190
191
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
191
192
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
192
BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n");
193
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
194
BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
193
195
BIO_printf(bio_err," not specified but cert file is.\n");
196
BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
197
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
194
198
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
195
199
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
196
200
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
197
201
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
198
202
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
199
203
BIO_printf(bio_err," -debug - extra output\n");
205
BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
200
207
BIO_printf(bio_err," -msg - Show protocol messages\n");
201
208
BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
202
209
BIO_printf(bio_err," -state - print the 'ssl' states\n");
209
216
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
210
217
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
211
218
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
219
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
220
BIO_printf(bio_err," -mtu - set the MTU\n");
212
221
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
213
222
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
214
223
BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
242
251
char *host=SSL_HOST_NAME;
243
252
char *cert_file=NULL,*key_file=NULL;
253
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
254
char *passarg = NULL, *pass = NULL;
256
EVP_PKEY *key = NULL;
244
257
char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
245
258
int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
250
263
int starttls_proto = 0;
251
264
int prexit = 0, vflags = 0;
252
265
SSL_METHOD *meth=NULL;
269
int sock_type=SOCK_STREAM;
254
271
char *inrand=NULL;
255
272
#ifndef OPENSSL_NO_ENGINE
256
273
char *engine_id=NULL;
259
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
276
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
260
277
struct timeval tv;
280
struct sockaddr peer;
281
int peerlen = sizeof(peer);
282
int enable_timeouts = 0 ;
263
285
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
264
286
meth=SSLv23_client_method();
265
287
#elif !defined(OPENSSL_NO_SSL3)
329
351
if (--argc < 1) goto bad;
330
352
cert_file= *(++argv);
354
else if (strcmp(*argv,"-certform") == 0)
356
if (--argc < 1) goto bad;
357
cert_format = str2fmt(*(++argv));
332
359
else if (strcmp(*argv,"-crl_check") == 0)
333
360
vflags |= X509_V_FLAG_CRL_CHECK;
334
361
else if (strcmp(*argv,"-crl_check_all") == 0)
349
376
else if (strcmp(*argv,"-debug") == 0)
379
else if (strcmp(*argv,"-wdebug") == 0)
351
382
else if (strcmp(*argv,"-msg") == 0)
353
384
else if (strcmp(*argv,"-showcerts") == 0)
368
399
else if (strcmp(*argv,"-tls1") == 0)
369
400
meth=TLSv1_client_method();
402
#ifndef OPENSSL_NO_DTLS1
403
else if (strcmp(*argv,"-dtls1") == 0)
405
meth=DTLSv1_client_method();
406
sock_type=SOCK_DGRAM;
408
else if (strcmp(*argv,"-timeout") == 0)
410
else if (strcmp(*argv,"-mtu") == 0)
412
if (--argc < 1) goto bad;
413
mtu = atol(*(++argv));
371
416
else if (strcmp(*argv,"-bugs") == 0)
418
else if (strcmp(*argv,"-keyform") == 0)
420
if (--argc < 1) goto bad;
421
key_format = str2fmt(*(++argv));
423
else if (strcmp(*argv,"-pass") == 0)
425
if (--argc < 1) goto bad;
373
428
else if (strcmp(*argv,"-key") == 0)
375
430
if (--argc < 1) goto bad;
451
506
#ifndef OPENSSL_NO_ENGINE
452
507
e = setup_engine(bio_err, engine_id, 1);
509
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
511
BIO_printf(bio_err, "Error getting password\n");
515
if (key_file == NULL)
516
key_file = cert_file;
523
key = load_key(bio_err, key_file, key_format, 0, pass, e,
524
"client certificate private key file");
527
ERR_print_errors(bio_err);
536
cert = load_cert(bio_err,cert_file,cert_format,
537
NULL, e, "client certificate file");
541
ERR_print_errors(bio_err);
455
546
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
456
547
&& !RAND_status())
485
576
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
487
578
SSL_CTX_set_options(ctx,off);
579
/* DTLS: partial reads end up discarding unread UDP bytes :-(
580
* Setting read ahead solves this problem.
582
if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
489
584
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
490
585
if (cipher != NULL)
501
596
SSL_CTX_set_verify(ctx,verify,verify_callback);
502
if (!set_cert_stuff(ctx,cert_file,key_file))
597
if (!set_cert_key_stuff(ctx,cert,key))
505
600
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
527
if (init_client(&s,host,port) == 0)
622
if (init_client(&s,host,port,sock_type) == 0)
529
624
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
547
642
if (c_Pause & 0x01) con->debug=1;
548
sbio=BIO_new_socket(s,BIO_NOCLOSE);
644
if ( SSL_version(con) == DTLS1_VERSION)
646
struct timeval timeout;
648
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
649
if (getsockname(s, &peer, (void *)&peerlen) < 0)
651
BIO_printf(bio_err, "getsockname:errno=%d\n",
652
get_last_socket_error());
657
BIO_ctrl_set_connected(sbio, 1, &peer);
659
if ( enable_timeouts)
662
timeout.tv_usec = DGRAM_RCV_TIMEOUT;
663
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
666
timeout.tv_usec = DGRAM_SND_TIMEOUT;
667
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
672
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
673
SSL_set_mtu(con, mtu);
676
/* want to do MTU discovery */
677
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
680
sbio=BIO_new_socket(s,BIO_NOCLOSE);
561
BIO_set_callback(sbio,bio_dump_cb);
695
BIO_set_callback(sbio,bio_dump_callback);
562
696
BIO_set_callback_arg(sbio,bio_c_out);
690
824
} else i=select(width,(void *)&readfds,(void *)&writefds,
827
#elif defined(OPENSSL_SYS_NETWARE)
832
i=select(width,(void *)&readfds,(void *)&writefds,
834
} else i=select(width,(void *)&readfds,(void *)&writefds,
694
838
i=select(width,(void *)&readfds,(void *)&writefds,
773
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
917
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
774
918
/* Assume Windows/DOS can always write */
775
919
else if (!ssl_pending && write_tty)
920
1066
if (con != NULL) SSL_free(con);
921
1067
if (con2 != NULL) SSL_free(con2);
922
1068
if (ctx != NULL) SSL_CTX_free(ctx);
923
1075
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
924
1076
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
925
1077
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
1046
1201
EVP_PKEY_bits(pktmp));
1047
1202
EVP_PKEY_free(pktmp);
1204
#ifndef OPENSSL_NO_COMP
1205
comp=SSL_get_current_compression(s);
1206
expansion=SSL_get_current_expansion(s);
1207
BIO_printf(bio,"Compression: %s\n",
1208
comp ? SSL_COMP_get_name(comp) : "NONE");
1209
BIO_printf(bio,"Expansion: %s\n",
1210
expansion ? SSL_COMP_get_name(expansion) : "NONE");
1049
1212
SSL_SESSION_print(bio,SSL_get_session(s));
1050
1213
BIO_printf(bio,"---\n");
1051
1214
if (peer != NULL)