X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fs_client.c;h=19c9a217dfd835db883b1ebd0ad8ff621443159d;hb=bc36ee6227517edae802bcb0da68d4f04fe1fb5e;hp=0afd7907a1fdb8723afc9b6104835e1a62a9448e;hpb=bb7cd4e3ebb9c1114b7fb6f6d0e4c280ef984889;p=oweals%2Fopenssl.git diff --git a/apps/s_client.c b/apps/s_client.c index 0afd7907a1..19c9a217df 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -60,7 +60,7 @@ #include #include #include -#ifdef NO_STDIO +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif @@ -68,7 +68,7 @@ recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is needed to have fileno() declared correctly... So let's define u_int */ -#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) #define __U_INT typedef unsigned int u_int; #endif @@ -79,22 +79,19 @@ typedef unsigned int u_int; #include #include #include +#include #include "s_apps.h" -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS #include #endif -#if (defined(VMS) && __VMS_VER < 70000000) +#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif -#if defined(NO_RSA) && !defined(NO_SSL2) -#define NO_SSL2 -#endif - #undef PROG #define PROG s_client_main @@ -121,6 +118,7 @@ static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); static BIO *bio_c_out=NULL; static int c_quiet=0; +static int c_ign_eof=0; static void sc_usage(void) { @@ -147,16 +145,22 @@ static void sc_usage(void) #endif BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err," -quiet - no s_client output\n"); + BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); - BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n"); + BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); + BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err," command to see what is available\n"); + BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } +int MAIN(int, char **); + int MAIN(int argc, char **argv) { int off=0; @@ -176,31 +180,36 @@ int MAIN(int argc, char **argv) int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; + int prexit = 0; SSL_METHOD *meth=NULL; BIO *sbio; -#ifdef WINDOWS + char *inrand=NULL; + char *engine_id=NULL; + ENGINE *e=NULL; +#ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif -#if !defined(NO_SSL2) && !defined(NO_SSL3) +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_client_method(); -#elif !defined(NO_SSL3) +#elif !defined(OPENSSL_NO_SSL3) meth=SSLv3_client_method(); -#elif !defined(NO_SSL2) +#elif !defined(OPENSSL_NO_SSL2) meth=SSLv2_client_method(); #endif apps_startup(); c_Pause=0; c_quiet=0; + c_ign_eof=0; c_debug=0; c_showcerts=0; if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) || - ((sbuf=Malloc(BUFSIZZ)) == NULL)) + if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || + ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) { BIO_printf(bio_err,"out of memory\n"); goto end; @@ -245,10 +254,17 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_file= *(++argv); } + else if (strcmp(*argv,"-prexit") == 0) + prexit=1; else if (strcmp(*argv,"-crlf") == 0) crlf=1; else if (strcmp(*argv,"-quiet") == 0) + { c_quiet=1; + c_ign_eof=1; + } + else if (strcmp(*argv,"-ign_eof") == 0) + c_ign_eof=1; else if (strcmp(*argv,"-pause") == 0) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) @@ -259,15 +275,15 @@ int MAIN(int argc, char **argv) nbio_test=1; else if (strcmp(*argv,"-state") == 0) state=1; -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); #endif -#ifndef NO_SSL3 +#ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) meth=SSLv3_client_method(); #endif -#ifndef NO_TLS1 +#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) meth=TLSv1_client_method(); #endif @@ -298,6 +314,8 @@ int MAIN(int argc, char **argv) off|=SSL_OP_NO_SSLv3; else if (strcmp(*argv,"-no_ssl2") == 0) off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv,"-serverpref") == 0) + off|=SSL_OP_CIPHER_SERVER_PREFERENCE; else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -307,6 +325,16 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-nbio") == 0) { c_nbio=1; } #endif + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine_id = *(++argv); + } + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -323,7 +351,14 @@ bad: goto end; } - app_RAND_load_file(NULL, bio_err, 0); + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL + && !RAND_status()) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); if (bio_c_out == NULL) { @@ -338,7 +373,32 @@ bad: } } - SSLeay_add_ssl_algorithms(); + OpenSSL_add_ssl_algorithms(); + SSL_load_error_strings(); + + if (engine_id != NULL) + { + if((e = ENGINE_by_id(engine_id)) == NULL) + { + BIO_printf(bio_err,"invalid engine\n"); + ERR_print_errors(bio_err); + goto end; + } + if (c_debug) + { + ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, + 0, bio_err, 0); + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id); + ENGINE_free(e); + } + ctx=SSL_CTX_new(meth); if (ctx == NULL) { @@ -353,7 +413,11 @@ bad: if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); if (cipher != NULL) - SSL_CTX_set_cipher_list(ctx,cipher); + if(!SSL_CTX_set_cipher_list(ctx,cipher)) { + BIO_printf(bio_err,"error setting cipher list\n"); + ERR_print_errors(bio_err); + goto end; + } #if 0 else SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); @@ -366,14 +430,19 @@ bad: if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || (!SSL_CTX_set_default_verify_paths(ctx))) { - /* BIO_printf(bio_err,"error seting default verify locations\n"); */ + /* BIO_printf(bio_err,"error setting default verify locations\n"); */ ERR_print_errors(bio_err); /* goto end; */ } - SSL_load_error_strings(); - con=(SSL *)SSL_new(ctx); + con=SSL_new(ctx); +#ifndef OPENSSL_NO_KRB5 + if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); + } +#endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ re_start: @@ -468,7 +537,7 @@ re_start: if (!ssl_pending) { -#ifndef WINDOWS +#ifndef OPENSSL_SYS_WINDOWS if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -495,7 +564,7 @@ re_start: * will choke the compiler: if you do have a cast then * you can either go for (int *) or (void *). */ -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS /* Under Windows we make the assumption that we can * always write to the tty: therefore if we need to * write to the tty we just fall through. Otherwise @@ -503,13 +572,14 @@ re_start: * are any keypresses. Note: this is a hack, in a proper * Windows application we wouldn't do this. */ + i=0; if(!write_tty) { if(read_tty) { tv.tv_sec = 1; tv.tv_usec = 0; i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); - if(!i && (!_kbhit() || !read_tty) ) continue; + if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; } else i=select(width,(void *)&readfds,(void *)&writefds, NULL,NULL); } @@ -593,7 +663,7 @@ re_start: goto shut; } } -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS /* Assume Windows can always write */ else if (!ssl_pending && write_tty) #else @@ -674,8 +744,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 } } -#ifdef WINDOWS - else if (_kbhit()) +#ifdef OPENSSL_SYS_WINDOWS + else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif @@ -705,13 +775,13 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 else i=read(fileno(stdin),cbuf,BUFSIZZ); - if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q'))) + if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { BIO_printf(bio_err,"DONE\n"); goto shut; } - if ((!c_quiet) && (cbuf[0] == 'R')) + if ((!c_ign_eof) && (cbuf[0] == 'R')) { BIO_printf(bio_err,"RENEGOTIATING\n"); SSL_renegotiate(con); @@ -735,12 +805,12 @@ shut: SHUTDOWN(SSL_get_fd(con)); ret=0; end: + if(prexit) print_stuff(bio_c_out,con,1); if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); - if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); } - if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); } - X509_cleanup(); + if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); } + if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out);