New option "-showcerts" for s_client

Slight cleanup in ssl/

New option "-showcerts" for s_client
Slight cleanup in ssl/
6d02d8e4 · Bodo Möller · 4f49cc74 · 6d02d8e4 · 6d02d8e4 · 6d02d8e4
Showing with 24 addition and 9 deletion

CHANGES CHANGES +8 -0

apps/s_client.c apps/s_client.c +9 -1

ssl/s2_clnt.c ssl/s2_clnt.c +1 -1

ssl/ssl.h ssl/ssl.h +3 -4

ssl/ssl2.h ssl/ssl2.h +2 -2

ssl/ssl_sess.c ssl/ssl_sess.c +1 -1

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,14 @@
 Changes between 0.9.2b and 0.9.3
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
     application. Various cleanups and fixes.
     [Steve Henson]

--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -90,6 +90,7 @@ static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
+static int c_showcerts=0;
 #ifndef NOPROTO
 static void sc_usage(void);
@@ -118,6 +119,7 @@ static void sc_usage()
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -171,6 +173,7 @@ char **argv;
 	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
+	c_showcerts=0;
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -227,6 +230,8 @@ char **argv;
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
+		else if	(strcmp(*argv,"-showcerts") == 0)
+			c_showcerts=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
@@ -675,6 +680,8 @@ int full;
 				X509_NAME_oneline(X509_get_issuer_name((X509 *)
 					sk_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"   i:%s\n",buf);
+				if (c_showcerts)
+					PEM_write_bio_X509(bio,(X509 *) sk_value(sk,i));
 				}
 			}
@@ -683,7 +690,8 @@ int full;
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
-			PEM_write_bio_X509(bio,peer);
+			if (!c_showcerts) /* Redundant if we showed the whole chain */
+				PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"subject=%s\n",buf);

--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -485,7 +485,7 @@ SSL *s;
 		p=buf;					/* header */
 		d=p+9;					/* data section */
 		*(p++)=SSL2_MT_CLIENT_HELLO;		/* type */
-		s2n(SSL2_CLIENT_VERSION,p);		/* version */
+		s2n(SSL2_VERSION,p);			/* version */
 		n=j=0;
 		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);

--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -477,10 +477,9 @@ struct ssl_ctx_st
 struct ssl_st
 	{
-	/* procol version
+	/* protocol version
-	 * 2 for SSLv2
+	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
-	 * 3 for SSLv3
+	 */
-	 * -3 for SSLv3 but accept SSLv2 */
 	int version;
 	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

--- a/ssl/ssl2.h
+++ b/ssl/ssl2.h
@@ -67,8 +67,8 @@ extern "C" {
 #define SSL2_VERSION		0x0002
 #define SSL2_VERSION_MAJOR	0x00
 #define SSL2_VERSION_MINOR	0x02
-#define SSL2_CLIENT_VERSION	0x0002
+/* #define SSL2_CLIENT_VERSION	0x0002 */
-#define SSL2_SERVER_VERSION	0x0002
+/* #define SSL2_SERVER_VERSION	0x0002 */
 /* Protocol Message Codes */
 #define SSL2_MT_ERROR			0

--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -150,7 +150,7 @@ int session;
 	if (session)
 		{
-		if (s->version == SSL2_CLIENT_VERSION)
+		if (s->version == SSL2_VERSION)
 			{
 			ss->ssl_version=SSL2_VERSION;
 			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;