X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fs_client.c;h=819cff344a747688292306344f1877ae21a050b0;hb=afc12d76f80d6ee14df3fc655e3c7e868ae0f368;hp=8c5412c62665fc64eacac789ac3e097e4199447a;hpb=e481f9b90b164fd1053015d1c4e0a0d92076d7a8;p=oweals%2Fopenssl.git diff --git a/apps/s_client.c b/apps/s_client.c index 8c5412c626..819cff344a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -134,7 +134,6 @@ * OTHERWISE. */ -#include #include #include #include @@ -509,31 +508,66 @@ OPTIONS s_client_options[] = { {"quiet", OPT_QUIET, '-', "No s_client output"}, {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"}, -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, -#endif {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, - {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-'}, - {"timeout", OPT_TIMEOUT, '-'}, - {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, {"starttls", OPT_STARTTLS, 's', "Use the STARTTLS command before starting TLS"}, - {"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""}, + {"xmpphost", OPT_XMPPHOST, 's', + "Host to use with \"-starttls xmpp[-server]\""}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"}, {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"}, - {"use_srtp", OPT_USE_SRTP, '<', + {"use_srtp", OPT_USE_SRTP, 's', "Offer SRTP key management with a colon-separated profile list"}, {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', "Export len bytes of keying material (default 20)"}, {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, + {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, + {"CRL", OPT_CRL, '<'}, + {"crl_download", OPT_CRL_DOWNLOAD, '-'}, + {"CRLform", OPT_CRLFORM, 'F'}, + {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, + {"verify_quiet", OPT_VERIFY_QUIET, '-'}, + {"brief", OPT_BRIEF, '-'}, + {"prexit", OPT_PREXIT, '-'}, + {"security_debug", OPT_SECURITY_DEBUG, '-'}, + {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, + {"cert_chain", OPT_CERT_CHAIN, '<'}, + {"chainCApath", OPT_CHAINCAPATH, '/'}, + {"verifyCApath", OPT_VERIFYCAPATH, '/'}, + {"build_chain", OPT_BUILD_CHAIN, '-'}, + {"chainCAfile", OPT_CHAINCAFILE, '<'}, + {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, + {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, + {"servername", OPT_SERVERNAME, 's', + "Set TLS extension servername in ClientHello"}, + {"tlsextdebug", OPT_TLSEXTDEBUG, '-', + "Hex dump of all TLS extensions received"}, + {"status", OPT_STATUS, '-', "Request certificate status from server"}, + {"serverinfo", OPT_SERVERINFO, 's', + "types Send empty ClientHello extensions (comma-separated numbers)"}, + {"alpn", OPT_ALPN, 's', + "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, + OPT_S_OPTIONS, + OPT_V_OPTIONS, + OPT_X_OPTIONS, +#ifndef OPENSSL_NO_SSL3 + {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {"dtls", OPT_DTLS, '-'}, + {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, + {"dtls1_2", OPT_DTLS1_2, '-'}, + {"timeout", OPT_TIMEOUT, '-'}, + {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, +#endif +#ifndef OPENSSL_NO_SSL_TRACE + {"trace", OPT_TRACE, '-'}, +#endif #ifdef WATT32 {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"}, #endif @@ -554,46 +588,16 @@ OPTIONS s_client_options[] = { "SRP username into second ClientHello message"}, {"srp_moregroups", OPT_SRP_MOREGROUPS, '-', "Tolerate other than the known g N values."}, - {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"}, + {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal length in bits for N"}, #endif - {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, - {"servername", OPT_SERVERNAME, 's', - "Set TLS extension servername in ClientHello"}, - {"tlsextdebug", OPT_TLSEXTDEBUG, '-', - "Hex dump of all TLS extensions received"}, - {"status", OPT_STATUS, '-', "Request certificate status from server"}, - {"serverinfo", OPT_SERVERINFO, 's', - "types Send empty ClientHello extensions (comma-separated numbers)"}, - {"alpn", OPT_ALPN, 's', - "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, #ifndef OPENSSL_NO_NEXTPROTONEG {"nextprotoneg", OPT_NEXTPROTONEG, 's', "Enable NPN extension, considering named protocols supported (comma-separated list)"}, #endif - {"CRL", OPT_CRL, '<'}, - {"crl_download", OPT_CRL_DOWNLOAD, '-'}, - {"CRLform", OPT_CRLFORM, 'F'}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, - {"verify_quiet", OPT_VERIFY_QUIET, '-'}, - {"brief", OPT_BRIEF, '-'}, - {"prexit", OPT_PREXIT, '-'}, - {"trace", OPT_TRACE, '-'}, - {"security_debug", OPT_SECURITY_DEBUG, '-'}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, - {"cert_chain", OPT_CERT_CHAIN, '<'}, - {"chainCApath", OPT_CHAINCAPATH, '/'}, - {"verifyCApath", OPT_VERIFYCAPATH, '/'}, - {"build_chain", OPT_BUILD_CHAIN, '-'}, - {"chainCAfile", OPT_CHAINCAFILE, '<'}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, - {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'}, #endif - OPT_S_OPTIONS, - OPT_V_OPTIONS, - OPT_X_OPTIONS, {NULL} }; @@ -605,6 +609,7 @@ typedef enum PROTOCOL_choice { PROTO_FTP, PROTO_TELNET, PROTO_XMPP, + PROTO_XMPP_SERVER, PROTO_CONNECT } PROTOCOL_CHOICE; @@ -614,6 +619,7 @@ static OPT_PAIR services[] = { {"imap", PROTO_IMAP}, {"ftp", PROTO_FTP}, {"xmpp", PROTO_XMPP}, + {"xmpp-server", PROTO_XMPP_SERVER}, {"telnet", PROTO_TELNET}, {NULL} }; @@ -635,8 +641,8 @@ int s_client_main(int argc, char **argv) char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL; char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL, *prog; - char *chCApath = NULL, *chCAfile = NULL, *host = SSL_HOST_NAME, *inrand = - NULL; + char *chCApath = NULL, *chCAfile = NULL, *host = SSL_HOST_NAME; + char *inrand = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p; char *jpake_secret = NULL, *xmpphost = NULL; @@ -650,7 +656,7 @@ int s_client_main(int argc, char **argv) int prexit = 0; int enable_timeouts = 0, sdebug = 0, peerlen = sizeof peer; int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0; - int ret = 1, in_init = 1, i, nbio_test = 0, s, k, width, state = 0; + int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0; int sbuf_len, sbuf_off, socket_type = SOCK_STREAM, cmdletters = 1; int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0; int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; @@ -706,29 +712,6 @@ int s_client_main(int argc, char **argv) prog = opt_init(argc, argv, s_client_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { -#ifndef WATT32 - case OPT_WDEBUG: -#endif -#ifdef OPENSSL_NO_JPAKE - case OPT_JPAKE: -#endif -#ifdef OPENSSL_NO_SSL_TRACE - case OPT_TRACE: -#endif -#ifdef OPENSSL_NO_PSK - case OPT_PSK_IDENTITY: - case OPT_PSK: -#endif -#ifdef OPENSSL_NO_SSL3 - case OPT_SSL3: -#endif -#ifdef OPENSSL_NO_DTLS1 - case OPT_DTLS: - case OPT_DTLS1: - case OPT_DTLS1_2: - case OPT_TIMEOUT: - case OPT_MTU: -#endif case OPT_EOF: case OPT_ERR: opthelp: @@ -866,22 +849,22 @@ int s_client_main(int argc, char **argv) case OPT_STATUS: c_status_req = 1; break; -#ifdef WATT32 case OPT_WDEBUG: +#ifdef WATT32 dbug_init(); - break; #endif + break; case OPT_MSG: c_msg = 1; break; case OPT_MSGFILE: bio_c_msg = BIO_new_file(opt_arg(), "w"); break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_TRACE: +#ifndef OPENSSL_NO_SSL_TRACE c_msg = 2; - break; #endif + break; case OPT_SECURITY_DEBUG: sdebug = 1; break; @@ -909,6 +892,10 @@ int s_client_main(int argc, char **argv) goto end; } break; +#else + case OPT_PSK_IDENTITY: + case OPT_PSK: + break; #endif #ifndef OPENSSL_NO_SRP case OPT_SRPUSER: @@ -941,11 +928,11 @@ int s_client_main(int argc, char **argv) case OPT_SRP_MOREGROUPS: break; #endif -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; case OPT_TLS1_2: meth = TLSv1_2_client_method(); break; @@ -974,6 +961,13 @@ int s_client_main(int argc, char **argv) case OPT_MTU: socket_mtu = atol(opt_arg()); break; +#else + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + break; #endif case OPT_FALLBACKSCSV: fallback_scsv = 1; @@ -1038,13 +1032,12 @@ int s_client_main(int argc, char **argv) goto end; case OPT_SERVERNAME: servername = opt_arg(); - /* meth=TLSv1_client_method(); */ break; -#ifndef OPENSSL_NO_JPAKE case OPT_JPAKE: +#ifndef OPENSSL_NO_JPAKE jpake_secret = opt_arg(); - break; #endif + break; case OPT_USE_SRTP: srtp_profiles = opt_arg(); break; @@ -1059,6 +1052,9 @@ int s_client_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (proxystr) { if (connectstr == NULL) { BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog); @@ -1067,7 +1063,8 @@ int s_client_main(int argc, char **argv) if (!extract_host_port(proxystr, &host, NULL, &port)) goto end; } - else if (!extract_host_port(connectstr, &host, NULL, &port)) + else if (connectstr != NULL + && !extract_host_port(connectstr, &host, NULL, &port)) goto end; if (unix_path && (socket_type != SOCK_STREAM)) { @@ -1554,11 +1551,13 @@ int s_client_main(int argc, char **argv) } break; case PROTO_XMPP: + case PROTO_XMPP_SERVER: { int seen = 0; BIO_printf(sbio, "", + "xmlns='jabber:%s' to='%s' version='1.0'>", + starttls_proto == PROTO_XMPP ? "client" : "server", xmpphost ? xmpphost : host); seen = BIO_read(sbio, mbuf, BUFSIZZ); mbuf[seen] = 0; @@ -2093,7 +2092,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) ssl_print_tmp_key(bio, s); BIO_printf(bio, - "---\nSSL handshake has read %ld bytes and written %ld bytes\n", + "---\nSSL handshake has read %"PRIu64" bytes and written %"PRIu64" bytes\n", BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); }