl.client.net\r\n");
  1023. (void)BIO_flush(fbio);
  1024. /* wait for multi-line response to end EHLO SMTP response */
  1025. do
  1026. {
  1027. mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
  1028. if (strstr(mbuf,"STARTTLS"))
  1029. foundit=1;
  1030. }
  1031. while (mbuf_len>3 && mbuf[3]=='-');
  1032. (void)BIO_flush(fbio);
  1033. BIO_pop(fbio);
  1034. BIO_free(fbio);
  1035. if (!foundit)
  1036. BIO_printf(bio_err,
  1037. "didn't found starttls in server response,"
  1038. " try anyway...\n");
  1039. BIO_printf(sbio,"STARTTLS\r\n");
  1040. BIO_read(sbio,sbuf,BUFSIZZ);
  1041. }
  1042. else if (starttls_proto == PROTO_POP3)
  1043. {
  1044. BIO_read(sbio,mbuf,BUFSIZZ);
  1045. BIO_printf(sbio,"STLS\r\n");
  1046. BIO_read(sbio,sbuf,BUFSIZZ);
  1047. }
  1048. else if (starttls_proto == PROTO_IMAP)
  1049. {
  1050. int foundit=0;
  1051. BIO *fbio = BIO_new(BIO_f_buffer());
  1052. BIO_push(fbio, sbio);
  1053. BIO_gets(fbio,mbuf,BUFSIZZ);
  1054. /* STARTTLS command requires CAPABILITY... */
  1055. BIO_printf(fbio,". CAPABILITY\r\n");
  1056. (void)BIO_flush(fbio);
  1057. /* wait for multi-line CAPABILITY response */
  1058. do
  1059. {
  1060. mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
  1061. if (strstr(mbuf,"STARTTLS"))
  1062. foundit=1;
  1063. }
  1064. while (mbuf_len>3 && mbuf[0]!='.');
  1065. (void)BIO_flush(fbio);
  1066. BIO_pop(fbio);
  1067. BIO_free(fbio);
  1068. if (!foundit)
  1069. BIO_printf(bio_err,
  1070. "didn't found STARTTLS in server response,"
  1071. " try anyway...\n");
  1072. BIO_printf(sbio,". STARTTLS\r\n");
  1073. BIO_read(sbio,sbuf,BUFSIZZ);
  1074. }
  1075. else if (starttls_proto == PROTO_FTP)
  1076. {
  1077. BIO *fbio = BIO_new(BIO_f_buffer());
  1078. BIO_push(fbio, sbio);
  1079. /* wait for multi-line response to end from FTP */
  1080. do
  1081. {
  1082. mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
  1083. }
  1084. while (mbuf_len>3 && mbuf[3]=='-');
  1085. (void)BIO_flush(fbio);
  1086. BIO_pop(fbio);
  1087. BIO_free(fbio);
  1088. BIO_printf(sbio,"AUTH TLS\r\n");
  1089. BIO_read(sbio,sbuf,BUFSIZZ);
  1090. }
  1091. if (starttls_proto == PROTO_XMPP)
  1092. {
  1093. int seen = 0;
  1094. BIO_printf(sbio,"<stream:stream "
  1095. "xmlns:stream='http://etherx.jabber.org/streams' "
  1096. "xmlns='jabber:client' to='%s' version='1.0'>", host);
  1097. seen = BIO_read(sbio,mbuf,BUFSIZZ);
  1098. mbuf[seen] = 0;
  1099. while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
  1100. {
  1101. if (strstr(mbuf, "/stream:features>"))
  1102. goto shut;
  1103. seen = BIO_read(sbio,mbuf,BUFSIZZ);
  1104. mbuf[seen] = 0;
  1105. }
  1106. BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
  1107. seen = BIO_read(sbio,sbuf,BUFSIZZ);
  1108. sbuf[seen] = 0;
  1109. if (!strstr(sbuf, "<proceed"))
  1110. goto shut;
  1111. mbuf[0] = 0;
  1112. }
  1113. for (;;)
  1114. {
  1115. FD_ZERO(&readfds);
  1116. FD_ZERO(&writefds);
  1117. if ((SSL_version(con) == DTLS1_VERSION) &&
  1118. DTLSv1_get_timeout(con, &timeout))
  1119. timeoutp = &timeout;
  1120. else
  1121. timeoutp = NULL;
  1122. if (SSL_in_init(con) && !SSL_total_renegotiations(con))
  1123. {
  1124. in_init=1;
  1125. tty_on=0;
  1126. }
  1127. else
  1128. {
  1129. tty_on=1;
  1130. if (in_init)
  1131. {
  1132. in_init=0;
  1133. #if 0 /* This test doesn't really work as intended (needs to be fixed) */
  1134. #ifndef OPENSSL_NO_TLSEXT
  1135. if (servername != NULL && !SSL_session_reused(con))
  1136. {
  1137. BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
  1138. }
  1139. #endif
  1140. #endif
  1141. if (sess_out)
  1142. {
  1143. BIO *stmp = BIO_new_file(sess_out, "w");
  1144. if (stmp)
  1145. {
  1146. PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
  1147. BIO_free(stmp);
  1148. }
  1149. else
  1150. BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
  1151. }
  1152. print_stuff(bio_c_out,con,full_log);
  1153. if (full_log > 0) full_log--;
  1154. if (starttls_proto)
  1155. {
  1156. BIO_printf(bio_err,"%s",mbuf);
  1157. /* We don't need to know any more */
  1158. starttls_proto = PROTO_OFF;
  1159. }
  1160. if (reconnect)
  1161. {
  1162. reconnect--;
  1163. BIO_printf(bio_c_out,"drop connection and then reconnect\n");
  1164. SSL_shutdown(con);
  1165. SSL_set_connect_state(con);
  1166. SHUTDOWN(SSL_get_fd(con));
  1167. goto re_start;
  1168. }
  1169. }
  1170. }
  1171. ssl_pending = read_ssl && SSL_pending(con);
  1172. if (!ssl_pending)
  1173. {
  1174. #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
  1175. if (tty_on)
  1176. {
  1177. if (read_tty) openssl_fdset(fileno(stdin),&readfds);
  1178. if (write_tty) openssl_fdset(fileno(stdout),&writefds);
  1179. }
  1180. if (read_ssl)
  1181. openssl_fdset(SSL_get_fd(con),&readfds);
  1182. if (write_ssl)
  1183. openssl_fdset(SSL_get_fd(con),&writefds);
  1184. #else
  1185. if(!tty_on || !write_tty) {
  1186. if (read_ssl)
  1187. openssl_fdset(SSL_get_fd(con),&readfds);
  1188. if (write_ssl)
  1189. openssl_fdset(SSL_get_fd(con),&writefds);
  1190. }
  1191. #endif
  1192. /* printf("mode tty(%d %d%d) ssl(%d%d)\n",
  1193. tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
  1194. /* Note: under VMS with SOCKETSHR the second parameter
  1195. * is currently of type (int *) whereas under other
  1196. * systems it is (void *) if you don't have a cast it
  1197. * will choke the compiler: if you do have a cast then
  1198. * you can either go for (int *) or (void *).
  1199. */
  1200. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
  1201. /* Under Windows/DOS we make the assumption that we can
  1202. * always write to the tty: therefore if we need to
  1203. * write to the tty we just fall through. Otherwise
  1204. * we timeout the select every second and see if there
  1205. * are any keypresses. Note: this is a hack, in a proper
  1206. * Windows application we wouldn't do this.
  1207. */
  1208. i=0;
  1209. if(!write_tty) {
  1210. if(read_tty) {
  1211. tv.tv_sec = 1;
  1212. tv.tv_usec = 0;
  1213. i=select(width,(void *)&readfds,(void *)&writefds,
  1214. NULL,&tv);
  1215. #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
  1216. if(!i && (!_kbhit() || !read_tty) ) continue;
  1217. #else
  1218. if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
  1219. #endif
  1220. } else i=select(width,(void *)&readfds,(void *)&writefds,
  1221. NULL,timeoutp);
  1222. }
  1223. #elif defined(OPENSSL_SYS_NETWARE)
  1224. if(!write_tty) {
  1225. if(read_tty) {
  1226. tv.tv_sec = 1;
  1227. tv.tv_usec = 0;
  1228. i=select(width,(void *)&readfds,(void *)&writefds,
  1229. NULL,&tv);
  1230. } else i=select(width,(void *)&readfds,(void *)&writefds,
  1231. NULL,timeoutp);
  1232. }
  1233. #elif defined(OPENSSL_SYS_BEOS_R5)
  1234. /* Under BeOS-R5 the situation is similar to DOS */
  1235. i=0;
  1236. stdin_set = 0;
  1237. (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
  1238. if(!write_tty) {
  1239. if(read_tty) {
  1240. tv.tv_sec = 1;
  1241. tv.tv_usec = 0;
  1242. i=select(width,(void *)&readfds,(void *)&writefds,
  1243. NULL,&tv);
  1244. if (read(fileno(stdin), sbuf, 0) >= 0)
  1245. stdin_set = 1;
  1246. if (!i && (stdin_set != 1 || !read_tty))
  1247. continue;
  1248. } else i=select(width,(void *)&readfds,(void *)&writefds,
  1249. NULL,timeoutp);
  1250. }
  1251. (void)fcntl(fileno(stdin), F_SETFL, 0);
  1252. #else
  1253. i=select(width,(void *)&readfds,(void *)&writefds,
  1254. NULL,timeoutp);
  1255. #endif
  1256. if ( i < 0)
  1257. {
  1258. BIO_printf(bio_err,"bad select %d\n",
  1259. get_last_socket_error());
  1260. goto shut;
  1261. /* goto end; */
  1262. }
  1263. }
  1264. if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
  1265. {
  1266. BIO_printf(bio_err,"TIMEOUT occured\n");
  1267. }
  1268. if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
  1269. {
  1270. k=SSL_write(con,&(cbuf[cbuf_off]),
  1271. (unsigned int)cbuf_len);
  1272. switch (SSL_get_error(con,k))
  1273. {
  1274. case SSL_ERROR_NONE:
  1275. cbuf_off+=k;
  1276. cbuf_len-=k;
  1277. if (k <= 0) goto end;
  1278. /* we have done a write(con,NULL,0); */
  1279. if (cbuf_len <= 0)
  1280. {
  1281. read_tty=1;
  1282. write_ssl=0;
  1283. }
  1284. else /* if (cbuf_len > 0) */
  1285. {
  1286. read_tty=0;
  1287. write_ssl=1;
  1288. }
  1289. break;
  1290. case SSL_ERROR_WANT_WRITE:
  1291. BIO_printf(bio_c_out,"write W BLOCK\n");
  1292. write_ssl=1;
  1293. read_tty=0;
  1294. break;
  1295. case SSL_ERROR_WANT_READ:
  1296. BIO_printf(bio_c_out,"write R BLOCK\n");
  1297. write_tty=0;
  1298. read_ssl=1;
  1299. write_ssl=0;
  1300. break;
  1301. case SSL_ERROR_WANT_X509_LOOKUP:
  1302. BIO_printf(bio_c_out,"write X BLOCK\n");
  1303. break;
  1304. case SSL_ERROR_ZERO_RETURN:
  1305. if (cbuf_len != 0)
  1306. {
  1307. BIO_printf(bio_c_out,"shutdown\n");
  1308. ret = 0;
  1309. goto shut;
  1310. }
  1311. else
  1312. {
  1313. read_tty=1;
  1314. write_ssl=0;
  1315. break;
  1316. }
  1317. case SSL_ERROR_SYSCALL:
  1318. if ((k != 0) || (cbuf_len != 0))
  1319. {
  1320. BIO_printf(bio_err,"write:errno=%d\n",
  1321. get_last_socket_error());
  1322. goto shut;
  1323. }
  1324. else
  1325. {
  1326. read_tty=1;
  1327. write_ssl=0;
  1328. }
  1329. break;
  1330. case SSL_ERROR_SSL:
  1331. ERR_print_errors(bio_err);
  1332. goto shut;
  1333. }
  1334. }
  1335. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
  1336. /* Assume Windows/DOS/BeOS can always write */
  1337. else if (!ssl_pending && write_tty)
  1338. #else
  1339. else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
  1340. #endif
  1341. {
  1342. #ifdef CHARSET_EBCDIC
  1343. ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
  1344. #endif
  1345. i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
  1346. if (i <= 0)
  1347. {
  1348. BIO_printf(bio_c_out,"DONE\n");
  1349. ret = 0;
  1350. goto shut;
  1351. /* goto end; */
  1352. }
  1353. sbuf_len-=i;;
  1354. sbuf_off+=i;
  1355. if (sbuf_len <= 0)
  1356. {
  1357. read_ssl=1;
  1358. write_tty=0;
  1359. }
  1360. }
  1361. else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
  1362. {
  1363. #ifdef RENEG
  1364. { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
  1365. #endif
  1366. #if 1
  1367. k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
  1368. #else
  1369. /* Demo for pending and peek :-) */
  1370. k=SSL_read(con,sbuf,16);
  1371. { char zbuf[10240];
  1372. printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
  1373. }
  1374. #endif
  1375. switch (SSL_get_error(con,k))
  1376. {
  1377. case SSL_ERROR_NONE:
  1378. if (k <= 0)
  1379. goto end;
  1380. sbuf_off=0;
  1381. sbuf_len=k;
  1382. read_ssl=0;
  1383. write_tty=1;
  1384. break;
  1385. case SSL_ERROR_WANT_WRITE:
  1386. BIO_printf(bio_c_out,"read W BLOCK\n");
  1387. write_ssl=1;
  1388. read_tty=0;
  1389. break;
  1390. case SSL_ERROR_WANT_READ:
  1391. BIO_printf(bio_c_out,"read R BLOCK\n");
  1392. write_tty=0;
  1393. read_ssl=1;
  1394. if ((read_tty == 0) && (write_ssl == 0))
  1395. write_ssl=1;
  1396. break;
  1397. case SSL_ERROR_WANT_X509_LOOKUP:
  1398. BIO_printf(bio_c_out,"read X BLOCK\n");
  1399. break;
  1400. case SSL_ERROR_SYSCALL:
  1401. ret=get_last_socket_error();
  1402. BIO_printf(bio_err,"read:errno=%d\n",ret);
  1403. goto shut;
  1404. case SSL_ERROR_ZERO_RETURN:
  1405. BIO_printf(bio_c_out,"closed\n");
  1406. ret=0;
  1407. goto shut;
  1408. case SSL_ERROR_SSL:
  1409. ERR_print_errors(bio_err);
  1410. goto shut;
  1411. /* break; */
  1412. }
  1413. }
  1414. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
  1415. #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
  1416. else if (_kbhit())
  1417. #else
  1418. else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
  1419. #endif
  1420. #elif defined (OPENSSL_SYS_NETWARE)
  1421. else if (_kbhit())
  1422. #elif defined(OPENSSL_SYS_BEOS_R5)
  1423. else if (stdin_set)
  1424. #else
  1425. else if (FD_ISSET(fileno(stdin),&readfds))
  1426. #endif
  1427. {
  1428. if (crlf)
  1429. {
  1430. int j, lf_num;
  1431. i=raw_read_stdin(cbuf,BUFSIZZ/2);
  1432. lf_num = 0;
  1433. /* both loops are skipped when i <= 0 */
  1434. for (j = 0; j < i; j++)
  1435. if (cbuf[j] == '\n')
  1436. lf_num++;
  1437. for (j = i-1; j >= 0; j--)
  1438. {
  1439. cbuf[j+lf_num] = cbuf[j];
  1440. if (cbuf[j] == '\n')
  1441. {
  1442. lf_num--;
  1443. i++;
  1444. cbuf[j+lf_num] = '\r';
  1445. }
  1446. }
  1447. assert(lf_num == 0);
  1448. }
  1449. else
  1450. i=raw_read_stdin(cbuf,BUFSIZZ);
  1451. if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
  1452. {
  1453. BIO_printf(bio_err,"DONE\n");
  1454. ret=0;
  1455. goto shut;
  1456. }
  1457. if ((!c_ign_eof) && (cbuf[0] == 'R'))
  1458. {
  1459. BIO_printf(bio_err,"RENEGOTIATING\n");
  1460. SSL_renegotiate(con);
  1461. cbuf_len=0;
  1462. }
  1463. else
  1464. {
  1465. cbuf_len=i;
  1466. cbuf_off=0;
  1467. #ifdef CHARSET_EBCDIC
  1468. ebcdic2ascii(cbuf, cbuf, i);
  1469. #endif
  1470. }
  1471. write_ssl=1;
  1472. read_tty=0;
  1473. }
  1474. }
  1475. ret=0;
  1476. shut:
  1477. if (in_init)
  1478. print_stuff(bio_c_out,con,full_log);
  1479. SSL_shutdown(con);
  1480. SHUTDOWN(SSL_get_fd(con));
  1481. end:
  1482. if (con != NULL)
  1483. {
  1484. if (prexit != 0)
  1485. print_stuff(bio_c_out,con,1);
  1486. SSL_free(con);
  1487. }
  1488. if (ctx != NULL) SSL_CTX_free(ctx);
  1489. if (cert)
  1490. X509_free(cert);
  1491. if (key)
  1492. EVP_PKEY_free(key);
  1493. if (pass)
  1494. OPENSSL_free(pass);
  1495. if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
  1496. if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
  1497. if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
  1498. if (bio_c_out != NULL)
  1499. {
  1500. BIO_free(bio_c_out);
  1501. bio_c_out=NULL;
  1502. }
  1503. apps_shutdown();
  1504. OPENSSL_EXIT(ret);
  1505. }
  1506. static void print_stuff(BIO *bio, SSL *s, int full)
  1507. {
  1508. X509 *peer=NULL;
  1509. char *p;
  1510. static const char *space=" ";
  1511. char buf[BUFSIZ];
  1512. STACK_OF(X509) *sk;
  1513. STACK_OF(X509_NAME) *sk2;
  1514. const SSL_CIPHER *c;
  1515. X509_NAME *xn;
  1516. int j,i;
  1517. #ifndef OPENSSL_NO_COMP
  1518. const COMP_METHOD *comp, *expansion;
  1519. #endif
  1520. if (full)
  1521. {
  1522. int got_a_chain = 0;
  1523. sk=SSL_get_peer_cert_chain(s);
  1524. if (sk != NULL)
  1525. {
  1526. got_a_chain = 1; /* we don't have it for SSL2 (yet) */
  1527. BIO_printf(bio,"---\nCertificate chain\n");
  1528. for (i=0; i<sk_X509_num(sk); i++)
  1529. {
  1530. X509_NAME_oneline(X509_get_subject_name(
  1531. sk_X509_value(sk,i)),buf,sizeof buf);
  1532. BIO_printf(bio,"%2d s:%s\n",i,buf);
  1533. X509_NAME_oneline(X509_get_issuer_name(
  1534. sk_X509_value(sk,i)),buf,sizeof buf);
  1535. BIO_printf(bio," i:%s\n",buf);
  1536. if (c_showcerts)
  1537. PEM_write_bio_X509(bio,sk_X509_value(sk,i));
  1538. }
  1539. }
  1540. BIO_printf(bio,"---\n");
  1541. peer=SSL_get_peer_certificate(s);
  1542. if (peer != NULL)
  1543. {
  1544. BIO_printf(bio,"Server certificate\n");
  1545. if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
  1546. PEM_write_bio_X509(bio,peer);
  1547. X509_NAME_oneline(X509_get_subject_name(peer),
  1548. buf,sizeof buf);
  1549. BIO_printf(bio,"subject=%s\n",buf);
  1550. X509_NAME_oneline(X509_get_issuer_name(peer),
  1551. buf,sizeof buf);
  1552. BIO_printf(bio,"issuer=%s\n",buf);
  1553. }
  1554. else
  1555. BIO_printf(bio,"no peer certificate available\n");
  1556. sk2=SSL_get_client_CA_list(s);
  1557. if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
  1558. {
  1559. BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
  1560. for (i=0; i<sk_X509_NAME_num(sk2); i++)
  1561. {
  1562. xn=sk_X509_NAME_value(sk2,i);
  1563. X509_NAME_oneline(xn,buf,sizeof(buf));
  1564. BIO_write(bio,buf,strlen(buf));
  1565. BIO_write(bio,"\n",1);
  1566. }
  1567. }
  1568. else
  1569. {
  1570. BIO_printf(bio,"---\nNo client certificate CA names sent\n");
  1571. }
  1572. p=SSL_get_shared_ciphers(s,buf,sizeof buf);
  1573. if (p != NULL)
  1574. {
  1575. /* This works only for SSL 2. In later protocol
  1576. * versions, the client does not know what other
  1577. * ciphers (in addition to the one to be used
  1578. * in the current connection) the server supports. */
  1579. BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
  1580. j=i=0;
  1581. while (*p)
  1582. {
  1583. if (*p == ':')
  1584. {
  1585. BIO_write(bio,space,15-j%25);
  1586. i++;
  1587. j=0;
  1588. BIO_write(bio,((i%3)?" ":"\n"),1);
  1589. }
  1590. else
  1591. {
  1592. BIO_write(bio,p,1);
  1593. j++;
  1594. }
  1595. p++;
  1596. }
  1597. BIO_write(bio,"\n",1);
  1598. }
  1599. BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
  1600. BIO_number_read(SSL_get_rbio(s)),
  1601. BIO_number_written(SSL_get_wbio(s)));
  1602. }
  1603. BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
  1604. c=SSL_get_current_cipher(s);
  1605. BIO_printf(bio,"%s, Cipher is %s\n",
  1606. SSL_CIPHER_get_version(c),
  1607. SSL_CIPHER_get_name(c));
  1608. if (peer != NULL) {
  1609. EVP_PKEY *pktmp;
  1610. pktmp = X509_get_pubkey(peer);
  1611. BIO_printf(bio,"Server public key is %d bit\n",
  1612. EVP_PKEY_bits(pktmp));
  1613. EVP_PKEY_free(pktmp);
  1614. }
  1615. #ifndef OPENSSL_NO_COMP
  1616. comp=SSL_get_current_compression(s);
  1617. expansion=SSL_get_current_expansion(s);
  1618. BIO_printf(bio,"Compression: %s\n",
  1619. comp ? SSL_COMP_get_name(comp) : "NONE");
  1620. BIO_printf(bio,"Expansion: %s\n",
  1621. expansion ? SSL_COMP_get_name(expansion) : "NONE");
  1622. #endif
  1623. SSL_SESSION_print(bio,SSL_get_session(s));
  1624. BIO_printf(bio,"---\n");
  1625. if (peer != NULL)
  1626. X509_free(peer);
  1627. /* flush, or debugging output gets mixed with http response */
  1628. (void)BIO_flush(bio);
  1629. }
  1630. #ifndef OPENSSL_NO_TLSEXT
  1631. static int ocsp_resp_cb(SSL *s, void *arg)
  1632. {
  1633. const unsigned char *p;
  1634. int len;
  1635. OCSP_RESPONSE *rsp;
  1636. len = SSL_get_tlsext_status_ocsp_resp(s, &p);
  1637. BIO_puts(arg, "OCSP response: ");
  1638. if (!p)
  1639. {
  1640. BIO_puts(arg, "no response sent\n");
  1641. return 1;
  1642. }
  1643. rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
  1644. if (!rsp)
  1645. {
  1646. BIO_puts(arg, "response parse error\n");
  1647. BIO_dump_indent(arg, (char *)p, len, 4);
  1648. return 0;
  1649. }
  1650. BIO_puts(arg, "\n======================================\n");
  1651. OCSP_RESPONSE_print(arg, rsp, 0);
  1652. BIO_puts(arg, "======================================\n");
  1653. OCSP_RESPONSE_free(rsp);
  1654. return 1;
  1655. }
  1656. #endif