1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/tsrc/BC/libcrypto/topenssl/src/s_client.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,1228 @@
1.4 +/* apps/s_client.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +/* ====================================================================
1.62 + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
1.63 + *
1.64 + * Redistribution and use in source and binary forms, with or without
1.65 + * modification, are permitted provided that the following conditions
1.66 + * are met:
1.67 + *
1.68 + * 1. Redistributions of source code must retain the above copyright
1.69 + * notice, this list of conditions and the following disclaimer.
1.70 + *
1.71 + * 2. Redistributions in binary form must reproduce the above copyright
1.72 + * notice, this list of conditions and the following disclaimer in
1.73 + * the documentation and/or other materials provided with the
1.74 + * distribution.
1.75 + *
1.76 + * 3. All advertising materials mentioning features or use of this
1.77 + * software must display the following acknowledgment:
1.78 + * "This product includes software developed by the OpenSSL Project
1.79 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1.80 + *
1.81 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.82 + * endorse or promote products derived from this software without
1.83 + * prior written permission. For written permission, please contact
1.84 + * openssl-core@openssl.org.
1.85 + *
1.86 + * 5. Products derived from this software may not be called "OpenSSL"
1.87 + * nor may "OpenSSL" appear in their names without prior written
1.88 + * permission of the OpenSSL Project.
1.89 + *
1.90 + * 6. Redistributions of any form whatsoever must retain the following
1.91 + * acknowledgment:
1.92 + * "This product includes software developed by the OpenSSL Project
1.93 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1.94 + *
1.95 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.96 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.97 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.98 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.99 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.100 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.101 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.102 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.103 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.104 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.105 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.106 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.107 + * ====================================================================
1.108 + *
1.109 + * This product includes cryptographic software written by Eric Young
1.110 + * (eay@cryptsoft.com). This product includes software written by Tim
1.111 + * Hudson (tjh@cryptsoft.com).
1.112 + *
1.113 + */
1.114 +
1.115 +#include <assert.h>
1.116 +#include <stdio.h>
1.117 +#include <stdlib.h>
1.118 +#include <string.h>
1.119 +#include <sys/select.h>
1.120 +#include <openssl/e_os2.h>
1.121 +#ifdef OPENSSL_NO_STDIO
1.122 +#define APPS_WIN16
1.123 +#endif
1.124 +
1.125 +/* With IPv6, it looks like Digital has mixed up the proper order of
1.126 + recursive header file inclusion, resulting in the compiler complaining
1.127 + that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
1.128 + is needed to have fileno() declared correctly... So let's define u_int */
1.129 +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
1.130 +#define __U_INT
1.131 +typedef unsigned int u_int;
1.132 +#endif
1.133 +
1.134 +#define USE_SOCKETS
1.135 +#include "apps.h"
1.136 +#include <openssl/x509.h>
1.137 +#include <openssl/ssl.h>
1.138 +#include <openssl/err.h>
1.139 +#include <openssl/pem.h>
1.140 +#include <openssl/rand.h>
1.141 +#include "s_apps.h"
1.142 +#include "timeouts.h"
1.143 +
1.144 +#ifdef OPENSSL_SYS_WINCE
1.145 +/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
1.146 +#ifdef fileno
1.147 +#undef fileno
1.148 +#endif
1.149 +#define fileno(a) (int)_fileno(a)
1.150 +#endif
1.151 +
1.152 +
1.153 +#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
1.154 +/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
1.155 +#undef FIONBIO
1.156 +#endif
1.157 +
1.158 +#undef PROG
1.159 +#define PROG s_client_main
1.160 +
1.161 +/*#define SSL_HOST_NAME "www.netscape.com" */
1.162 +/*#define SSL_HOST_NAME "193.118.187.102" */
1.163 +#define SSL_HOST_NAME "localhost"
1.164 +
1.165 +/*#define TEST_CERT "client.pem" */ /* no default cert. */
1.166 +
1.167 +#undef BUFSIZZ
1.168 +#define BUFSIZZ 1024*8
1.169 +
1.170 +extern int verify_depth;
1.171 +extern int verify_error;
1.172 +
1.173 +#ifdef FIONBIO
1.174 +static int c_nbio=0;
1.175 +#endif
1.176 +static int c_Pause=0;
1.177 +static int c_debug=0;
1.178 +static int c_msg=0;
1.179 +static int c_showcerts=0;
1.180 +
1.181 +static void sc_usage(void);
1.182 +static void print_stuff(BIO *berr,SSL *con,int full);
1.183 +static BIO *bio_c_out=NULL;
1.184 +static int c_quiet=0;
1.185 +static int c_ign_eof=0;
1.186 +
1.187 +
1.188 +static void sc_usage(void)
1.189 + {
1.190 + BIO_printf(bio_err,"usage: s_client args\n");
1.191 + BIO_printf(bio_err,"\n");
1.192 + BIO_printf(bio_err," -host host - use -connect instead\n");
1.193 + BIO_printf(bio_err," -port port - use -connect instead\n");
1.194 + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
1.195 +
1.196 + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
1.197 + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
1.198 + BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
1.199 + BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
1.200 + BIO_printf(bio_err," not specified but cert file is.\n");
1.201 + BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
1.202 + BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
1.203 + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
1.204 + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
1.205 + BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
1.206 + BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
1.207 + BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
1.208 + BIO_printf(bio_err," -debug - extra output\n");
1.209 +#ifdef WATT32
1.210 + BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
1.211 +#endif
1.212 + BIO_printf(bio_err," -msg - Show protocol messages\n");
1.213 + BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
1.214 + BIO_printf(bio_err," -state - print the 'ssl' states\n");
1.215 +#ifdef FIONBIO
1.216 + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
1.217 +#endif
1.218 + BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
1.219 + BIO_printf(bio_err," -quiet - no s_client output\n");
1.220 + BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
1.221 + BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
1.222 + BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
1.223 + BIO_printf(bio_err," -tls1 - just use TLSv1\n");
1.224 + BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
1.225 + BIO_printf(bio_err," -mtu - set the MTU\n");
1.226 + BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
1.227 + BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
1.228 + BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
1.229 + BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
1.230 + BIO_printf(bio_err," command to see what is available\n");
1.231 + BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
1.232 + BIO_printf(bio_err," for those protocols that support it, where\n");
1.233 + BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
1.234 + BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n");
1.235 +#ifndef OPENSSL_NO_ENGINE
1.236 + BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
1.237 +#endif
1.238 + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
1.239 +
1.240 + }
1.241 +
1.242 +int MAIN(int, char **);
1.243 +
1.244 +int MAIN(int argc, char **argv)
1.245 + {
1.246 + int off=0;
1.247 + SSL *con=NULL,*con2=NULL;
1.248 + X509_STORE *store = NULL;
1.249 + int s,k,width,state=0;
1.250 + char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
1.251 + int cbuf_len,cbuf_off;
1.252 + int sbuf_len,sbuf_off;
1.253 + fd_set readfds,writefds;
1.254 + short port=PORT;
1.255 + int full_log=1;
1.256 + char *host=SSL_HOST_NAME;
1.257 + char *cert_file=NULL,*key_file=NULL;
1.258 + int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
1.259 + char *passarg = NULL, *pass = NULL;
1.260 + X509 *cert = NULL;
1.261 + EVP_PKEY *key = NULL;
1.262 + char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
1.263 + int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
1.264 + int crlf=0;
1.265 + int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
1.266 + SSL_CTX *ctx=NULL;
1.267 + int ret=1,in_init=1,i,nbio_test=0;
1.268 + int starttls_proto = 0;
1.269 + int prexit = 0, vflags = 0;
1.270 + SSL_METHOD *meth=NULL;
1.271 +#ifdef sock_type
1.272 +#undef sock_type
1.273 +#endif
1.274 + int sock_type=SOCK_STREAM;
1.275 + BIO *sbio;
1.276 + char *inrand=NULL;
1.277 +#ifndef OPENSSL_NO_ENGINE
1.278 + char *engine_id=NULL;
1.279 + ENGINE *e=NULL;
1.280 +#endif
1.281 +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1.282 + struct timeval tv;
1.283 +#endif
1.284 +
1.285 + struct sockaddr peer;
1.286 + int peerlen = sizeof(peer);
1.287 + int enable_timeouts = 0 ;
1.288 + long mtu = 0;
1.289 +
1.290 +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
1.291 + meth=SSLv23_client_method();
1.292 +#elif !defined(OPENSSL_NO_SSL3)
1.293 + meth=SSLv3_client_method();
1.294 +#elif !defined(OPENSSL_NO_SSL2)
1.295 + meth=SSLv2_client_method();
1.296 +#endif
1.297 +
1.298 + apps_startup();
1.299 + c_Pause=0;
1.300 + c_quiet=0;
1.301 + c_ign_eof=0;
1.302 + c_debug=0;
1.303 + c_msg=0;
1.304 + c_showcerts=0;
1.305 +
1.306 + if (bio_err == NULL)
1.307 + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
1.308 +
1.309 + if (!load_config(bio_err, NULL))
1.310 + goto end;
1.311 +
1.312 + if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
1.313 + ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
1.314 + ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
1.315 + {
1.316 + BIO_printf(bio_err,"out of memory\n");
1.317 + goto end;
1.318 + }
1.319 +
1.320 + verify_depth=0;
1.321 + verify_error=X509_V_OK;
1.322 +#ifdef FIONBIO
1.323 + c_nbio=0;
1.324 +#endif
1.325 +
1.326 + argc--;
1.327 + argv++;
1.328 + while (argc >= 1)
1.329 + {
1.330 + if (strcmp(*argv,"-host") == 0)
1.331 + {
1.332 + if (--argc < 1) goto bad;
1.333 + host= *(++argv);
1.334 + }
1.335 + else if (strcmp(*argv,"-port") == 0)
1.336 + {
1.337 + if (--argc < 1) goto bad;
1.338 + port=atoi(*(++argv));
1.339 + if (port == 0) goto bad;
1.340 + }
1.341 + else if (strcmp(*argv,"-connect") == 0)
1.342 + {
1.343 + if (--argc < 1) goto bad;
1.344 + if (!extract_host_port(*(++argv),&host,NULL,&port))
1.345 + goto bad;
1.346 + }
1.347 + else if (strcmp(*argv,"-verify") == 0)
1.348 + {
1.349 + verify=SSL_VERIFY_PEER;
1.350 + if (--argc < 1) goto bad;
1.351 + verify_depth=atoi(*(++argv));
1.352 + BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
1.353 + }
1.354 + else if (strcmp(*argv,"-cert") == 0)
1.355 + {
1.356 + if (--argc < 1) goto bad;
1.357 + cert_file= *(++argv);
1.358 + }
1.359 + else if (strcmp(*argv,"-certform") == 0)
1.360 + {
1.361 + if (--argc < 1) goto bad;
1.362 + cert_format = str2fmt(*(++argv));
1.363 + }
1.364 + else if (strcmp(*argv,"-crl_check") == 0)
1.365 + vflags |= X509_V_FLAG_CRL_CHECK;
1.366 + else if (strcmp(*argv,"-crl_check_all") == 0)
1.367 + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
1.368 + else if (strcmp(*argv,"-prexit") == 0)
1.369 + prexit=1;
1.370 + else if (strcmp(*argv,"-crlf") == 0)
1.371 + crlf=1;
1.372 + else if (strcmp(*argv,"-quiet") == 0)
1.373 + {
1.374 + c_quiet=1;
1.375 + c_ign_eof=1;
1.376 + }
1.377 + else if (strcmp(*argv,"-ign_eof") == 0)
1.378 + c_ign_eof=1;
1.379 + else if (strcmp(*argv,"-pause") == 0)
1.380 + c_Pause=1;
1.381 + else if (strcmp(*argv,"-debug") == 0)
1.382 + c_debug=1;
1.383 +#ifdef WATT32
1.384 + else if (strcmp(*argv,"-wdebug") == 0)
1.385 + dbug_init();
1.386 +#endif
1.387 + else if (strcmp(*argv,"-msg") == 0)
1.388 + c_msg=1;
1.389 + else if (strcmp(*argv,"-showcerts") == 0)
1.390 + c_showcerts=1;
1.391 + else if (strcmp(*argv,"-nbio_test") == 0)
1.392 + nbio_test=1;
1.393 + else if (strcmp(*argv,"-state") == 0)
1.394 + state=1;
1.395 +#ifndef OPENSSL_NO_SSL2
1.396 + else if (strcmp(*argv,"-ssl2") == 0)
1.397 + meth=SSLv2_client_method();
1.398 +#endif
1.399 +#ifndef OPENSSL_NO_SSL3
1.400 + else if (strcmp(*argv,"-ssl3") == 0)
1.401 + meth=SSLv3_client_method();
1.402 +#endif
1.403 +#ifndef OPENSSL_NO_TLS1
1.404 + else if (strcmp(*argv,"-tls1") == 0)
1.405 + meth=TLSv1_client_method();
1.406 +#endif
1.407 +#ifndef OPENSSL_NO_DTLS1
1.408 + else if (strcmp(*argv,"-dtls1") == 0)
1.409 + {
1.410 + meth=DTLSv1_client_method();
1.411 + sock_type=SOCK_DGRAM;
1.412 + }
1.413 + else if (strcmp(*argv,"-timeout") == 0)
1.414 + enable_timeouts=1;
1.415 + else if (strcmp(*argv,"-mtu") == 0)
1.416 + {
1.417 + if (--argc < 1) goto bad;
1.418 + mtu = atol(*(++argv));
1.419 + }
1.420 +#endif
1.421 + else if (strcmp(*argv,"-bugs") == 0)
1.422 + bugs=1;
1.423 + else if (strcmp(*argv,"-keyform") == 0)
1.424 + {
1.425 + if (--argc < 1) goto bad;
1.426 + key_format = str2fmt(*(++argv));
1.427 + }
1.428 + else if (strcmp(*argv,"-pass") == 0)
1.429 + {
1.430 + if (--argc < 1) goto bad;
1.431 + passarg = *(++argv);
1.432 + }
1.433 + else if (strcmp(*argv,"-key") == 0)
1.434 + {
1.435 + if (--argc < 1) goto bad;
1.436 + key_file= *(++argv);
1.437 + }
1.438 + else if (strcmp(*argv,"-reconnect") == 0)
1.439 + {
1.440 + reconnect=5;
1.441 + }
1.442 + else if (strcmp(*argv,"-CApath") == 0)
1.443 + {
1.444 + if (--argc < 1) goto bad;
1.445 + CApath= *(++argv);
1.446 + }
1.447 + else if (strcmp(*argv,"-CAfile") == 0)
1.448 + {
1.449 + if (--argc < 1) goto bad;
1.450 + CAfile= *(++argv);
1.451 + }
1.452 + else if (strcmp(*argv,"-no_tls1") == 0)
1.453 + off|=SSL_OP_NO_TLSv1;
1.454 + else if (strcmp(*argv,"-no_ssl3") == 0)
1.455 + off|=SSL_OP_NO_SSLv3;
1.456 + else if (strcmp(*argv,"-no_ssl2") == 0)
1.457 + off|=SSL_OP_NO_SSLv2;
1.458 + else if (strcmp(*argv,"-serverpref") == 0)
1.459 + off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
1.460 + else if (strcmp(*argv,"-cipher") == 0)
1.461 + {
1.462 + if (--argc < 1) goto bad;
1.463 + cipher= *(++argv);
1.464 + }
1.465 +#ifdef FIONBIO
1.466 + else if (strcmp(*argv,"-nbio") == 0)
1.467 + { c_nbio=1; }
1.468 +#endif
1.469 + else if (strcmp(*argv,"-starttls") == 0)
1.470 + {
1.471 + if (--argc < 1) goto bad;
1.472 + ++argv;
1.473 + if (strcmp(*argv,"smtp") == 0)
1.474 + starttls_proto = 1;
1.475 + else if (strcmp(*argv,"pop3") == 0)
1.476 + starttls_proto = 2;
1.477 + else
1.478 + goto bad;
1.479 + }
1.480 +#ifndef OPENSSL_NO_ENGINE
1.481 + else if (strcmp(*argv,"-engine") == 0)
1.482 + {
1.483 + if (--argc < 1) goto bad;
1.484 + engine_id = *(++argv);
1.485 + }
1.486 +#endif
1.487 + else if (strcmp(*argv,"-rand") == 0)
1.488 + {
1.489 + if (--argc < 1) goto bad;
1.490 + inrand= *(++argv);
1.491 + }
1.492 + else
1.493 + {
1.494 + BIO_printf(bio_err,"unknown option %s\n",*argv);
1.495 + badop=1;
1.496 + break;
1.497 + }
1.498 + argc--;
1.499 + argv++;
1.500 + }
1.501 + if (badop)
1.502 + {
1.503 +bad:
1.504 + sc_usage();
1.505 + goto end;
1.506 + }
1.507 +
1.508 + OpenSSL_add_ssl_algorithms();
1.509 + SSL_load_error_strings();
1.510 +
1.511 +#ifndef OPENSSL_NO_ENGINE
1.512 + e = setup_engine(bio_err, engine_id, 1);
1.513 +#endif
1.514 + if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
1.515 + {
1.516 + BIO_printf(bio_err, "Error getting password\n");
1.517 + goto end;
1.518 + }
1.519 +
1.520 + if (key_file == NULL)
1.521 + key_file = cert_file;
1.522 +
1.523 +
1.524 + if (key_file)
1.525 +
1.526 + {
1.527 +
1.528 + key = load_key(bio_err, key_file, key_format, 0, pass, e,
1.529 + "client certificate private key file");
1.530 + if (!key)
1.531 + {
1.532 + ERR_print_errors(bio_err);
1.533 + goto end;
1.534 + }
1.535 +
1.536 + }
1.537 +
1.538 + if (cert_file)
1.539 +
1.540 + {
1.541 + cert = load_cert(bio_err,cert_file,cert_format,
1.542 + NULL, e, "client certificate file");
1.543 +
1.544 + if (!cert)
1.545 + {
1.546 + ERR_print_errors(bio_err);
1.547 + goto end;
1.548 + }
1.549 + }
1.550 +
1.551 + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1.552 + && !RAND_status())
1.553 + {
1.554 + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
1.555 + }
1.556 + if (inrand != NULL)
1.557 + BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
1.558 + app_RAND_load_files(inrand));
1.559 +
1.560 + if (bio_c_out == NULL)
1.561 + {
1.562 + if (c_quiet && !c_debug && !c_msg)
1.563 + {
1.564 + bio_c_out=BIO_new(BIO_s_null());
1.565 + }
1.566 + else
1.567 + {
1.568 + if (bio_c_out == NULL)
1.569 + bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
1.570 +
1.571 + }
1.572 + }
1.573 +
1.574 + ctx=SSL_CTX_new(meth);
1.575 + if (ctx == NULL)
1.576 + {
1.577 + ERR_print_errors(bio_err);
1.578 + goto end;
1.579 + }
1.580 +
1.581 + if (bugs)
1.582 + SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
1.583 + else
1.584 + SSL_CTX_set_options(ctx,off);
1.585 + /* DTLS: partial reads end up discarding unread UDP bytes :-(
1.586 + * Setting read ahead solves this problem.
1.587 + */
1.588 + if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
1.589 +
1.590 + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
1.591 + if (cipher != NULL)
1.592 + if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
1.593 + BIO_printf(bio_err,"error setting cipher list\n");
1.594 + ERR_print_errors(bio_err);
1.595 + goto end;
1.596 + }
1.597 +#if 0
1.598 + else
1.599 + SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
1.600 +#endif
1.601 +
1.602 + SSL_CTX_set_verify(ctx,verify,verify_callback);
1.603 + if (!set_cert_key_stuff(ctx,cert,key))
1.604 + goto end;
1.605 +
1.606 + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
1.607 + (!SSL_CTX_set_default_verify_paths(ctx)))
1.608 + {
1.609 + /* BIO_printf(bio_err,"error setting default verify locations\n"); */
1.610 + ERR_print_errors(bio_err);
1.611 + /* goto end; */
1.612 + }
1.613 +
1.614 + store = SSL_CTX_get_cert_store(ctx);
1.615 + X509_STORE_set_flags(store, vflags);
1.616 +
1.617 + con=SSL_new(ctx);
1.618 +#ifndef OPENSSL_NO_KRB5
1.619 + if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
1.620 + {
1.621 + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
1.622 + }
1.623 +#endif /* OPENSSL_NO_KRB5 */
1.624 +/* SSL_set_cipher_list(con,"RC4-MD5"); */
1.625 +
1.626 +re_start:
1.627 +
1.628 + if (init_client(&s,host,port,sock_type) == 0)
1.629 + {
1.630 + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
1.631 + SHUTDOWN(s);
1.632 + goto end;
1.633 + }
1.634 + BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
1.635 +
1.636 +#ifdef FIONBIO
1.637 + if (c_nbio)
1.638 + {
1.639 + unsigned long l=1;
1.640 + BIO_printf(bio_c_out,"turning on non blocking io\n");
1.641 + if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
1.642 + {
1.643 + ERR_print_errors(bio_err);
1.644 + goto end;
1.645 + }
1.646 + }
1.647 +#endif
1.648 + if (c_Pause & 0x01) con->debug=1;
1.649 +
1.650 + if ( SSL_version(con) == DTLS1_VERSION)
1.651 + {
1.652 + struct timeval timeout;
1.653 +
1.654 + sbio=BIO_new_dgram(s,BIO_NOCLOSE);
1.655 + if (getsockname(s, &peer, (void *)&peerlen) < 0)
1.656 + {
1.657 + BIO_printf(bio_err, "getsockname:errno=%d\n",
1.658 + get_last_socket_error());
1.659 + SHUTDOWN(s);
1.660 + goto end;
1.661 + }
1.662 +
1.663 + BIO_ctrl_set_connected(sbio, 1, &peer);
1.664 +
1.665 + if ( enable_timeouts)
1.666 + {
1.667 + timeout.tv_sec = 0;
1.668 + timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1.669 + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1.670 +
1.671 + timeout.tv_sec = 0;
1.672 + timeout.tv_usec = DGRAM_SND_TIMEOUT;
1.673 + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1.674 + }
1.675 +
1.676 + if ( mtu > 0)
1.677 + {
1.678 + SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1.679 + SSL_set_mtu(con, mtu);
1.680 + }
1.681 + else
1.682 + /* want to do MTU discovery */
1.683 + BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1.684 + }
1.685 + else
1.686 + sbio=BIO_new_socket(s,BIO_NOCLOSE);
1.687 +
1.688 +
1.689 +
1.690 + if (nbio_test)
1.691 + {
1.692 + BIO *test;
1.693 +
1.694 + test=BIO_new(BIO_f_nbio_test());
1.695 + sbio=BIO_push(test,sbio);
1.696 + }
1.697 +
1.698 + if (c_debug)
1.699 + {
1.700 + con->debug=1;
1.701 + BIO_set_callback(sbio,bio_dump_callback);
1.702 + BIO_set_callback_arg(sbio,(char*)bio_c_out);
1.703 + }
1.704 + if (c_msg)
1.705 + {
1.706 + SSL_set_msg_callback(con, msg_cb);
1.707 + SSL_set_msg_callback_arg(con, bio_c_out);
1.708 + }
1.709 +
1.710 + SSL_set_bio(con,sbio,sbio);
1.711 + SSL_set_connect_state(con);
1.712 +
1.713 + /* ok, lets connect */
1.714 + width=SSL_get_fd(con)+1;
1.715 +
1.716 + read_tty=1;
1.717 + write_tty=0;
1.718 + tty_on=0;
1.719 + read_ssl=1;
1.720 + write_ssl=1;
1.721 +
1.722 + cbuf_len=0;
1.723 + cbuf_off=0;
1.724 + sbuf_len=0;
1.725 + sbuf_off=0;
1.726 +
1.727 + /* This is an ugly hack that does a lot of assumptions */
1.728 + if (starttls_proto == 1)
1.729 + {
1.730 + BIO_read(sbio,mbuf,BUFSIZZ);
1.731 + BIO_printf(sbio,"STARTTLS\r\n");
1.732 + BIO_read(sbio,sbuf,BUFSIZZ);
1.733 + }
1.734 + if (starttls_proto == 2)
1.735 + {
1.736 + BIO_read(sbio,mbuf,BUFSIZZ);
1.737 + BIO_printf(sbio,"STLS\r\n");
1.738 + BIO_read(sbio,sbuf,BUFSIZZ);
1.739 + }
1.740 +
1.741 + for (;;)
1.742 + {
1.743 + FD_ZERO(&readfds);
1.744 + FD_ZERO(&writefds);
1.745 +
1.746 + if (SSL_in_init(con) && !SSL_total_renegotiations(con))
1.747 + {
1.748 + in_init=1;
1.749 + tty_on=0;
1.750 + }
1.751 + else
1.752 + {
1.753 + tty_on=1;
1.754 + if (in_init)
1.755 + {
1.756 + in_init=0;
1.757 + print_stuff(bio_c_out,con,full_log);
1.758 + if (full_log > 0) full_log--;
1.759 +
1.760 + if (starttls_proto)
1.761 + {
1.762 + BIO_printf(bio_err,"%s",mbuf);
1.763 + /* We don't need to know any more */
1.764 + starttls_proto = 0;
1.765 + }
1.766 +
1.767 + if (reconnect)
1.768 + {
1.769 + reconnect--;
1.770 + BIO_printf(bio_c_out,"drop connection and then reconnect\n");
1.771 + SSL_shutdown(con);
1.772 + SSL_set_connect_state(con);
1.773 + SHUTDOWN(SSL_get_fd(con));
1.774 + goto re_start;
1.775 + }
1.776 + }
1.777 + }
1.778 +
1.779 + ssl_pending = read_ssl && SSL_pending(con);
1.780 +
1.781 + if (!ssl_pending)
1.782 + {
1.783 +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
1.784 + if (tty_on)
1.785 + {
1.786 + if (read_tty) FD_SET(fileno(stdin),&readfds);
1.787 + if (write_tty) FD_SET(fileno(stdout),&writefds);
1.788 +
1.789 + }
1.790 + if (read_ssl)
1.791 + FD_SET(SSL_get_fd(con),&readfds);
1.792 + if (write_ssl)
1.793 + FD_SET(SSL_get_fd(con),&writefds);
1.794 +#else
1.795 + if(!tty_on || !write_tty) {
1.796 + if (read_ssl)
1.797 + FD_SET(SSL_get_fd(con),&readfds);
1.798 + if (write_ssl)
1.799 + FD_SET(SSL_get_fd(con),&writefds);
1.800 + }
1.801 +#endif
1.802 +/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
1.803 + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
1.804 +
1.805 + /* Note: under VMS with SOCKETSHR the second parameter
1.806 + * is currently of type (int *) whereas under other
1.807 + * systems it is (void *) if you don't have a cast it
1.808 + * will choke the compiler: if you do have a cast then
1.809 + * you can either go for (int *) or (void *).
1.810 + */
1.811 +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
1.812 + /* Under Windows/DOS we make the assumption that we can
1.813 + * always write to the tty: therefore if we need to
1.814 + * write to the tty we just fall through. Otherwise
1.815 + * we timeout the select every second and see if there
1.816 + * are any keypresses. Note: this is a hack, in a proper
1.817 + * Windows application we wouldn't do this.
1.818 + */
1.819 + i=0;
1.820 + if(!write_tty) {
1.821 + if(read_tty) {
1.822 + tv.tv_sec = 1;
1.823 + tv.tv_usec = 0;
1.824 + i=select(width,(void *)&readfds,(void *)&writefds,
1.825 + NULL,&tv);
1.826 +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
1.827 + if(!i && (!_kbhit() || !read_tty) ) continue;
1.828 +#else
1.829 + if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
1.830 +#endif
1.831 + } else i=select(width,(void *)&readfds,(void *)&writefds,
1.832 + NULL,NULL);
1.833 + }
1.834 +#elif defined(OPENSSL_SYS_NETWARE)
1.835 + if(!write_tty) {
1.836 + if(read_tty) {
1.837 + tv.tv_sec = 1;
1.838 + tv.tv_usec = 0;
1.839 + i=select(width,(void *)&readfds,(void *)&writefds,
1.840 + NULL,&tv);
1.841 + } else i=select(width,(void *)&readfds,(void *)&writefds,
1.842 + NULL,NULL);
1.843 + }
1.844 +#else
1.845 + i=select(width,(void *)&readfds,(void *)&writefds,
1.846 + NULL,NULL);
1.847 +#endif
1.848 + if ( i < 0)
1.849 + {
1.850 + BIO_printf(bio_err,"bad select %d\n",
1.851 + get_last_socket_error());
1.852 + goto shut;
1.853 + /* goto end; */
1.854 + }
1.855 + }
1.856 +
1.857 + if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
1.858 + {
1.859 + k=SSL_write(con,&(cbuf[cbuf_off]),
1.860 + (unsigned int)cbuf_len);
1.861 + switch (SSL_get_error(con,k))
1.862 + {
1.863 + case SSL_ERROR_NONE:
1.864 + cbuf_off+=k;
1.865 + cbuf_len-=k;
1.866 + if (k <= 0) goto end;
1.867 + /* we have done a write(con,NULL,0); */
1.868 + if (cbuf_len <= 0)
1.869 + {
1.870 + read_tty=1;
1.871 + write_ssl=0;
1.872 + }
1.873 + else /* if (cbuf_len > 0) */
1.874 + {
1.875 + read_tty=0;
1.876 + write_ssl=1;
1.877 + }
1.878 + break;
1.879 + case SSL_ERROR_WANT_WRITE:
1.880 + BIO_printf(bio_c_out,"write W BLOCK\n");
1.881 + write_ssl=1;
1.882 + read_tty=0;
1.883 + break;
1.884 + case SSL_ERROR_WANT_READ:
1.885 + BIO_printf(bio_c_out,"write R BLOCK\n");
1.886 + write_tty=0;
1.887 + read_ssl=1;
1.888 + write_ssl=0;
1.889 + break;
1.890 + case SSL_ERROR_WANT_X509_LOOKUP:
1.891 + BIO_printf(bio_c_out,"write X BLOCK\n");
1.892 + break;
1.893 + case SSL_ERROR_ZERO_RETURN:
1.894 + if (cbuf_len != 0)
1.895 + {
1.896 + BIO_printf(bio_c_out,"shutdown\n");
1.897 + goto shut;
1.898 + }
1.899 + else
1.900 + {
1.901 + read_tty=1;
1.902 + write_ssl=0;
1.903 + break;
1.904 + }
1.905 +
1.906 + case SSL_ERROR_SYSCALL:
1.907 + if ((k != 0) || (cbuf_len != 0))
1.908 + {
1.909 + BIO_printf(bio_err,"write:errno=%d\n",
1.910 + get_last_socket_error());
1.911 + goto shut;
1.912 + }
1.913 + else
1.914 + {
1.915 + read_tty=1;
1.916 + write_ssl=0;
1.917 + }
1.918 + break;
1.919 + case SSL_ERROR_SSL:
1.920 + ERR_print_errors(bio_err);
1.921 + goto shut;
1.922 + }
1.923 + }
1.924 +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1.925 + /* Assume Windows/DOS can always write */
1.926 + else if (!ssl_pending && write_tty)
1.927 +#else
1.928 +
1.929 + else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
1.930 +
1.931 +#endif
1.932 + {
1.933 +#ifdef CHARSET_EBCDIC
1.934 + ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
1.935 +#endif
1.936 +
1.937 + i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
1.938 +
1.939 + if (i <= 0)
1.940 + {
1.941 + BIO_printf(bio_c_out,"DONE\n");
1.942 + goto shut;
1.943 + /* goto end; */
1.944 + }
1.945 +
1.946 + sbuf_len-=i;;
1.947 + sbuf_off+=i;
1.948 + if (sbuf_len <= 0)
1.949 + {
1.950 + read_ssl=1;
1.951 + write_tty=0;
1.952 + }
1.953 + }
1.954 + else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
1.955 + {
1.956 +#ifdef RENEG
1.957 +{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
1.958 +#endif
1.959 +#if 1
1.960 + k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
1.961 +#else
1.962 +/* Demo for pending and peek :-) */
1.963 + k=SSL_read(con,sbuf,16);
1.964 +{ char zbuf[10240];
1.965 +printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
1.966 +
1.967 +}
1.968 +#endif
1.969 +
1.970 + switch (SSL_get_error(con,k))
1.971 + {
1.972 + case SSL_ERROR_NONE:
1.973 + if (k <= 0)
1.974 + goto end;
1.975 + sbuf_off=0;
1.976 + sbuf_len=k;
1.977 +
1.978 + read_ssl=0;
1.979 + write_tty=1;
1.980 + break;
1.981 + case SSL_ERROR_WANT_WRITE:
1.982 + BIO_printf(bio_c_out,"read W BLOCK\n");
1.983 + write_ssl=1;
1.984 + read_tty=0;
1.985 + break;
1.986 + case SSL_ERROR_WANT_READ:
1.987 + BIO_printf(bio_c_out,"read R BLOCK\n");
1.988 + write_tty=0;
1.989 + read_ssl=1;
1.990 + if ((read_tty == 0) && (write_ssl == 0))
1.991 + write_ssl=1;
1.992 + break;
1.993 + case SSL_ERROR_WANT_X509_LOOKUP:
1.994 + BIO_printf(bio_c_out,"read X BLOCK\n");
1.995 + break;
1.996 + case SSL_ERROR_SYSCALL:
1.997 + BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
1.998 + goto shut;
1.999 + case SSL_ERROR_ZERO_RETURN:
1.1000 + BIO_printf(bio_c_out,"closed\n");
1.1001 + goto shut;
1.1002 + case SSL_ERROR_SSL:
1.1003 + ERR_print_errors(bio_err);
1.1004 + goto shut;
1.1005 + /* break; */
1.1006 + }
1.1007 + }
1.1008 +
1.1009 +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
1.1010 +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
1.1011 + else if (_kbhit())
1.1012 +#else
1.1013 + else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
1.1014 +#endif
1.1015 +#elif defined (OPENSSL_SYS_NETWARE)
1.1016 + else if (_kbhit())
1.1017 +#else
1.1018 + else if (FD_ISSET(fileno(stdin),&readfds))
1.1019 +
1.1020 +#endif
1.1021 + {
1.1022 + if (crlf)
1.1023 + {
1.1024 + int j, lf_num;
1.1025 + i=read(fileno(stdin),cbuf,BUFSIZZ/2);
1.1026 +
1.1027 + lf_num = 0;
1.1028 + /* both loops are skipped when i <= 0 */
1.1029 + for (j = 0; j < i; j++)
1.1030 + if (cbuf[j] == '\n')
1.1031 + lf_num++;
1.1032 + for (j = i-1; j >= 0; j--)
1.1033 + {
1.1034 + cbuf[j+lf_num] = cbuf[j];
1.1035 + if (cbuf[j] == '\n')
1.1036 + {
1.1037 + lf_num--;
1.1038 + i++;
1.1039 + cbuf[j+lf_num] = '\r';
1.1040 + }
1.1041 + }
1.1042 + assert(lf_num == 0);
1.1043 + }
1.1044 + else
1.1045 + i=read(fileno(stdin),cbuf,BUFSIZZ);
1.1046 +
1.1047 + if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
1.1048 + {
1.1049 + BIO_printf(bio_err,"DONE\n");
1.1050 + goto shut;
1.1051 + }
1.1052 +
1.1053 + if ((!c_ign_eof) && (cbuf[0] == 'R'))
1.1054 + {
1.1055 + BIO_printf(bio_err,"RENEGOTIATING\n");
1.1056 + SSL_renegotiate(con);
1.1057 + cbuf_len=0;
1.1058 + }
1.1059 + else
1.1060 + {
1.1061 + cbuf_len=i;
1.1062 + cbuf_off=0;
1.1063 +#ifdef CHARSET_EBCDIC
1.1064 + ebcdic2ascii(cbuf, cbuf, i);
1.1065 +#endif
1.1066 + }
1.1067 +
1.1068 + write_ssl=1;
1.1069 + read_tty=0;
1.1070 + }
1.1071 + }
1.1072 +shut:
1.1073 + SSL_shutdown(con);
1.1074 + SHUTDOWN(SSL_get_fd(con));
1.1075 + ret=0;
1.1076 +end:
1.1077 + if(prexit) print_stuff(bio_c_out,con,1);
1.1078 + if (con != NULL) SSL_free(con);
1.1079 + if (con2 != NULL) SSL_free(con2);
1.1080 + if (ctx != NULL) SSL_CTX_free(ctx);
1.1081 + if (cert)
1.1082 + X509_free(cert);
1.1083 + if (key)
1.1084 + EVP_PKEY_free(key);
1.1085 + if (pass)
1.1086 + OPENSSL_free(pass);
1.1087 + if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
1.1088 + if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
1.1089 + if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
1.1090 + if (bio_c_out != NULL)
1.1091 + {
1.1092 + BIO_free(bio_c_out);
1.1093 + bio_c_out=NULL;
1.1094 + }
1.1095 + apps_shutdown();
1.1096 + OPENSSL_EXIT(ret);
1.1097 + }
1.1098 +
1.1099 +
1.1100 +static void print_stuff(BIO *bio, SSL *s, int full)
1.1101 + {
1.1102 + X509 *peer=NULL;
1.1103 + char *p;
1.1104 + static const char *space=" ";
1.1105 + char buf[BUFSIZ];
1.1106 + STACK_OF(X509) *sk;
1.1107 + STACK_OF(X509_NAME) *sk2;
1.1108 + SSL_CIPHER *c;
1.1109 + X509_NAME *xn;
1.1110 + int j,i;
1.1111 +#ifndef OPENSSL_NO_COMP
1.1112 + const COMP_METHOD *comp, *expansion;
1.1113 +#endif
1.1114 +
1.1115 + if (full)
1.1116 + {
1.1117 + int got_a_chain = 0;
1.1118 +
1.1119 + sk=SSL_get_peer_cert_chain(s);
1.1120 + if (sk != NULL)
1.1121 + {
1.1122 + got_a_chain = 1; /* we don't have it for SSL2 (yet) */
1.1123 +
1.1124 + BIO_printf(bio,"---\nCertificate chain\n");
1.1125 + for (i=0; i<sk_X509_num(sk); i++)
1.1126 + {
1.1127 + X509_NAME_oneline(X509_get_subject_name(
1.1128 + sk_X509_value(sk,i)),buf,sizeof buf);
1.1129 + BIO_printf(bio,"%2d s:%s\n",i,buf);
1.1130 + X509_NAME_oneline(X509_get_issuer_name(
1.1131 + sk_X509_value(sk,i)),buf,sizeof buf);
1.1132 + BIO_printf(bio," i:%s\n",buf);
1.1133 + if (c_showcerts)
1.1134 + PEM_write_bio_X509(bio,sk_X509_value(sk,i));
1.1135 + }
1.1136 + }
1.1137 +
1.1138 + BIO_printf(bio,"---\n");
1.1139 + peer=SSL_get_peer_certificate(s);
1.1140 + if (peer != NULL)
1.1141 + {
1.1142 + BIO_printf(bio,"Server certificate\n");
1.1143 + if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
1.1144 + PEM_write_bio_X509(bio,peer);
1.1145 + X509_NAME_oneline(X509_get_subject_name(peer),
1.1146 + buf,sizeof buf);
1.1147 + BIO_printf(bio,"subject=%s\n",buf);
1.1148 + X509_NAME_oneline(X509_get_issuer_name(peer),
1.1149 + buf,sizeof buf);
1.1150 + BIO_printf(bio,"issuer=%s\n",buf);
1.1151 + }
1.1152 + else
1.1153 + BIO_printf(bio,"no peer certificate available\n");
1.1154 +
1.1155 + sk2=SSL_get_client_CA_list(s);
1.1156 + if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
1.1157 + {
1.1158 + BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
1.1159 + for (i=0; i<sk_X509_NAME_num(sk2); i++)
1.1160 + {
1.1161 + xn=sk_X509_NAME_value(sk2,i);
1.1162 + X509_NAME_oneline(xn,buf,sizeof(buf));
1.1163 + BIO_write(bio,buf,strlen(buf));
1.1164 + BIO_write(bio,"\n",1);
1.1165 + }
1.1166 + }
1.1167 + else
1.1168 + {
1.1169 + BIO_printf(bio,"---\nNo client certificate CA names sent\n");
1.1170 + }
1.1171 + p=SSL_get_shared_ciphers(s,buf,sizeof buf);
1.1172 + if (p != NULL)
1.1173 + {
1.1174 + /* This works only for SSL 2. In later protocol
1.1175 + * versions, the client does not know what other
1.1176 + * ciphers (in addition to the one to be used
1.1177 + * in the current connection) the server supports. */
1.1178 +
1.1179 + BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
1.1180 + j=i=0;
1.1181 + while (*p)
1.1182 + {
1.1183 + if (*p == ':')
1.1184 + {
1.1185 + BIO_write(bio,space,15-j%25);
1.1186 + i++;
1.1187 + j=0;
1.1188 + BIO_write(bio,((i%3)?" ":"\n"),1);
1.1189 + }
1.1190 + else
1.1191 + {
1.1192 + BIO_write(bio,p,1);
1.1193 + j++;
1.1194 + }
1.1195 + p++;
1.1196 + }
1.1197 + BIO_write(bio,"\n",1);
1.1198 + }
1.1199 +
1.1200 + BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
1.1201 + BIO_number_read(SSL_get_rbio(s)),
1.1202 + BIO_number_written(SSL_get_wbio(s)));
1.1203 + }
1.1204 + BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
1.1205 + c=SSL_get_current_cipher(s);
1.1206 + BIO_printf(bio,"%s, Cipher is %s\n",
1.1207 + SSL_CIPHER_get_version(c),
1.1208 + SSL_CIPHER_get_name(c));
1.1209 + if (peer != NULL) {
1.1210 + EVP_PKEY *pktmp;
1.1211 + pktmp = X509_get_pubkey(peer);
1.1212 + BIO_printf(bio,"Server public key is %d bit\n",
1.1213 + EVP_PKEY_bits(pktmp));
1.1214 + EVP_PKEY_free(pktmp);
1.1215 + }
1.1216 +#ifndef OPENSSL_NO_COMP
1.1217 + comp=SSL_get_current_compression(s);
1.1218 + expansion=SSL_get_current_expansion(s);
1.1219 + BIO_printf(bio,"Compression: %s\n",
1.1220 + comp ? SSL_COMP_get_name(comp) : "NONE");
1.1221 + BIO_printf(bio,"Expansion: %s\n",
1.1222 + expansion ? SSL_COMP_get_name(expansion) : "NONE");
1.1223 +#endif
1.1224 + SSL_SESSION_print(bio,SSL_get_session(s));
1.1225 + BIO_printf(bio,"---\n");
1.1226 + if (peer != NULL)
1.1227 + X509_free(peer);
1.1228 + /* flush, or debugging output gets mixed with http response */
1.1229 + BIO_flush(bio);
1.1230 + }
1.1231 +