← Back to branch summary

~ubuntu-branches/ubuntu/maverick/openssl/maverick

« back to all changes in this revision

Viewing changes to apps/s_client.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2005-12-13 21:37:42 UTC
  • mto: (11.1.1 lenny)
  • mto: This revision was merged to the branch mainline in revision 4.
  • Revision ID: james.westby@ubuntu.com-20051213213742-d0ydaylf80l16bj1
Tags: upstream-0.9.8a
ImportĀ upstreamĀ versionĀ 0.9.8a

Show diffs side-by-side

added added

removed removed

Lines of Context:
apps/s_client.c
135
135
#include <openssl/pem.h>
136
136
#include <openssl/rand.h>
137
137
#include "s_apps.h"
 
138
#include "timeouts.h"
138
139
 
139
140
#ifdef OPENSSL_SYS_WINCE
140
141
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
189
190
 
190
191
        BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
191
192
        BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
192
 
        BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
 
193
        BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
 
194
        BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
193
195
        BIO_printf(bio_err,"                 not specified but cert file is.\n");
 
196
        BIO_printf(bio_err," -keyform arg  - key format (PEM or DER) PEM default\n");
 
197
        BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
194
198
        BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
195
199
        BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
196
200
        BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
197
201
        BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
198
202
        BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
199
203
        BIO_printf(bio_err," -debug        - extra output\n");
 
204
#ifdef WATT32
 
205
        BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");
 
206
#endif
200
207
        BIO_printf(bio_err," -msg          - Show protocol messages\n");
201
208
        BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
202
209
        BIO_printf(bio_err," -state        - print the 'ssl' states\n");
209
216
        BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
210
217
        BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
211
218
        BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 
219
        BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
 
220
        BIO_printf(bio_err," -mtu          - set the MTU\n");
212
221
        BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
213
222
        BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
214
223
        BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
241
250
        int full_log=1;
242
251
        char *host=SSL_HOST_NAME;
243
252
        char *cert_file=NULL,*key_file=NULL;
 
253
        int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
 
254
        char *passarg = NULL, *pass = NULL;
 
255
        X509 *cert = NULL;
 
256
        EVP_PKEY *key = NULL;
244
257
        char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
245
258
        int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
246
259
        int crlf=0;
250
263
        int starttls_proto = 0;
251
264
        int prexit = 0, vflags = 0;
252
265
        SSL_METHOD *meth=NULL;
 
266
#ifdef sock_type
 
267
#undef sock_type
 
268
#endif
 
269
        int sock_type=SOCK_STREAM;
253
270
        BIO *sbio;
254
271
        char *inrand=NULL;
255
272
#ifndef OPENSSL_NO_ENGINE
256
273
        char *engine_id=NULL;
257
274
        ENGINE *e=NULL;
258
275
#endif
259
 
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
 
276
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
260
277
        struct timeval tv;
261
278
#endif
262
279
 
 
280
        struct sockaddr peer;
 
281
        int peerlen = sizeof(peer);
 
282
        int enable_timeouts = 0 ;
 
283
        long mtu = 0;
 
284
 
263
285
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
264
286
        meth=SSLv23_client_method();
265
287
#elif !defined(OPENSSL_NO_SSL3)
329
351
                        if (--argc < 1) goto bad;
330
352
                        cert_file= *(++argv);
331
353
                        }
 
354
                else if (strcmp(*argv,"-certform") == 0)
 
355
                        {
 
356
                        if (--argc < 1) goto bad;
 
357
                        cert_format = str2fmt(*(++argv));
 
358
                        }
332
359
                else if (strcmp(*argv,"-crl_check") == 0)
333
360
                        vflags |= X509_V_FLAG_CRL_CHECK;
334
361
                else if (strcmp(*argv,"-crl_check_all") == 0)
348
375
                        c_Pause=1;
349
376
                else if (strcmp(*argv,"-debug") == 0)
350
377
                        c_debug=1;
 
378
#ifdef WATT32
 
379
                else if (strcmp(*argv,"-wdebug") == 0)
 
380
                        dbug_init();
 
381
#endif
351
382
                else if (strcmp(*argv,"-msg") == 0)
352
383
                        c_msg=1;
353
384
                else if (strcmp(*argv,"-showcerts") == 0)
368
399
                else if (strcmp(*argv,"-tls1") == 0)
369
400
                        meth=TLSv1_client_method();
370
401
#endif
 
402
#ifndef OPENSSL_NO_DTLS1
 
403
                else if (strcmp(*argv,"-dtls1") == 0)
 
404
                        {
 
405
                        meth=DTLSv1_client_method();
 
406
                        sock_type=SOCK_DGRAM;
 
407
                        }
 
408
                else if (strcmp(*argv,"-timeout") == 0)
 
409
                        enable_timeouts=1;
 
410
                else if (strcmp(*argv,"-mtu") == 0)
 
411
                        {
 
412
                        if (--argc < 1) goto bad;
 
413
                        mtu = atol(*(++argv));
 
414
                        }
 
415
#endif
371
416
                else if (strcmp(*argv,"-bugs") == 0)
372
417
                        bugs=1;
 
418
                else if (strcmp(*argv,"-keyform") == 0)
 
419
                        {
 
420
                        if (--argc < 1) goto bad;
 
421
                        key_format = str2fmt(*(++argv));
 
422
                        }
 
423
                else if (strcmp(*argv,"-pass") == 0)
 
424
                        {
 
425
                        if (--argc < 1) goto bad;
 
426
                        passarg = *(++argv);
 
427
                        }
373
428
                else if (strcmp(*argv,"-key") == 0)
374
429
                        {
375
430
                        if (--argc < 1) goto bad;
451
506
#ifndef OPENSSL_NO_ENGINE
452
507
        e = setup_engine(bio_err, engine_id, 1);
453
508
#endif
 
509
        if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
 
510
                {
 
511
                BIO_printf(bio_err, "Error getting password\n");
 
512
                goto end;
 
513
                }
 
514
 
 
515
        if (key_file == NULL)
 
516
                key_file = cert_file;
 
517
 
 
518
 
 
519
        if (key_file)
 
520
 
 
521
                {
 
522
 
 
523
                key = load_key(bio_err, key_file, key_format, 0, pass, e,
 
524
                               "client certificate private key file");
 
525
                if (!key)
 
526
                        {
 
527
                        ERR_print_errors(bio_err);
 
528
                        goto end;
 
529
                        }
 
530
 
 
531
                }
 
532
 
 
533
        if (cert_file)
 
534
 
 
535
                {
 
536
                cert = load_cert(bio_err,cert_file,cert_format,
 
537
                                NULL, e, "client certificate file");
 
538
 
 
539
                if (!cert)
 
540
                        {
 
541
                        ERR_print_errors(bio_err);
 
542
                        goto end;
 
543
                        }
 
544
                }
454
545
 
455
546
        if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
456
547
                && !RAND_status())
485
576
                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
486
577
        else
487
578
                SSL_CTX_set_options(ctx,off);
 
579
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
 
580
         * Setting read ahead solves this problem.
 
581
         */
 
582
        if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
488
583
 
489
584
        if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
490
585
        if (cipher != NULL)
499
594
#endif
500
595
 
501
596
        SSL_CTX_set_verify(ctx,verify,verify_callback);
502
 
        if (!set_cert_stuff(ctx,cert_file,key_file))
 
597
        if (!set_cert_key_stuff(ctx,cert,key))
503
598
                goto end;
504
599
 
505
600
        if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
524
619
 
525
620
re_start:
526
621
 
527
 
        if (init_client(&s,host,port) == 0)
 
622
        if (init_client(&s,host,port,sock_type) == 0)
528
623
                {
529
624
                BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
530
625
                SHUTDOWN(s);
545
640
                }
546
641
#endif                                              
547
642
        if (c_Pause & 0x01) con->debug=1;
548
 
        sbio=BIO_new_socket(s,BIO_NOCLOSE);
 
643
 
 
644
        if ( SSL_version(con) == DTLS1_VERSION)
 
645
                {
 
646
                struct timeval timeout;
 
647
 
 
648
                sbio=BIO_new_dgram(s,BIO_NOCLOSE);
 
649
                if (getsockname(s, &peer, (void *)&peerlen) < 0)
 
650
                        {
 
651
                        BIO_printf(bio_err, "getsockname:errno=%d\n",
 
652
                                get_last_socket_error());
 
653
                        SHUTDOWN(s);
 
654
                        goto end;
 
655
                        }
 
656
 
 
657
                BIO_ctrl_set_connected(sbio, 1, &peer);
 
658
 
 
659
                if ( enable_timeouts)
 
660
                        {
 
661
                        timeout.tv_sec = 0;
 
662
                        timeout.tv_usec = DGRAM_RCV_TIMEOUT;
 
663
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
 
664
                        
 
665
                        timeout.tv_sec = 0;
 
666
                        timeout.tv_usec = DGRAM_SND_TIMEOUT;
 
667
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
 
668
                        }
 
669
 
 
670
                if ( mtu > 0)
 
671
                        {
 
672
                        SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
 
673
                        SSL_set_mtu(con, mtu);
 
674
                        }
 
675
                else
 
676
                        /* want to do MTU discovery */
 
677
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
 
678
                }
 
679
        else
 
680
                sbio=BIO_new_socket(s,BIO_NOCLOSE);
 
681
 
 
682
 
549
683
 
550
684
        if (nbio_test)
551
685
                {
558
692
        if (c_debug)
559
693
                {
560
694
                con->debug=1;
561
 
                BIO_set_callback(sbio,bio_dump_cb);
 
695
                BIO_set_callback(sbio,bio_dump_callback);
562
696
                BIO_set_callback_arg(sbio,bio_c_out);
563
697
                }
564
698
        if (c_msg)
640
774
 
641
775
                if (!ssl_pending)
642
776
                        {
643
 
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
 
777
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
644
778
                        if (tty_on)
645
779
                                {
646
780
                                if (read_tty)  FD_SET(fileno(stdin),&readfds);
690
824
                                } else  i=select(width,(void *)&readfds,(void *)&writefds,
691
825
                                         NULL,NULL);
692
826
                        }
 
827
#elif defined(OPENSSL_SYS_NETWARE)
 
828
                        if(!write_tty) {
 
829
                                if(read_tty) {
 
830
                                        tv.tv_sec = 1;
 
831
                                        tv.tv_usec = 0;
 
832
                                        i=select(width,(void *)&readfds,(void *)&writefds,
 
833
                                                NULL,&tv);
 
834
                                } else  i=select(width,(void *)&readfds,(void *)&writefds,
 
835
                                        NULL,NULL);
 
836
                        }
693
837
#else
694
838
                        i=select(width,(void *)&readfds,(void *)&writefds,
695
839
                                 NULL,NULL);
770
914
                                goto shut;
771
915
                                }
772
916
                        }
773
 
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
 
917
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
774
918
                /* Assume Windows/DOS can always write */
775
919
                else if (!ssl_pending && write_tty)
776
920
#else
857
1001
#else
858
1002
                else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
859
1003
#endif
 
1004
#elif defined (OPENSSL_SYS_NETWARE)
 
1005
        else if (_kbhit())
860
1006
#else
861
1007
                else if (FD_ISSET(fileno(stdin),&readfds))
862
1008
#endif
920
1066
        if (con != NULL) SSL_free(con);
921
1067
        if (con2 != NULL) SSL_free(con2);
922
1068
        if (ctx != NULL) SSL_CTX_free(ctx);
 
1069
        if (cert)
 
1070
                X509_free(cert);
 
1071
        if (key)
 
1072
                EVP_PKEY_free(key);
 
1073
        if (pass)
 
1074
                OPENSSL_free(pass);
923
1075
        if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
924
1076
        if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
925
1077
        if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
937
1089
        {
938
1090
        X509 *peer=NULL;
939
1091
        char *p;
940
 
        static char *space="                ";
 
1092
        static const char *space="                ";
941
1093
        char buf[BUFSIZ];
942
1094
        STACK_OF(X509) *sk;
943
1095
        STACK_OF(X509_NAME) *sk2;
944
1096
        SSL_CIPHER *c;
945
1097
        X509_NAME *xn;
946
1098
        int j,i;
 
1099
#ifndef OPENSSL_NO_COMP
 
1100
        const COMP_METHOD *comp, *expansion;
 
1101
#endif
947
1102
 
948
1103
        if (full)
949
1104
                {
1046
1201
                                                         EVP_PKEY_bits(pktmp));
1047
1202
                EVP_PKEY_free(pktmp);
1048
1203
        }
 
1204
#ifndef OPENSSL_NO_COMP
 
1205
        comp=SSL_get_current_compression(s);
 
1206
        expansion=SSL_get_current_expansion(s);
 
1207
        BIO_printf(bio,"Compression: %s\n",
 
1208
                comp ? SSL_COMP_get_name(comp) : "NONE");
 
1209
        BIO_printf(bio,"Expansion: %s\n",
 
1210
                expansion ? SSL_COMP_get_name(expansion) : "NONE");
 
1211
#endif
1049
1212
        SSL_SESSION_print(bio,SSL_get_session(s));
1050
1213
        BIO_printf(bio,"---\n");
1051
1214
        if (peer != NULL)