1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/tsrc/topenssl/src/s_client.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,1366 @@
1.4 +/* apps/s_client.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +/* ====================================================================
1.62 + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
1.63 + *
1.64 + * Redistribution and use in source and binary forms, with or without
1.65 + * modification, are permitted provided that the following conditions
1.66 + * are met:
1.67 + *
1.68 + * 1. Redistributions of source code must retain the above copyright
1.69 + * notice, this list of conditions and the following disclaimer.
1.70 + *
1.71 + * 2. Redistributions in binary form must reproduce the above copyright
1.72 + * notice, this list of conditions and the following disclaimer in
1.73 + * the documentation and/or other materials provided with the
1.74 + * distribution.
1.75 + *
1.76 + * 3. All advertising materials mentioning features or use of this
1.77 + * software must display the following acknowledgment:
1.78 + * "This product includes software developed by the OpenSSL Project
1.79 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1.80 + *
1.81 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.82 + * endorse or promote products derived from this software without
1.83 + * prior written permission. For written permission, please contact
1.84 + * openssl-core@openssl.org.
1.85 + *
1.86 + * 5. Products derived from this software may not be called "OpenSSL"
1.87 + * nor may "OpenSSL" appear in their names without prior written
1.88 + * permission of the OpenSSL Project.
1.89 + *
1.90 + * 6. Redistributions of any form whatsoever must retain the following
1.91 + * acknowledgment:
1.92 + * "This product includes software developed by the OpenSSL Project
1.93 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1.94 + *
1.95 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.96 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.97 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.98 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.99 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.100 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.101 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.102 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.103 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.104 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.105 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.106 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.107 + * ====================================================================
1.108 + *
1.109 + * This product includes cryptographic software written by Eric Young
1.110 + * (eay@cryptsoft.com). This product includes software written by Tim
1.111 + * Hudson (tjh@cryptsoft.com).
1.112 + *
1.113 + */
1.114 +
1.115 +#include <assert.h>
1.116 +#include <stdio.h>
1.117 +#include <stdlib.h>
1.118 +#include <string.h>
1.119 +#include <sys/select.h>
1.120 +#include <openssl/e_os2.h>
1.121 +#ifdef OPENSSL_NO_STDIO
1.122 +#define APPS_WIN16
1.123 +#endif
1.124 +
1.125 +/* With IPv6, it looks like Digital has mixed up the proper order of
1.126 + recursive header file inclusion, resulting in the compiler complaining
1.127 + that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
1.128 + is needed to have fileno() declared correctly... So let's define u_int */
1.129 +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
1.130 +#define __U_INT
1.131 +typedef unsigned int u_int;
1.132 +#endif
1.133 +
1.134 +#define USE_SOCKETS
1.135 +#include "apps.h"
1.136 +#include <openssl/x509.h>
1.137 +#include <openssl/ssl.h>
1.138 +#include <openssl/err.h>
1.139 +#include <openssl/pem.h>
1.140 +#include <openssl/rand.h>
1.141 +#include "s_apps.h"
1.142 +#include "timeouts.h"
1.143 +
1.144 +#ifdef OPENSSL_SYS_WINCE
1.145 +/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
1.146 +#ifdef fileno
1.147 +#undef fileno
1.148 +#endif
1.149 +#define fileno(a) (int)_fileno(a)
1.150 +#endif
1.151 +
1.152 +
1.153 +#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
1.154 +/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
1.155 +#undef FIONBIO
1.156 +#endif
1.157 +
1.158 +#undef PROG
1.159 +#define PROG s_client_main
1.160 +
1.161 +/*#define SSL_HOST_NAME "www.netscape.com" */
1.162 +/*#define SSL_HOST_NAME "193.118.187.102" */
1.163 +#define SSL_HOST_NAME "localhost"
1.164 +
1.165 +/*#define TEST_CERT "client.pem" */ /* no default cert. */
1.166 +
1.167 +#undef BUFSIZZ
1.168 +#define BUFSIZZ 1024*8
1.169 +
1.170 +extern int verify_depth;
1.171 +extern int verify_error;
1.172 +
1.173 +#ifdef FIONBIO
1.174 +static int c_nbio=0;
1.175 +#endif
1.176 +static int c_Pause=0;
1.177 +static int c_debug=0;
1.178 +static int c_msg=0;
1.179 +static int c_showcerts=0;
1.180 +
1.181 +static void sc_usage(void);
1.182 +static void print_stuff(BIO *berr,SSL *con,int full);
1.183 +static BIO *bio_c_out=NULL;
1.184 +static int c_quiet=0;
1.185 +static int c_ign_eof=0;
1.186 +
1.187 +
1.188 +static void sc_usage(void)
1.189 + {
1.190 + BIO_printf(bio_err,"usage: s_client args\n");
1.191 + BIO_printf(bio_err,"\n");
1.192 + BIO_printf(bio_err," -host host - use -connect instead\n");
1.193 + BIO_printf(bio_err," -port port - use -connect instead\n");
1.194 + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
1.195 +
1.196 + BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
1.197 + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
1.198 + BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
1.199 + BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
1.200 + BIO_printf(bio_err," not specified but cert file is.\n");
1.201 + BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
1.202 + BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
1.203 + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
1.204 + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
1.205 + BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
1.206 + BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
1.207 + BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
1.208 + BIO_printf(bio_err," -debug - extra output\n");
1.209 +#ifdef WATT32
1.210 + BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
1.211 +#endif
1.212 + BIO_printf(bio_err," -msg - Show protocol messages\n");
1.213 + BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
1.214 + BIO_printf(bio_err," -state - print the 'ssl' states\n");
1.215 +#ifdef FIONBIO
1.216 + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
1.217 +#endif
1.218 + BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
1.219 + BIO_printf(bio_err," -quiet - no s_client output\n");
1.220 + BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
1.221 + BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
1.222 + BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
1.223 + BIO_printf(bio_err," -tls1 - just use TLSv1\n");
1.224 + BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
1.225 + BIO_printf(bio_err," -mtu - set the MTU\n");
1.226 + BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
1.227 + BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
1.228 + BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
1.229 + BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
1.230 + BIO_printf(bio_err," command to see what is available\n");
1.231 + BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
1.232 + BIO_printf(bio_err," for those protocols that support it, where\n");
1.233 + BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
1.234 + BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
1.235 +#ifndef OPENSSL_NO_ENGINE
1.236 + BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
1.237 +#endif
1.238 + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
1.239 + BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
1.240 + BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
1.241 + }
1.242 +
1.243 +enum
1.244 +{
1.245 + PROTO_OFF = 0,
1.246 + PROTO_SMTP,
1.247 + PROTO_POP3,
1.248 + PROTO_IMAP,
1.249 + PROTO_FTP
1.250 +};
1.251 +
1.252 +int MAIN(int, char **);
1.253 +
1.254 +int MAIN(int argc, char **argv)
1.255 + {
1.256 + int off=0;
1.257 + SSL *con=NULL,*con2=NULL;
1.258 + X509_STORE *store = NULL;
1.259 + int s,k,width,state=0;
1.260 + char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
1.261 + int cbuf_len,cbuf_off;
1.262 + int sbuf_len,sbuf_off;
1.263 + fd_set readfds,writefds;
1.264 + short port=PORT;
1.265 + int full_log=1;
1.266 + char *host=SSL_HOST_NAME;
1.267 + char *cert_file=NULL,*key_file=NULL;
1.268 + int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
1.269 + char *passarg = NULL, *pass = NULL;
1.270 + X509 *cert = NULL;
1.271 + EVP_PKEY *key = NULL;
1.272 + char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
1.273 + int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
1.274 + int crlf=0;
1.275 + int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
1.276 + SSL_CTX *ctx=NULL;
1.277 + int ret=1,in_init=1,i,nbio_test=0;
1.278 + int starttls_proto = PROTO_OFF;
1.279 + int prexit = 0, vflags = 0;
1.280 + SSL_METHOD *meth=NULL;
1.281 +#ifdef sock_type
1.282 +#undef sock_type
1.283 +#endif
1.284 + int sock_type=SOCK_STREAM;
1.285 + BIO *sbio;
1.286 + char *inrand=NULL;
1.287 + int mbuf_len=0;
1.288 +#ifndef OPENSSL_NO_ENGINE
1.289 + char *engine_id=NULL;
1.290 + ENGINE *e=NULL;
1.291 +#endif
1.292 +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1.293 + struct timeval tv;
1.294 +#endif
1.295 +
1.296 + char *sess_in = NULL;
1.297 + char *sess_out = NULL;
1.298 + struct sockaddr peer;
1.299 + int peerlen = sizeof(peer);
1.300 + int enable_timeouts = 0 ;
1.301 + long mtu = 0;
1.302 +
1.303 +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
1.304 + meth=SSLv23_client_method();
1.305 +#elif !defined(OPENSSL_NO_SSL3)
1.306 + meth=SSLv3_client_method();
1.307 +#elif !defined(OPENSSL_NO_SSL2)
1.308 + meth=SSLv2_client_method();
1.309 +#endif
1.310 +
1.311 + apps_startup();
1.312 + c_Pause=0;
1.313 + c_quiet=0;
1.314 + c_ign_eof=0;
1.315 + c_debug=0;
1.316 + c_msg=0;
1.317 + c_showcerts=0;
1.318 +
1.319 + if (bio_err == NULL)
1.320 + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
1.321 +
1.322 + if (!load_config(bio_err, NULL))
1.323 + goto end;
1.324 +
1.325 + if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
1.326 + ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
1.327 + ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
1.328 + {
1.329 + BIO_printf(bio_err,"out of memory\n");
1.330 + goto end;
1.331 + }
1.332 +
1.333 + verify_depth=0;
1.334 + verify_error=X509_V_OK;
1.335 +#ifdef FIONBIO
1.336 + c_nbio=0;
1.337 +#endif
1.338 +
1.339 + argc--;
1.340 + argv++;
1.341 + while (argc >= 1)
1.342 + {
1.343 + if (strcmp(*argv,"-host") == 0)
1.344 + {
1.345 + if (--argc < 1) goto bad;
1.346 + host= *(++argv);
1.347 + }
1.348 + else if (strcmp(*argv,"-port") == 0)
1.349 + {
1.350 + if (--argc < 1) goto bad;
1.351 + port=atoi(*(++argv));
1.352 + if (port == 0) goto bad;
1.353 + }
1.354 + else if (strcmp(*argv,"-connect") == 0)
1.355 + {
1.356 + if (--argc < 1) goto bad;
1.357 + if (!extract_host_port(*(++argv),&host,NULL,&port))
1.358 + goto bad;
1.359 + }
1.360 + else if (strcmp(*argv,"-verify") == 0)
1.361 + {
1.362 + verify=SSL_VERIFY_PEER;
1.363 + if (--argc < 1) goto bad;
1.364 + verify_depth=atoi(*(++argv));
1.365 + BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
1.366 + }
1.367 + else if (strcmp(*argv,"-cert") == 0)
1.368 + {
1.369 + if (--argc < 1) goto bad;
1.370 + cert_file= *(++argv);
1.371 + }
1.372 + else if (strcmp(*argv,"-sess_out") == 0)
1.373 + {
1.374 + if (--argc < 1) goto bad;
1.375 + sess_out = *(++argv);
1.376 + }
1.377 + else if (strcmp(*argv,"-sess_in") == 0)
1.378 + {
1.379 + if (--argc < 1) goto bad;
1.380 + sess_in = *(++argv);
1.381 + }
1.382 + else if (strcmp(*argv,"-certform") == 0)
1.383 + {
1.384 + if (--argc < 1) goto bad;
1.385 + cert_format = str2fmt(*(++argv));
1.386 + }
1.387 + else if (strcmp(*argv,"-crl_check") == 0)
1.388 + vflags |= X509_V_FLAG_CRL_CHECK;
1.389 + else if (strcmp(*argv,"-crl_check_all") == 0)
1.390 + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
1.391 + else if (strcmp(*argv,"-prexit") == 0)
1.392 + prexit=1;
1.393 + else if (strcmp(*argv,"-crlf") == 0)
1.394 + crlf=1;
1.395 + else if (strcmp(*argv,"-quiet") == 0)
1.396 + {
1.397 + c_quiet=1;
1.398 + c_ign_eof=1;
1.399 + }
1.400 + else if (strcmp(*argv,"-ign_eof") == 0)
1.401 + c_ign_eof=1;
1.402 + else if (strcmp(*argv,"-pause") == 0)
1.403 + c_Pause=1;
1.404 + else if (strcmp(*argv,"-debug") == 0)
1.405 + c_debug=1;
1.406 +#ifdef WATT32
1.407 + else if (strcmp(*argv,"-wdebug") == 0)
1.408 + dbug_init();
1.409 +#endif
1.410 + else if (strcmp(*argv,"-msg") == 0)
1.411 + c_msg=1;
1.412 + else if (strcmp(*argv,"-showcerts") == 0)
1.413 + c_showcerts=1;
1.414 + else if (strcmp(*argv,"-nbio_test") == 0)
1.415 + nbio_test=1;
1.416 + else if (strcmp(*argv,"-state") == 0)
1.417 + state=1;
1.418 +#ifndef OPENSSL_NO_SSL2
1.419 + else if (strcmp(*argv,"-ssl2") == 0)
1.420 + meth=SSLv2_client_method();
1.421 +#endif
1.422 +#ifndef OPENSSL_NO_SSL3
1.423 + else if (strcmp(*argv,"-ssl3") == 0)
1.424 + meth=SSLv3_client_method();
1.425 +#endif
1.426 +#ifndef OPENSSL_NO_TLS1
1.427 + else if (strcmp(*argv,"-tls1") == 0)
1.428 + meth=TLSv1_client_method();
1.429 +#endif
1.430 +#ifndef OPENSSL_NO_DTLS1
1.431 + else if (strcmp(*argv,"-dtls1") == 0)
1.432 + {
1.433 + meth=DTLSv1_client_method();
1.434 + sock_type=SOCK_DGRAM;
1.435 + }
1.436 + else if (strcmp(*argv,"-timeout") == 0)
1.437 + enable_timeouts=1;
1.438 + else if (strcmp(*argv,"-mtu") == 0)
1.439 + {
1.440 + if (--argc < 1) goto bad;
1.441 + mtu = atol(*(++argv));
1.442 + }
1.443 +#endif
1.444 + else if (strcmp(*argv,"-bugs") == 0)
1.445 + bugs=1;
1.446 + else if (strcmp(*argv,"-keyform") == 0)
1.447 + {
1.448 + if (--argc < 1) goto bad;
1.449 + key_format = str2fmt(*(++argv));
1.450 + }
1.451 + else if (strcmp(*argv,"-pass") == 0)
1.452 + {
1.453 + if (--argc < 1) goto bad;
1.454 + passarg = *(++argv);
1.455 + }
1.456 + else if (strcmp(*argv,"-key") == 0)
1.457 + {
1.458 + if (--argc < 1) goto bad;
1.459 + key_file= *(++argv);
1.460 + }
1.461 + else if (strcmp(*argv,"-reconnect") == 0)
1.462 + {
1.463 + reconnect=5;
1.464 + }
1.465 + else if (strcmp(*argv,"-CApath") == 0)
1.466 + {
1.467 + if (--argc < 1) goto bad;
1.468 + CApath= *(++argv);
1.469 + }
1.470 + else if (strcmp(*argv,"-CAfile") == 0)
1.471 + {
1.472 + if (--argc < 1) goto bad;
1.473 + CAfile= *(++argv);
1.474 + }
1.475 + else if (strcmp(*argv,"-no_tls1") == 0)
1.476 + off|=SSL_OP_NO_TLSv1;
1.477 + else if (strcmp(*argv,"-no_ssl3") == 0)
1.478 + off|=SSL_OP_NO_SSLv3;
1.479 + else if (strcmp(*argv,"-no_ssl2") == 0)
1.480 + off|=SSL_OP_NO_SSLv2;
1.481 + else if (strcmp(*argv,"-serverpref") == 0)
1.482 + off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
1.483 + else if (strcmp(*argv,"-cipher") == 0)
1.484 + {
1.485 + if (--argc < 1) goto bad;
1.486 + cipher= *(++argv);
1.487 + }
1.488 +#ifdef FIONBIO
1.489 + else if (strcmp(*argv,"-nbio") == 0)
1.490 + { c_nbio=1; }
1.491 +#endif
1.492 + else if (strcmp(*argv,"-starttls") == 0)
1.493 + {
1.494 + if (--argc < 1) goto bad;
1.495 + ++argv;
1.496 + if (strcmp(*argv,"smtp") == 0)
1.497 + starttls_proto = PROTO_SMTP;
1.498 + else if (strcmp(*argv,"pop3") == 0)
1.499 + starttls_proto = PROTO_POP3;
1.500 + else if (strcmp(*argv,"imap") == 0)
1.501 + starttls_proto = PROTO_IMAP;
1.502 + else if (strcmp(*argv,"ftp") == 0)
1.503 + starttls_proto = PROTO_FTP;
1.504 + else
1.505 + goto bad;
1.506 + }
1.507 +#ifndef OPENSSL_NO_ENGINE
1.508 + else if (strcmp(*argv,"-engine") == 0)
1.509 + {
1.510 + if (--argc < 1) goto bad;
1.511 + engine_id = *(++argv);
1.512 + }
1.513 +#endif
1.514 + else if (strcmp(*argv,"-rand") == 0)
1.515 + {
1.516 + if (--argc < 1) goto bad;
1.517 + inrand= *(++argv);
1.518 + }
1.519 +
1.520 + else
1.521 + {
1.522 + BIO_printf(bio_err,"unknown option %s\n",*argv);
1.523 + badop=1;
1.524 + break;
1.525 + }
1.526 + argc--;
1.527 + argv++;
1.528 + }
1.529 + if (badop)
1.530 + {
1.531 +bad:
1.532 + sc_usage();
1.533 + goto end;
1.534 + }
1.535 +
1.536 + OpenSSL_add_ssl_algorithms();
1.537 + SSL_load_error_strings();
1.538 +
1.539 +#ifndef OPENSSL_NO_ENGINE
1.540 + e = setup_engine(bio_err, engine_id, 1);
1.541 +#endif
1.542 + if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
1.543 + {
1.544 + BIO_printf(bio_err, "Error getting password\n");
1.545 + goto end;
1.546 + }
1.547 +
1.548 + if (key_file == NULL)
1.549 + key_file = cert_file;
1.550 +
1.551 +
1.552 + if (key_file)
1.553 +
1.554 + {
1.555 +
1.556 + key = load_key(bio_err, key_file, key_format, 0, pass, e,
1.557 + "client certificate private key file");
1.558 + if (!key)
1.559 + {
1.560 + ERR_print_errors(bio_err);
1.561 + goto end;
1.562 + }
1.563 +
1.564 + }
1.565 +
1.566 + if (cert_file)
1.567 +
1.568 + {
1.569 + cert = load_cert(bio_err,cert_file,cert_format,
1.570 + NULL, e, "client certificate file");
1.571 +
1.572 + if (!cert)
1.573 + {
1.574 + ERR_print_errors(bio_err);
1.575 + goto end;
1.576 + }
1.577 + }
1.578 +
1.579 + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1.580 + && !RAND_status())
1.581 + {
1.582 + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
1.583 + }
1.584 + if (inrand != NULL)
1.585 + BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
1.586 + app_RAND_load_files(inrand));
1.587 +
1.588 + if (bio_c_out == NULL)
1.589 + {
1.590 + if (c_quiet && !c_debug && !c_msg)
1.591 + {
1.592 + bio_c_out=BIO_new(BIO_s_null());
1.593 + }
1.594 + else
1.595 + {
1.596 + if (bio_c_out == NULL)
1.597 + bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
1.598 +
1.599 + }
1.600 + }
1.601 +
1.602 + ctx=SSL_CTX_new(meth);
1.603 + if (ctx == NULL)
1.604 + {
1.605 + ERR_print_errors(bio_err);
1.606 + goto end;
1.607 + }
1.608 +
1.609 + if (bugs)
1.610 + SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
1.611 + else
1.612 + SSL_CTX_set_options(ctx,off);
1.613 + /* DTLS: partial reads end up discarding unread UDP bytes :-(
1.614 + * Setting read ahead solves this problem.
1.615 + */
1.616 + if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
1.617 +
1.618 + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
1.619 + if (cipher != NULL)
1.620 + if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
1.621 + BIO_printf(bio_err,"error setting cipher list\n");
1.622 + ERR_print_errors(bio_err);
1.623 + goto end;
1.624 + }
1.625 +#if 0
1.626 + else
1.627 + SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
1.628 +#endif
1.629 +
1.630 + SSL_CTX_set_verify(ctx,verify,verify_callback);
1.631 + if (!set_cert_key_stuff(ctx,cert,key))
1.632 + goto end;
1.633 +
1.634 + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
1.635 + (!SSL_CTX_set_default_verify_paths(ctx)))
1.636 + {
1.637 + /* BIO_printf(bio_err,"error setting default verify locations\n"); */
1.638 + ERR_print_errors(bio_err);
1.639 + /* goto end; */
1.640 + }
1.641 +
1.642 + store = SSL_CTX_get_cert_store(ctx);
1.643 + X509_STORE_set_flags(store, vflags);
1.644 +
1.645 + con=SSL_new(ctx);
1.646 + if (sess_in)
1.647 + {
1.648 + SSL_SESSION *sess;
1.649 + BIO *stmp = BIO_new_file(sess_in, "r");
1.650 + if (!stmp)
1.651 + {
1.652 + BIO_printf(bio_err, "Can't open session file %s\n",
1.653 + sess_in);
1.654 + ERR_print_errors(bio_err);
1.655 + goto end;
1.656 + }
1.657 + sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
1.658 + BIO_free(stmp);
1.659 + if (!sess)
1.660 + {
1.661 + BIO_printf(bio_err, "Can't open session file %s\n",
1.662 + sess_in);
1.663 + ERR_print_errors(bio_err);
1.664 + goto end;
1.665 + }
1.666 + SSL_set_session(con, sess);
1.667 + SSL_SESSION_free(sess);
1.668 + }
1.669 +
1.670 +#ifndef OPENSSL_NO_KRB5
1.671 + if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
1.672 + {
1.673 + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
1.674 + }
1.675 +#endif /* OPENSSL_NO_KRB5 */
1.676 +/* SSL_set_cipher_list(con,"RC4-MD5"); */
1.677 +
1.678 +re_start:
1.679 +
1.680 + if (init_client(&s,host,port,sock_type) == 0)
1.681 + {
1.682 + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
1.683 + SHUTDOWN(s);
1.684 + goto end;
1.685 + }
1.686 + BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
1.687 +
1.688 +#ifdef FIONBIO
1.689 + if (c_nbio)
1.690 + {
1.691 + unsigned long l=1;
1.692 + BIO_printf(bio_c_out,"turning on non blocking io\n");
1.693 + if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
1.694 + {
1.695 + ERR_print_errors(bio_err);
1.696 + goto end;
1.697 + }
1.698 + }
1.699 +#endif
1.700 + if (c_Pause & 0x01) con->debug=1;
1.701 +
1.702 + if ( SSL_version(con) == DTLS1_VERSION)
1.703 + {
1.704 + struct timeval timeout;
1.705 +
1.706 + sbio=BIO_new_dgram(s,BIO_NOCLOSE);
1.707 + if (getsockname(s, &peer, (void *)&peerlen) < 0)
1.708 + {
1.709 + BIO_printf(bio_err, "getsockname:errno=%d\n",
1.710 + get_last_socket_error());
1.711 + SHUTDOWN(s);
1.712 + goto end;
1.713 + }
1.714 +
1.715 + (void)BIO_ctrl_set_connected(sbio, 1, &peer);
1.716 +
1.717 + if ( enable_timeouts)
1.718 + {
1.719 + timeout.tv_sec = 0;
1.720 + timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1.721 + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1.722 +
1.723 + timeout.tv_sec = 0;
1.724 + timeout.tv_usec = DGRAM_SND_TIMEOUT;
1.725 + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1.726 + }
1.727 +
1.728 + if ( mtu > 0)
1.729 + {
1.730 + SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1.731 + SSL_set_mtu(con, mtu);
1.732 + }
1.733 + else
1.734 + /* want to do MTU discovery */
1.735 + BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1.736 + }
1.737 + else
1.738 + sbio=BIO_new_socket(s,BIO_NOCLOSE);
1.739 +
1.740 +
1.741 +
1.742 + if (nbio_test)
1.743 + {
1.744 + BIO *test;
1.745 +
1.746 + test=BIO_new(BIO_f_nbio_test());
1.747 + sbio=BIO_push(test,sbio);
1.748 + }
1.749 +
1.750 + if (c_debug)
1.751 + {
1.752 + con->debug=1;
1.753 + BIO_set_callback(sbio,bio_dump_callback);
1.754 + BIO_set_callback_arg(sbio,(char *)bio_c_out);
1.755 + }
1.756 + if (c_msg)
1.757 + {
1.758 + SSL_set_msg_callback(con, msg_cb);
1.759 + SSL_set_msg_callback_arg(con, bio_c_out);
1.760 + }
1.761 +
1.762 + SSL_set_bio(con,sbio,sbio);
1.763 + SSL_set_connect_state(con);
1.764 +
1.765 + /* ok, lets connect */
1.766 + width=SSL_get_fd(con)+1;
1.767 +
1.768 + read_tty=1;
1.769 + write_tty=0;
1.770 + tty_on=0;
1.771 + read_ssl=1;
1.772 + write_ssl=1;
1.773 +
1.774 + cbuf_len=0;
1.775 + cbuf_off=0;
1.776 + sbuf_len=0;
1.777 + sbuf_off=0;
1.778 +
1.779 + /* This is an ugly hack that does a lot of assumptions */
1.780 + /* We do have to handle multi-line responses which may come
1.781 + in a single packet or not. We therefore have to use
1.782 + BIO_gets() which does need a buffering BIO. So during
1.783 + the initial chitchat we do push a buffering BIO into the
1.784 + chain that is removed again later on to not disturb the
1.785 + rest of the s_client operation. */
1.786 + if (starttls_proto == PROTO_SMTP)
1.787 + {
1.788 + int foundit=0;
1.789 + BIO *fbio = BIO_new(BIO_f_buffer());
1.790 + BIO_push(fbio, sbio);
1.791 + /* wait for multi-line response to end from SMTP */
1.792 + do
1.793 + {
1.794 + mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
1.795 + }
1.796 + while (mbuf_len>3 && mbuf[3]=='-');
1.797 + /* STARTTLS command requires EHLO... */
1.798 + BIO_printf(fbio,"EHLO openssl.client.net\r\n");
1.799 + (void)BIO_flush(fbio);
1.800 + /* wait for multi-line response to end EHLO SMTP response */
1.801 + do
1.802 + {
1.803 + mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
1.804 + if (strstr(mbuf,"STARTTLS"))
1.805 + foundit=1;
1.806 + }
1.807 + while (mbuf_len>3 && mbuf[3]=='-');
1.808 + (void)BIO_flush(fbio);
1.809 + BIO_pop(fbio);
1.810 + BIO_free(fbio);
1.811 + if (!foundit)
1.812 + BIO_printf(bio_err,
1.813 + "didn't found starttls in server response,"
1.814 + " try anyway...\n");
1.815 + BIO_printf(sbio,"STARTTLS\r\n");
1.816 + BIO_read(sbio,sbuf,BUFSIZZ);
1.817 + }
1.818 + else if (starttls_proto == PROTO_POP3)
1.819 + {
1.820 + BIO_read(sbio,mbuf,BUFSIZZ);
1.821 + BIO_printf(sbio,"STLS\r\n");
1.822 + BIO_read(sbio,sbuf,BUFSIZZ);
1.823 + }
1.824 + else if (starttls_proto == PROTO_IMAP)
1.825 + {
1.826 + int foundit=0;
1.827 + BIO *fbio = BIO_new(BIO_f_buffer());
1.828 + BIO_push(fbio, sbio);
1.829 + BIO_gets(fbio,mbuf,BUFSIZZ);
1.830 + /* STARTTLS command requires CAPABILITY... */
1.831 + BIO_printf(fbio,". CAPABILITY\r\n");
1.832 + (void)BIO_flush(fbio);
1.833 + /* wait for multi-line CAPABILITY response */
1.834 + do
1.835 + {
1.836 + mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
1.837 + if (strstr(mbuf,"STARTTLS"))
1.838 + foundit=1;
1.839 + }
1.840 + while (mbuf_len>3 && mbuf[0]!='.');
1.841 + (void)BIO_flush(fbio);
1.842 + BIO_pop(fbio);
1.843 + BIO_free(fbio);
1.844 + if (!foundit)
1.845 + BIO_printf(bio_err,
1.846 + "didn't found STARTTLS in server response,"
1.847 + " try anyway...\n");
1.848 + BIO_printf(sbio,". STARTTLS\r\n");
1.849 + BIO_read(sbio,sbuf,BUFSIZZ);
1.850 + }
1.851 + else if (starttls_proto == PROTO_FTP)
1.852 + {
1.853 + BIO *fbio = BIO_new(BIO_f_buffer());
1.854 + BIO_push(fbio, sbio);
1.855 + /* wait for multi-line response to end from FTP */
1.856 + do
1.857 + {
1.858 + mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
1.859 + }
1.860 + while (mbuf_len>3 && mbuf[3]=='-');
1.861 + (void)BIO_flush(fbio);
1.862 + BIO_pop(fbio);
1.863 + BIO_free(fbio);
1.864 + BIO_printf(sbio,"AUTH TLS\r\n");
1.865 + BIO_read(sbio,sbuf,BUFSIZZ);
1.866 + }
1.867 +
1.868 + for (;;)
1.869 + {
1.870 + FD_ZERO(&readfds);
1.871 + FD_ZERO(&writefds);
1.872 +
1.873 + if (SSL_in_init(con) && !SSL_total_renegotiations(con))
1.874 + {
1.875 + in_init=1;
1.876 + tty_on=0;
1.877 + }
1.878 + else
1.879 + {
1.880 + tty_on=1;
1.881 + if (in_init)
1.882 + {
1.883 + in_init=0;
1.884 + if (sess_out)
1.885 + {
1.886 + BIO *stmp = BIO_new_file(sess_out, "w");
1.887 + if (stmp)
1.888 + {
1.889 + PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
1.890 + BIO_free(stmp);
1.891 + }
1.892 + else
1.893 + BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
1.894 + }
1.895 + print_stuff(bio_c_out,con,full_log);
1.896 + if (full_log > 0) full_log--;
1.897 +
1.898 + if (starttls_proto)
1.899 + {
1.900 + BIO_printf(bio_err,"%s",mbuf);
1.901 + /* We don't need to know any more */
1.902 + starttls_proto = PROTO_OFF;
1.903 + }
1.904 +
1.905 + if (reconnect)
1.906 + {
1.907 + reconnect--;
1.908 + BIO_printf(bio_c_out,"drop connection and then reconnect\n");
1.909 + SSL_shutdown(con);
1.910 + SSL_set_connect_state(con);
1.911 + SHUTDOWN(SSL_get_fd(con));
1.912 + goto re_start;
1.913 + }
1.914 + }
1.915 + }
1.916 +
1.917 + ssl_pending = read_ssl && SSL_pending(con);
1.918 +
1.919 + if (!ssl_pending)
1.920 + {
1.921 +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
1.922 + if (tty_on)
1.923 + {
1.924 + if (read_tty) FD_SET(fileno(stdin),&readfds);
1.925 + if (write_tty) FD_SET(fileno(stdout),&writefds);
1.926 +
1.927 + }
1.928 + if (read_ssl)
1.929 + FD_SET(SSL_get_fd(con),&readfds);
1.930 + if (write_ssl)
1.931 + FD_SET(SSL_get_fd(con),&writefds);
1.932 +#else
1.933 + if(!tty_on || !write_tty) {
1.934 + if (read_ssl)
1.935 + FD_SET(SSL_get_fd(con),&readfds);
1.936 + if (write_ssl)
1.937 + FD_SET(SSL_get_fd(con),&writefds);
1.938 + }
1.939 +#endif
1.940 +/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
1.941 + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
1.942 +
1.943 + /* Note: under VMS with SOCKETSHR the second parameter
1.944 + * is currently of type (int *) whereas under other
1.945 + * systems it is (void *) if you don't have a cast it
1.946 + * will choke the compiler: if you do have a cast then
1.947 + * you can either go for (int *) or (void *).
1.948 + */
1.949 +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
1.950 + /* Under Windows/DOS we make the assumption that we can
1.951 + * always write to the tty: therefore if we need to
1.952 + * write to the tty we just fall through. Otherwise
1.953 + * we timeout the select every second and see if there
1.954 + * are any keypresses. Note: this is a hack, in a proper
1.955 + * Windows application we wouldn't do this.
1.956 + */
1.957 + i=0;
1.958 + if(!write_tty) {
1.959 + if(read_tty) {
1.960 + tv.tv_sec = 1;
1.961 + tv.tv_usec = 0;
1.962 + i=select(width,(void *)&readfds,(void *)&writefds,
1.963 + NULL,&tv);
1.964 +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
1.965 + if(!i && (!_kbhit() || !read_tty) ) continue;
1.966 +#else
1.967 + if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
1.968 +#endif
1.969 + } else i=select(width,(void *)&readfds,(void *)&writefds,
1.970 + NULL,NULL);
1.971 + }
1.972 +#elif defined(OPENSSL_SYS_NETWARE)
1.973 + if(!write_tty) {
1.974 + if(read_tty) {
1.975 + tv.tv_sec = 1;
1.976 + tv.tv_usec = 0;
1.977 + i=select(width,(void *)&readfds,(void *)&writefds,
1.978 + NULL,&tv);
1.979 + } else i=select(width,(void *)&readfds,(void *)&writefds,
1.980 + NULL,NULL);
1.981 + }
1.982 +#else
1.983 + i=select(width,(void *)&readfds,(void *)&writefds,
1.984 + NULL,NULL);
1.985 +#endif
1.986 + if ( i < 0)
1.987 + {
1.988 + BIO_printf(bio_err,"bad select %d\n",
1.989 + get_last_socket_error());
1.990 + goto shut;
1.991 + /* goto end; */
1.992 + }
1.993 + }
1.994 +
1.995 + if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
1.996 + {
1.997 + k=SSL_write(con,&(cbuf[cbuf_off]),
1.998 + (unsigned int)cbuf_len);
1.999 + switch (SSL_get_error(con,k))
1.1000 + {
1.1001 + case SSL_ERROR_NONE:
1.1002 + cbuf_off+=k;
1.1003 + cbuf_len-=k;
1.1004 + if (k <= 0) goto end;
1.1005 + /* we have done a write(con,NULL,0); */
1.1006 + if (cbuf_len <= 0)
1.1007 + {
1.1008 + read_tty=1;
1.1009 + write_ssl=0;
1.1010 + }
1.1011 + else /* if (cbuf_len > 0) */
1.1012 + {
1.1013 + read_tty=0;
1.1014 + write_ssl=1;
1.1015 + }
1.1016 + break;
1.1017 + case SSL_ERROR_WANT_WRITE:
1.1018 + BIO_printf(bio_c_out,"write W BLOCK\n");
1.1019 + write_ssl=1;
1.1020 + read_tty=0;
1.1021 + break;
1.1022 + case SSL_ERROR_WANT_READ:
1.1023 + BIO_printf(bio_c_out,"write R BLOCK\n");
1.1024 + write_tty=0;
1.1025 + read_ssl=1;
1.1026 + write_ssl=0;
1.1027 + break;
1.1028 + case SSL_ERROR_WANT_X509_LOOKUP:
1.1029 + BIO_printf(bio_c_out,"write X BLOCK\n");
1.1030 + break;
1.1031 + case SSL_ERROR_ZERO_RETURN:
1.1032 + if (cbuf_len != 0)
1.1033 + {
1.1034 + BIO_printf(bio_c_out,"shutdown\n");
1.1035 + goto shut;
1.1036 + }
1.1037 + else
1.1038 + {
1.1039 + read_tty=1;
1.1040 + write_ssl=0;
1.1041 + break;
1.1042 + }
1.1043 +
1.1044 + case SSL_ERROR_SYSCALL:
1.1045 + if ((k != 0) || (cbuf_len != 0))
1.1046 + {
1.1047 + BIO_printf(bio_err,"write:errno=%d\n",
1.1048 + get_last_socket_error());
1.1049 + goto shut;
1.1050 + }
1.1051 + else
1.1052 + {
1.1053 + read_tty=1;
1.1054 + write_ssl=0;
1.1055 + }
1.1056 + break;
1.1057 + case SSL_ERROR_SSL:
1.1058 + ERR_print_errors(bio_err);
1.1059 + goto shut;
1.1060 + }
1.1061 + }
1.1062 +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1.1063 + /* Assume Windows/DOS can always write */
1.1064 + else if (!ssl_pending && write_tty)
1.1065 +#else
1.1066 +
1.1067 + else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
1.1068 +
1.1069 +#endif
1.1070 + {
1.1071 +#ifdef CHARSET_EBCDIC
1.1072 + ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
1.1073 +#endif
1.1074 +
1.1075 + i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
1.1076 +
1.1077 + if (i <= 0)
1.1078 + {
1.1079 + BIO_printf(bio_c_out,"DONE\n");
1.1080 + goto shut;
1.1081 + /* goto end; */
1.1082 + }
1.1083 +
1.1084 + sbuf_len-=i;;
1.1085 + sbuf_off+=i;
1.1086 + if (sbuf_len <= 0)
1.1087 + {
1.1088 + read_ssl=1;
1.1089 + write_tty=0;
1.1090 + }
1.1091 + }
1.1092 + else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
1.1093 + {
1.1094 +#ifdef RENEG
1.1095 +{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
1.1096 +#endif
1.1097 +#if 1
1.1098 + k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
1.1099 +#else
1.1100 +/* Demo for pending and peek :-) */
1.1101 + k=SSL_read(con,sbuf,16);
1.1102 +{ char zbuf[10240];
1.1103 +printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
1.1104 +
1.1105 +}
1.1106 +#endif
1.1107 +
1.1108 + switch (SSL_get_error(con,k))
1.1109 + {
1.1110 + case SSL_ERROR_NONE:
1.1111 + if (k <= 0)
1.1112 + goto end;
1.1113 + sbuf_off=0;
1.1114 + sbuf_len=k;
1.1115 +
1.1116 + read_ssl=0;
1.1117 + write_tty=1;
1.1118 + break;
1.1119 + case SSL_ERROR_WANT_WRITE:
1.1120 + BIO_printf(bio_c_out,"read W BLOCK\n");
1.1121 + write_ssl=1;
1.1122 + read_tty=0;
1.1123 + break;
1.1124 + case SSL_ERROR_WANT_READ:
1.1125 + BIO_printf(bio_c_out,"read R BLOCK\n");
1.1126 + write_tty=0;
1.1127 + read_ssl=1;
1.1128 + if ((read_tty == 0) && (write_ssl == 0))
1.1129 + write_ssl=1;
1.1130 + break;
1.1131 + case SSL_ERROR_WANT_X509_LOOKUP:
1.1132 + BIO_printf(bio_c_out,"read X BLOCK\n");
1.1133 + break;
1.1134 + case SSL_ERROR_SYSCALL:
1.1135 + BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
1.1136 + goto shut;
1.1137 + case SSL_ERROR_ZERO_RETURN:
1.1138 + BIO_printf(bio_c_out,"closed\n");
1.1139 + goto shut;
1.1140 + case SSL_ERROR_SSL:
1.1141 + ERR_print_errors(bio_err);
1.1142 + goto shut;
1.1143 + /* break; */
1.1144 + }
1.1145 + }
1.1146 +
1.1147 +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
1.1148 +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
1.1149 + else if (_kbhit())
1.1150 +#else
1.1151 + else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
1.1152 +#endif
1.1153 +#elif defined (OPENSSL_SYS_NETWARE)
1.1154 + else if (_kbhit())
1.1155 +#else
1.1156 + else if (FD_ISSET(fileno(stdin),&readfds))
1.1157 +
1.1158 +#endif
1.1159 + {
1.1160 + if (crlf)
1.1161 + {
1.1162 + int j, lf_num;
1.1163 + i=read(fileno(stdin),cbuf,BUFSIZZ/2);
1.1164 +
1.1165 + lf_num = 0;
1.1166 + /* both loops are skipped when i <= 0 */
1.1167 + for (j = 0; j < i; j++)
1.1168 + if (cbuf[j] == '\n')
1.1169 + lf_num++;
1.1170 + for (j = i-1; j >= 0; j--)
1.1171 + {
1.1172 + cbuf[j+lf_num] = cbuf[j];
1.1173 + if (cbuf[j] == '\n')
1.1174 + {
1.1175 + lf_num--;
1.1176 + i++;
1.1177 + cbuf[j+lf_num] = '\r';
1.1178 + }
1.1179 + }
1.1180 + assert(lf_num == 0);
1.1181 + }
1.1182 + else
1.1183 + i=read(fileno(stdin),cbuf,BUFSIZZ);
1.1184 +
1.1185 + if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
1.1186 + {
1.1187 + BIO_printf(bio_err,"DONE\n");
1.1188 + goto shut;
1.1189 + }
1.1190 +
1.1191 + if ((!c_ign_eof) && (cbuf[0] == 'R'))
1.1192 + {
1.1193 + BIO_printf(bio_err,"RENEGOTIATING\n");
1.1194 + SSL_renegotiate(con);
1.1195 + cbuf_len=0;
1.1196 + }
1.1197 + else
1.1198 + {
1.1199 + cbuf_len=i;
1.1200 + cbuf_off=0;
1.1201 +#ifdef CHARSET_EBCDIC
1.1202 + ebcdic2ascii(cbuf, cbuf, i);
1.1203 +#endif
1.1204 + }
1.1205 +
1.1206 + write_ssl=1;
1.1207 + read_tty=0;
1.1208 + }
1.1209 + }
1.1210 +shut:
1.1211 + SSL_shutdown(con);
1.1212 + SHUTDOWN(SSL_get_fd(con));
1.1213 + ret=0;
1.1214 +end:
1.1215 + if(prexit) print_stuff(bio_c_out,con,1);
1.1216 + if (con != NULL) SSL_free(con);
1.1217 + if (con2 != NULL) SSL_free(con2);
1.1218 + if (ctx != NULL) SSL_CTX_free(ctx);
1.1219 + if (cert)
1.1220 + X509_free(cert);
1.1221 + if (key)
1.1222 + EVP_PKEY_free(key);
1.1223 + if (pass)
1.1224 + OPENSSL_free(pass);
1.1225 + if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
1.1226 + if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
1.1227 + if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
1.1228 + if (bio_c_out != NULL)
1.1229 + {
1.1230 + BIO_free(bio_c_out);
1.1231 + bio_c_out=NULL;
1.1232 + }
1.1233 + apps_shutdown();
1.1234 + OPENSSL_EXIT(ret);
1.1235 + }
1.1236 +
1.1237 +
1.1238 +static void print_stuff(BIO *bio, SSL *s, int full)
1.1239 + {
1.1240 + X509 *peer=NULL;
1.1241 + char *p;
1.1242 + static const char *space=" ";
1.1243 + char buf[BUFSIZ];
1.1244 + STACK_OF(X509) *sk;
1.1245 + STACK_OF(X509_NAME) *sk2;
1.1246 + SSL_CIPHER *c;
1.1247 + X509_NAME *xn;
1.1248 + int j,i;
1.1249 +#ifndef OPENSSL_NO_COMP
1.1250 + const COMP_METHOD *comp, *expansion;
1.1251 +#endif
1.1252 +
1.1253 + if (full)
1.1254 + {
1.1255 + int got_a_chain = 0;
1.1256 +
1.1257 + sk=SSL_get_peer_cert_chain(s);
1.1258 + if (sk != NULL)
1.1259 + {
1.1260 + got_a_chain = 1; /* we don't have it for SSL2 (yet) */
1.1261 +
1.1262 + BIO_printf(bio,"---\nCertificate chain\n");
1.1263 + for (i=0; i<sk_X509_num(sk); i++)
1.1264 + {
1.1265 + X509_NAME_oneline(X509_get_subject_name(
1.1266 + sk_X509_value(sk,i)),buf,sizeof buf);
1.1267 + BIO_printf(bio,"%2d s:%s\n",i,buf);
1.1268 + X509_NAME_oneline(X509_get_issuer_name(
1.1269 + sk_X509_value(sk,i)),buf,sizeof buf);
1.1270 + BIO_printf(bio," i:%s\n",buf);
1.1271 + if (c_showcerts)
1.1272 + PEM_write_bio_X509(bio,sk_X509_value(sk,i));
1.1273 + }
1.1274 + }
1.1275 +
1.1276 + BIO_printf(bio,"---\n");
1.1277 + peer=SSL_get_peer_certificate(s);
1.1278 + if (peer != NULL)
1.1279 + {
1.1280 + BIO_printf(bio,"Server certificate\n");
1.1281 + if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
1.1282 + PEM_write_bio_X509(bio,peer);
1.1283 + X509_NAME_oneline(X509_get_subject_name(peer),
1.1284 + buf,sizeof buf);
1.1285 + BIO_printf(bio,"subject=%s\n",buf);
1.1286 + X509_NAME_oneline(X509_get_issuer_name(peer),
1.1287 + buf,sizeof buf);
1.1288 + BIO_printf(bio,"issuer=%s\n",buf);
1.1289 + }
1.1290 + else
1.1291 + BIO_printf(bio,"no peer certificate available\n");
1.1292 +
1.1293 + sk2=SSL_get_client_CA_list(s);
1.1294 + if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
1.1295 + {
1.1296 + BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
1.1297 + for (i=0; i<sk_X509_NAME_num(sk2); i++)
1.1298 + {
1.1299 + xn=sk_X509_NAME_value(sk2,i);
1.1300 + X509_NAME_oneline(xn,buf,sizeof(buf));
1.1301 + BIO_write(bio,buf,strlen(buf));
1.1302 + BIO_write(bio,"\n",1);
1.1303 + }
1.1304 + }
1.1305 + else
1.1306 + {
1.1307 + BIO_printf(bio,"---\nNo client certificate CA names sent\n");
1.1308 + }
1.1309 + p=SSL_get_shared_ciphers(s,buf,sizeof buf);
1.1310 + if (p != NULL)
1.1311 + {
1.1312 + /* This works only for SSL 2. In later protocol
1.1313 + * versions, the client does not know what other
1.1314 + * ciphers (in addition to the one to be used
1.1315 + * in the current connection) the server supports. */
1.1316 +
1.1317 + BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
1.1318 + j=i=0;
1.1319 + while (*p)
1.1320 + {
1.1321 + if (*p == ':')
1.1322 + {
1.1323 + BIO_write(bio,space,15-j%25);
1.1324 + i++;
1.1325 + j=0;
1.1326 + BIO_write(bio,((i%3)?" ":"\n"),1);
1.1327 + }
1.1328 + else
1.1329 + {
1.1330 + BIO_write(bio,p,1);
1.1331 + j++;
1.1332 + }
1.1333 + p++;
1.1334 + }
1.1335 + BIO_write(bio,"\n",1);
1.1336 + }
1.1337 +
1.1338 + BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
1.1339 + BIO_number_read(SSL_get_rbio(s)),
1.1340 + BIO_number_written(SSL_get_wbio(s)));
1.1341 + }
1.1342 + BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
1.1343 + c=SSL_get_current_cipher(s);
1.1344 + BIO_printf(bio,"%s, Cipher is %s\n",
1.1345 + SSL_CIPHER_get_version(c),
1.1346 + SSL_CIPHER_get_name(c));
1.1347 + if (peer != NULL) {
1.1348 + EVP_PKEY *pktmp;
1.1349 + pktmp = X509_get_pubkey(peer);
1.1350 + BIO_printf(bio,"Server public key is %d bit\n",
1.1351 + EVP_PKEY_bits(pktmp));
1.1352 + EVP_PKEY_free(pktmp);
1.1353 + }
1.1354 +#ifndef OPENSSL_NO_COMP
1.1355 + comp=SSL_get_current_compression(s);
1.1356 + expansion=SSL_get_current_expansion(s);
1.1357 + BIO_printf(bio,"Compression: %s\n",
1.1358 + comp ? SSL_COMP_get_name(comp) : "NONE");
1.1359 + BIO_printf(bio,"Expansion: %s\n",
1.1360 + expansion ? SSL_COMP_get_name(expansion) : "NONE");
1.1361 +#endif
1.1362 + SSL_SESSION_print(bio,SSL_get_session(s));
1.1363 + BIO_printf(bio,"---\n");
1.1364 + if (peer != NULL)
1.1365 + X509_free(peer);
1.1366 + /* flush, or debugging output gets mixed with http response */
1.1367 + (void)BIO_flush(bio);
1.1368 + }
1.1369 +