提交 b98af49d 编写于 作者: C Carlos Alberto Lopez Perez 提交者: Ben Laurie

Add an "-xmpphost" option to s_client

 * Many XMPP servers are configured with multiple domains (virtual hosts)
 * In order to establish successfully the TLS connection you have to specify
   which virtual host you are trying to connect.
 * Test this, for example with ::
   * Fail:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp
   * Works:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
上级 50f307a9
...@@ -350,6 +350,7 @@ static void sc_usage(void) ...@@ -350,6 +350,7 @@ static void sc_usage(void)
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
BIO_printf(bio_err," are supported.\n"); BIO_printf(bio_err," are supported.\n");
BIO_printf(bio_err," -xmpphost host - When used with \"-starttls xmpp\" specifies the virtual host.\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif #endif
...@@ -595,6 +596,7 @@ int MAIN(int argc, char **argv) ...@@ -595,6 +596,7 @@ int MAIN(int argc, char **argv)
short port=PORT; short port=PORT;
int full_log=1; int full_log=1;
char *host=SSL_HOST_NAME; char *host=SSL_HOST_NAME;
char *xmpphost = NULL;
char *cert_file=NULL,*key_file=NULL,*chain_file=NULL; char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL; char *passarg = NULL, *pass = NULL;
...@@ -726,6 +728,11 @@ static char *jpake_secret = NULL; ...@@ -726,6 +728,11 @@ static char *jpake_secret = NULL;
if (!extract_host_port(*(++argv),&host,NULL,&port)) if (!extract_host_port(*(++argv),&host,NULL,&port))
goto bad; goto bad;
} }
else if (strcmp(*argv,"-xmpphost") == 0)
{
if (--argc < 1) goto bad;
xmpphost= *(++argv);
}
else if (strcmp(*argv,"-verify") == 0) else if (strcmp(*argv,"-verify") == 0)
{ {
verify=SSL_VERIFY_PEER; verify=SSL_VERIFY_PEER;
...@@ -1670,7 +1677,7 @@ SSL_set_tlsext_status_ids(con, ids); ...@@ -1670,7 +1677,7 @@ SSL_set_tlsext_status_ids(con, ids);
int seen = 0; int seen = 0;
BIO_printf(sbio,"<stream:stream " BIO_printf(sbio,"<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' " "xmlns:stream='http://etherx.jabber.org/streams' "
"xmlns='jabber:client' to='%s' version='1.0'>", host); "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost? xmpphost:host);
seen = BIO_read(sbio,mbuf,BUFSIZZ); seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0; mbuf[seen] = 0;
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") &&
......
...@@ -37,6 +37,7 @@ B<openssl> B<s_client> ...@@ -37,6 +37,7 @@ B<openssl> B<s_client>
[B<-bugs>] [B<-bugs>]
[B<-cipher cipherlist>] [B<-cipher cipherlist>]
[B<-starttls protocol>] [B<-starttls protocol>]
[B<-xmpphost hostname>]
[B<-engine id>] [B<-engine id>]
[B<-tlsextdebug>] [B<-tlsextdebug>]
[B<-no_ticket>] [B<-no_ticket>]
...@@ -225,6 +226,13 @@ send the protocol-specific message(s) to switch to TLS for communication. ...@@ -225,6 +226,13 @@ send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only B<protocol> is a keyword for the intended protocol. Currently, the only
supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp". supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
=item B<-xmpphost hostname>
This option, when used with "-starttls xmpp", specifies the host for the
"to" attribute of the stream element.
If this option is not specified, then the host specified with "-connect"
will be used.
=item B<-tlsextdebug> =item B<-tlsextdebug>
print out a hex dump of any TLS extensions received from the server. print out a hex dump of any TLS extensions received from the server.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册