Symaptic: os/ossrv/ssl/tsrc/topenssl/src/s_client.c@bde4ae8d615e (annotated)

sl@0	1	/* apps/s_client.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58	/* ====================================================================
sl@0	59	* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
sl@0	60	*
sl@0	61	* Redistribution and use in source and binary forms, with or without
sl@0	62	* modification, are permitted provided that the following conditions
sl@0	63	* are met:
sl@0	64	*
sl@0	65	* 1. Redistributions of source code must retain the above copyright
sl@0	66	* notice, this list of conditions and the following disclaimer.
sl@0	67	*
sl@0	68	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	69	* notice, this list of conditions and the following disclaimer in
sl@0	70	* the documentation and/or other materials provided with the
sl@0	71	* distribution.
sl@0	72	*
sl@0	73	* 3. All advertising materials mentioning features or use of this
sl@0	74	* software must display the following acknowledgment:
sl@0	75	* "This product includes software developed by the OpenSSL Project
sl@0	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
sl@0	77	*
sl@0	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	79	* endorse or promote products derived from this software without
sl@0	80	* prior written permission. For written permission, please contact
sl@0	81	* openssl-core@openssl.org.
sl@0	82	*
sl@0	83	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	84	* nor may "OpenSSL" appear in their names without prior written
sl@0	85	* permission of the OpenSSL Project.
sl@0	86	*
sl@0	87	* 6. Redistributions of any form whatsoever must retain the following
sl@0	88	* acknowledgment:
sl@0	89	* "This product includes software developed by the OpenSSL Project
sl@0	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
sl@0	91	*
sl@0	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	104	* ====================================================================
sl@0	105	*
sl@0	106	* This product includes cryptographic software written by Eric Young
sl@0	107	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	108	* Hudson (tjh@cryptsoft.com).
sl@0	109	*
sl@0	110	*/
sl@0	111
sl@0	112	#include <assert.h>
sl@0	113	#include <stdio.h>
sl@0	114	#include <stdlib.h>
sl@0	115	#include <string.h>
sl@0	116	#include <sys/select.h>
sl@0	117	#include <openssl/e_os2.h>
sl@0	118	#ifdef OPENSSL_NO_STDIO
sl@0	119	#define APPS_WIN16
sl@0	120	#endif
sl@0	121
sl@0	122	/* With IPv6, it looks like Digital has mixed up the proper order of
sl@0	123	recursive header file inclusion, resulting in the compiler complaining
sl@0	124	that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
sl@0	125	is needed to have fileno() declared correctly... So let's define u_int */
sl@0	126	#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
sl@0	127	#define __U_INT
sl@0	128	typedef unsigned int u_int;
sl@0	129	#endif
sl@0	130
sl@0	131	#define USE_SOCKETS
sl@0	132	#include "apps.h"
sl@0	133	#include <openssl/x509.h>
sl@0	134	#include <openssl/ssl.h>
sl@0	135	#include <openssl/err.h>
sl@0	136	#include <openssl/pem.h>
sl@0	137	#include <openssl/rand.h>
sl@0	138	#include "s_apps.h"
sl@0	139	#include "timeouts.h"
sl@0	140
sl@0	141	#ifdef OPENSSL_SYS_WINCE
sl@0	142	/* Windows CE incorrectly defines fileno as returning void, so to avoid problems below... /
sl@0	143	#ifdef fileno
sl@0	144	#undef fileno
sl@0	145	#endif
sl@0	146	#define fileno(a) (int)_fileno(a)
sl@0	147	#endif
sl@0	148
sl@0	149
sl@0	150	#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
sl@0	151	/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
sl@0	152	#undef FIONBIO
sl@0	153	#endif
sl@0	154
sl@0	155	#undef PROG
sl@0	156	#define PROG s_client_main
sl@0	157
sl@0	158	/#define SSL_HOST_NAME "www.netscape.com" /
sl@0	159	/#define SSL_HOST_NAME "193.118.187.102" /
sl@0	160	#define SSL_HOST_NAME "localhost"
sl@0	161
sl@0	162	/#define TEST_CERT "client.pem" / /* no default cert. */
sl@0	163
sl@0	164	#undef BUFSIZZ
sl@0	165	#define BUFSIZZ 1024*8
sl@0	166
sl@0	167	extern int verify_depth;
sl@0	168	extern int verify_error;
sl@0	169
sl@0	170	#ifdef FIONBIO
sl@0	171	static int c_nbio=0;
sl@0	172	#endif
sl@0	173	static int c_Pause=0;
sl@0	174	static int c_debug=0;
sl@0	175	static int c_msg=0;
sl@0	176	static int c_showcerts=0;
sl@0	177
sl@0	178	static void sc_usage(void);
sl@0	179	static void print_stuff(BIO berr,SSL con,int full);
sl@0	180	static BIO *bio_c_out=NULL;
sl@0	181	static int c_quiet=0;
sl@0	182	static int c_ign_eof=0;
sl@0	183
sl@0	184
sl@0	185	static void sc_usage(void)
sl@0	186	{
sl@0	187	BIO_printf(bio_err,"usage: s_client args\n");
sl@0	188	BIO_printf(bio_err,"\n");
sl@0	189	BIO_printf(bio_err," -host host - use -connect instead\n");
sl@0	190	BIO_printf(bio_err," -port port - use -connect instead\n");
sl@0	191	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
sl@0	192
sl@0	193	BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
sl@0	194	BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
sl@0	195	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
sl@0	196	BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
sl@0	197	BIO_printf(bio_err," not specified but cert file is.\n");
sl@0	198	BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
sl@0	199	BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
sl@0	200	BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
sl@0	201	BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
sl@0	202	BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
sl@0	203	BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
sl@0	204	BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
sl@0	205	BIO_printf(bio_err," -debug - extra output\n");
sl@0	206	#ifdef WATT32
sl@0	207	BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
sl@0	208	#endif
sl@0	209	BIO_printf(bio_err," -msg - Show protocol messages\n");
sl@0	210	BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
sl@0	211	BIO_printf(bio_err," -state - print the 'ssl' states\n");
sl@0	212	#ifdef FIONBIO
sl@0	213	BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
sl@0	214	#endif
sl@0	215	BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
sl@0	216	BIO_printf(bio_err," -quiet - no s_client output\n");
sl@0	217	BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
sl@0	218	BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
sl@0	219	BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
sl@0	220	BIO_printf(bio_err," -tls1 - just use TLSv1\n");
sl@0	221	BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
sl@0	222	BIO_printf(bio_err," -mtu - set the MTU\n");
sl@0	223	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
sl@0	224	BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
sl@0	225	BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
sl@0	226	BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
sl@0	227	BIO_printf(bio_err," command to see what is available\n");
sl@0	228	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
sl@0	229	BIO_printf(bio_err," for those protocols that support it, where\n");
sl@0	230	BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
sl@0	231	BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
sl@0	232	#ifndef OPENSSL_NO_ENGINE
sl@0	233	BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
sl@0	234	#endif
sl@0	235	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
sl@0	236	BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
sl@0	237	BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
sl@0	238	}
sl@0	239
sl@0	240	enum
sl@0	241	{
sl@0	242	PROTO_OFF = 0,
sl@0	243	PROTO_SMTP,
sl@0	244	PROTO_POP3,
sl@0	245	PROTO_IMAP,
sl@0	246	PROTO_FTP
sl@0	247	};
sl@0	248
sl@0	249	int MAIN(int, char **);
sl@0	250
sl@0	251	int MAIN(int argc, char **argv)
sl@0	252	{
sl@0	253	int off=0;
sl@0	254	SSL con=NULL,con2=NULL;
sl@0	255	X509_STORE *store = NULL;
sl@0	256	int s,k,width,state=0;
sl@0	257	char cbuf=NULL,sbuf=NULL,*mbuf=NULL;
sl@0	258	int cbuf_len,cbuf_off;
sl@0	259	int sbuf_len,sbuf_off;
sl@0	260	fd_set readfds,writefds;
sl@0	261	short port=PORT;
sl@0	262	int full_log=1;
sl@0	263	char *host=SSL_HOST_NAME;
sl@0	264	char cert_file=NULL,key_file=NULL;
sl@0	265	int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
sl@0	266	char passarg = NULL, pass = NULL;
sl@0	267	X509 *cert = NULL;
sl@0	268	EVP_PKEY *key = NULL;
sl@0	269	char CApath=NULL,CAfile=NULL,*cipher=NULL;
sl@0	270	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
sl@0	271	int crlf=0;
sl@0	272	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
sl@0	273	SSL_CTX *ctx=NULL;
sl@0	274	int ret=1,in_init=1,i,nbio_test=0;
sl@0	275	int starttls_proto = PROTO_OFF;
sl@0	276	int prexit = 0, vflags = 0;
sl@0	277	SSL_METHOD *meth=NULL;
sl@0	278	#ifdef sock_type
sl@0	279	#undef sock_type
sl@0	280	#endif
sl@0	281	int sock_type=SOCK_STREAM;
sl@0	282	BIO *sbio;
sl@0	283	char *inrand=NULL;
sl@0	284	int mbuf_len=0;
sl@0	285	#ifndef OPENSSL_NO_ENGINE
sl@0	286	char *engine_id=NULL;
sl@0	287	ENGINE *e=NULL;
sl@0	288	#endif
sl@0	289	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_NETWARE)
sl@0	290	struct timeval tv;
sl@0	291	#endif
sl@0	292
sl@0	293	char *sess_in = NULL;
sl@0	294	char *sess_out = NULL;
sl@0	295	struct sockaddr peer;
sl@0	296	int peerlen = sizeof(peer);
sl@0	297	int enable_timeouts = 0 ;
sl@0	298	long mtu = 0;
sl@0	299
sl@0	300	#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
sl@0	301	meth=SSLv23_client_method();
sl@0	302	#elif !defined(OPENSSL_NO_SSL3)
sl@0	303	meth=SSLv3_client_method();
sl@0	304	#elif !defined(OPENSSL_NO_SSL2)
sl@0	305	meth=SSLv2_client_method();
sl@0	306	#endif
sl@0	307
sl@0	308	apps_startup();
sl@0	309	c_Pause=0;
sl@0	310	c_quiet=0;
sl@0	311	c_ign_eof=0;
sl@0	312	c_debug=0;
sl@0	313	c_msg=0;
sl@0	314	c_showcerts=0;
sl@0	315
sl@0	316	if (bio_err == NULL)
sl@0	317	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
sl@0	318
sl@0	319	if (!load_config(bio_err, NULL))
sl@0	320	goto end;
sl@0	321
sl@0	322	if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) \|\|
sl@0	323	((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) \|\|
sl@0	324	((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
sl@0	325	{
sl@0	326	BIO_printf(bio_err,"out of memory\n");
sl@0	327	goto end;
sl@0	328	}
sl@0	329
sl@0	330	verify_depth=0;
sl@0	331	verify_error=X509_V_OK;
sl@0	332	#ifdef FIONBIO
sl@0	333	c_nbio=0;
sl@0	334	#endif
sl@0	335
sl@0	336	argc--;
sl@0	337	argv++;
sl@0	338	while (argc >= 1)
sl@0	339	{
sl@0	340	if (strcmp(*argv,"-host") == 0)
sl@0	341	{
sl@0	342	if (--argc < 1) goto bad;
sl@0	343	host= *(++argv);
sl@0	344	}
sl@0	345	else if (strcmp(*argv,"-port") == 0)
sl@0	346	{
sl@0	347	if (--argc < 1) goto bad;
sl@0	348	port=atoi(*(++argv));
sl@0	349	if (port == 0) goto bad;
sl@0	350	}
sl@0	351	else if (strcmp(*argv,"-connect") == 0)
sl@0	352	{
sl@0	353	if (--argc < 1) goto bad;
sl@0	354	if (!extract_host_port(*(++argv),&host,NULL,&port))
sl@0	355	goto bad;
sl@0	356	}
sl@0	357	else if (strcmp(*argv,"-verify") == 0)
sl@0	358	{
sl@0	359	verify=SSL_VERIFY_PEER;
sl@0	360	if (--argc < 1) goto bad;
sl@0	361	verify_depth=atoi(*(++argv));
sl@0	362	BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
sl@0	363	}
sl@0	364	else if (strcmp(*argv,"-cert") == 0)
sl@0	365	{
sl@0	366	if (--argc < 1) goto bad;
sl@0	367	cert_file= *(++argv);
sl@0	368	}
sl@0	369	else if (strcmp(*argv,"-sess_out") == 0)
sl@0	370	{
sl@0	371	if (--argc < 1) goto bad;
sl@0	372	sess_out = *(++argv);
sl@0	373	}
sl@0	374	else if (strcmp(*argv,"-sess_in") == 0)
sl@0	375	{
sl@0	376	if (--argc < 1) goto bad;
sl@0	377	sess_in = *(++argv);
sl@0	378	}
sl@0	379	else if (strcmp(*argv,"-certform") == 0)
sl@0	380	{
sl@0	381	if (--argc < 1) goto bad;
sl@0	382	cert_format = str2fmt(*(++argv));
sl@0	383	}
sl@0	384	else if (strcmp(*argv,"-crl_check") == 0)
sl@0	385	vflags \|= X509_V_FLAG_CRL_CHECK;
sl@0	386	else if (strcmp(*argv,"-crl_check_all") == 0)
sl@0	387	vflags \|= X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_ALL;
sl@0	388	else if (strcmp(*argv,"-prexit") == 0)
sl@0	389	prexit=1;
sl@0	390	else if (strcmp(*argv,"-crlf") == 0)
sl@0	391	crlf=1;
sl@0	392	else if (strcmp(*argv,"-quiet") == 0)
sl@0	393	{
sl@0	394	c_quiet=1;
sl@0	395	c_ign_eof=1;
sl@0	396	}
sl@0	397	else if (strcmp(*argv,"-ign_eof") == 0)
sl@0	398	c_ign_eof=1;
sl@0	399	else if (strcmp(*argv,"-pause") == 0)
sl@0	400	c_Pause=1;
sl@0	401	else if (strcmp(*argv,"-debug") == 0)
sl@0	402	c_debug=1;
sl@0	403	#ifdef WATT32
sl@0	404	else if (strcmp(*argv,"-wdebug") == 0)
sl@0	405	dbug_init();
sl@0	406	#endif
sl@0	407	else if (strcmp(*argv,"-msg") == 0)
sl@0	408	c_msg=1;
sl@0	409	else if (strcmp(*argv,"-showcerts") == 0)
sl@0	410	c_showcerts=1;
sl@0	411	else if (strcmp(*argv,"-nbio_test") == 0)
sl@0	412	nbio_test=1;
sl@0	413	else if (strcmp(*argv,"-state") == 0)
sl@0	414	state=1;
sl@0	415	#ifndef OPENSSL_NO_SSL2
sl@0	416	else if (strcmp(*argv,"-ssl2") == 0)
sl@0	417	meth=SSLv2_client_method();
sl@0	418	#endif
sl@0	419	#ifndef OPENSSL_NO_SSL3
sl@0	420	else if (strcmp(*argv,"-ssl3") == 0)
sl@0	421	meth=SSLv3_client_method();
sl@0	422	#endif
sl@0	423	#ifndef OPENSSL_NO_TLS1
sl@0	424	else if (strcmp(*argv,"-tls1") == 0)
sl@0	425	meth=TLSv1_client_method();
sl@0	426	#endif
sl@0	427	#ifndef OPENSSL_NO_DTLS1
sl@0	428	else if (strcmp(*argv,"-dtls1") == 0)
sl@0	429	{
sl@0	430	meth=DTLSv1_client_method();
sl@0	431	sock_type=SOCK_DGRAM;
sl@0	432	}
sl@0	433	else if (strcmp(*argv,"-timeout") == 0)
sl@0	434	enable_timeouts=1;
sl@0	435	else if (strcmp(*argv,"-mtu") == 0)
sl@0	436	{
sl@0	437	if (--argc < 1) goto bad;
sl@0	438	mtu = atol(*(++argv));
sl@0	439	}
sl@0	440	#endif
sl@0	441	else if (strcmp(*argv,"-bugs") == 0)
sl@0	442	bugs=1;
sl@0	443	else if (strcmp(*argv,"-keyform") == 0)
sl@0	444	{
sl@0	445	if (--argc < 1) goto bad;
sl@0	446	key_format = str2fmt(*(++argv));
sl@0	447	}
sl@0	448	else if (strcmp(*argv,"-pass") == 0)
sl@0	449	{
sl@0	450	if (--argc < 1) goto bad;
sl@0	451	passarg = *(++argv);
sl@0	452	}
sl@0	453	else if (strcmp(*argv,"-key") == 0)
sl@0	454	{
sl@0	455	if (--argc < 1) goto bad;
sl@0	456	key_file= *(++argv);
sl@0	457	}
sl@0	458	else if (strcmp(*argv,"-reconnect") == 0)
sl@0	459	{
sl@0	460	reconnect=5;
sl@0	461	}
sl@0	462	else if (strcmp(*argv,"-CApath") == 0)
sl@0	463	{
sl@0	464	if (--argc < 1) goto bad;
sl@0	465	CApath= *(++argv);
sl@0	466	}
sl@0	467	else if (strcmp(*argv,"-CAfile") == 0)
sl@0	468	{
sl@0	469	if (--argc < 1) goto bad;
sl@0	470	CAfile= *(++argv);
sl@0	471	}
sl@0	472	else if (strcmp(*argv,"-no_tls1") == 0)
sl@0	473	off\|=SSL_OP_NO_TLSv1;
sl@0	474	else if (strcmp(*argv,"-no_ssl3") == 0)
sl@0	475	off\|=SSL_OP_NO_SSLv3;
sl@0	476	else if (strcmp(*argv,"-no_ssl2") == 0)
sl@0	477	off\|=SSL_OP_NO_SSLv2;
sl@0	478	else if (strcmp(*argv,"-serverpref") == 0)
sl@0	479	off\|=SSL_OP_CIPHER_SERVER_PREFERENCE;
sl@0	480	else if (strcmp(*argv,"-cipher") == 0)
sl@0	481	{
sl@0	482	if (--argc < 1) goto bad;
sl@0	483	cipher= *(++argv);
sl@0	484	}
sl@0	485	#ifdef FIONBIO
sl@0	486	else if (strcmp(*argv,"-nbio") == 0)
sl@0	487	{ c_nbio=1; }
sl@0	488	#endif
sl@0	489	else if (strcmp(*argv,"-starttls") == 0)
sl@0	490	{
sl@0	491	if (--argc < 1) goto bad;
sl@0	492	++argv;
sl@0	493	if (strcmp(*argv,"smtp") == 0)
sl@0	494	starttls_proto = PROTO_SMTP;
sl@0	495	else if (strcmp(*argv,"pop3") == 0)
sl@0	496	starttls_proto = PROTO_POP3;
sl@0	497	else if (strcmp(*argv,"imap") == 0)
sl@0	498	starttls_proto = PROTO_IMAP;
sl@0	499	else if (strcmp(*argv,"ftp") == 0)
sl@0	500	starttls_proto = PROTO_FTP;
sl@0	501	else
sl@0	502	goto bad;
sl@0	503	}
sl@0	504	#ifndef OPENSSL_NO_ENGINE
sl@0	505	else if (strcmp(*argv,"-engine") == 0)
sl@0	506	{
sl@0	507	if (--argc < 1) goto bad;
sl@0	508	engine_id = *(++argv);
sl@0	509	}
sl@0	510	#endif
sl@0	511	else if (strcmp(*argv,"-rand") == 0)
sl@0	512	{
sl@0	513	if (--argc < 1) goto bad;
sl@0	514	inrand= *(++argv);
sl@0	515	}
sl@0	516
sl@0	517	else
sl@0	518	{
sl@0	519	BIO_printf(bio_err,"unknown option %s\n",*argv);
sl@0	520	badop=1;
sl@0	521	break;
sl@0	522	}
sl@0	523	argc--;
sl@0	524	argv++;
sl@0	525	}
sl@0	526	if (badop)
sl@0	527	{
sl@0	528	bad:
sl@0	529	sc_usage();
sl@0	530	goto end;
sl@0	531	}
sl@0	532
sl@0	533	OpenSSL_add_ssl_algorithms();
sl@0	534	SSL_load_error_strings();
sl@0	535
sl@0	536	#ifndef OPENSSL_NO_ENGINE
sl@0	537	e = setup_engine(bio_err, engine_id, 1);
sl@0	538	#endif
sl@0	539	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
sl@0	540	{
sl@0	541	BIO_printf(bio_err, "Error getting password\n");
sl@0	542	goto end;
sl@0	543	}
sl@0	544
sl@0	545	if (key_file == NULL)
sl@0	546	key_file = cert_file;
sl@0	547
sl@0	548
sl@0	549	if (key_file)
sl@0	550
sl@0	551	{
sl@0	552
sl@0	553	key = load_key(bio_err, key_file, key_format, 0, pass, e,
sl@0	554	"client certificate private key file");
sl@0	555	if (!key)
sl@0	556	{
sl@0	557	ERR_print_errors(bio_err);
sl@0	558	goto end;
sl@0	559	}
sl@0	560
sl@0	561	}
sl@0	562
sl@0	563	if (cert_file)
sl@0	564
sl@0	565	{
sl@0	566	cert = load_cert(bio_err,cert_file,cert_format,
sl@0	567	NULL, e, "client certificate file");
sl@0	568
sl@0	569	if (!cert)
sl@0	570	{
sl@0	571	ERR_print_errors(bio_err);
sl@0	572	goto end;
sl@0	573	}
sl@0	574	}
sl@0	575
sl@0	576	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
sl@0	577	&& !RAND_status())
sl@0	578	{
sl@0	579	BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
sl@0	580	}
sl@0	581	if (inrand != NULL)
sl@0	582	BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
sl@0	583	app_RAND_load_files(inrand));
sl@0	584
sl@0	585	if (bio_c_out == NULL)
sl@0	586	{
sl@0	587	if (c_quiet && !c_debug && !c_msg)
sl@0	588	{
sl@0	589	bio_c_out=BIO_new(BIO_s_null());
sl@0	590	}
sl@0	591	else
sl@0	592	{
sl@0	593	if (bio_c_out == NULL)
sl@0	594	bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
sl@0	595
sl@0	596	}
sl@0	597	}
sl@0	598
sl@0	599	ctx=SSL_CTX_new(meth);
sl@0	600	if (ctx == NULL)
sl@0	601	{
sl@0	602	ERR_print_errors(bio_err);
sl@0	603	goto end;
sl@0	604	}
sl@0	605
sl@0	606	if (bugs)
sl@0	607	SSL_CTX_set_options(ctx,SSL_OP_ALL\|off);
sl@0	608	else
sl@0	609	SSL_CTX_set_options(ctx,off);
sl@0	610	/* DTLS: partial reads end up discarding unread UDP bytes :-(
sl@0	611	* Setting read ahead solves this problem.
sl@0	612	*/
sl@0	613	if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
sl@0	614
sl@0	615	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
sl@0	616	if (cipher != NULL)
sl@0	617	if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
sl@0	618	BIO_printf(bio_err,"error setting cipher list\n");
sl@0	619	ERR_print_errors(bio_err);
sl@0	620	goto end;
sl@0	621	}
sl@0	622	#if 0
sl@0	623	else
sl@0	624	SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
sl@0	625	#endif
sl@0	626
sl@0	627	SSL_CTX_set_verify(ctx,verify,verify_callback);
sl@0	628	if (!set_cert_key_stuff(ctx,cert,key))
sl@0	629	goto end;
sl@0	630
sl@0	631	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|
sl@0	632	(!SSL_CTX_set_default_verify_paths(ctx)))
sl@0	633	{
sl@0	634	/* BIO_printf(bio_err,"error setting default verify locations\n"); */
sl@0	635	ERR_print_errors(bio_err);
sl@0	636	/* goto end; */
sl@0	637	}
sl@0	638
sl@0	639	store = SSL_CTX_get_cert_store(ctx);
sl@0	640	X509_STORE_set_flags(store, vflags);
sl@0	641
sl@0	642	con=SSL_new(ctx);
sl@0	643	if (sess_in)
sl@0	644	{
sl@0	645	SSL_SESSION *sess;
sl@0	646	BIO *stmp = BIO_new_file(sess_in, "r");
sl@0	647	if (!stmp)
sl@0	648	{
sl@0	649	BIO_printf(bio_err, "Can't open session file %s\n",
sl@0	650	sess_in);
sl@0	651	ERR_print_errors(bio_err);
sl@0	652	goto end;
sl@0	653	}
sl@0	654	sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
sl@0	655	BIO_free(stmp);
sl@0	656	if (!sess)
sl@0	657	{
sl@0	658	BIO_printf(bio_err, "Can't open session file %s\n",
sl@0	659	sess_in);
sl@0	660	ERR_print_errors(bio_err);
sl@0	661	goto end;
sl@0	662	}
sl@0	663	SSL_set_session(con, sess);
sl@0	664	SSL_SESSION_free(sess);
sl@0	665	}
sl@0	666
sl@0	667	#ifndef OPENSSL_NO_KRB5
sl@0	668	if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
sl@0	669	{
sl@0	670	kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
sl@0	671	}
sl@0	672	#endif /* OPENSSL_NO_KRB5 */
sl@0	673	/* SSL_set_cipher_list(con,"RC4-MD5"); */
sl@0	674
sl@0	675	re_start:
sl@0	676
sl@0	677	if (init_client(&s,host,port,sock_type) == 0)
sl@0	678	{
sl@0	679	BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
sl@0	680	SHUTDOWN(s);
sl@0	681	goto end;
sl@0	682	}
sl@0	683	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
sl@0	684
sl@0	685	#ifdef FIONBIO
sl@0	686	if (c_nbio)
sl@0	687	{
sl@0	688	unsigned long l=1;
sl@0	689	BIO_printf(bio_c_out,"turning on non blocking io\n");
sl@0	690	if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
sl@0	691	{
sl@0	692	ERR_print_errors(bio_err);
sl@0	693	goto end;
sl@0	694	}
sl@0	695	}
sl@0	696	#endif
sl@0	697	if (c_Pause & 0x01) con->debug=1;
sl@0	698
sl@0	699	if ( SSL_version(con) == DTLS1_VERSION)
sl@0	700	{
sl@0	701	struct timeval timeout;
sl@0	702
sl@0	703	sbio=BIO_new_dgram(s,BIO_NOCLOSE);
sl@0	704	if (getsockname(s, &peer, (void *)&peerlen) < 0)
sl@0	705	{
sl@0	706	BIO_printf(bio_err, "getsockname:errno=%d\n",
sl@0	707	get_last_socket_error());
sl@0	708	SHUTDOWN(s);
sl@0	709	goto end;
sl@0	710	}
sl@0	711
sl@0	712	(void)BIO_ctrl_set_connected(sbio, 1, &peer);
sl@0	713
sl@0	714	if ( enable_timeouts)
sl@0	715	{
sl@0	716	timeout.tv_sec = 0;
sl@0	717	timeout.tv_usec = DGRAM_RCV_TIMEOUT;
sl@0	718	BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
sl@0	719
sl@0	720	timeout.tv_sec = 0;
sl@0	721	timeout.tv_usec = DGRAM_SND_TIMEOUT;
sl@0	722	BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
sl@0	723	}
sl@0	724
sl@0	725	if ( mtu > 0)
sl@0	726	{
sl@0	727	SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
sl@0	728	SSL_set_mtu(con, mtu);
sl@0	729	}
sl@0	730	else
sl@0	731	/* want to do MTU discovery */
sl@0	732	BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
sl@0	733	}
sl@0	734	else
sl@0	735	sbio=BIO_new_socket(s,BIO_NOCLOSE);
sl@0	736
sl@0	737
sl@0	738
sl@0	739	if (nbio_test)
sl@0	740	{
sl@0	741	BIO *test;
sl@0	742
sl@0	743	test=BIO_new(BIO_f_nbio_test());
sl@0	744	sbio=BIO_push(test,sbio);
sl@0	745	}
sl@0	746
sl@0	747	if (c_debug)
sl@0	748	{
sl@0	749	con->debug=1;
sl@0	750	BIO_set_callback(sbio,bio_dump_callback);
sl@0	751	BIO_set_callback_arg(sbio,(char *)bio_c_out);
sl@0	752	}
sl@0	753	if (c_msg)
sl@0	754	{
sl@0	755	SSL_set_msg_callback(con, msg_cb);
sl@0	756	SSL_set_msg_callback_arg(con, bio_c_out);
sl@0	757	}
sl@0	758
sl@0	759	SSL_set_bio(con,sbio,sbio);
sl@0	760	SSL_set_connect_state(con);
sl@0	761
sl@0	762	/* ok, lets connect */
sl@0	763	width=SSL_get_fd(con)+1;
sl@0	764
sl@0	765	read_tty=1;
sl@0	766	write_tty=0;
sl@0	767	tty_on=0;
sl@0	768	read_ssl=1;
sl@0	769	write_ssl=1;
sl@0	770
sl@0	771	cbuf_len=0;
sl@0	772	cbuf_off=0;
sl@0	773	sbuf_len=0;
sl@0	774	sbuf_off=0;
sl@0	775
sl@0	776	/* This is an ugly hack that does a lot of assumptions */
sl@0	777	/* We do have to handle multi-line responses which may come
sl@0	778	in a single packet or not. We therefore have to use
sl@0	779	BIO_gets() which does need a buffering BIO. So during
sl@0	780	the initial chitchat we do push a buffering BIO into the
sl@0	781	chain that is removed again later on to not disturb the
sl@0	782	rest of the s_client operation. */
sl@0	783	if (starttls_proto == PROTO_SMTP)
sl@0	784	{
sl@0	785	int foundit=0;
sl@0	786	BIO *fbio = BIO_new(BIO_f_buffer());
sl@0	787	BIO_push(fbio, sbio);
sl@0	788	/* wait for multi-line response to end from SMTP */
sl@0	789	do
sl@0	790	{
sl@0	791	mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
sl@0	792	}
sl@0	793	while (mbuf_len>3 && mbuf[3]=='-');
sl@0	794	/* STARTTLS command requires EHLO... */
sl@0	795	BIO_printf(fbio,"EHLO openssl.client.net\r\n");
sl@0	796	(void)BIO_flush(fbio);
sl@0	797	/* wait for multi-line response to end EHLO SMTP response */
sl@0	798	do
sl@0	799	{
sl@0	800	mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
sl@0	801	if (strstr(mbuf,"STARTTLS"))
sl@0	802	foundit=1;
sl@0	803	}
sl@0	804	while (mbuf_len>3 && mbuf[3]=='-');
sl@0	805	(void)BIO_flush(fbio);
sl@0	806	BIO_pop(fbio);
sl@0	807	BIO_free(fbio);
sl@0	808	if (!foundit)
sl@0	809	BIO_printf(bio_err,
sl@0	810	"didn't found starttls in server response,"
sl@0	811	" try anyway...\n");
sl@0	812	BIO_printf(sbio,"STARTTLS\r\n");
sl@0	813	BIO_read(sbio,sbuf,BUFSIZZ);
sl@0	814	}
sl@0	815	else if (starttls_proto == PROTO_POP3)
sl@0	816	{
sl@0	817	BIO_read(sbio,mbuf,BUFSIZZ);
sl@0	818	BIO_printf(sbio,"STLS\r\n");
sl@0	819	BIO_read(sbio,sbuf,BUFSIZZ);
sl@0	820	}
sl@0	821	else if (starttls_proto == PROTO_IMAP)
sl@0	822	{
sl@0	823	int foundit=0;
sl@0	824	BIO *fbio = BIO_new(BIO_f_buffer());
sl@0	825	BIO_push(fbio, sbio);
sl@0	826	BIO_gets(fbio,mbuf,BUFSIZZ);
sl@0	827	/* STARTTLS command requires CAPABILITY... */
sl@0	828	BIO_printf(fbio,". CAPABILITY\r\n");
sl@0	829	(void)BIO_flush(fbio);
sl@0	830	/* wait for multi-line CAPABILITY response */
sl@0	831	do
sl@0	832	{
sl@0	833	mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
sl@0	834	if (strstr(mbuf,"STARTTLS"))
sl@0	835	foundit=1;
sl@0	836	}
sl@0	837	while (mbuf_len>3 && mbuf[0]!='.');
sl@0	838	(void)BIO_flush(fbio);
sl@0	839	BIO_pop(fbio);
sl@0	840	BIO_free(fbio);
sl@0	841	if (!foundit)
sl@0	842	BIO_printf(bio_err,
sl@0	843	"didn't found STARTTLS in server response,"
sl@0	844	" try anyway...\n");
sl@0	845	BIO_printf(sbio,". STARTTLS\r\n");
sl@0	846	BIO_read(sbio,sbuf,BUFSIZZ);
sl@0	847	}
sl@0	848	else if (starttls_proto == PROTO_FTP)
sl@0	849	{
sl@0	850	BIO *fbio = BIO_new(BIO_f_buffer());
sl@0	851	BIO_push(fbio, sbio);
sl@0	852	/* wait for multi-line response to end from FTP */
sl@0	853	do
sl@0	854	{
sl@0	855	mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
sl@0	856	}
sl@0	857	while (mbuf_len>3 && mbuf[3]=='-');
sl@0	858	(void)BIO_flush(fbio);
sl@0	859	BIO_pop(fbio);
sl@0	860	BIO_free(fbio);
sl@0	861	BIO_printf(sbio,"AUTH TLS\r\n");
sl@0	862	BIO_read(sbio,sbuf,BUFSIZZ);
sl@0	863	}
sl@0	864
sl@0	865	for (;;)
sl@0	866	{
sl@0	867	FD_ZERO(&readfds);
sl@0	868	FD_ZERO(&writefds);
sl@0	869
sl@0	870	if (SSL_in_init(con) && !SSL_total_renegotiations(con))
sl@0	871	{
sl@0	872	in_init=1;
sl@0	873	tty_on=0;
sl@0	874	}
sl@0	875	else
sl@0	876	{
sl@0	877	tty_on=1;
sl@0	878	if (in_init)
sl@0	879	{
sl@0	880	in_init=0;
sl@0	881	if (sess_out)
sl@0	882	{
sl@0	883	BIO *stmp = BIO_new_file(sess_out, "w");
sl@0	884	if (stmp)
sl@0	885	{
sl@0	886	PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
sl@0	887	BIO_free(stmp);
sl@0	888	}
sl@0	889	else
sl@0	890	BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
sl@0	891	}
sl@0	892	print_stuff(bio_c_out,con,full_log);
sl@0	893	if (full_log > 0) full_log--;
sl@0	894
sl@0	895	if (starttls_proto)
sl@0	896	{
sl@0	897	BIO_printf(bio_err,"%s",mbuf);
sl@0	898	/* We don't need to know any more */
sl@0	899	starttls_proto = PROTO_OFF;
sl@0	900	}
sl@0	901
sl@0	902	if (reconnect)
sl@0	903	{
sl@0	904	reconnect--;
sl@0	905	BIO_printf(bio_c_out,"drop connection and then reconnect\n");
sl@0	906	SSL_shutdown(con);
sl@0	907	SSL_set_connect_state(con);
sl@0	908	SHUTDOWN(SSL_get_fd(con));
sl@0	909	goto re_start;
sl@0	910	}
sl@0	911	}
sl@0	912	}
sl@0	913
sl@0	914	ssl_pending = read_ssl && SSL_pending(con);
sl@0	915
sl@0	916	if (!ssl_pending)
sl@0	917	{
sl@0	918	#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
sl@0	919	if (tty_on)
sl@0	920	{
sl@0	921	if (read_tty) FD_SET(fileno(stdin),&readfds);
sl@0	922	if (write_tty) FD_SET(fileno(stdout),&writefds);
sl@0	923
sl@0	924	}
sl@0	925	if (read_ssl)
sl@0	926	FD_SET(SSL_get_fd(con),&readfds);
sl@0	927	if (write_ssl)
sl@0	928	FD_SET(SSL_get_fd(con),&writefds);
sl@0	929	#else
sl@0	930	if(!tty_on \|\| !write_tty) {
sl@0	931	if (read_ssl)
sl@0	932	FD_SET(SSL_get_fd(con),&readfds);
sl@0	933	if (write_ssl)
sl@0	934	FD_SET(SSL_get_fd(con),&writefds);
sl@0	935	}
sl@0	936	#endif
sl@0	937	/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
sl@0	938	tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
sl@0	939
sl@0	940	/* Note: under VMS with SOCKETSHR the second parameter
sl@0	941	* is currently of type (int *) whereas under other
sl@0	942	* systems it is (void *) if you don't have a cast it
sl@0	943	* will choke the compiler: if you do have a cast then
sl@0	944	* you can either go for (int ) or (void ).
sl@0	945	*/
sl@0	946	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS)
sl@0	947	/* Under Windows/DOS we make the assumption that we can
sl@0	948	* always write to the tty: therefore if we need to
sl@0	949	* write to the tty we just fall through. Otherwise
sl@0	950	* we timeout the select every second and see if there
sl@0	951	* are any keypresses. Note: this is a hack, in a proper
sl@0	952	* Windows application we wouldn't do this.
sl@0	953	*/
sl@0	954	i=0;
sl@0	955	if(!write_tty) {
sl@0	956	if(read_tty) {
sl@0	957	tv.tv_sec = 1;
sl@0	958	tv.tv_usec = 0;
sl@0	959	i=select(width,(void )&readfds,(void )&writefds,
sl@0	960	NULL,&tv);
sl@0	961	#if defined(OPENSSL_SYS_WINCE) \|\| defined(OPENSSL_SYS_MSDOS)
sl@0	962	if(!i && (!_kbhit() \|\| !read_tty) ) continue;
sl@0	963	#else
sl@0	964	if(!i && (!((_kbhit()) \|\| (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) \|\| !read_tty) ) continue;
sl@0	965	#endif
sl@0	966	} else i=select(width,(void )&readfds,(void )&writefds,
sl@0	967	NULL,NULL);
sl@0	968	}
sl@0	969	#elif defined(OPENSSL_SYS_NETWARE)
sl@0	970	if(!write_tty) {
sl@0	971	if(read_tty) {
sl@0	972	tv.tv_sec = 1;
sl@0	973	tv.tv_usec = 0;
sl@0	974	i=select(width,(void )&readfds,(void )&writefds,
sl@0	975	NULL,&tv);
sl@0	976	} else i=select(width,(void )&readfds,(void )&writefds,
sl@0	977	NULL,NULL);
sl@0	978	}
sl@0	979	#else
sl@0	980	i=select(width,(void )&readfds,(void )&writefds,
sl@0	981	NULL,NULL);
sl@0	982	#endif
sl@0	983	if ( i < 0)
sl@0	984	{
sl@0	985	BIO_printf(bio_err,"bad select %d\n",
sl@0	986	get_last_socket_error());
sl@0	987	goto shut;
sl@0	988	/* goto end; */
sl@0	989	}
sl@0	990	}
sl@0	991
sl@0	992	if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
sl@0	993	{
sl@0	994	k=SSL_write(con,&(cbuf[cbuf_off]),
sl@0	995	(unsigned int)cbuf_len);
sl@0	996	switch (SSL_get_error(con,k))
sl@0	997	{
sl@0	998	case SSL_ERROR_NONE:
sl@0	999	cbuf_off+=k;
sl@0	1000	cbuf_len-=k;
sl@0	1001	if (k <= 0) goto end;
sl@0	1002	/* we have done a write(con,NULL,0); */
sl@0	1003	if (cbuf_len <= 0)
sl@0	1004	{
sl@0	1005	read_tty=1;
sl@0	1006	write_ssl=0;
sl@0	1007	}
sl@0	1008	else /* if (cbuf_len > 0) */
sl@0	1009	{
sl@0	1010	read_tty=0;
sl@0	1011	write_ssl=1;
sl@0	1012	}
sl@0	1013	break;
sl@0	1014	case SSL_ERROR_WANT_WRITE:
sl@0	1015	BIO_printf(bio_c_out,"write W BLOCK\n");
sl@0	1016	write_ssl=1;
sl@0	1017	read_tty=0;
sl@0	1018	break;
sl@0	1019	case SSL_ERROR_WANT_READ:
sl@0	1020	BIO_printf(bio_c_out,"write R BLOCK\n");
sl@0	1021	write_tty=0;
sl@0	1022	read_ssl=1;
sl@0	1023	write_ssl=0;
sl@0	1024	break;
sl@0	1025	case SSL_ERROR_WANT_X509_LOOKUP:
sl@0	1026	BIO_printf(bio_c_out,"write X BLOCK\n");
sl@0	1027	break;
sl@0	1028	case SSL_ERROR_ZERO_RETURN:
sl@0	1029	if (cbuf_len != 0)
sl@0	1030	{
sl@0	1031	BIO_printf(bio_c_out,"shutdown\n");
sl@0	1032	goto shut;
sl@0	1033	}
sl@0	1034	else
sl@0	1035	{
sl@0	1036	read_tty=1;
sl@0	1037	write_ssl=0;
sl@0	1038	break;
sl@0	1039	}
sl@0	1040
sl@0	1041	case SSL_ERROR_SYSCALL:
sl@0	1042	if ((k != 0) \|\| (cbuf_len != 0))
sl@0	1043	{
sl@0	1044	BIO_printf(bio_err,"write:errno=%d\n",
sl@0	1045	get_last_socket_error());
sl@0	1046	goto shut;
sl@0	1047	}
sl@0	1048	else
sl@0	1049	{
sl@0	1050	read_tty=1;
sl@0	1051	write_ssl=0;
sl@0	1052	}
sl@0	1053	break;
sl@0	1054	case SSL_ERROR_SSL:
sl@0	1055	ERR_print_errors(bio_err);
sl@0	1056	goto shut;
sl@0	1057	}
sl@0	1058	}
sl@0	1059	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_NETWARE)
sl@0	1060	/* Assume Windows/DOS can always write */
sl@0	1061	else if (!ssl_pending && write_tty)
sl@0	1062	#else
sl@0	1063
sl@0	1064	else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
sl@0	1065
sl@0	1066	#endif
sl@0	1067	{
sl@0	1068	#ifdef CHARSET_EBCDIC
sl@0	1069	ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
sl@0	1070	#endif
sl@0	1071
sl@0	1072	i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
sl@0	1073
sl@0	1074	if (i <= 0)
sl@0	1075	{
sl@0	1076	BIO_printf(bio_c_out,"DONE\n");
sl@0	1077	goto shut;
sl@0	1078	/* goto end; */
sl@0	1079	}
sl@0	1080
sl@0	1081	sbuf_len-=i;;
sl@0	1082	sbuf_off+=i;
sl@0	1083	if (sbuf_len <= 0)
sl@0	1084	{
sl@0	1085	read_ssl=1;
sl@0	1086	write_tty=0;
sl@0	1087	}
sl@0	1088	}
sl@0	1089	else if (ssl_pending \|\| FD_ISSET(SSL_get_fd(con),&readfds))
sl@0	1090	{
sl@0	1091	#ifdef RENEG
sl@0	1092	{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
sl@0	1093	#endif
sl@0	1094	#if 1
sl@0	1095	k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
sl@0	1096	#else
sl@0	1097	/* Demo for pending and peek :-) */
sl@0	1098	k=SSL_read(con,sbuf,16);
sl@0	1099	{ char zbuf[10240];
sl@0	1100	printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
sl@0	1101
sl@0	1102	}
sl@0	1103	#endif
sl@0	1104
sl@0	1105	switch (SSL_get_error(con,k))
sl@0	1106	{
sl@0	1107	case SSL_ERROR_NONE:
sl@0	1108	if (k <= 0)
sl@0	1109	goto end;
sl@0	1110	sbuf_off=0;
sl@0	1111	sbuf_len=k;
sl@0	1112
sl@0	1113	read_ssl=0;
sl@0	1114	write_tty=1;
sl@0	1115	break;
sl@0	1116	case SSL_ERROR_WANT_WRITE:
sl@0	1117	BIO_printf(bio_c_out,"read W BLOCK\n");
sl@0	1118	write_ssl=1;
sl@0	1119	read_tty=0;
sl@0	1120	break;
sl@0	1121	case SSL_ERROR_WANT_READ:
sl@0	1122	BIO_printf(bio_c_out,"read R BLOCK\n");
sl@0	1123	write_tty=0;
sl@0	1124	read_ssl=1;
sl@0	1125	if ((read_tty == 0) && (write_ssl == 0))
sl@0	1126	write_ssl=1;
sl@0	1127	break;
sl@0	1128	case SSL_ERROR_WANT_X509_LOOKUP:
sl@0	1129	BIO_printf(bio_c_out,"read X BLOCK\n");
sl@0	1130	break;
sl@0	1131	case SSL_ERROR_SYSCALL:
sl@0	1132	BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
sl@0	1133	goto shut;
sl@0	1134	case SSL_ERROR_ZERO_RETURN:
sl@0	1135	BIO_printf(bio_c_out,"closed\n");
sl@0	1136	goto shut;
sl@0	1137	case SSL_ERROR_SSL:
sl@0	1138	ERR_print_errors(bio_err);
sl@0	1139	goto shut;
sl@0	1140	/* break; */
sl@0	1141	}
sl@0	1142	}
sl@0	1143
sl@0	1144	#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS)
sl@0	1145	#if defined(OPENSSL_SYS_WINCE) \|\| defined(OPENSSL_SYS_MSDOS)
sl@0	1146	else if (_kbhit())
sl@0	1147	#else
sl@0	1148	else if ((_kbhit()) \|\| (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
sl@0	1149	#endif
sl@0	1150	#elif defined (OPENSSL_SYS_NETWARE)
sl@0	1151	else if (_kbhit())
sl@0	1152	#else
sl@0	1153	else if (FD_ISSET(fileno(stdin),&readfds))
sl@0	1154
sl@0	1155	#endif
sl@0	1156	{
sl@0	1157	if (crlf)
sl@0	1158	{
sl@0	1159	int j, lf_num;
sl@0	1160	i=read(fileno(stdin),cbuf,BUFSIZZ/2);
sl@0	1161
sl@0	1162	lf_num = 0;
sl@0	1163	/* both loops are skipped when i <= 0 */
sl@0	1164	for (j = 0; j < i; j++)
sl@0	1165	if (cbuf[j] == '\n')
sl@0	1166	lf_num++;
sl@0	1167	for (j = i-1; j >= 0; j--)
sl@0	1168	{
sl@0	1169	cbuf[j+lf_num] = cbuf[j];
sl@0	1170	if (cbuf[j] == '\n')
sl@0	1171	{
sl@0	1172	lf_num--;
sl@0	1173	i++;
sl@0	1174	cbuf[j+lf_num] = '\r';
sl@0	1175	}
sl@0	1176	}
sl@0	1177	assert(lf_num == 0);
sl@0	1178	}
sl@0	1179	else
sl@0	1180	i=read(fileno(stdin),cbuf,BUFSIZZ);
sl@0	1181
sl@0	1182	if ((!c_ign_eof) && ((i <= 0) \|\| (cbuf[0] == 'Q')))
sl@0	1183	{
sl@0	1184	BIO_printf(bio_err,"DONE\n");
sl@0	1185	goto shut;
sl@0	1186	}
sl@0	1187
sl@0	1188	if ((!c_ign_eof) && (cbuf[0] == 'R'))
sl@0	1189	{
sl@0	1190	BIO_printf(bio_err,"RENEGOTIATING\n");
sl@0	1191	SSL_renegotiate(con);
sl@0	1192	cbuf_len=0;
sl@0	1193	}
sl@0	1194	else
sl@0	1195	{
sl@0	1196	cbuf_len=i;
sl@0	1197	cbuf_off=0;
sl@0	1198	#ifdef CHARSET_EBCDIC
sl@0	1199	ebcdic2ascii(cbuf, cbuf, i);
sl@0	1200	#endif
sl@0	1201	}
sl@0	1202
sl@0	1203	write_ssl=1;
sl@0	1204	read_tty=0;
sl@0	1205	}
sl@0	1206	}
sl@0	1207	shut:
sl@0	1208	SSL_shutdown(con);
sl@0	1209	SHUTDOWN(SSL_get_fd(con));
sl@0	1210	ret=0;
sl@0	1211	end:
sl@0	1212	if(prexit) print_stuff(bio_c_out,con,1);
sl@0	1213	if (con != NULL) SSL_free(con);
sl@0	1214	if (con2 != NULL) SSL_free(con2);
sl@0	1215	if (ctx != NULL) SSL_CTX_free(ctx);
sl@0	1216	if (cert)
sl@0	1217	X509_free(cert);
sl@0	1218	if (key)
sl@0	1219	EVP_PKEY_free(key);
sl@0	1220	if (pass)
sl@0	1221	OPENSSL_free(pass);
sl@0	1222	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
sl@0	1223	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
sl@0	1224	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
sl@0	1225	if (bio_c_out != NULL)
sl@0	1226	{
sl@0	1227	BIO_free(bio_c_out);
sl@0	1228	bio_c_out=NULL;
sl@0	1229	}
sl@0	1230	apps_shutdown();
sl@0	1231	OPENSSL_EXIT(ret);
sl@0	1232	}
sl@0	1233
sl@0	1234
sl@0	1235	static void print_stuff(BIO bio, SSL s, int full)
sl@0	1236	{
sl@0	1237	X509 *peer=NULL;
sl@0	1238	char *p;
sl@0	1239	static const char *space=" ";
sl@0	1240	char buf[BUFSIZ];
sl@0	1241	STACK_OF(X509) *sk;
sl@0	1242	STACK_OF(X509_NAME) *sk2;
sl@0	1243	SSL_CIPHER *c;
sl@0	1244	X509_NAME *xn;
sl@0	1245	int j,i;
sl@0	1246	#ifndef OPENSSL_NO_COMP
sl@0	1247	const COMP_METHOD comp, expansion;
sl@0	1248	#endif
sl@0	1249
sl@0	1250	if (full)
sl@0	1251	{
sl@0	1252	int got_a_chain = 0;
sl@0	1253
sl@0	1254	sk=SSL_get_peer_cert_chain(s);
sl@0	1255	if (sk != NULL)
sl@0	1256	{
sl@0	1257	got_a_chain = 1; /* we don't have it for SSL2 (yet) */
sl@0	1258
sl@0	1259	BIO_printf(bio,"---\nCertificate chain\n");
sl@0	1260	for (i=0; i<sk_X509_num(sk); i++)
sl@0	1261	{
sl@0	1262	X509_NAME_oneline(X509_get_subject_name(
sl@0	1263	sk_X509_value(sk,i)),buf,sizeof buf);
sl@0	1264	BIO_printf(bio,"%2d s:%s\n",i,buf);
sl@0	1265	X509_NAME_oneline(X509_get_issuer_name(
sl@0	1266	sk_X509_value(sk,i)),buf,sizeof buf);
sl@0	1267	BIO_printf(bio," i:%s\n",buf);
sl@0	1268	if (c_showcerts)
sl@0	1269	PEM_write_bio_X509(bio,sk_X509_value(sk,i));
sl@0	1270	}
sl@0	1271	}
sl@0	1272
sl@0	1273	BIO_printf(bio,"---\n");
sl@0	1274	peer=SSL_get_peer_certificate(s);
sl@0	1275	if (peer != NULL)
sl@0	1276	{
sl@0	1277	BIO_printf(bio,"Server certificate\n");
sl@0	1278	if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
sl@0	1279	PEM_write_bio_X509(bio,peer);
sl@0	1280	X509_NAME_oneline(X509_get_subject_name(peer),
sl@0	1281	buf,sizeof buf);
sl@0	1282	BIO_printf(bio,"subject=%s\n",buf);
sl@0	1283	X509_NAME_oneline(X509_get_issuer_name(peer),
sl@0	1284	buf,sizeof buf);
sl@0	1285	BIO_printf(bio,"issuer=%s\n",buf);
sl@0	1286	}
sl@0	1287	else
sl@0	1288	BIO_printf(bio,"no peer certificate available\n");
sl@0	1289
sl@0	1290	sk2=SSL_get_client_CA_list(s);
sl@0	1291	if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
sl@0	1292	{
sl@0	1293	BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
sl@0	1294	for (i=0; i<sk_X509_NAME_num(sk2); i++)
sl@0	1295	{
sl@0	1296	xn=sk_X509_NAME_value(sk2,i);
sl@0	1297	X509_NAME_oneline(xn,buf,sizeof(buf));
sl@0	1298	BIO_write(bio,buf,strlen(buf));
sl@0	1299	BIO_write(bio,"\n",1);
sl@0	1300	}
sl@0	1301	}
sl@0	1302	else
sl@0	1303	{
sl@0	1304	BIO_printf(bio,"---\nNo client certificate CA names sent\n");
sl@0	1305	}
sl@0	1306	p=SSL_get_shared_ciphers(s,buf,sizeof buf);
sl@0	1307	if (p != NULL)
sl@0	1308	{
sl@0	1309	/* This works only for SSL 2. In later protocol
sl@0	1310	* versions, the client does not know what other
sl@0	1311	* ciphers (in addition to the one to be used
sl@0	1312	* in the current connection) the server supports. */
sl@0	1313
sl@0	1314	BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
sl@0	1315	j=i=0;
sl@0	1316	while (*p)
sl@0	1317	{
sl@0	1318	if (*p == ':')
sl@0	1319	{
sl@0	1320	BIO_write(bio,space,15-j%25);
sl@0	1321	i++;
sl@0	1322	j=0;
sl@0	1323	BIO_write(bio,((i%3)?" ":"\n"),1);
sl@0	1324	}
sl@0	1325	else
sl@0	1326	{
sl@0	1327	BIO_write(bio,p,1);
sl@0	1328	j++;
sl@0	1329	}
sl@0	1330	p++;
sl@0	1331	}
sl@0	1332	BIO_write(bio,"\n",1);
sl@0	1333	}
sl@0	1334
sl@0	1335	BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
sl@0	1336	BIO_number_read(SSL_get_rbio(s)),
sl@0	1337	BIO_number_written(SSL_get_wbio(s)));
sl@0	1338	}
sl@0	1339	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
sl@0	1340	c=SSL_get_current_cipher(s);
sl@0	1341	BIO_printf(bio,"%s, Cipher is %s\n",
sl@0	1342	SSL_CIPHER_get_version(c),
sl@0	1343	SSL_CIPHER_get_name(c));
sl@0	1344	if (peer != NULL) {
sl@0	1345	EVP_PKEY *pktmp;
sl@0	1346	pktmp = X509_get_pubkey(peer);
sl@0	1347	BIO_printf(bio,"Server public key is %d bit\n",
sl@0	1348	EVP_PKEY_bits(pktmp));
sl@0	1349	EVP_PKEY_free(pktmp);
sl@0	1350	}
sl@0	1351	#ifndef OPENSSL_NO_COMP
sl@0	1352	comp=SSL_get_current_compression(s);
sl@0	1353	expansion=SSL_get_current_expansion(s);
sl@0	1354	BIO_printf(bio,"Compression: %s\n",
sl@0	1355	comp ? SSL_COMP_get_name(comp) : "NONE");
sl@0	1356	BIO_printf(bio,"Expansion: %s\n",
sl@0	1357	expansion ? SSL_COMP_get_name(expansion) : "NONE");
sl@0	1358	#endif
sl@0	1359	SSL_SESSION_print(bio,SSL_get_session(s));
sl@0	1360	BIO_printf(bio,"---\n");
sl@0	1361	if (peer != NULL)
sl@0	1362	X509_free(peer);
sl@0	1363	/* flush, or debugging output gets mixed with http response */
sl@0	1364	(void)BIO_flush(bio);
sl@0	1365	}
sl@0	1366

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--