Symaptic: os/ossrv/ssl/tsrc/BC/libcrypto/topenssl/src/s

sl@0	1	/* apps/s_client.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58	/* ====================================================================
sl@0	59	* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
sl@0	60	*
sl@0	61	* Redistribution and use in source and binary forms, with or without
sl@0	62	* modification, are permitted provided that the following conditions
sl@0	63	* are met:
sl@0	64	*
sl@0	65	* 1. Redistributions of source code must retain the above copyright
sl@0	66	* notice, this list of conditions and the following disclaimer.
sl@0	67	*
sl@0	68	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	69	* notice, this list of conditions and the following disclaimer in
sl@0	70	* the documentation and/or other materials provided with the
sl@0	71	* distribution.
sl@0	72	*
sl@0	73	* 3. All advertising materials mentioning features or use of this
sl@0	74	* software must display the following acknowledgment:
sl@0	75	* "This product includes software developed by the OpenSSL Project
sl@0	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
sl@0	77	*
sl@0	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	79	* endorse or promote products derived from this software without
sl@0	80	* prior written permission. For written permission, please contact
sl@0	81	* openssl-core@openssl.org.
sl@0	82	*
sl@0	83	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	84	* nor may "OpenSSL" appear in their names without prior written
sl@0	85	* permission of the OpenSSL Project.
sl@0	86	*
sl@0	87	* 6. Redistributions of any form whatsoever must retain the following
sl@0	88	* acknowledgment:
sl@0	89	* "This product includes software developed by the OpenSSL Project
sl@0	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
sl@0	91	*
sl@0	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	104	* ====================================================================
sl@0	105	*
sl@0	106	* This product includes cryptographic software written by Eric Young
sl@0	107	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	108	* Hudson (tjh@cryptsoft.com).
sl@0	109	*
sl@0	110	*/
sl@0	111
sl@0	112	#include <assert.h>
sl@0	113	#include <stdio.h>
sl@0	114	#include <stdlib.h>
sl@0	115	#include <string.h>
sl@0	116	#include <sys/select.h>
sl@0	117	#include <openssl/e_os2.h>
sl@0	118	#ifdef OPENSSL_NO_STDIO
sl@0	119	#define APPS_WIN16
sl@0	120	#endif
sl@0	121
sl@0	122	/* With IPv6, it looks like Digital has mixed up the proper order of
sl@0	123	recursive header file inclusion, resulting in the compiler complaining
sl@0	124	that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
sl@0	125	is needed to have fileno() declared correctly... So let's define u_int */
sl@0	126	#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
sl@0	127	#define __U_INT
sl@0	128	typedef unsigned int u_int;
sl@0	129	#endif
sl@0	130
sl@0	131	#define USE_SOCKETS
sl@0	132	#include "apps.h"
sl@0	133	#include <openssl/x509.h>
sl@0	134	#include <openssl/ssl.h>
sl@0	135	#include <openssl/err.h>
sl@0	136	#include <openssl/pem.h>
sl@0	137	#include <openssl/rand.h>
sl@0	138	#include "s_apps.h"
sl@0	139	#include "timeouts.h"
sl@0	140
sl@0	141	#ifdef OPENSSL_SYS_WINCE
sl@0	142	/* Windows CE incorrectly defines fileno as returning void, so to avoid problems below... /
sl@0	143	#ifdef fileno
sl@0	144	#undef fileno
sl@0	145	#endif
sl@0	146	#define fileno(a) (int)_fileno(a)
sl@0	147	#endif
sl@0	148
sl@0	149
sl@0	150	#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
sl@0	151	/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
sl@0	152	#undef FIONBIO
sl@0	153	#endif
sl@0	154
sl@0	155	#undef PROG
sl@0	156	#define PROG s_client_main
sl@0	157
sl@0	158	/#define SSL_HOST_NAME "www.netscape.com" /
sl@0	159	/#define SSL_HOST_NAME "193.118.187.102" /
sl@0	160	#define SSL_HOST_NAME "localhost"
sl@0	161
sl@0	162	/#define TEST_CERT "client.pem" / /* no default cert. */
sl@0	163
sl@0	164	#undef BUFSIZZ
sl@0	165	#define BUFSIZZ 1024*8
sl@0	166
sl@0	167	extern int verify_depth;
sl@0	168	extern int verify_error;
sl@0	169
sl@0	170	#ifdef FIONBIO
sl@0	171	static int c_nbio=0;
sl@0	172	#endif
sl@0	173	static int c_Pause=0;
sl@0	174	static int c_debug=0;
sl@0	175	static int c_msg=0;
sl@0	176	static int c_showcerts=0;
sl@0	177
sl@0	178	static void sc_usage(void);
sl@0	179	static void print_stuff(BIO berr,SSL con,int full);
sl@0	180	static BIO *bio_c_out=NULL;
sl@0	181	static int c_quiet=0;
sl@0	182	static int c_ign_eof=0;
sl@0	183
sl@0	184
sl@0	185	static void sc_usage(void)
sl@0	186	{
sl@0	187	BIO_printf(bio_err,"usage: s_client args\n");
sl@0	188	BIO_printf(bio_err,"\n");
sl@0	189	BIO_printf(bio_err," -host host - use -connect instead\n");
sl@0	190	BIO_printf(bio_err," -port port - use -connect instead\n");
sl@0	191	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
sl@0	192
sl@0	193	BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
sl@0	194	BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
sl@0	195	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
sl@0	196	BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
sl@0	197	BIO_printf(bio_err," not specified but cert file is.\n");
sl@0	198	BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
sl@0	199	BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
sl@0	200	BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
sl@0	201	BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
sl@0	202	BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
sl@0	203	BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
sl@0	204	BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
sl@0	205	BIO_printf(bio_err," -debug - extra output\n");
sl@0	206	#ifdef WATT32
sl@0	207	BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
sl@0	208	#endif
sl@0	209	BIO_printf(bio_err," -msg - Show protocol messages\n");
sl@0	210	BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
sl@0	211	BIO_printf(bio_err," -state - print the 'ssl' states\n");
sl@0	212	#ifdef FIONBIO
sl@0	213	BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
sl@0	214	#endif
sl@0	215	BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
sl@0	216	BIO_printf(bio_err," -quiet - no s_client output\n");
sl@0	217	BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
sl@0	218	BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
sl@0	219	BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
sl@0	220	BIO_printf(bio_err," -tls1 - just use TLSv1\n");
sl@0	221	BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
sl@0	222	BIO_printf(bio_err," -mtu - set the MTU\n");
sl@0	223	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
sl@0	224	BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
sl@0	225	BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
sl@0	226	BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
sl@0	227	BIO_printf(bio_err," command to see what is available\n");
sl@0	228	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
sl@0	229	BIO_printf(bio_err," for those protocols that support it, where\n");
sl@0	230	BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
sl@0	231	BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n");
sl@0	232	#ifndef OPENSSL_NO_ENGINE
sl@0	233	BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
sl@0	234	#endif
sl@0	235	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
sl@0	236
sl@0	237	}
sl@0	238
sl@0	239	int MAIN(int, char **);
sl@0	240
sl@0	241	int MAIN(int argc, char **argv)
sl@0	242	{
sl@0	243	int off=0;
sl@0	244	SSL con=NULL,con2=NULL;
sl@0	245	X509_STORE *store = NULL;
sl@0	246	int s,k,width,state=0;
sl@0	247	char cbuf=NULL,sbuf=NULL,*mbuf=NULL;
sl@0	248	int cbuf_len,cbuf_off;
sl@0	249	int sbuf_len,sbuf_off;
sl@0	250	fd_set readfds,writefds;
sl@0	251	short port=PORT;
sl@0	252	int full_log=1;
sl@0	253	char *host=SSL_HOST_NAME;
sl@0	254	char cert_file=NULL,key_file=NULL;
sl@0	255	int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
sl@0	256	char passarg = NULL, pass = NULL;
sl@0	257	X509 *cert = NULL;
sl@0	258	EVP_PKEY *key = NULL;
sl@0	259	char CApath=NULL,CAfile=NULL,*cipher=NULL;
sl@0	260	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
sl@0	261	int crlf=0;
sl@0	262	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
sl@0	263	SSL_CTX *ctx=NULL;
sl@0	264	int ret=1,in_init=1,i,nbio_test=0;
sl@0	265	int starttls_proto = 0;
sl@0	266	int prexit = 0, vflags = 0;
sl@0	267	SSL_METHOD *meth=NULL;
sl@0	268	#ifdef sock_type
sl@0	269	#undef sock_type
sl@0	270	#endif
sl@0	271	int sock_type=SOCK_STREAM;
sl@0	272	BIO *sbio;
sl@0	273	char *inrand=NULL;
sl@0	274	#ifndef OPENSSL_NO_ENGINE
sl@0	275	char *engine_id=NULL;
sl@0	276	ENGINE *e=NULL;
sl@0	277	#endif
sl@0	278	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_NETWARE)
sl@0	279	struct timeval tv;
sl@0	280	#endif
sl@0	281
sl@0	282	struct sockaddr peer;
sl@0	283	int peerlen = sizeof(peer);
sl@0	284	int enable_timeouts = 0 ;
sl@0	285	long mtu = 0;
sl@0	286
sl@0	287	#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
sl@0	288	meth=SSLv23_client_method();
sl@0	289	#elif !defined(OPENSSL_NO_SSL3)
sl@0	290	meth=SSLv3_client_method();
sl@0	291	#elif !defined(OPENSSL_NO_SSL2)
sl@0	292	meth=SSLv2_client_method();
sl@0	293	#endif
sl@0	294
sl@0	295	apps_startup();
sl@0	296	c_Pause=0;
sl@0	297	c_quiet=0;
sl@0	298	c_ign_eof=0;
sl@0	299	c_debug=0;
sl@0	300	c_msg=0;
sl@0	301	c_showcerts=0;
sl@0	302
sl@0	303	if (bio_err == NULL)
sl@0	304	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
sl@0	305
sl@0	306	if (!load_config(bio_err, NULL))
sl@0	307	goto end;
sl@0	308
sl@0	309	if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) \|\|
sl@0	310	((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) \|\|
sl@0	311	((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
sl@0	312	{
sl@0	313	BIO_printf(bio_err,"out of memory\n");
sl@0	314	goto end;
sl@0	315	}
sl@0	316
sl@0	317	verify_depth=0;
sl@0	318	verify_error=X509_V_OK;
sl@0	319	#ifdef FIONBIO
sl@0	320	c_nbio=0;
sl@0	321	#endif
sl@0	322
sl@0	323	argc--;
sl@0	324	argv++;
sl@0	325	while (argc >= 1)
sl@0	326	{
sl@0	327	if (strcmp(*argv,"-host") == 0)
sl@0	328	{
sl@0	329	if (--argc < 1) goto bad;
sl@0	330	host= *(++argv);
sl@0	331	}
sl@0	332	else if (strcmp(*argv,"-port") == 0)
sl@0	333	{
sl@0	334	if (--argc < 1) goto bad;
sl@0	335	port=atoi(*(++argv));
sl@0	336	if (port == 0) goto bad;
sl@0	337	}
sl@0	338	else if (strcmp(*argv,"-connect") == 0)
sl@0	339	{
sl@0	340	if (--argc < 1) goto bad;
sl@0	341	if (!extract_host_port(*(++argv),&host,NULL,&port))
sl@0	342	goto bad;
sl@0	343	}
sl@0	344	else if (strcmp(*argv,"-verify") == 0)
sl@0	345	{
sl@0	346	verify=SSL_VERIFY_PEER;
sl@0	347	if (--argc < 1) goto bad;
sl@0	348	verify_depth=atoi(*(++argv));
sl@0	349	BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
sl@0	350	}
sl@0	351	else if (strcmp(*argv,"-cert") == 0)
sl@0	352	{
sl@0	353	if (--argc < 1) goto bad;
sl@0	354	cert_file= *(++argv);
sl@0	355	}
sl@0	356	else if (strcmp(*argv,"-certform") == 0)
sl@0	357	{
sl@0	358	if (--argc < 1) goto bad;
sl@0	359	cert_format = str2fmt(*(++argv));
sl@0	360	}
sl@0	361	else if (strcmp(*argv,"-crl_check") == 0)
sl@0	362	vflags \|= X509_V_FLAG_CRL_CHECK;
sl@0	363	else if (strcmp(*argv,"-crl_check_all") == 0)
sl@0	364	vflags \|= X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_ALL;
sl@0	365	else if (strcmp(*argv,"-prexit") == 0)
sl@0	366	prexit=1;
sl@0	367	else if (strcmp(*argv,"-crlf") == 0)
sl@0	368	crlf=1;
sl@0	369	else if (strcmp(*argv,"-quiet") == 0)
sl@0	370	{
sl@0	371	c_quiet=1;
sl@0	372	c_ign_eof=1;
sl@0	373	}
sl@0	374	else if (strcmp(*argv,"-ign_eof") == 0)
sl@0	375	c_ign_eof=1;
sl@0	376	else if (strcmp(*argv,"-pause") == 0)
sl@0	377	c_Pause=1;
sl@0	378	else if (strcmp(*argv,"-debug") == 0)
sl@0	379	c_debug=1;
sl@0	380	#ifdef WATT32
sl@0	381	else if (strcmp(*argv,"-wdebug") == 0)
sl@0	382	dbug_init();
sl@0	383	#endif
sl@0	384	else if (strcmp(*argv,"-msg") == 0)
sl@0	385	c_msg=1;
sl@0	386	else if (strcmp(*argv,"-showcerts") == 0)
sl@0	387	c_showcerts=1;
sl@0	388	else if (strcmp(*argv,"-nbio_test") == 0)
sl@0	389	nbio_test=1;
sl@0	390	else if (strcmp(*argv,"-state") == 0)
sl@0	391	state=1;
sl@0	392	#ifndef OPENSSL_NO_SSL2
sl@0	393	else if (strcmp(*argv,"-ssl2") == 0)
sl@0	394	meth=SSLv2_client_method();
sl@0	395	#endif
sl@0	396	#ifndef OPENSSL_NO_SSL3
sl@0	397	else if (strcmp(*argv,"-ssl3") == 0)
sl@0	398	meth=SSLv3_client_method();
sl@0	399	#endif
sl@0	400	#ifndef OPENSSL_NO_TLS1
sl@0	401	else if (strcmp(*argv,"-tls1") == 0)
sl@0	402	meth=TLSv1_client_method();
sl@0	403	#endif
sl@0	404	#ifndef OPENSSL_NO_DTLS1
sl@0	405	else if (strcmp(*argv,"-dtls1") == 0)
sl@0	406	{
sl@0	407	meth=DTLSv1_client_method();
sl@0	408	sock_type=SOCK_DGRAM;
sl@0	409	}
sl@0	410	else if (strcmp(*argv,"-timeout") == 0)
sl@0	411	enable_timeouts=1;
sl@0	412	else if (strcmp(*argv,"-mtu") == 0)
sl@0	413	{
sl@0	414	if (--argc < 1) goto bad;
sl@0	415	mtu = atol(*(++argv));
sl@0	416	}
sl@0	417	#endif
sl@0	418	else if (strcmp(*argv,"-bugs") == 0)
sl@0	419	bugs=1;
sl@0	420	else if (strcmp(*argv,"-keyform") == 0)
sl@0	421	{
sl@0	422	if (--argc < 1) goto bad;
sl@0	423	key_format = str2fmt(*(++argv));
sl@0	424	}
sl@0	425	else if (strcmp(*argv,"-pass") == 0)
sl@0	426	{
sl@0	427	if (--argc < 1) goto bad;
sl@0	428	passarg = *(++argv);
sl@0	429	}
sl@0	430	else if (strcmp(*argv,"-key") == 0)
sl@0	431	{
sl@0	432	if (--argc < 1) goto bad;
sl@0	433	key_file= *(++argv);
sl@0	434	}
sl@0	435	else if (strcmp(*argv,"-reconnect") == 0)
sl@0	436	{
sl@0	437	reconnect=5;
sl@0	438	}
sl@0	439	else if (strcmp(*argv,"-CApath") == 0)
sl@0	440	{
sl@0	441	if (--argc < 1) goto bad;
sl@0	442	CApath= *(++argv);
sl@0	443	}
sl@0	444	else if (strcmp(*argv,"-CAfile") == 0)
sl@0	445	{
sl@0	446	if (--argc < 1) goto bad;
sl@0	447	CAfile= *(++argv);
sl@0	448	}
sl@0	449	else if (strcmp(*argv,"-no_tls1") == 0)
sl@0	450	off\|=SSL_OP_NO_TLSv1;
sl@0	451	else if (strcmp(*argv,"-no_ssl3") == 0)
sl@0	452	off\|=SSL_OP_NO_SSLv3;
sl@0	453	else if (strcmp(*argv,"-no_ssl2") == 0)
sl@0	454	off\|=SSL_OP_NO_SSLv2;
sl@0	455	else if (strcmp(*argv,"-serverpref") == 0)
sl@0	456	off\|=SSL_OP_CIPHER_SERVER_PREFERENCE;
sl@0	457	else if (strcmp(*argv,"-cipher") == 0)
sl@0	458	{
sl@0	459	if (--argc < 1) goto bad;
sl@0	460	cipher= *(++argv);
sl@0	461	}
sl@0	462	#ifdef FIONBIO
sl@0	463	else if (strcmp(*argv,"-nbio") == 0)
sl@0	464	{ c_nbio=1; }
sl@0	465	#endif
sl@0	466	else if (strcmp(*argv,"-starttls") == 0)
sl@0	467	{
sl@0	468	if (--argc < 1) goto bad;
sl@0	469	++argv;
sl@0	470	if (strcmp(*argv,"smtp") == 0)
sl@0	471	starttls_proto = 1;
sl@0	472	else if (strcmp(*argv,"pop3") == 0)
sl@0	473	starttls_proto = 2;
sl@0	474	else
sl@0	475	goto bad;
sl@0	476	}
sl@0	477	#ifndef OPENSSL_NO_ENGINE
sl@0	478	else if (strcmp(*argv,"-engine") == 0)
sl@0	479	{
sl@0	480	if (--argc < 1) goto bad;
sl@0	481	engine_id = *(++argv);
sl@0	482	}
sl@0	483	#endif
sl@0	484	else if (strcmp(*argv,"-rand") == 0)
sl@0	485	{
sl@0	486	if (--argc < 1) goto bad;
sl@0	487	inrand= *(++argv);
sl@0	488	}
sl@0	489	else
sl@0	490	{
sl@0	491	BIO_printf(bio_err,"unknown option %s\n",*argv);
sl@0	492	badop=1;
sl@0	493	break;
sl@0	494	}
sl@0	495	argc--;
sl@0	496	argv++;
sl@0	497	}
sl@0	498	if (badop)
sl@0	499	{
sl@0	500	bad:
sl@0	501	sc_usage();
sl@0	502	goto end;
sl@0	503	}
sl@0	504
sl@0	505	OpenSSL_add_ssl_algorithms();
sl@0	506	SSL_load_error_strings();
sl@0	507
sl@0	508	#ifndef OPENSSL_NO_ENGINE
sl@0	509	e = setup_engine(bio_err, engine_id, 1);
sl@0	510	#endif
sl@0	511	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
sl@0	512	{
sl@0	513	BIO_printf(bio_err, "Error getting password\n");
sl@0	514	goto end;
sl@0	515	}
sl@0	516
sl@0	517	if (key_file == NULL)
sl@0	518	key_file = cert_file;
sl@0	519
sl@0	520
sl@0	521	if (key_file)
sl@0	522
sl@0	523	{
sl@0	524
sl@0	525	key = load_key(bio_err, key_file, key_format, 0, pass, e,
sl@0	526	"client certificate private key file");
sl@0	527	if (!key)
sl@0	528	{
sl@0	529	ERR_print_errors(bio_err);
sl@0	530	goto end;
sl@0	531	}
sl@0	532
sl@0	533	}
sl@0	534
sl@0	535	if (cert_file)
sl@0	536
sl@0	537	{
sl@0	538	cert = load_cert(bio_err,cert_file,cert_format,
sl@0	539	NULL, e, "client certificate file");
sl@0	540
sl@0	541	if (!cert)
sl@0	542	{
sl@0	543	ERR_print_errors(bio_err);
sl@0	544	goto end;
sl@0	545	}
sl@0	546	}
sl@0	547
sl@0	548	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
sl@0	549	&& !RAND_status())
sl@0	550	{
sl@0	551	BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
sl@0	552	}
sl@0	553	if (inrand != NULL)
sl@0	554	BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
sl@0	555	app_RAND_load_files(inrand));
sl@0	556
sl@0	557	if (bio_c_out == NULL)
sl@0	558	{
sl@0	559	if (c_quiet && !c_debug && !c_msg)
sl@0	560	{
sl@0	561	bio_c_out=BIO_new(BIO_s_null());
sl@0	562	}
sl@0	563	else
sl@0	564	{
sl@0	565	if (bio_c_out == NULL)
sl@0	566	bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
sl@0	567
sl@0	568	}
sl@0	569	}
sl@0	570
sl@0	571	ctx=SSL_CTX_new(meth);
sl@0	572	if (ctx == NULL)
sl@0	573	{
sl@0	574	ERR_print_errors(bio_err);
sl@0	575	goto end;
sl@0	576	}
sl@0	577
sl@0	578	if (bugs)
sl@0	579	SSL_CTX_set_options(ctx,SSL_OP_ALL\|off);
sl@0	580	else
sl@0	581	SSL_CTX_set_options(ctx,off);
sl@0	582	/* DTLS: partial reads end up discarding unread UDP bytes :-(
sl@0	583	* Setting read ahead solves this problem.
sl@0	584	*/
sl@0	585	if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
sl@0	586
sl@0	587	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
sl@0	588	if (cipher != NULL)
sl@0	589	if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
sl@0	590	BIO_printf(bio_err,"error setting cipher list\n");
sl@0	591	ERR_print_errors(bio_err);
sl@0	592	goto end;
sl@0	593	}
sl@0	594	#if 0
sl@0	595	else
sl@0	596	SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
sl@0	597	#endif
sl@0	598
sl@0	599	SSL_CTX_set_verify(ctx,verify,verify_callback);
sl@0	600	if (!set_cert_key_stuff(ctx,cert,key))
sl@0	601	goto end;
sl@0	602
sl@0	603	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|
sl@0	604	(!SSL_CTX_set_default_verify_paths(ctx)))
sl@0	605	{
sl@0	606	/* BIO_printf(bio_err,"error setting default verify locations\n"); */
sl@0	607	ERR_print_errors(bio_err);
sl@0	608	/* goto end; */
sl@0	609	}
sl@0	610
sl@0	611	store = SSL_CTX_get_cert_store(ctx);
sl@0	612	X509_STORE_set_flags(store, vflags);
sl@0	613
sl@0	614	con=SSL_new(ctx);
sl@0	615	#ifndef OPENSSL_NO_KRB5
sl@0	616	if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
sl@0	617	{
sl@0	618	kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
sl@0	619	}
sl@0	620	#endif /* OPENSSL_NO_KRB5 */
sl@0	621	/* SSL_set_cipher_list(con,"RC4-MD5"); */
sl@0	622
sl@0	623	re_start:
sl@0	624
sl@0	625	if (init_client(&s,host,port,sock_type) == 0)
sl@0	626	{
sl@0	627	BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
sl@0	628	SHUTDOWN(s);
sl@0	629	goto end;
sl@0	630	}
sl@0	631	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
sl@0	632
sl@0	633	#ifdef FIONBIO
sl@0	634	if (c_nbio)
sl@0	635	{
sl@0	636	unsigned long l=1;
sl@0	637	BIO_printf(bio_c_out,"turning on non blocking io\n");
sl@0	638	if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
sl@0	639	{
sl@0	640	ERR_print_errors(bio_err);
sl@0	641	goto end;
sl@0	642	}
sl@0	643	}
sl@0	644	#endif
sl@0	645	if (c_Pause & 0x01) con->debug=1;
sl@0	646
sl@0	647	if ( SSL_version(con) == DTLS1_VERSION)
sl@0	648	{
sl@0	649	struct timeval timeout;
sl@0	650
sl@0	651	sbio=BIO_new_dgram(s,BIO_NOCLOSE);
sl@0	652	if (getsockname(s, &peer, (void *)&peerlen) < 0)
sl@0	653	{
sl@0	654	BIO_printf(bio_err, "getsockname:errno=%d\n",
sl@0	655	get_last_socket_error());
sl@0	656	SHUTDOWN(s);
sl@0	657	goto end;
sl@0	658	}
sl@0	659
sl@0	660	BIO_ctrl_set_connected(sbio, 1, &peer);
sl@0	661
sl@0	662	if ( enable_timeouts)
sl@0	663	{
sl@0	664	timeout.tv_sec = 0;
sl@0	665	timeout.tv_usec = DGRAM_RCV_TIMEOUT;
sl@0	666	BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
sl@0	667
sl@0	668	timeout.tv_sec = 0;
sl@0	669	timeout.tv_usec = DGRAM_SND_TIMEOUT;
sl@0	670	BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
sl@0	671	}
sl@0	672
sl@0	673	if ( mtu > 0)
sl@0	674	{
sl@0	675	SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
sl@0	676	SSL_set_mtu(con, mtu);
sl@0	677	}
sl@0	678	else
sl@0	679	/* want to do MTU discovery */
sl@0	680	BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
sl@0	681	}
sl@0	682	else
sl@0	683	sbio=BIO_new_socket(s,BIO_NOCLOSE);
sl@0	684
sl@0	685
sl@0	686
sl@0	687	if (nbio_test)
sl@0	688	{
sl@0	689	BIO *test;
sl@0	690
sl@0	691	test=BIO_new(BIO_f_nbio_test());
sl@0	692	sbio=BIO_push(test,sbio);
sl@0	693	}
sl@0	694
sl@0	695	if (c_debug)
sl@0	696	{
sl@0	697	con->debug=1;
sl@0	698	BIO_set_callback(sbio,bio_dump_callback);
sl@0	699	BIO_set_callback_arg(sbio,(char*)bio_c_out);
sl@0	700	}
sl@0	701	if (c_msg)
sl@0	702	{
sl@0	703	SSL_set_msg_callback(con, msg_cb);
sl@0	704	SSL_set_msg_callback_arg(con, bio_c_out);
sl@0	705	}
sl@0	706
sl@0	707	SSL_set_bio(con,sbio,sbio);
sl@0	708	SSL_set_connect_state(con);
sl@0	709
sl@0	710	/* ok, lets connect */
sl@0	711	width=SSL_get_fd(con)+1;
sl@0	712
sl@0	713	read_tty=1;
sl@0	714	write_tty=0;
sl@0	715	tty_on=0;
sl@0	716	read_ssl=1;
sl@0	717	write_ssl=1;
sl@0	718
sl@0	719	cbuf_len=0;
sl@0	720	cbuf_off=0;
sl@0	721	sbuf_len=0;
sl@0	722	sbuf_off=0;
sl@0	723
sl@0	724	/* This is an ugly hack that does a lot of assumptions */
sl@0	725	if (starttls_proto == 1)
sl@0	726	{
sl@0	727	BIO_read(sbio,mbuf,BUFSIZZ);
sl@0	728	BIO_printf(sbio,"STARTTLS\r\n");
sl@0	729	BIO_read(sbio,sbuf,BUFSIZZ);
sl@0	730	}
sl@0	731	if (starttls_proto == 2)
sl@0	732	{
sl@0	733	BIO_read(sbio,mbuf,BUFSIZZ);
sl@0	734	BIO_printf(sbio,"STLS\r\n");
sl@0	735	BIO_read(sbio,sbuf,BUFSIZZ);
sl@0	736	}
sl@0	737
sl@0	738	for (;;)
sl@0	739	{
sl@0	740	FD_ZERO(&readfds);
sl@0	741	FD_ZERO(&writefds);
sl@0	742
sl@0	743	if (SSL_in_init(con) && !SSL_total_renegotiations(con))
sl@0	744	{
sl@0	745	in_init=1;
sl@0	746	tty_on=0;
sl@0	747	}
sl@0	748	else
sl@0	749	{
sl@0	750	tty_on=1;
sl@0	751	if (in_init)
sl@0	752	{
sl@0	753	in_init=0;
sl@0	754	print_stuff(bio_c_out,con,full_log);
sl@0	755	if (full_log > 0) full_log--;
sl@0	756
sl@0	757	if (starttls_proto)
sl@0	758	{
sl@0	759	BIO_printf(bio_err,"%s",mbuf);
sl@0	760	/* We don't need to know any more */
sl@0	761	starttls_proto = 0;
sl@0	762	}
sl@0	763
sl@0	764	if (reconnect)
sl@0	765	{
sl@0	766	reconnect--;
sl@0	767	BIO_printf(bio_c_out,"drop connection and then reconnect\n");
sl@0	768	SSL_shutdown(con);
sl@0	769	SSL_set_connect_state(con);
sl@0	770	SHUTDOWN(SSL_get_fd(con));
sl@0	771	goto re_start;
sl@0	772	}
sl@0	773	}
sl@0	774	}
sl@0	775
sl@0	776	ssl_pending = read_ssl && SSL_pending(con);
sl@0	777
sl@0	778	if (!ssl_pending)
sl@0	779	{
sl@0	780	#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
sl@0	781	if (tty_on)
sl@0	782	{
sl@0	783	if (read_tty) FD_SET(fileno(stdin),&readfds);
sl@0	784	if (write_tty) FD_SET(fileno(stdout),&writefds);
sl@0	785
sl@0	786	}
sl@0	787	if (read_ssl)
sl@0	788	FD_SET(SSL_get_fd(con),&readfds);
sl@0	789	if (write_ssl)
sl@0	790	FD_SET(SSL_get_fd(con),&writefds);
sl@0	791	#else
sl@0	792	if(!tty_on \|\| !write_tty) {
sl@0	793	if (read_ssl)
sl@0	794	FD_SET(SSL_get_fd(con),&readfds);
sl@0	795	if (write_ssl)
sl@0	796	FD_SET(SSL_get_fd(con),&writefds);
sl@0	797	}
sl@0	798	#endif
sl@0	799	/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
sl@0	800	tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
sl@0	801
sl@0	802	/* Note: under VMS with SOCKETSHR the second parameter
sl@0	803	* is currently of type (int *) whereas under other
sl@0	804	* systems it is (void *) if you don't have a cast it
sl@0	805	* will choke the compiler: if you do have a cast then
sl@0	806	* you can either go for (int ) or (void ).
sl@0	807	*/
sl@0	808	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS)
sl@0	809	/* Under Windows/DOS we make the assumption that we can
sl@0	810	* always write to the tty: therefore if we need to
sl@0	811	* write to the tty we just fall through. Otherwise
sl@0	812	* we timeout the select every second and see if there
sl@0	813	* are any keypresses. Note: this is a hack, in a proper
sl@0	814	* Windows application we wouldn't do this.
sl@0	815	*/
sl@0	816	i=0;
sl@0	817	if(!write_tty) {
sl@0	818	if(read_tty) {
sl@0	819	tv.tv_sec = 1;
sl@0	820	tv.tv_usec = 0;
sl@0	821	i=select(width,(void )&readfds,(void )&writefds,
sl@0	822	NULL,&tv);
sl@0	823	#if defined(OPENSSL_SYS_WINCE) \|\| defined(OPENSSL_SYS_MSDOS)
sl@0	824	if(!i && (!_kbhit() \|\| !read_tty) ) continue;
sl@0	825	#else
sl@0	826	if(!i && (!((_kbhit()) \|\| (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) \|\| !read_tty) ) continue;
sl@0	827	#endif
sl@0	828	} else i=select(width,(void )&readfds,(void )&writefds,
sl@0	829	NULL,NULL);
sl@0	830	}
sl@0	831	#elif defined(OPENSSL_SYS_NETWARE)
sl@0	832	if(!write_tty) {
sl@0	833	if(read_tty) {
sl@0	834	tv.tv_sec = 1;
sl@0	835	tv.tv_usec = 0;
sl@0	836	i=select(width,(void )&readfds,(void )&writefds,
sl@0	837	NULL,&tv);
sl@0	838	} else i=select(width,(void )&readfds,(void )&writefds,
sl@0	839	NULL,NULL);
sl@0	840	}
sl@0	841	#else
sl@0	842	i=select(width,(void )&readfds,(void )&writefds,
sl@0	843	NULL,NULL);
sl@0	844	#endif
sl@0	845	if ( i < 0)
sl@0	846	{
sl@0	847	BIO_printf(bio_err,"bad select %d\n",
sl@0	848	get_last_socket_error());
sl@0	849	goto shut;
sl@0	850	/* goto end; */
sl@0	851	}
sl@0	852	}
sl@0	853
sl@0	854	if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
sl@0	855	{
sl@0	856	k=SSL_write(con,&(cbuf[cbuf_off]),
sl@0	857	(unsigned int)cbuf_len);
sl@0	858	switch (SSL_get_error(con,k))
sl@0	859	{
sl@0	860	case SSL_ERROR_NONE:
sl@0	861	cbuf_off+=k;
sl@0	862	cbuf_len-=k;
sl@0	863	if (k <= 0) goto end;
sl@0	864	/* we have done a write(con,NULL,0); */
sl@0	865	if (cbuf_len <= 0)
sl@0	866	{
sl@0	867	read_tty=1;
sl@0	868	write_ssl=0;
sl@0	869	}
sl@0	870	else /* if (cbuf_len > 0) */
sl@0	871	{
sl@0	872	read_tty=0;
sl@0	873	write_ssl=1;
sl@0	874	}
sl@0	875	break;
sl@0	876	case SSL_ERROR_WANT_WRITE:
sl@0	877	BIO_printf(bio_c_out,"write W BLOCK\n");
sl@0	878	write_ssl=1;
sl@0	879	read_tty=0;
sl@0	880	break;
sl@0	881	case SSL_ERROR_WANT_READ:
sl@0	882	BIO_printf(bio_c_out,"write R BLOCK\n");
sl@0	883	write_tty=0;
sl@0	884	read_ssl=1;
sl@0	885	write_ssl=0;
sl@0	886	break;
sl@0	887	case SSL_ERROR_WANT_X509_LOOKUP:
sl@0	888	BIO_printf(bio_c_out,"write X BLOCK\n");
sl@0	889	break;
sl@0	890	case SSL_ERROR_ZERO_RETURN:
sl@0	891	if (cbuf_len != 0)
sl@0	892	{
sl@0	893	BIO_printf(bio_c_out,"shutdown\n");
sl@0	894	goto shut;
sl@0	895	}
sl@0	896	else
sl@0	897	{
sl@0	898	read_tty=1;
sl@0	899	write_ssl=0;
sl@0	900	break;
sl@0	901	}
sl@0	902
sl@0	903	case SSL_ERROR_SYSCALL:
sl@0	904	if ((k != 0) \|\| (cbuf_len != 0))
sl@0	905	{
sl@0	906	BIO_printf(bio_err,"write:errno=%d\n",
sl@0	907	get_last_socket_error());
sl@0	908	goto shut;
sl@0	909	}
sl@0	910	else
sl@0	911	{
sl@0	912	read_tty=1;
sl@0	913	write_ssl=0;
sl@0	914	}
sl@0	915	break;
sl@0	916	case SSL_ERROR_SSL:
sl@0	917	ERR_print_errors(bio_err);
sl@0	918	goto shut;
sl@0	919	}
sl@0	920	}
sl@0	921	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_NETWARE)
sl@0	922	/* Assume Windows/DOS can always write */
sl@0	923	else if (!ssl_pending && write_tty)
sl@0	924	#else
sl@0	925
sl@0	926	else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
sl@0	927
sl@0	928	#endif
sl@0	929	{
sl@0	930	#ifdef CHARSET_EBCDIC
sl@0	931	ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
sl@0	932	#endif
sl@0	933
sl@0	934	i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
sl@0	935
sl@0	936	if (i <= 0)
sl@0	937	{
sl@0	938	BIO_printf(bio_c_out,"DONE\n");
sl@0	939	goto shut;
sl@0	940	/* goto end; */
sl@0	941	}
sl@0	942
sl@0	943	sbuf_len-=i;;
sl@0	944	sbuf_off+=i;
sl@0	945	if (sbuf_len <= 0)
sl@0	946	{
sl@0	947	read_ssl=1;
sl@0	948	write_tty=0;
sl@0	949	}
sl@0	950	}
sl@0	951	else if (ssl_pending \|\| FD_ISSET(SSL_get_fd(con),&readfds))
sl@0	952	{
sl@0	953	#ifdef RENEG
sl@0	954	{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
sl@0	955	#endif
sl@0	956	#if 1
sl@0	957	k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
sl@0	958	#else
sl@0	959	/* Demo for pending and peek :-) */
sl@0	960	k=SSL_read(con,sbuf,16);
sl@0	961	{ char zbuf[10240];
sl@0	962	printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
sl@0	963
sl@0	964	}
sl@0	965	#endif
sl@0	966
sl@0	967	switch (SSL_get_error(con,k))
sl@0	968	{
sl@0	969	case SSL_ERROR_NONE:
sl@0	970	if (k <= 0)
sl@0	971	goto end;
sl@0	972	sbuf_off=0;
sl@0	973	sbuf_len=k;
sl@0	974
sl@0	975	read_ssl=0;
sl@0	976	write_tty=1;
sl@0	977	break;
sl@0	978	case SSL_ERROR_WANT_WRITE:
sl@0	979	BIO_printf(bio_c_out,"read W BLOCK\n");
sl@0	980	write_ssl=1;
sl@0	981	read_tty=0;
sl@0	982	break;
sl@0	983	case SSL_ERROR_WANT_READ:
sl@0	984	BIO_printf(bio_c_out,"read R BLOCK\n");
sl@0	985	write_tty=0;
sl@0	986	read_ssl=1;
sl@0	987	if ((read_tty == 0) && (write_ssl == 0))
sl@0	988	write_ssl=1;
sl@0	989	break;
sl@0	990	case SSL_ERROR_WANT_X509_LOOKUP:
sl@0	991	BIO_printf(bio_c_out,"read X BLOCK\n");
sl@0	992	break;
sl@0	993	case SSL_ERROR_SYSCALL:
sl@0	994	BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
sl@0	995	goto shut;
sl@0	996	case SSL_ERROR_ZERO_RETURN:
sl@0	997	BIO_printf(bio_c_out,"closed\n");
sl@0	998	goto shut;
sl@0	999	case SSL_ERROR_SSL:
sl@0	1000	ERR_print_errors(bio_err);
sl@0	1001	goto shut;
sl@0	1002	/* break; */
sl@0	1003	}
sl@0	1004	}
sl@0	1005
sl@0	1006	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS)
sl@0	1007	#if defined(OPENSSL_SYS_WINCE) \|\| defined(OPENSSL_SYS_MSDOS)
sl@0	1008	else if (_kbhit())
sl@0	1009	#else
sl@0	1010	else if ((_kbhit()) \|\| (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
sl@0	1011	#endif
sl@0	1012	#elif defined (OPENSSL_SYS_NETWARE)
sl@0	1013	else if (_kbhit())
sl@0	1014	#else
sl@0	1015	else if (FD_ISSET(fileno(stdin),&readfds))
sl@0	1016
sl@0	1017	#endif
sl@0	1018	{
sl@0	1019	if (crlf)
sl@0	1020	{
sl@0	1021	int j, lf_num;
sl@0	1022	i=read(fileno(stdin),cbuf,BUFSIZZ/2);
sl@0	1023
sl@0	1024	lf_num = 0;
sl@0	1025	/* both loops are skipped when i <= 0 */
sl@0	1026	for (j = 0; j < i; j++)
sl@0	1027	if (cbuf[j] == '\n')
sl@0	1028	lf_num++;
sl@0	1029	for (j = i-1; j >= 0; j--)
sl@0	1030	{
sl@0	1031	cbuf[j+lf_num] = cbuf[j];
sl@0	1032	if (cbuf[j] == '\n')
sl@0	1033	{
sl@0	1034	lf_num--;
sl@0	1035	i++;
sl@0	1036	cbuf[j+lf_num] = '\r';
sl@0	1037	}
sl@0	1038	}
sl@0	1039	assert(lf_num == 0);
sl@0	1040	}
sl@0	1041	else
sl@0	1042	i=read(fileno(stdin),cbuf,BUFSIZZ);
sl@0	1043
sl@0	1044	if ((!c_ign_eof) && ((i <= 0) \|\| (cbuf[0] == 'Q')))
sl@0	1045	{
sl@0	1046	BIO_printf(bio_err,"DONE\n");
sl@0	1047	goto shut;
sl@0	1048	}
sl@0	1049
sl@0	1050	if ((!c_ign_eof) && (cbuf[0] == 'R'))
sl@0	1051	{
sl@0	1052	BIO_printf(bio_err,"RENEGOTIATING\n");
sl@0	1053	SSL_renegotiate(con);
sl@0	1054	cbuf_len=0;
sl@0	1055	}
sl@0	1056	else
sl@0	1057	{
sl@0	1058	cbuf_len=i;
sl@0	1059	cbuf_off=0;
sl@0	1060	#ifdef CHARSET_EBCDIC
sl@0	1061	ebcdic2ascii(cbuf, cbuf, i);
sl@0	1062	#endif
sl@0	1063	}
sl@0	1064
sl@0	1065	write_ssl=1;
sl@0	1066	read_tty=0;
sl@0	1067	}
sl@0	1068	}
sl@0	1069	shut:
sl@0	1070	SSL_shutdown(con);
sl@0	1071	SHUTDOWN(SSL_get_fd(con));
sl@0	1072	ret=0;
sl@0	1073	end:
sl@0	1074	if(prexit) print_stuff(bio_c_out,con,1);
sl@0	1075	if (con != NULL) SSL_free(con);
sl@0	1076	if (con2 != NULL) SSL_free(con2);
sl@0	1077	if (ctx != NULL) SSL_CTX_free(ctx);
sl@0	1078	if (cert)
sl@0	1079	X509_free(cert);
sl@0	1080	if (key)
sl@0	1081	EVP_PKEY_free(key);
sl@0	1082	if (pass)
sl@0	1083	OPENSSL_free(pass);
sl@0	1084	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
sl@0	1085	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
sl@0	1086	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
sl@0	1087	if (bio_c_out != NULL)
sl@0	1088	{
sl@0	1089	BIO_free(bio_c_out);
sl@0	1090	bio_c_out=NULL;
sl@0	1091	}
sl@0	1092	apps_shutdown();
sl@0	1093	OPENSSL_EXIT(ret);
sl@0	1094	}
sl@0	1095
sl@0	1096
sl@0	1097	static void print_stuff(BIO bio, SSL s, int full)
sl@0	1098	{
sl@0	1099	X509 *peer=NULL;
sl@0	1100	char *p;
sl@0	1101	static const char *space=" ";
sl@0	1102	char buf[BUFSIZ];
sl@0	1103	STACK_OF(X509) *sk;
sl@0	1104	STACK_OF(X509_NAME) *sk2;
sl@0	1105	SSL_CIPHER *c;
sl@0	1106	X509_NAME *xn;
sl@0	1107	int j,i;
sl@0	1108	#ifndef OPENSSL_NO_COMP
sl@0	1109	const COMP_METHOD comp, expansion;
sl@0	1110	#endif
sl@0	1111
sl@0	1112	if (full)
sl@0	1113	{
sl@0	1114	int got_a_chain = 0;
sl@0	1115
sl@0	1116	sk=SSL_get_peer_cert_chain(s);
sl@0	1117	if (sk != NULL)
sl@0	1118	{
sl@0	1119	got_a_chain = 1; /* we don't have it for SSL2 (yet) */
sl@0	1120
sl@0	1121	BIO_printf(bio,"---\nCertificate chain\n");
sl@0	1122	for (i=0; i<sk_X509_num(sk); i++)
sl@0	1123	{
sl@0	1124	X509_NAME_oneline(X509_get_subject_name(
sl@0	1125	sk_X509_value(sk,i)),buf,sizeof buf);
sl@0	1126	BIO_printf(bio,"%2d s:%s\n",i,buf);
sl@0	1127	X509_NAME_oneline(X509_get_issuer_name(
sl@0	1128	sk_X509_value(sk,i)),buf,sizeof buf);
sl@0	1129	BIO_printf(bio," i:%s\n",buf);
sl@0	1130	if (c_showcerts)
sl@0	1131	PEM_write_bio_X509(bio,sk_X509_value(sk,i));
sl@0	1132	}
sl@0	1133	}
sl@0	1134
sl@0	1135	BIO_printf(bio,"---\n");
sl@0	1136	peer=SSL_get_peer_certificate(s);
sl@0	1137	if (peer != NULL)
sl@0	1138	{
sl@0	1139	BIO_printf(bio,"Server certificate\n");
sl@0	1140	if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
sl@0	1141	PEM_write_bio_X509(bio,peer);
sl@0	1142	X509_NAME_oneline(X509_get_subject_name(peer),
sl@0	1143	buf,sizeof buf);
sl@0	1144	BIO_printf(bio,"subject=%s\n",buf);
sl@0	1145	X509_NAME_oneline(X509_get_issuer_name(peer),
sl@0	1146	buf,sizeof buf);
sl@0	1147	BIO_printf(bio,"issuer=%s\n",buf);
sl@0	1148	}
sl@0	1149	else
sl@0	1150	BIO_printf(bio,"no peer certificate available\n");
sl@0	1151
sl@0	1152	sk2=SSL_get_client_CA_list(s);
sl@0	1153	if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
sl@0	1154	{
sl@0	1155	BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
sl@0	1156	for (i=0; i<sk_X509_NAME_num(sk2); i++)
sl@0	1157	{
sl@0	1158	xn=sk_X509_NAME_value(sk2,i);
sl@0	1159	X509_NAME_oneline(xn,buf,sizeof(buf));
sl@0	1160	BIO_write(bio,buf,strlen(buf));
sl@0	1161	BIO_write(bio,"\n",1);
sl@0	1162	}
sl@0	1163	}
sl@0	1164	else
sl@0	1165	{
sl@0	1166	BIO_printf(bio,"---\nNo client certificate CA names sent\n");
sl@0	1167	}
sl@0	1168	p=SSL_get_shared_ciphers(s,buf,sizeof buf);
sl@0	1169	if (p != NULL)
sl@0	1170	{
sl@0	1171	/* This works only for SSL 2. In later protocol
sl@0	1172	* versions, the client does not know what other
sl@0	1173	* ciphers (in addition to the one to be used
sl@0	1174	* in the current connection) the server supports. */
sl@0	1175
sl@0	1176	BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
sl@0	1177	j=i=0;
sl@0	1178	while (*p)
sl@0	1179	{
sl@0	1180	if (*p == ':')
sl@0	1181	{
sl@0	1182	BIO_write(bio,space,15-j%25);
sl@0	1183	i++;
sl@0	1184	j=0;
sl@0	1185	BIO_write(bio,((i%3)?" ":"\n"),1);
sl@0	1186	}
sl@0	1187	else
sl@0	1188	{
sl@0	1189	BIO_write(bio,p,1);
sl@0	1190	j++;
sl@0	1191	}
sl@0	1192	p++;
sl@0	1193	}
sl@0	1194	BIO_write(bio,"\n",1);
sl@0	1195	}
sl@0	1196
sl@0	1197	BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
sl@0	1198	BIO_number_read(SSL_get_rbio(s)),
sl@0	1199	BIO_number_written(SSL_get_wbio(s)));
sl@0	1200	}
sl@0	1201	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
sl@0	1202	c=SSL_get_current_cipher(s);
sl@0	1203	BIO_printf(bio,"%s, Cipher is %s\n",
sl@0	1204	SSL_CIPHER_get_version(c),
sl@0	1205	SSL_CIPHER_get_name(c));
sl@0	1206	if (peer != NULL) {
sl@0	1207	EVP_PKEY *pktmp;
sl@0	1208	pktmp = X509_get_pubkey(peer);
sl@0	1209	BIO_printf(bio,"Server public key is %d bit\n",
sl@0	1210	EVP_PKEY_bits(pktmp));
sl@0	1211	EVP_PKEY_free(pktmp);
sl@0	1212	}
sl@0	1213	#ifndef OPENSSL_NO_COMP
sl@0	1214	comp=SSL_get_current_compression(s);
sl@0	1215	expansion=SSL_get_current_expansion(s);
sl@0	1216	BIO_printf(bio,"Compression: %s\n",
sl@0	1217	comp ? SSL_COMP_get_name(comp) : "NONE");
sl@0	1218	BIO_printf(bio,"Expansion: %s\n",
sl@0	1219	expansion ? SSL_COMP_get_name(expansion) : "NONE");
sl@0	1220	#endif
sl@0	1221	SSL_SESSION_print(bio,SSL_get_session(s));
sl@0	1222	BIO_printf(bio,"---\n");
sl@0	1223	if (peer != NULL)
sl@0	1224	X509_free(peer);
sl@0	1225	/* flush, or debugging output gets mixed with http response */
sl@0	1226	BIO_flush(bio);
sl@0	1227	}
sl@0	1228

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--