s_client.c 33.8 KB
Newer Older
1
/* apps/s_client.c */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
58
/* ====================================================================
B
Bodo Möller 已提交
59
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
111

B
Bodo Möller 已提交
112
#include <assert.h>
U
Ulf Möller 已提交
113 114 115
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
116
#include <openssl/e_os2.h>
117
#ifdef OPENSSL_NO_STDIO
U
Ulf Möller 已提交
118 119 120
#define APPS_WIN16
#endif

U
Ulf Möller 已提交
121 122 123 124
/* With IPv6, it looks like Digital has mixed up the proper order of
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
   is needed to have fileno() declared correctly...  So let's define u_int */
125
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
U
Ulf Möller 已提交
126 127 128 129
#define __U_INT
typedef unsigned int u_int;
#endif

130 131
#define USE_SOCKETS
#include "apps.h"
132 133 134 135
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
136
#include <openssl/rand.h>
137
#include "s_apps.h"
B
Ben Laurie 已提交
138
#include "timeouts.h"
139

140
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
U
Ulf Möller 已提交
141
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
U
Ulf Möller 已提交
142 143 144
#undef FIONBIO
#endif

145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164
#undef PROG
#define PROG	s_client_main

/*#define SSL_HOST_NAME	"www.netscape.com" */
/*#define SSL_HOST_NAME	"193.118.187.102" */
#define SSL_HOST_NAME	"localhost"

/*#define TEST_CERT "client.pem" */ /* no default cert. */

#undef BUFSIZZ
#define BUFSIZZ 1024*8

extern int verify_depth;
extern int verify_error;

#ifdef FIONBIO
static int c_nbio=0;
#endif
static int c_Pause=0;
static int c_debug=0;
165
static int c_msg=0;
166
static int c_showcerts=0;
167 168 169 170 171

static void sc_usage(void);
static void print_stuff(BIO *berr,SSL *con,int full);
static BIO *bio_c_out=NULL;
static int c_quiet=0;
172
static int c_ign_eof=0;
173

U
Ulf Möller 已提交
174
static void sc_usage(void)
175
	{
176
	BIO_printf(bio_err,"usage: s_client args\n");
177 178 179 180 181 182 183
	BIO_printf(bio_err,"\n");
	BIO_printf(bio_err," -host host     - use -connect instead\n");
	BIO_printf(bio_err," -port port     - use -connect instead\n");
	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);

	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
D
PR: 910  
Dr. Stephen Henson 已提交
184 185
	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
	BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
186
	BIO_printf(bio_err,"                 not specified but cert file is.\n");
D
PR: 910  
Dr. Stephen Henson 已提交
187 188
	BIO_printf(bio_err," -keyform arg  - key format (PEM or DER) PEM default\n");
	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
189 190 191 192
	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
193
	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
194
	BIO_printf(bio_err," -debug        - extra output\n");
A
Andy Polyakov 已提交
195 196 197
#ifdef WATT32
	BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");
#endif
198
	BIO_printf(bio_err," -msg          - Show protocol messages\n");
199 200 201 202
	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
#ifdef FIONBIO
	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
203 204
#endif
	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
205
	BIO_printf(bio_err," -quiet        - no s_client output\n");
206
	BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");
207 208
	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
209
	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
B
Ben Laurie 已提交
210 211
	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
	BIO_printf(bio_err," -mtu          - set the MTU\n");
212
	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
213
	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
214
	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
U
Ulf Möller 已提交
215
	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
216
	BIO_printf(bio_err,"                 command to see what is available\n");
217 218 219
	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
220
	BIO_printf(bio_err,"                 only \"smtp\" and \"pop3\" are supported.\n");
221
#ifndef OPENSSL_NO_ENGINE
222
	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
223
#endif
224
	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
225 226 227
#ifndef OPENSSL_NO_TLSEXT
	BIO_printf(bio_err," -servername host  - Set TLS extension servername in ClientHello\n");
#endif
228 229
	}

230 231 232 233 234 235 236 237 238
#ifndef OPENSSL_NO_TLSEXT

/* This is a context that we pass to callbacks */
typedef struct tlsextctx_st {
   BIO * biodebug;
   int ack;
} tlsextctx;


B
Bodo Möller 已提交
239 240
static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
	{
241
	tlsextctx * p = (tlsextctx *) arg;
242
	const unsigned char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
243 244 245
	if (SSL_get_servername_type(s) != -1) 
 	        p->ack = !SSL_session_reused(s) && hn != NULL;
	else 
246
		BIO_printf(bio_err,"Can't use SSL_get_servername\n");
247 248
	
	return SSL_ERROR_NONE;
B
Bodo Möller 已提交
249
	}
250 251
#endif

252 253
int MAIN(int, char **);

U
Ulf Möller 已提交
254
int MAIN(int argc, char **argv)
255
	{
256
	int off=0;
257
	SSL *con=NULL,*con2=NULL;
258
	X509_STORE *store = NULL;
259
	int s,k,width,state=0;
260
	char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
261 262 263 264 265 266 267
	int cbuf_len,cbuf_off;
	int sbuf_len,sbuf_off;
	fd_set readfds,writefds;
	short port=PORT;
	int full_log=1;
	char *host=SSL_HOST_NAME;
	char *cert_file=NULL,*key_file=NULL;
D
PR: 910  
Dr. Stephen Henson 已提交
268 269 270 271
	int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
	char *passarg = NULL, *pass = NULL;
	X509 *cert = NULL;
	EVP_PKEY *key = NULL;
272 273
	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
274
	int crlf=0;
275
	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
276 277
	SSL_CTX *ctx=NULL;
	int ret=1,in_init=1,i,nbio_test=0;
278
	int starttls_proto = 0;
279
	int prexit = 0, vflags = 0;
280
	const SSL_METHOD *meth=NULL;
B
Bodo Möller 已提交
281
	int socket_type=SOCK_STREAM;
282
	BIO *sbio;
283
	char *inrand=NULL;
284
#ifndef OPENSSL_NO_ENGINE
285 286
	char *engine_id=NULL;
	ENGINE *e=NULL;
287
#endif
R
Richard Levitte 已提交
288
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
289 290
	struct timeval tv;
#endif
291

292 293 294 295 296
#ifndef OPENSSL_NO_TLSEXT
	char *servername = NULL; 
        tlsextctx tlsextcbp = 
        {NULL,0};
#endif
B
Ben Laurie 已提交
297
	struct sockaddr peer;
298
	int peerlen = sizeof(peer);
B
Ben Laurie 已提交
299
	int enable_timeouts = 0 ;
B
Bodo Möller 已提交
300
	long socket_mtu = 0;
B
Ben Laurie 已提交
301

302
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
303
	meth=SSLv23_client_method();
304
#elif !defined(OPENSSL_NO_SSL3)
305
	meth=SSLv3_client_method();
306
#elif !defined(OPENSSL_NO_SSL2)
307 308 309 310
	meth=SSLv2_client_method();
#endif

	apps_startup();
311
	c_Pause=0;
312
	c_quiet=0;
313
	c_ign_eof=0;
314
	c_debug=0;
315
	c_msg=0;
316
	c_showcerts=0;
317 318 319 320

	if (bio_err == NULL)
		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

D
Dr. Stephen Henson 已提交
321 322 323
	if (!load_config(bio_err, NULL))
		goto end;

324
	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
325 326
		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
		((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370
		{
		BIO_printf(bio_err,"out of memory\n");
		goto end;
		}

	verify_depth=0;
	verify_error=X509_V_OK;
#ifdef FIONBIO
	c_nbio=0;
#endif

	argc--;
	argv++;
	while (argc >= 1)
		{
		if	(strcmp(*argv,"-host") == 0)
			{
			if (--argc < 1) goto bad;
			host= *(++argv);
			}
		else if	(strcmp(*argv,"-port") == 0)
			{
			if (--argc < 1) goto bad;
			port=atoi(*(++argv));
			if (port == 0) goto bad;
			}
		else if (strcmp(*argv,"-connect") == 0)
			{
			if (--argc < 1) goto bad;
			if (!extract_host_port(*(++argv),&host,NULL,&port))
				goto bad;
			}
		else if	(strcmp(*argv,"-verify") == 0)
			{
			verify=SSL_VERIFY_PEER;
			if (--argc < 1) goto bad;
			verify_depth=atoi(*(++argv));
			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
			}
		else if	(strcmp(*argv,"-cert") == 0)
			{
			if (--argc < 1) goto bad;
			cert_file= *(++argv);
			}
D
PR: 910  
Dr. Stephen Henson 已提交
371 372 373 374 375
		else if	(strcmp(*argv,"-certform") == 0)
			{
			if (--argc < 1) goto bad;
			cert_format = str2fmt(*(++argv));
			}
376 377 378 379
		else if	(strcmp(*argv,"-crl_check") == 0)
			vflags |= X509_V_FLAG_CRL_CHECK;
		else if	(strcmp(*argv,"-crl_check_all") == 0)
			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
380 381
		else if	(strcmp(*argv,"-prexit") == 0)
			prexit=1;
382 383
		else if	(strcmp(*argv,"-crlf") == 0)
			crlf=1;
384
		else if	(strcmp(*argv,"-quiet") == 0)
385
			{
386
			c_quiet=1;
387 388 389 390
			c_ign_eof=1;
			}
		else if	(strcmp(*argv,"-ign_eof") == 0)
			c_ign_eof=1;
391 392 393 394
		else if	(strcmp(*argv,"-pause") == 0)
			c_Pause=1;
		else if	(strcmp(*argv,"-debug") == 0)
			c_debug=1;
A
Andy Polyakov 已提交
395 396 397 398
#ifdef WATT32
		else if (strcmp(*argv,"-wdebug") == 0)
			dbug_init();
#endif
399 400
		else if	(strcmp(*argv,"-msg") == 0)
			c_msg=1;
401 402
		else if	(strcmp(*argv,"-showcerts") == 0)
			c_showcerts=1;
403 404 405 406
		else if	(strcmp(*argv,"-nbio_test") == 0)
			nbio_test=1;
		else if	(strcmp(*argv,"-state") == 0)
			state=1;
407
#ifndef OPENSSL_NO_SSL2
408 409 410
		else if	(strcmp(*argv,"-ssl2") == 0)
			meth=SSLv2_client_method();
#endif
411
#ifndef OPENSSL_NO_SSL3
412 413
		else if	(strcmp(*argv,"-ssl3") == 0)
			meth=SSLv3_client_method();
414
#endif
415
#ifndef OPENSSL_NO_TLS1
416 417
		else if	(strcmp(*argv,"-tls1") == 0)
			meth=TLSv1_client_method();
B
Ben Laurie 已提交
418 419 420 421 422
#endif
#ifndef OPENSSL_NO_DTLS1
		else if	(strcmp(*argv,"-dtls1") == 0)
			{
			meth=DTLSv1_client_method();
B
Bodo Möller 已提交
423
			socket_type=SOCK_DGRAM;
B
Ben Laurie 已提交
424 425 426 427 428 429
			}
		else if (strcmp(*argv,"-timeout") == 0)
			enable_timeouts=1;
		else if (strcmp(*argv,"-mtu") == 0)
			{
			if (--argc < 1) goto bad;
B
Bodo Möller 已提交
430
			socket_mtu = atol(*(++argv));
B
Ben Laurie 已提交
431
			}
432 433 434
#endif
		else if (strcmp(*argv,"-bugs") == 0)
			bugs=1;
D
PR: 910  
Dr. Stephen Henson 已提交
435 436 437 438 439 440 441 442 443 444
		else if	(strcmp(*argv,"-keyform") == 0)
			{
			if (--argc < 1) goto bad;
			key_format = str2fmt(*(++argv));
			}
		else if	(strcmp(*argv,"-pass") == 0)
			{
			if (--argc < 1) goto bad;
			passarg = *(++argv);
			}
445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463
		else if	(strcmp(*argv,"-key") == 0)
			{
			if (--argc < 1) goto bad;
			key_file= *(++argv);
			}
		else if	(strcmp(*argv,"-reconnect") == 0)
			{
			reconnect=5;
			}
		else if	(strcmp(*argv,"-CApath") == 0)
			{
			if (--argc < 1) goto bad;
			CApath= *(++argv);
			}
		else if	(strcmp(*argv,"-CAfile") == 0)
			{
			if (--argc < 1) goto bad;
			CAfile= *(++argv);
			}
464 465 466 467 468 469
		else if (strcmp(*argv,"-no_tls1") == 0)
			off|=SSL_OP_NO_TLSv1;
		else if (strcmp(*argv,"-no_ssl3") == 0)
			off|=SSL_OP_NO_SSLv3;
		else if (strcmp(*argv,"-no_ssl2") == 0)
			off|=SSL_OP_NO_SSLv2;
470 471
		else if	(strcmp(*argv,"-no_comp") == 0)
			{ off|=SSL_OP_NO_COMPRESSION; }
472 473
		else if (strcmp(*argv,"-serverpref") == 0)
			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
474 475 476 477 478 479 480 481 482
		else if	(strcmp(*argv,"-cipher") == 0)
			{
			if (--argc < 1) goto bad;
			cipher= *(++argv);
			}
#ifdef FIONBIO
		else if (strcmp(*argv,"-nbio") == 0)
			{ c_nbio=1; }
#endif
483 484 485 486 487
		else if	(strcmp(*argv,"-starttls") == 0)
			{
			if (--argc < 1) goto bad;
			++argv;
			if (strcmp(*argv,"smtp") == 0)
488 489 490
				starttls_proto = 1;
			else if (strcmp(*argv,"pop3") == 0)
				starttls_proto = 2;
491 492 493
			else
				goto bad;
			}
494
#ifndef OPENSSL_NO_ENGINE
495 496 497 498 499
		else if	(strcmp(*argv,"-engine") == 0)
			{
			if (--argc < 1) goto bad;
			engine_id = *(++argv);
			}
500
#endif
501 502 503 504 505
		else if (strcmp(*argv,"-rand") == 0)
			{
			if (--argc < 1) goto bad;
			inrand= *(++argv);
			}
506 507 508 509 510 511 512 513
#ifndef OPENSSL_NO_TLSEXT
		else if (strcmp(*argv,"-servername") == 0)
			{
			if (--argc < 1) goto bad;
			servername= *(++argv);
			/* meth=TLSv1_client_method(); */
			}
#endif
514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529
		else
			{
			BIO_printf(bio_err,"unknown option %s\n",*argv);
			badop=1;
			break;
			}
		argc--;
		argv++;
		}
	if (badop)
		{
bad:
		sc_usage();
		goto end;
		}

530 531 532
	OpenSSL_add_ssl_algorithms();
	SSL_load_error_strings();

533
#ifndef OPENSSL_NO_ENGINE
534
        e = setup_engine(bio_err, engine_id, 1);
535
#endif
D
PR: 910  
Dr. Stephen Henson 已提交
536 537 538 539 540 541 542 543 544
	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
		{
		BIO_printf(bio_err, "Error getting password\n");
		goto end;
		}

	if (key_file == NULL)
		key_file = cert_file;

545 546 547

	if (key_file)

D
PR: 910  
Dr. Stephen Henson 已提交
548
		{
549 550 551 552 553 554 555 556 557

		key = load_key(bio_err, key_file, key_format, 0, pass, e,
			       "client certificate private key file");
		if (!key)
			{
			ERR_print_errors(bio_err);
			goto end;
			}

D
PR: 910  
Dr. Stephen Henson 已提交
558 559
		}

560
	if (cert_file)
D
PR: 910  
Dr. Stephen Henson 已提交
561 562

		{
563 564 565 566 567 568 569 570
		cert = load_cert(bio_err,cert_file,cert_format,
				NULL, e, "client certificate file");

		if (!cert)
			{
			ERR_print_errors(bio_err);
			goto end;
			}
D
PR: 910  
Dr. Stephen Henson 已提交
571
		}
572

573 574 575 576 577 578 579 580
	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
		&& !RAND_status())
		{
		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
		}
	if (inrand != NULL)
		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
			app_RAND_load_files(inrand));
581

582 583
	if (bio_c_out == NULL)
		{
584
		if (c_quiet && !c_debug && !c_msg)
585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601
			{
			bio_c_out=BIO_new(BIO_s_null());
			}
		else
			{
			if (bio_c_out == NULL)
				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
			}
		}

	ctx=SSL_CTX_new(meth);
	if (ctx == NULL)
		{
		ERR_print_errors(bio_err);
		goto end;
		}

602 603 604 605
	if (bugs)
		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
	else
		SSL_CTX_set_options(ctx,off);
B
Ben Laurie 已提交
606 607 608
	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
	 * Setting read ahead solves this problem.
	 */
B
Bodo Möller 已提交
609
	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
610 611 612

	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
	if (cipher != NULL)
613
		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
U
Ulf Möller 已提交
614
		BIO_printf(bio_err,"error setting cipher list\n");
615 616 617
		ERR_print_errors(bio_err);
		goto end;
	}
618 619 620 621 622 623
#if 0
	else
		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
#endif

	SSL_CTX_set_verify(ctx,verify,verify_callback);
D
PR: 910  
Dr. Stephen Henson 已提交
624
	if (!set_cert_key_stuff(ctx,cert,key))
625 626 627 628 629
		goto end;

	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
		(!SSL_CTX_set_default_verify_paths(ctx)))
		{
U
Ulf Möller 已提交
630
		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
631
		ERR_print_errors(bio_err);
632
		/* goto end; */
633 634
		}

635 636
	store = SSL_CTX_get_cert_store(ctx);
	X509_STORE_set_flags(store, vflags);
637
#ifndef OPENSSL_NO_TLSEXT
B
Bodo Möller 已提交
638 639
	if (servername != NULL)
		{
640 641 642
		tlsextcbp.biodebug = bio_err;
		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
B
Bodo Möller 已提交
643
		}
644
#endif
645

D
 
Dr. Stephen Henson 已提交
646
	con=SSL_new(ctx);
647
#ifndef OPENSSL_NO_TLSEXT
B
Bodo Möller 已提交
648 649 650 651
	if (servername != NULL)
		{
		if (!SSL_set_tlsext_hostname(con,servername))
			{
652 653 654
			BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
			ERR_print_errors(bio_err);
			goto end;
B
Bodo Möller 已提交
655
			}
656 657
		}
#endif
658
#ifndef OPENSSL_NO_KRB5
659 660 661 662
	if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)
                {
                kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
		}
663
#endif	/* OPENSSL_NO_KRB5  */
664
/*	SSL_set_cipher_list(con,"RC4-MD5"); */
665 666 667

re_start:

B
Bodo Möller 已提交
668
	if (init_client(&s,host,port,socket_type) == 0)
669
		{
670
		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
671 672 673 674 675 676 677 678 679 680
		SHUTDOWN(s);
		goto end;
		}
	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);

#ifdef FIONBIO
	if (c_nbio)
		{
		unsigned long l=1;
		BIO_printf(bio_c_out,"turning on non blocking io\n");
681 682 683 684 685
		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
			{
			ERR_print_errors(bio_err);
			goto end;
			}
686 687 688
		}
#endif                                              
	if (c_Pause & 0x01) con->debug=1;
B
Ben Laurie 已提交
689 690 691 692 693 694

	if ( SSL_version(con) == DTLS1_VERSION)
		{
		struct timeval timeout;

		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
695
		if (getsockname(s, &peer, (void *)&peerlen) < 0)
B
Ben Laurie 已提交
696 697 698 699 700 701 702 703 704
			{
			BIO_printf(bio_err, "getsockname:errno=%d\n",
				get_last_socket_error());
			SHUTDOWN(s);
			goto end;
			}

		BIO_ctrl_set_connected(sbio, 1, &peer);

B
Bodo Möller 已提交
705
		if (enable_timeouts)
B
Ben Laurie 已提交
706 707 708 709 710 711 712 713 714 715
			{
			timeout.tv_sec = 0;
			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
			
			timeout.tv_sec = 0;
			timeout.tv_usec = DGRAM_SND_TIMEOUT;
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
			}

B
Bodo Möller 已提交
716
		if (socket_mtu > 0)
B
Ben Laurie 已提交
717 718
			{
			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
B
Bodo Möller 已提交
719
			SSL_set_mtu(con, socket_mtu);
B
Ben Laurie 已提交
720 721 722 723 724 725 726 727 728
			}
		else
			/* want to do MTU discovery */
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
		}
	else
		sbio=BIO_new_socket(s,BIO_NOCLOSE);


729 730 731 732 733 734 735 736 737 738 739 740

	if (nbio_test)
		{
		BIO *test;

		test=BIO_new(BIO_f_nbio_test());
		sbio=BIO_push(test,sbio);
		}

	if (c_debug)
		{
		con->debug=1;
741
		BIO_set_callback(sbio,bio_dump_callback);
742 743
		BIO_set_callback_arg(sbio,bio_c_out);
		}
744 745 746 747 748
	if (c_msg)
		{
		SSL_set_msg_callback(con, msg_cb);
		SSL_set_msg_callback_arg(con, bio_c_out);
		}
749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766

	SSL_set_bio(con,sbio,sbio);
	SSL_set_connect_state(con);

	/* ok, lets connect */
	width=SSL_get_fd(con)+1;

	read_tty=1;
	write_tty=0;
	tty_on=0;
	read_ssl=1;
	write_ssl=1;
	
	cbuf_len=0;
	cbuf_off=0;
	sbuf_len=0;
	sbuf_off=0;

767
	/* This is an ugly hack that does a lot of assumptions */
768
	if (starttls_proto == 1)
769 770 771 772 773
		{
		BIO_read(sbio,mbuf,BUFSIZZ);
		BIO_printf(sbio,"STARTTLS\r\n");
		BIO_read(sbio,sbuf,BUFSIZZ);
		}
774 775 776 777 778 779
	if (starttls_proto == 2)
		{
		BIO_read(sbio,mbuf,BUFSIZZ);
		BIO_printf(sbio,"STLS\r\n");
		BIO_read(sbio,sbuf,BUFSIZZ);
		}
780

781 782 783 784 785
	for (;;)
		{
		FD_ZERO(&readfds);
		FD_ZERO(&writefds);

786
		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
787 788 789 790 791 792 793 794 795 796
			{
			in_init=1;
			tty_on=0;
			}
		else
			{
			tty_on=1;
			if (in_init)
				{
				in_init=0;
797
#ifndef OPENSSL_NO_TLSEXT
B
Bodo Möller 已提交
798 799
	if (servername != NULL && !SSL_session_reused(con))
		{
800
		BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
B
Bodo Möller 已提交
801
		}
802
#endif
803 804 805
				print_stuff(bio_c_out,con,full_log);
				if (full_log > 0) full_log--;

806
				if (starttls_proto)
807 808 809
					{
					BIO_printf(bio_err,"%s",mbuf);
					/* We don't need to know any more */
810
					starttls_proto = 0;
811 812
					}

813 814 815 816 817 818 819 820 821 822 823 824
				if (reconnect)
					{
					reconnect--;
					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
					SSL_shutdown(con);
					SSL_set_connect_state(con);
					SHUTDOWN(SSL_get_fd(con));
					goto re_start;
					}
				}
			}

825 826 827
		ssl_pending = read_ssl && SSL_pending(con);

		if (!ssl_pending)
828
			{
R
Richard Levitte 已提交
829
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
830 831 832 833 834 835 836 837 838
			if (tty_on)
				{
				if (read_tty)  FD_SET(fileno(stdin),&readfds);
				if (write_tty) FD_SET(fileno(stdout),&writefds);
				}
			if (read_ssl)
				FD_SET(SSL_get_fd(con),&readfds);
			if (write_ssl)
				FD_SET(SSL_get_fd(con),&writefds);
839 840 841 842 843 844 845 846
#else
			if(!tty_on || !write_tty) {
				if (read_ssl)
					FD_SET(SSL_get_fd(con),&readfds);
				if (write_ssl)
					FD_SET(SSL_get_fd(con),&writefds);
			}
#endif
847 848
/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
849

U
Ulf Möller 已提交
850
			/* Note: under VMS with SOCKETSHR the second parameter
U
Ulf Möller 已提交
851 852 853 854 855
			 * is currently of type (int *) whereas under other
			 * systems it is (void *) if you don't have a cast it
			 * will choke the compiler: if you do have a cast then
			 * you can either go for (int *) or (void *).
			 */
856 857
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
                        /* Under Windows/DOS we make the assumption that we can
858 859 860 861 862 863
			 * always write to the tty: therefore if we need to
			 * write to the tty we just fall through. Otherwise
			 * we timeout the select every second and see if there
			 * are any keypresses. Note: this is a hack, in a proper
			 * Windows application we wouldn't do this.
			 */
U
Ulf Möller 已提交
864
			i=0;
865 866 867 868 869 870
			if(!write_tty) {
				if(read_tty) {
					tv.tv_sec = 1;
					tv.tv_usec = 0;
					i=select(width,(void *)&readfds,(void *)&writefds,
						 NULL,&tv);
871
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
R
Richard Levitte 已提交
872 873
					if(!i && (!_kbhit() || !read_tty) ) continue;
#else
874
					if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
R
Richard Levitte 已提交
875
#endif
876 877 878
				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
					 NULL,NULL);
			}
879 880 881 882 883 884 885 886 887 888
#elif defined(OPENSSL_SYS_NETWARE)
			if(!write_tty) {
				if(read_tty) {
					tv.tv_sec = 1;
					tv.tv_usec = 0;
					i=select(width,(void *)&readfds,(void *)&writefds,
						NULL,&tv);
				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
					NULL,NULL);
			}
889
#else
U
Ulf Möller 已提交
890 891
			i=select(width,(void *)&readfds,(void *)&writefds,
				 NULL,NULL);
892
#endif
893 894 895
			if ( i < 0)
				{
				BIO_printf(bio_err,"bad select %d\n",
896
				get_last_socket_error());
897 898 899
				goto shut;
				/* goto end; */
				}
900 901
			}

902
		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954
			{
			k=SSL_write(con,&(cbuf[cbuf_off]),
				(unsigned int)cbuf_len);
			switch (SSL_get_error(con,k))
				{
			case SSL_ERROR_NONE:
				cbuf_off+=k;
				cbuf_len-=k;
				if (k <= 0) goto end;
				/* we have done a  write(con,NULL,0); */
				if (cbuf_len <= 0)
					{
					read_tty=1;
					write_ssl=0;
					}
				else /* if (cbuf_len > 0) */
					{
					read_tty=0;
					write_ssl=1;
					}
				break;
			case SSL_ERROR_WANT_WRITE:
				BIO_printf(bio_c_out,"write W BLOCK\n");
				write_ssl=1;
				read_tty=0;
				break;
			case SSL_ERROR_WANT_READ:
				BIO_printf(bio_c_out,"write R BLOCK\n");
				write_tty=0;
				read_ssl=1;
				write_ssl=0;
				break;
			case SSL_ERROR_WANT_X509_LOOKUP:
				BIO_printf(bio_c_out,"write X BLOCK\n");
				break;
			case SSL_ERROR_ZERO_RETURN:
				if (cbuf_len != 0)
					{
					BIO_printf(bio_c_out,"shutdown\n");
					goto shut;
					}
				else
					{
					read_tty=1;
					write_ssl=0;
					break;
					}
				
			case SSL_ERROR_SYSCALL:
				if ((k != 0) || (cbuf_len != 0))
					{
					BIO_printf(bio_err,"write:errno=%d\n",
955
						get_last_socket_error());
956 957 958 959 960 961 962 963 964 965 966 967 968
					goto shut;
					}
				else
					{
					read_tty=1;
					write_ssl=0;
					}
				break;
			case SSL_ERROR_SSL:
				ERR_print_errors(bio_err);
				goto shut;
				}
			}
R
Richard Levitte 已提交
969
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
R
Richard Levitte 已提交
970
		/* Assume Windows/DOS can always write */
971 972
		else if (!ssl_pending && write_tty)
#else
973
		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
974
#endif
975
			{
976 977 978
#ifdef CHARSET_EBCDIC
			ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
#endif
979
			i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995

			if (i <= 0)
				{
				BIO_printf(bio_c_out,"DONE\n");
				goto shut;
				/* goto end; */
				}

			sbuf_len-=i;;
			sbuf_off+=i;
			if (sbuf_len <= 0)
				{
				read_ssl=1;
				write_tty=0;
				}
			}
996
		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
997
			{
998 999 1000
#ifdef RENEG
{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
#endif
1001
#if 1
1002
			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
1003 1004 1005 1006 1007 1008 1009
#else
/* Demo for pending and peek :-) */
			k=SSL_read(con,sbuf,16);
{ char zbuf[10240]; 
printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
}
#endif
1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037

			switch (SSL_get_error(con,k))
				{
			case SSL_ERROR_NONE:
				if (k <= 0)
					goto end;
				sbuf_off=0;
				sbuf_len=k;

				read_ssl=0;
				write_tty=1;
				break;
			case SSL_ERROR_WANT_WRITE:
				BIO_printf(bio_c_out,"read W BLOCK\n");
				write_ssl=1;
				read_tty=0;
				break;
			case SSL_ERROR_WANT_READ:
				BIO_printf(bio_c_out,"read R BLOCK\n");
				write_tty=0;
				read_ssl=1;
				if ((read_tty == 0) && (write_ssl == 0))
					write_ssl=1;
				break;
			case SSL_ERROR_WANT_X509_LOOKUP:
				BIO_printf(bio_c_out,"read X BLOCK\n");
				break;
			case SSL_ERROR_SYSCALL:
1038
				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
1039 1040 1041 1042 1043 1044 1045
				goto shut;
			case SSL_ERROR_ZERO_RETURN:
				BIO_printf(bio_c_out,"closed\n");
				goto shut;
			case SSL_ERROR_SSL:
				ERR_print_errors(bio_err);
				goto shut;
1046
				/* break; */
1047 1048 1049
				}
			}

1050 1051
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
R
Richard Levitte 已提交
1052 1053
		else if (_kbhit())
#else
1054
		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
R
Richard Levitte 已提交
1055
#endif
R
Richard Levitte 已提交
1056
#elif defined (OPENSSL_SYS_NETWARE)
1057
		else if (_kbhit())
1058
#else
1059
		else if (FD_ISSET(fileno(stdin),&readfds))
1060
#endif
1061
			{
1062 1063 1064 1065
			if (crlf)
				{
				int j, lf_num;

1066
				i=raw_read_stdin(cbuf,BUFSIZZ/2);
1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084
				lf_num = 0;
				/* both loops are skipped when i <= 0 */
				for (j = 0; j < i; j++)
					if (cbuf[j] == '\n')
						lf_num++;
				for (j = i-1; j >= 0; j--)
					{
					cbuf[j+lf_num] = cbuf[j];
					if (cbuf[j] == '\n')
						{
						lf_num--;
						i++;
						cbuf[j+lf_num] = '\r';
						}
					}
				assert(lf_num == 0);
				}
			else
1085
				i=raw_read_stdin(cbuf,BUFSIZZ);
1086

1087
			if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
1088 1089 1090 1091 1092
				{
				BIO_printf(bio_err,"DONE\n");
				goto shut;
				}

1093
			if ((!c_ign_eof) && (cbuf[0] == 'R'))
1094
				{
B
Ben Laurie 已提交
1095
				BIO_printf(bio_err,"RENEGOTIATING\n");
1096
				SSL_renegotiate(con);
B
Ben Laurie 已提交
1097
				cbuf_len=0;
1098 1099 1100 1101 1102
				}
			else
				{
				cbuf_len=i;
				cbuf_off=0;
1103 1104 1105
#ifdef CHARSET_EBCDIC
				ebcdic2ascii(cbuf, cbuf, i);
#endif
1106 1107 1108
				}

			write_ssl=1;
B
Ben Laurie 已提交
1109
			read_tty=0;
1110 1111 1112 1113 1114 1115 1116
			}
		}
shut:
	SSL_shutdown(con);
	SHUTDOWN(SSL_get_fd(con));
	ret=0;
end:
1117
	if(prexit) print_stuff(bio_c_out,con,1);
1118 1119 1120
	if (con != NULL) SSL_free(con);
	if (con2 != NULL) SSL_free(con2);
	if (ctx != NULL) SSL_CTX_free(ctx);
D
PR: 910  
Dr. Stephen Henson 已提交
1121 1122 1123 1124 1125 1126
	if (cert)
		X509_free(cert);
	if (key)
		EVP_PKEY_free(key);
	if (pass)
		OPENSSL_free(pass);
1127 1128 1129
	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
1130 1131 1132 1133 1134
	if (bio_c_out != NULL)
		{
		BIO_free(bio_c_out);
		bio_c_out=NULL;
		}
1135
	apps_shutdown();
1136
	OPENSSL_EXIT(ret);
1137 1138 1139
	}


U
Ulf Möller 已提交
1140
static void print_stuff(BIO *bio, SSL *s, int full)
1141
	{
1142
	X509 *peer=NULL;
1143
	char *p;
N
Nils Larsch 已提交
1144
	static const char *space="                ";
1145
	char buf[BUFSIZ];
B
Ben Laurie 已提交
1146 1147
	STACK_OF(X509) *sk;
	STACK_OF(X509_NAME) *sk2;
1148 1149 1150
	SSL_CIPHER *c;
	X509_NAME *xn;
	int j,i;
1151
#ifndef OPENSSL_NO_COMP
G
Geoff Thorpe 已提交
1152
	const COMP_METHOD *comp, *expansion;
1153
#endif
1154 1155 1156

	if (full)
		{
1157 1158
		int got_a_chain = 0;

1159 1160 1161
		sk=SSL_get_peer_cert_chain(s);
		if (sk != NULL)
			{
1162 1163
			got_a_chain = 1; /* we don't have it for SSL2 (yet) */

1164
			BIO_printf(bio,"---\nCertificate chain\n");
B
Ben Laurie 已提交
1165
			for (i=0; i<sk_X509_num(sk); i++)
1166
				{
B
Ben Laurie 已提交
1167
				X509_NAME_oneline(X509_get_subject_name(
1168
					sk_X509_value(sk,i)),buf,sizeof buf);
1169
				BIO_printf(bio,"%2d s:%s\n",i,buf);
B
Ben Laurie 已提交
1170
				X509_NAME_oneline(X509_get_issuer_name(
1171
					sk_X509_value(sk,i)),buf,sizeof buf);
1172
				BIO_printf(bio,"   i:%s\n",buf);
1173
				if (c_showcerts)
B
Ben Laurie 已提交
1174
					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
1175 1176 1177 1178 1179 1180 1181 1182
				}
			}

		BIO_printf(bio,"---\n");
		peer=SSL_get_peer_certificate(s);
		if (peer != NULL)
			{
			BIO_printf(bio,"Server certificate\n");
1183
			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
1184
				PEM_write_bio_X509(bio,peer);
1185
			X509_NAME_oneline(X509_get_subject_name(peer),
1186
				buf,sizeof buf);
1187 1188
			BIO_printf(bio,"subject=%s\n",buf);
			X509_NAME_oneline(X509_get_issuer_name(peer),
1189
				buf,sizeof buf);
1190 1191 1192 1193 1194
			BIO_printf(bio,"issuer=%s\n",buf);
			}
		else
			BIO_printf(bio,"no peer certificate available\n");

B
Ben Laurie 已提交
1195
		sk2=SSL_get_client_CA_list(s);
B
Bodo Möller 已提交
1196
		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
1197 1198
			{
			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
B
Ben Laurie 已提交
1199
			for (i=0; i<sk_X509_NAME_num(sk2); i++)
1200
				{
B
Ben Laurie 已提交
1201
				xn=sk_X509_NAME_value(sk2,i);
1202 1203 1204 1205 1206 1207 1208 1209 1210
				X509_NAME_oneline(xn,buf,sizeof(buf));
				BIO_write(bio,buf,strlen(buf));
				BIO_write(bio,"\n",1);
				}
			}
		else
			{
			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
			}
1211
		p=SSL_get_shared_ciphers(s,buf,sizeof buf);
1212 1213
		if (p != NULL)
			{
B
Bodo Möller 已提交
1214 1215 1216 1217 1218
			/* This works only for SSL 2.  In later protocol
			 * versions, the client does not know what other
			 * ciphers (in addition to the one to be used
			 * in the current connection) the server supports. */

1219 1220 1221 1222 1223 1224
			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
			j=i=0;
			while (*p)
				{
				if (*p == ':')
					{
1225
					BIO_write(bio,space,15-j%25);
1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248
					i++;
					j=0;
					BIO_write(bio,((i%3)?" ":"\n"),1);
					}
				else
					{
					BIO_write(bio,p,1);
					j++;
					}
				p++;
				}
			BIO_write(bio,"\n",1);
			}

		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
			BIO_number_read(SSL_get_rbio(s)),
			BIO_number_written(SSL_get_wbio(s)));
		}
	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
	c=SSL_get_current_cipher(s);
	BIO_printf(bio,"%s, Cipher is %s\n",
		SSL_CIPHER_get_version(c),
		SSL_CIPHER_get_name(c));
1249 1250 1251
	if (peer != NULL) {
		EVP_PKEY *pktmp;
		pktmp = X509_get_pubkey(peer);
1252
		BIO_printf(bio,"Server public key is %d bit\n",
1253 1254 1255
							 EVP_PKEY_bits(pktmp));
		EVP_PKEY_free(pktmp);
	}
1256
#ifndef OPENSSL_NO_COMP
1257
	comp=SSL_get_current_compression(s);
G
Geoff Thorpe 已提交
1258
	expansion=SSL_get_current_expansion(s);
1259 1260 1261
	BIO_printf(bio,"Compression: %s\n",
		comp ? SSL_COMP_get_name(comp) : "NONE");
	BIO_printf(bio,"Expansion: %s\n",
G
Geoff Thorpe 已提交
1262
		expansion ? SSL_COMP_get_name(expansion) : "NONE");
1263
#endif
1264 1265
	SSL_SESSION_print(bio,SSL_get_session(s));
	BIO_printf(bio,"---\n");
1266 1267
	if (peer != NULL)
		X509_free(peer);
1268 1269
	/* flush, or debugging output gets mixed with http response */
	BIO_flush(bio);
1270 1271
	}