extern int verify_depth;
extern int verify_error;
extern int verify_return_error;
+extern int verify_quiet;
#ifdef FIONBIO
static int c_nbio=0;
static BIO *bio_c_msg=NULL;
static int c_quiet=0;
static int c_ign_eof=0;
+static int c_brief=0;
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
BIO_printf(bio_err," -host host - use -connect instead\n");
BIO_printf(bio_err," -port port - use -connect instead\n");
BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+ BIO_printf(bio_err," -checkhost host - check peer certificate matches \"host\"\n");
+ BIO_printf(bio_err," -checkemail email - check peer certificate matches \"email\"\n");
+ BIO_printf(bio_err," -checkip ipaddr - check peer certificate matches \"ipaddr\"\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -proof_debug - request an audit proof and print its hex dump\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
+ BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
# endif
#ifndef OPENSSL_NO_TLSEXT
BIO_printf(bio_err," -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n");
ext_buf[3] = inlen & 0xFF;
memcpy(ext_buf+4, in, inlen);
- BIO_snprintf(pem_name, sizeof(pem_name), "SERVER_INFO %d", ext_type);
+ BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
+ ext_type);
PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen);
return 1;
}
{NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
+ const char *alpn_in = NULL;
# endif
# define MAX_SI_TYPES 100
unsigned short serverinfo_types[MAX_SI_TYPES];
verify=SSL_VERIFY_PEER;
if (--argc < 1) goto bad;
verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+ if (!c_quiet)
+ BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
}
else if (strcmp(*argv,"-cert") == 0)
{
}
else if (strcmp(*argv,"-verify_return_error") == 0)
verify_return_error = 1;
+ else if (strcmp(*argv,"-verify_quiet") == 0)
+ verify_quiet = 1;
+ else if (strcmp(*argv,"-brief") == 0)
+ {
+ c_brief = 1;
+ verify_quiet = 1;
+ c_quiet = 1;
+ }
else if (args_excert(&argv, &argc, &badarg, bio_err, &exc))
{
if (badarg)
meth=TLSv1_client_method();
#endif
#ifndef OPENSSL_NO_DTLS1
+ else if (strcmp(*argv,"-dtls") == 0)
+ {
+ meth=DTLS_client_method();
+ socket_type=SOCK_DGRAM;
+ }
else if (strcmp(*argv,"-dtls1") == 0)
{
meth=DTLSv1_client_method();
socket_type=SOCK_DGRAM;
}
+ else if (strcmp(*argv,"-dtls1_2") == 0)
+ {
+ meth=DTLSv1_2_client_method();
+ socket_type=SOCK_DGRAM;
+ }
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts=1;
else if (strcmp(*argv,"-mtu") == 0)
if (--argc < 1) goto bad;
next_proto_neg_in = *(++argv);
}
+ else if (strcmp(*argv,"-alpn") == 0)
+ {
+ if (--argc < 1) goto bad;
+ alpn_in = *(++argv);
+ }
# endif
else if (strcmp(*argv,"-serverinfo") == 0)
{
*/
if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_TLSEXT)
+# if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.data)
SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
+# endif
+ if (alpn_in)
+ {
+ unsigned short alpn_len;
+ unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
+
+ if (alpn == NULL)
+ {
+ BIO_printf(bio_err, "Error parsing -alpn argument\n");
+ goto end;
+ }
+ SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
+ OPENSSL_free(alpn);
+ }
#endif
#ifndef OPENSSL_NO_TLSEXT
if (serverinfo_types_count)
#endif
if (c_Pause & 0x01) SSL_set_debug(con, 1);
- if ( SSL_version(con) == DTLS1_VERSION)
+ if (socket_type == SOCK_DGRAM)
{
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
else
BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
}
+ if (c_brief)
+ {
+ BIO_puts(bio_err,
+ "CONNECTION ESTABLISHED\n");
+ print_ssl_summary(bio_err, con);
+ }
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
break;
case SSL_ERROR_SYSCALL:
ret=get_last_socket_error();
- BIO_printf(bio_err,"read:errno=%d\n",ret);
+ if (c_brief)
+ BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n");
+ else
+ BIO_printf(bio_err,"read:errno=%d\n",ret);
goto shut;
case SSL_ERROR_ZERO_RETURN:
BIO_printf(bio_c_out,"closed\n");
}
#endif
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_TLSEXT)
+# if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.status != -1) {
const unsigned char *proto;
unsigned int proto_len;
BIO_write(bio, proto, proto_len);
BIO_write(bio, "\n", 1);
}
+ {
+ const unsigned char *proto;
+ unsigned int proto_len;
+ SSL_get0_alpn_selected(s, &proto, &proto_len);
+ if (proto_len > 0)
+ {
+ BIO_printf(bio, "ALPN protocol: ");
+ BIO_write(bio, proto, proto_len);
+ BIO_write(bio, "\n", 1);
+ }
+ else
+ BIO_printf(bio, "No ALPN negotiated\n");
+ }
+# endif
#endif
{
projects / oweals / openssl.git / blobdiff