| GCC Code Coverage Report | |||||||||||||||||||||
|
|||||||||||||||||||||
| Line | Branch | Exec | Source |
1 |
/* $OpenBSD: s_client.c,v 1.33 2017/08/12 21:04:33 jsing Exp $ */ |
||
2 |
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
||
3 |
* All rights reserved. |
||
4 |
* |
||
5 |
* This package is an SSL implementation written |
||
6 |
* by Eric Young (eay@cryptsoft.com). |
||
7 |
* The implementation was written so as to conform with Netscapes SSL. |
||
8 |
* |
||
9 |
* This library is free for commercial and non-commercial use as long as |
||
10 |
* the following conditions are aheared to. The following conditions |
||
11 |
* apply to all code found in this distribution, be it the RC4, RSA, |
||
12 |
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
||
13 |
* included with this distribution is covered by the same copyright terms |
||
14 |
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
||
15 |
* |
||
16 |
* Copyright remains Eric Young's, and as such any Copyright notices in |
||
17 |
* the code are not to be removed. |
||
18 |
* If this package is used in a product, Eric Young should be given attribution |
||
19 |
* as the author of the parts of the library used. |
||
20 |
* This can be in the form of a textual message at program startup or |
||
21 |
* in documentation (online or textual) provided with the package. |
||
22 |
* |
||
23 |
* Redistribution and use in source and binary forms, with or without |
||
24 |
* modification, are permitted provided that the following conditions |
||
25 |
* are met: |
||
26 |
* 1. Redistributions of source code must retain the copyright |
||
27 |
* notice, this list of conditions and the following disclaimer. |
||
28 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
29 |
* notice, this list of conditions and the following disclaimer in the |
||
30 |
* documentation and/or other materials provided with the distribution. |
||
31 |
* 3. All advertising materials mentioning features or use of this software |
||
32 |
* must display the following acknowledgement: |
||
33 |
* "This product includes cryptographic software written by |
||
34 |
* Eric Young (eay@cryptsoft.com)" |
||
35 |
* The word 'cryptographic' can be left out if the rouines from the library |
||
36 |
* being used are not cryptographic related :-). |
||
37 |
* 4. If you include any Windows specific code (or a derivative thereof) from |
||
38 |
* the apps directory (application code) you must include an acknowledgement: |
||
39 |
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
||
40 |
* |
||
41 |
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
||
42 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
43 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||
44 |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
||
45 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
||
46 |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
||
47 |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
48 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
||
49 |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
||
50 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
||
51 |
* SUCH DAMAGE. |
||
52 |
* |
||
53 |
* The licence and distribution terms for any publically available version or |
||
54 |
* derivative of this code cannot be changed. i.e. this code cannot simply be |
||
55 |
* copied and put under another distribution licence |
||
56 |
* [including the GNU Public Licence.] |
||
57 |
*/ |
||
58 |
/* ==================================================================== |
||
59 |
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
||
60 |
* |
||
61 |
* Redistribution and use in source and binary forms, with or without |
||
62 |
* modification, are permitted provided that the following conditions |
||
63 |
* are met: |
||
64 |
* |
||
65 |
* 1. Redistributions of source code must retain the above copyright |
||
66 |
* notice, this list of conditions and the following disclaimer. |
||
67 |
* |
||
68 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
69 |
* notice, this list of conditions and the following disclaimer in |
||
70 |
* the documentation and/or other materials provided with the |
||
71 |
* distribution. |
||
72 |
* |
||
73 |
* 3. All advertising materials mentioning features or use of this |
||
74 |
* software must display the following acknowledgment: |
||
75 |
* "This product includes software developed by the OpenSSL Project |
||
76 |
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
||
77 |
* |
||
78 |
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
||
79 |
* endorse or promote products derived from this software without |
||
80 |
* prior written permission. For written permission, please contact |
||
81 |
* openssl-core@openssl.org. |
||
82 |
* |
||
83 |
* 5. Products derived from this software may not be called "OpenSSL" |
||
84 |
* nor may "OpenSSL" appear in their names without prior written |
||
85 |
* permission of the OpenSSL Project. |
||
86 |
* |
||
87 |
* 6. Redistributions of any form whatsoever must retain the following |
||
88 |
* acknowledgment: |
||
89 |
* "This product includes software developed by the OpenSSL Project |
||
90 |
* for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
||
91 |
* |
||
92 |
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
||
93 |
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
94 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
||
95 |
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
||
96 |
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||
97 |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||
98 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
99 |
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
100 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||
101 |
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||
102 |
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
||
103 |
* OF THE POSSIBILITY OF SUCH DAMAGE. |
||
104 |
* ==================================================================== |
||
105 |
* |
||
106 |
* This product includes cryptographic software written by Eric Young |
||
107 |
* (eay@cryptsoft.com). This product includes software written by Tim |
||
108 |
* Hudson (tjh@cryptsoft.com). |
||
109 |
* |
||
110 |
*/ |
||
111 |
/* ==================================================================== |
||
112 |
* Copyright 2005 Nokia. All rights reserved. |
||
113 |
* |
||
114 |
* The portions of the attached software ("Contribution") is developed by |
||
115 |
* Nokia Corporation and is licensed pursuant to the OpenSSL open source |
||
116 |
* license. |
||
117 |
* |
||
118 |
* The Contribution, originally written by Mika Kousa and Pasi Eronen of |
||
119 |
* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
||
120 |
* support (see RFC 4279) to OpenSSL. |
||
121 |
* |
||
122 |
* No patent licenses or other rights except those expressly stated in |
||
123 |
* the OpenSSL open source license shall be deemed granted or received |
||
124 |
* expressly, by implication, estoppel, or otherwise. |
||
125 |
* |
||
126 |
* No assurances are provided by Nokia that the Contribution does not |
||
127 |
* infringe the patent or other intellectual property rights of any third |
||
128 |
* party or that the license provides you with all the necessary rights |
||
129 |
* to make use of the Contribution. |
||
130 |
* |
||
131 |
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
||
132 |
* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
||
133 |
* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
||
134 |
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
||
135 |
* OTHERWISE. |
||
136 |
*/ |
||
137 |
|||
138 |
#include <sys/types.h> |
||
139 |
#include <sys/socket.h> |
||
140 |
|||
141 |
#include <netinet/in.h> |
||
142 |
|||
143 |
#include <assert.h> |
||
144 |
#include <ctype.h> |
||
145 |
#include <limits.h> |
||
146 |
#include <netdb.h> |
||
147 |
#include <stdio.h> |
||
148 |
#include <stdlib.h> |
||
149 |
#include <string.h> |
||
150 |
#include <unistd.h> |
||
151 |
#include <poll.h> |
||
152 |
|||
153 |
#include "apps.h" |
||
154 |
|||
155 |
#include <openssl/bn.h> |
||
156 |
#include <openssl/err.h> |
||
157 |
#include <openssl/ocsp.h> |
||
158 |
#include <openssl/pem.h> |
||
159 |
#include <openssl/ssl.h> |
||
160 |
#include <openssl/x509.h> |
||
161 |
|||
162 |
#include "s_apps.h" |
||
163 |
#include "timeouts.h" |
||
164 |
|||
165 |
/*#define SSL_HOST_NAME "www.netscape.com" */ |
||
166 |
/*#define SSL_HOST_NAME "193.118.187.102" */ |
||
167 |
#define SSL_HOST_NAME "localhost" |
||
168 |
|||
169 |
/*#define TEST_CERT "client.pem" *//* no default cert. */ |
||
170 |
|||
171 |
#define BUFSIZZ 1024*8 |
||
172 |
|||
173 |
static int c_nbio = 0; |
||
174 |
static int c_Pause = 0; |
||
175 |
static int c_debug = 0; |
||
176 |
static int c_tlsextdebug = 0; |
||
177 |
static int c_status_req = 0; |
||
178 |
static int c_msg = 0; |
||
179 |
static int c_showcerts = 0; |
||
180 |
|||
181 |
static char *keymatexportlabel = NULL; |
||
182 |
static int keymatexportlen = 20; |
||
183 |
|||
184 |
static void sc_usage(void); |
||
185 |
static void print_stuff(BIO * berr, SSL * con, int full); |
||
186 |
static int ocsp_resp_cb(SSL * s, void *arg); |
||
187 |
static BIO *bio_c_out = NULL; |
||
188 |
static int c_quiet = 0; |
||
189 |
static int c_ign_eof = 0; |
||
190 |
|||
191 |
|||
192 |
static void |
||
193 |
sc_usage(void) |
||
194 |
{ |
||
195 |
16 |
BIO_printf(bio_err, "usage: s_client args\n"); |
|
196 |
8 |
BIO_printf(bio_err, "\n"); |
|
197 |
8 |
BIO_printf(bio_err, " -4 - Force IPv4\n"); |
|
198 |
8 |
BIO_printf(bio_err, " -6 - Force IPv6\n"); |
|
199 |
8 |
BIO_printf(bio_err, " -host host - use -connect instead\n"); |
|
200 |
8 |
BIO_printf(bio_err, " -port port - use -connect instead\n"); |
|
201 |
8 |
BIO_printf(bio_err, " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR); |
|
202 |
8 |
BIO_printf(bio_err, " -proxy host:port - connect to http proxy\n"); |
|
203 |
|||
204 |
8 |
BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n"); |
|
205 |
8 |
BIO_printf(bio_err, " -cert arg - certificate file to use, PEM format assumed\n"); |
|
206 |
8 |
BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n"); |
|
207 |
8 |
BIO_printf(bio_err, " -key arg - Private key file to use, in cert file if\n"); |
|
208 |
8 |
BIO_printf(bio_err, " not specified but cert file is.\n"); |
|
209 |
8 |
BIO_printf(bio_err, " -keyform arg - key format (PEM or DER) PEM default\n"); |
|
210 |
8 |
BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n"); |
|
211 |
8 |
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); |
|
212 |
8 |
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); |
|
213 |
8 |
BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n"); |
|
214 |
8 |
BIO_printf(bio_err, " -pause - sleep(1) after each read(2) and write(2) system call\n"); |
|
215 |
8 |
BIO_printf(bio_err, " -showcerts - show all certificates in the chain\n"); |
|
216 |
8 |
BIO_printf(bio_err, " -debug - extra output\n"); |
|
217 |
8 |
BIO_printf(bio_err, " -msg - Show protocol messages\n"); |
|
218 |
8 |
BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); |
|
219 |
8 |
BIO_printf(bio_err, " -state - print the 'ssl' states\n"); |
|
220 |
8 |
BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); |
|
221 |
8 |
BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n"); |
|
222 |
8 |
BIO_printf(bio_err, " -quiet - no s_client output\n"); |
|
223 |
8 |
BIO_printf(bio_err, " -ign_eof - ignore input eof (default when -quiet)\n"); |
|
224 |
8 |
BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); |
|
225 |
8 |
BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); |
|
226 |
8 |
BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); |
|
227 |
8 |
BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); |
|
228 |
8 |
BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); |
|
229 |
8 |
BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); |
|
230 |
8 |
BIO_printf(bio_err, " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); |
|
231 |
8 |
BIO_printf(bio_err, " -bugs - Switch on all SSL implementation bug workarounds\n"); |
|
232 |
8 |
BIO_printf(bio_err, " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); |
|
233 |
8 |
BIO_printf(bio_err, " command to see what is available\n"); |
|
234 |
8 |
BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n"); |
|
235 |
8 |
BIO_printf(bio_err, " for those protocols that support it, where\n"); |
|
236 |
8 |
BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n"); |
|
237 |
8 |
BIO_printf(bio_err, " only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); |
|
238 |
8 |
BIO_printf(bio_err, " are supported.\n"); |
|
239 |
8 |
BIO_printf(bio_err, " -xmpphost host - connect to this virtual host on the xmpp server\n"); |
|
240 |
8 |
BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); |
|
241 |
8 |
BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); |
|
242 |
8 |
BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n"); |
|
243 |
8 |
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
|
244 |
8 |
BIO_printf(bio_err, " -status - request certificate status from server\n"); |
|
245 |
8 |
BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
|
246 |
8 |
BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); |
|
247 |
8 |
BIO_printf(bio_err, " -groups arg - specify EC curve groups (colon-separated list)\n"); |
|
248 |
#ifndef OPENSSL_NO_SRTP |
||
249 |
8 |
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
|
250 |
#endif |
||
251 |
8 |
BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n"); |
|
252 |
8 |
BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); |
|
253 |
8 |
} |
|
254 |
|||
255 |
|||
256 |
/* This is a context that we pass to callbacks */ |
||
257 |
typedef struct tlsextctx_st { |
||
258 |
BIO *biodebug; |
||
259 |
int ack; |
||
260 |
} tlsextctx; |
||
261 |
|||
262 |
|||
263 |
static int |
||
264 |
ssl_servername_cb(SSL * s, int *ad, void *arg) |
||
265 |
{ |
||
266 |
tlsextctx *p = (tlsextctx *) arg; |
||
267 |
const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); |
||
268 |
if (SSL_get_servername_type(s) != -1) |
||
269 |
p->ack = !SSL_session_reused(s) && hn != NULL; |
||
270 |
else |
||
271 |
BIO_printf(bio_err, "Can't use SSL_get_servername\n"); |
||
272 |
|||
273 |
return SSL_TLSEXT_ERR_OK; |
||
274 |
} |
||
275 |
|||
276 |
#ifndef OPENSSL_NO_SRTP |
||
277 |
char *srtp_profiles = NULL; |
||
278 |
#endif |
||
279 |
|||
280 |
enum { |
||
281 |
PROTO_OFF = 0, |
||
282 |
PROTO_SMTP, |
||
283 |
PROTO_LMTP, |
||
284 |
PROTO_POP3, |
||
285 |
PROTO_IMAP, |
||
286 |
PROTO_FTP, |
||
287 |
PROTO_XMPP |
||
288 |
}; |
||
289 |
|||
290 |
int |
||
291 |
s_client_main(int argc, char **argv) |
||
292 |
{ |
||
293 |
unsigned int off = 0, clr = 0; |
||
294 |
SSL *con = NULL; |
||
295 |
16 |
int s, k, state = 0, af = AF_UNSPEC; |
|
296 |
char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; |
||
297 |
int cbuf_len, cbuf_off; |
||
298 |
int sbuf_len, sbuf_off; |
||
299 |
16 |
char *port = PORT_STR; |
|
300 |
int full_log = 1; |
||
301 |
16 |
char *host = SSL_HOST_NAME; |
|
302 |
char *xmpphost = NULL; |
||
303 |
char *proxy = NULL, *connect = NULL; |
||
304 |
char *cert_file = NULL, *key_file = NULL; |
||
305 |
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; |
||
306 |
16 |
char *passarg = NULL, *pass = NULL; |
|
307 |
X509 *cert = NULL; |
||
308 |
EVP_PKEY *key = NULL; |
||
309 |
char *CApath = NULL, *CAfile = NULL, *cipher = NULL; |
||
310 |
int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0; |
||
311 |
int crlf = 0; |
||
312 |
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; |
||
313 |
SSL_CTX *ctx = NULL; |
||
314 |
int ret = 1, in_init = 1, i, nbio_test = 0; |
||
315 |
int starttls_proto = PROTO_OFF; |
||
316 |
int prexit = 0; |
||
317 |
16 |
X509_VERIFY_PARAM *vpm = NULL; |
|
318 |
16 |
int badarg = 0; |
|
319 |
const SSL_METHOD *meth = NULL; |
||
320 |
int socket_type = SOCK_STREAM; |
||
321 |
BIO *sbio; |
||
322 |
int mbuf_len = 0; |
||
323 |
16 |
struct timeval timeout; |
|
324 |
16 |
const char *errstr = NULL; |
|
325 |
char *servername = NULL; |
||
326 |
16 |
tlsextctx tlsextcbp = {NULL, 0}; |
|
327 |
const char *alpn_in = NULL; |
||
328 |
const char *groups_in = NULL; |
||
329 |
char *sess_in = NULL; |
||
330 |
char *sess_out = NULL; |
||
331 |
16 |
struct sockaddr peer; |
|
332 |
16 |
int peerlen = sizeof(peer); |
|
333 |
int enable_timeouts = 0; |
||
334 |
long socket_mtu = 0; |
||
335 |
|||
336 |
✓✗ | 16 |
if (single_execution) { |
337 |
✗✓ | 16 |
if (pledge("stdio cpath wpath rpath inet dns tty flock", NULL) == -1) { |
338 |
perror("pledge"); |
||
339 |
exit(1); |
||
340 |
} |
||
341 |
} |
||
342 |
|||
343 |
16 |
meth = SSLv23_client_method(); |
|
344 |
|||
345 |
16 |
c_Pause = 0; |
|
346 |
16 |
c_quiet = 0; |
|
347 |
16 |
c_ign_eof = 0; |
|
348 |
16 |
c_debug = 0; |
|
349 |
16 |
c_msg = 0; |
|
350 |
16 |
c_showcerts = 0; |
|
351 |
|||
352 |
✓✗✗✓ |
32 |
if (((cbuf = malloc(BUFSIZZ)) == NULL) || |
353 |
✓✗ | 16 |
((sbuf = malloc(BUFSIZZ)) == NULL) || |
354 |
16 |
((mbuf = malloc(BUFSIZZ + 1)) == NULL)) { /* NUL byte */ |
|
355 |
BIO_printf(bio_err, "out of memory\n"); |
||
356 |
goto end; |
||
357 |
} |
||
358 |
16 |
verify_depth = 0; |
|
359 |
16 |
c_nbio = 0; |
|
360 |
|||
361 |
16 |
argc--; |
|
362 |
16 |
argv++; |
|
363 |
✓✓ | 184 |
while (argc >= 1) { |
364 |
✗✓ | 96 |
if (strcmp(*argv, "-host") == 0) { |
365 |
if (--argc < 1) |
||
366 |
goto bad; |
||
367 |
host = *(++argv); |
||
368 |
✗✓ | 96 |
} else if (strcmp(*argv, "-port") == 0) { |
369 |
if (--argc < 1) |
||
370 |
goto bad; |
||
371 |
port = *(++argv); |
||
372 |
if (port == NULL || *port == '\0') |
||
373 |
goto bad; |
||
374 |
✓✓ | 96 |
} else if (strcmp(*argv, "-connect") == 0) { |
375 |
✓✗ | 8 |
if (--argc < 1) |
376 |
goto bad; |
||
377 |
8 |
connect = *(++argv); |
|
378 |
✗✓ | 96 |
} else if (strcmp(*argv, "-proxy") == 0) { |
379 |
if (--argc < 1) |
||
380 |
goto bad; |
||
381 |
proxy = *(++argv); |
||
382 |
✗✓ | 88 |
} else if (strcmp(*argv,"-xmpphost") == 0) { |
383 |
if (--argc < 1) |
||
384 |
goto bad; |
||
385 |
xmpphost= *(++argv); |
||
386 |
✗✓ | 88 |
} else if (strcmp(*argv, "-verify") == 0) { |
387 |
verify = SSL_VERIFY_PEER; |
||
388 |
if (--argc < 1) |
||
389 |
goto bad; |
||
390 |
verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr); |
||
391 |
if (errstr) |
||
392 |
goto bad; |
||
393 |
BIO_printf(bio_err, "verify depth is %d\n", verify_depth); |
||
394 |
✗✓ | 88 |
} else if (strcmp(*argv, "-cert") == 0) { |
395 |
if (--argc < 1) |
||
396 |
goto bad; |
||
397 |
cert_file = *(++argv); |
||
398 |
✓✓ | 88 |
} else if (strcmp(*argv, "-sess_out") == 0) { |
399 |
✓✗ | 8 |
if (--argc < 1) |
400 |
goto bad; |
||
401 |
8 |
sess_out = *(++argv); |
|
402 |
✗✓ | 88 |
} else if (strcmp(*argv, "-sess_in") == 0) { |
403 |
if (--argc < 1) |
||
404 |
goto bad; |
||
405 |
sess_in = *(++argv); |
||
406 |
✗✓ | 80 |
} else if (strcmp(*argv, "-certform") == 0) { |
407 |
if (--argc < 1) |
||
408 |
goto bad; |
||
409 |
cert_format = str2fmt(*(++argv)); |
||
410 |
✓✓ | 80 |
} else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { |
411 |
✓✗ | 24 |
if (badarg) |
412 |
goto bad; |
||
413 |
continue; |
||
414 |
✗✓ | 56 |
} else if (strcmp(*argv, "-verify_return_error") == 0) |
415 |
verify_return_error = 1; |
||
416 |
✓✓ | 56 |
else if (strcmp(*argv, "-prexit") == 0) |
417 |
8 |
prexit = 1; |
|
418 |
✗✓ | 48 |
else if (strcmp(*argv, "-crlf") == 0) |
419 |
crlf = 1; |
||
420 |
✗✓ | 48 |
else if (strcmp(*argv, "-quiet") == 0) { |
421 |
c_quiet = 1; |
||
422 |
c_ign_eof = 1; |
||
423 |
✗✓ | 48 |
} else if (strcmp(*argv, "-ign_eof") == 0) |
424 |
c_ign_eof = 1; |
||
425 |
✗✓ | 48 |
else if (strcmp(*argv, "-no_ign_eof") == 0) |
426 |
c_ign_eof = 0; |
||
427 |
✓✓ | 48 |
else if (strcmp(*argv, "-pause") == 0) |
428 |
8 |
c_Pause = 1; |
|
429 |
✗✓ | 40 |
else if (strcmp(*argv, "-debug") == 0) |
430 |
c_debug = 1; |
||
431 |
✗✓ | 40 |
else if (strcmp(*argv, "-tlsextdebug") == 0) |
432 |
c_tlsextdebug = 1; |
||
433 |
✗✓ | 40 |
else if (strcmp(*argv, "-status") == 0) |
434 |
c_status_req = 1; |
||
435 |
✗✓ | 40 |
else if (strcmp(*argv, "-msg") == 0) |
436 |
c_msg = 1; |
||
437 |
✓✓ | 40 |
else if (strcmp(*argv, "-showcerts") == 0) |
438 |
8 |
c_showcerts = 1; |
|
439 |
✗✓ | 32 |
else if (strcmp(*argv, "-nbio_test") == 0) |
440 |
nbio_test = 1; |
||
441 |
✗✓ | 32 |
else if (strcmp(*argv, "-state") == 0) |
442 |
state = 1; |
||
443 |
✗✓ | 32 |
else if (strcmp(*argv, "-tls1_2") == 0) |
444 |
meth = TLSv1_2_client_method(); |
||
445 |
✗✓ | 32 |
else if (strcmp(*argv, "-tls1_1") == 0) |
446 |
meth = TLSv1_1_client_method(); |
||
447 |
✗✓ | 32 |
else if (strcmp(*argv, "-tls1") == 0) |
448 |
meth = TLSv1_client_method(); |
||
449 |
#ifndef OPENSSL_NO_DTLS1 |
||
450 |
✗✓ | 32 |
else if (strcmp(*argv, "-dtls1") == 0) { |
451 |
meth = DTLSv1_client_method(); |
||
452 |
socket_type = SOCK_DGRAM; |
||
453 |
✗✓ | 32 |
} else if (strcmp(*argv, "-timeout") == 0) |
454 |
enable_timeouts = 1; |
||
455 |
✗✓ | 32 |
else if (strcmp(*argv, "-mtu") == 0) { |
456 |
if (--argc < 1) |
||
457 |
goto bad; |
||
458 |
socket_mtu = strtonum(*(++argv), 0, LONG_MAX, &errstr); |
||
459 |
if (errstr) |
||
460 |
goto bad; |
||
461 |
} |
||
462 |
#endif |
||
463 |
✗✓ | 32 |
else if (strcmp(*argv, "-bugs") == 0) |
464 |
bugs = 1; |
||
465 |
✗✓ | 32 |
else if (strcmp(*argv, "-keyform") == 0) { |
466 |
if (--argc < 1) |
||
467 |
goto bad; |
||
468 |
key_format = str2fmt(*(++argv)); |
||
469 |
✗✓ | 32 |
} else if (strcmp(*argv, "-pass") == 0) { |
470 |
if (--argc < 1) |
||
471 |
goto bad; |
||
472 |
passarg = *(++argv); |
||
473 |
✗✓ | 32 |
} else if (strcmp(*argv, "-key") == 0) { |
474 |
if (--argc < 1) |
||
475 |
goto bad; |
||
476 |
key_file = *(++argv); |
||
477 |
✗✓ | 32 |
} else if (strcmp(*argv, "-reconnect") == 0) { |
478 |
reconnect = 5; |
||
479 |
✗✓ | 32 |
} else if (strcmp(*argv, "-CApath") == 0) { |
480 |
if (--argc < 1) |
||
481 |
goto bad; |
||
482 |
CApath = *(++argv); |
||
483 |
✓✓ | 32 |
} else if (strcmp(*argv, "-CAfile") == 0) { |
484 |
✓✗ | 8 |
if (--argc < 1) |
485 |
goto bad; |
||
486 |
8 |
CAfile = *(++argv); |
|
487 |
✗✓ | 32 |
} else if (strcmp(*argv, "-no_tls1_2") == 0) |
488 |
off |= SSL_OP_NO_TLSv1_2; |
||
489 |
✗✓ | 24 |
else if (strcmp(*argv, "-no_tls1_1") == 0) |
490 |
off |= SSL_OP_NO_TLSv1_1; |
||
491 |
✗✓ | 24 |
else if (strcmp(*argv, "-no_tls1") == 0) |
492 |
off |= SSL_OP_NO_TLSv1; |
||
493 |
✗✓ | 24 |
else if (strcmp(*argv, "-no_ssl3") == 0) |
494 |
off |= SSL_OP_NO_SSLv3; |
||
495 |
✗✓ | 24 |
else if (strcmp(*argv, "-no_ssl2") == 0) |
496 |
off |= SSL_OP_NO_SSLv2; |
||
497 |
✗✓ | 24 |
else if (strcmp(*argv, "-no_comp") == 0) { |
498 |
off |= SSL_OP_NO_COMPRESSION; |
||
499 |
✗✓ | 24 |
} else if (strcmp(*argv, "-no_ticket") == 0) { |
500 |
off |= SSL_OP_NO_TICKET; |
||
501 |
✓✓ | 24 |
} else if (strcmp(*argv, "-nextprotoneg") == 0) { |
502 |
/* Ignored. */ |
||
503 |
✓✗ | 8 |
if (--argc < 1) |
504 |
goto bad; |
||
505 |
8 |
++argv; |
|
506 |
✓✓ | 24 |
} else if (strcmp(*argv, "-alpn") == 0) { |
507 |
✓✗ | 8 |
if (--argc < 1) |
508 |
goto bad; |
||
509 |
8 |
alpn_in = *(++argv); |
|
510 |
✗✓ | 16 |
} else if (strcmp(*argv, "-groups") == 0) { |
511 |
if (--argc < 1) |
||
512 |
goto bad; |
||
513 |
groups_in = *(++argv); |
||
514 |
✗✓ | 8 |
} else if (strcmp(*argv, "-serverpref") == 0) |
515 |
off |= SSL_OP_CIPHER_SERVER_PREFERENCE; |
||
516 |
✓✗ | 8 |
else if (strcmp(*argv, "-legacy_renegotiation") == 0) |
517 |
; /* no-op */ |
||
518 |
✗✓ | 8 |
else if (strcmp(*argv, "-legacy_server_connect") == 0) { |
519 |
off |= SSL_OP_LEGACY_SERVER_CONNECT; |
||
520 |
✗✓ | 8 |
} else if (strcmp(*argv, "-no_legacy_server_connect") == 0) { |
521 |
clr |= SSL_OP_LEGACY_SERVER_CONNECT; |
||
522 |
✗✓ | 8 |
} else if (strcmp(*argv, "-cipher") == 0) { |
523 |
if (--argc < 1) |
||
524 |
goto bad; |
||
525 |
cipher = *(++argv); |
||
526 |
} |
||
527 |
✗✓ | 8 |
else if (strcmp(*argv, "-nbio") == 0) { |
528 |
c_nbio = 1; |
||
529 |
} |
||
530 |
✗✓ | 8 |
else if (strcmp(*argv, "-starttls") == 0) { |
531 |
if (--argc < 1) |
||
532 |
goto bad; |
||
533 |
++argv; |
||
534 |
if (strcmp(*argv, "smtp") == 0) |
||
535 |
starttls_proto = PROTO_SMTP; |
||
536 |
else if (strcmp(*argv, "lmtp") == 0) |
||
537 |
starttls_proto = PROTO_LMTP; |
||
538 |
else if (strcmp(*argv, "pop3") == 0) |
||
539 |
starttls_proto = PROTO_POP3; |
||
540 |
else if (strcmp(*argv, "imap") == 0) |
||
541 |
starttls_proto = PROTO_IMAP; |
||
542 |
else if (strcmp(*argv, "ftp") == 0) |
||
543 |
starttls_proto = PROTO_FTP; |
||
544 |
else if (strcmp(*argv, "xmpp") == 0) |
||
545 |
starttls_proto = PROTO_XMPP; |
||
546 |
else |
||
547 |
goto bad; |
||
548 |
} |
||
549 |
✗✓ | 8 |
else if (strcmp(*argv, "-4") == 0) { |
550 |
af = AF_INET; |
||
551 |
✗✓ | 8 |
} else if (strcmp(*argv, "-6") == 0) { |
552 |
af = AF_INET6; |
||
553 |
} |
||
554 |
✗✓ | 8 |
else if (strcmp(*argv, "-servername") == 0) { |
555 |
if (--argc < 1) |
||
556 |
goto bad; |
||
557 |
servername = *(++argv); |
||
558 |
/* meth=TLSv1_client_method(); */ |
||
559 |
} |
||
560 |
#ifndef OPENSSL_NO_SRTP |
||
561 |
✗✓ | 8 |
else if (strcmp(*argv, "-use_srtp") == 0) { |
562 |
if (--argc < 1) |
||
563 |
goto bad; |
||
564 |
srtp_profiles = *(++argv); |
||
565 |
} |
||
566 |
#endif |
||
567 |
✗✓ | 8 |
else if (strcmp(*argv, "-keymatexport") == 0) { |
568 |
if (--argc < 1) |
||
569 |
goto bad; |
||
570 |
keymatexportlabel = *(++argv); |
||
571 |
✗✓ | 8 |
} else if (strcmp(*argv, "-keymatexportlen") == 0) { |
572 |
if (--argc < 1) |
||
573 |
goto bad; |
||
574 |
keymatexportlen = strtonum(*(++argv), 1, INT_MAX, &errstr); |
||
575 |
if (errstr) |
||
576 |
goto bad; |
||
577 |
} else { |
||
578 |
8 |
BIO_printf(bio_err, "unknown option %s\n", *argv); |
|
579 |
badop = 1; |
||
580 |
8 |
break; |
|
581 |
} |
||
582 |
64 |
argc--; |
|
583 |
64 |
argv++; |
|
584 |
} |
||
585 |
✗✓ | 16 |
if (proxy != NULL) { |
586 |
if (!extract_host_port(proxy, &host, NULL, &port)) |
||
587 |
goto bad; |
||
588 |
if (connect == NULL) |
||
589 |
connect = SSL_HOST_NAME; |
||
590 |
✓✓ | 16 |
} else if (connect != NULL) { |
591 |
✗✓ | 16 |
if (!extract_host_port(connect, &host, NULL, &port)) |
592 |
goto bad; |
||
593 |
} |
||
594 |
✓✗ | 16 |
if (badop) { |
595 |
bad: |
||
596 |
✗✓ | 8 |
if (errstr) |
597 |
BIO_printf(bio_err, "invalid argument %s: %s\n", |
||
598 |
*argv, errstr); |
||
599 |
else |
||
600 |
8 |
sc_usage(); |
|
601 |
goto end; |
||
602 |
} |
||
603 |
|||
604 |
✗✓ | 8 |
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { |
605 |
BIO_printf(bio_err, "Error getting password\n"); |
||
606 |
goto end; |
||
607 |
} |
||
608 |
✓✗ | 8 |
if (key_file == NULL) |
609 |
8 |
key_file = cert_file; |
|
610 |
|||
611 |
|||
612 |
✗✓ | 8 |
if (key_file) { |
613 |
|||
614 |
key = load_key(bio_err, key_file, key_format, 0, pass, |
||
615 |
"client certificate private key file"); |
||
616 |
if (!key) { |
||
617 |
ERR_print_errors(bio_err); |
||
618 |
goto end; |
||
619 |
} |
||
620 |
} |
||
621 |
✗✓ | 8 |
if (cert_file) { |
622 |
cert = load_cert(bio_err, cert_file, cert_format, |
||
623 |
NULL, "client certificate file"); |
||
624 |
|||
625 |
if (!cert) { |
||
626 |
ERR_print_errors(bio_err); |
||
627 |
goto end; |
||
628 |
} |
||
629 |
} |
||
630 |
✓✗ | 8 |
if (bio_c_out == NULL) { |
631 |
✗✓ | 8 |
if (c_quiet && !c_debug && !c_msg) { |
632 |
bio_c_out = BIO_new(BIO_s_null()); |
||
633 |
} else { |
||
634 |
✓✗ | 8 |
if (bio_c_out == NULL) |
635 |
8 |
bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|
636 |
} |
||
637 |
} |
||
638 |
|||
639 |
8 |
ctx = SSL_CTX_new(meth); |
|
640 |
✗✓ | 8 |
if (ctx == NULL) { |
641 |
ERR_print_errors(bio_err); |
||
642 |
goto end; |
||
643 |
} |
||
644 |
✓✗ | 8 |
if (vpm) |
645 |
8 |
SSL_CTX_set1_param(ctx, vpm); |
|
646 |
|||
647 |
#ifndef OPENSSL_NO_SRTP |
||
648 |
✗✓ | 8 |
if (srtp_profiles != NULL) |
649 |
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); |
||
650 |
#endif |
||
651 |
✗✓ | 8 |
if (bugs) |
652 |
SSL_CTX_set_options(ctx, SSL_OP_ALL | off); |
||
653 |
else |
||
654 |
8 |
SSL_CTX_set_options(ctx, off); |
|
655 |
|||
656 |
✗✓ | 8 |
if (clr) |
657 |
SSL_CTX_clear_options(ctx, clr); |
||
658 |
/* |
||
659 |
* DTLS: partial reads end up discarding unread UDP bytes :-( Setting |
||
660 |
* read ahead solves this problem. |
||
661 |
*/ |
||
662 |
✗✓ | 8 |
if (socket_type == SOCK_DGRAM) |
663 |
SSL_CTX_set_read_ahead(ctx, 1); |
||
664 |
|||
665 |
✓✗ | 8 |
if (alpn_in) { |
666 |
8 |
unsigned short alpn_len; |
|
667 |
8 |
unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); |
|
668 |
|||
669 |
✗✓ | 8 |
if (alpn == NULL) { |
670 |
BIO_printf(bio_err, "Error parsing -alpn argument\n"); |
||
671 |
goto end; |
||
672 |
} |
||
673 |
8 |
SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); |
|
674 |
8 |
free(alpn); |
|
675 |
✓✗✗ | 16 |
} |
676 |
✗✓ | 8 |
if (groups_in != NULL) { |
677 |
if (SSL_CTX_set1_groups_list(ctx, groups_in) != 1) { |
||
678 |
BIO_printf(bio_err, "Failed to set groups '%s'\n", |
||
679 |
groups_in); |
||
680 |
goto end; |
||
681 |
} |
||
682 |
} |
||
683 |
|||
684 |
✗✓ | 8 |
if (state) |
685 |
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); |
||
686 |
✗✓ | 8 |
if (cipher != NULL) |
687 |
if (!SSL_CTX_set_cipher_list(ctx, cipher)) { |
||
688 |
BIO_printf(bio_err, "error setting cipher list\n"); |
||
689 |
ERR_print_errors(bio_err); |
||
690 |
goto end; |
||
691 |
} |
||
692 |
|||
693 |
8 |
SSL_CTX_set_verify(ctx, verify, verify_callback); |
|
694 |
✓✗ | 8 |
if (!set_cert_key_stuff(ctx, cert, key)) |
695 |
goto end; |
||
696 |
|||
697 |
✓✗✗✓ |
16 |
if ((CAfile || CApath) |
698 |
8 |
&& !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) |
|
699 |
ERR_print_errors(bio_err); |
||
700 |
|||
701 |
✗✓ | 8 |
if (!SSL_CTX_set_default_verify_paths(ctx)) |
702 |
ERR_print_errors(bio_err); |
||
703 |
|||
704 |
✗✓ | 8 |
if (servername != NULL) { |
705 |
tlsextcbp.biodebug = bio_err; |
||
706 |
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
||
707 |
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); |
||
708 |
} |
||
709 |
|||
710 |
8 |
con = SSL_new(ctx); |
|
711 |
✗✓ | 8 |
if (sess_in) { |
712 |
SSL_SESSION *sess; |
||
713 |
BIO *stmp = BIO_new_file(sess_in, "r"); |
||
714 |
if (!stmp) { |
||
715 |
BIO_printf(bio_err, "Can't open session file %s\n", |
||
716 |
sess_in); |
||
717 |
ERR_print_errors(bio_err); |
||
718 |
goto end; |
||
719 |
} |
||
720 |
sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); |
||
721 |
BIO_free(stmp); |
||
722 |
if (!sess) { |
||
723 |
BIO_printf(bio_err, "Can't open session file %s\n", |
||
724 |
sess_in); |
||
725 |
ERR_print_errors(bio_err); |
||
726 |
goto end; |
||
727 |
} |
||
728 |
SSL_set_session(con, sess); |
||
729 |
SSL_SESSION_free(sess); |
||
730 |
} |
||
731 |
✗✓ | 8 |
if (servername != NULL) { |
732 |
if (!SSL_set_tlsext_host_name(con, servername)) { |
||
733 |
BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); |
||
734 |
ERR_print_errors(bio_err); |
||
735 |
goto end; |
||
736 |
} |
||
737 |
} |
||
738 |
/* SSL_set_cipher_list(con,"RC4-MD5"); */ |
||
739 |
|||
740 |
re_start: |
||
741 |
|||
742 |
✗✓ | 8 |
if (init_client(&s, host, port, socket_type, af) == 0) { |
743 |
BIO_printf(bio_err, "connect:errno=%d\n", errno); |
||
744 |
goto end; |
||
745 |
} |
||
746 |
8 |
BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); |
|
747 |
|||
748 |
✗✓ | 8 |
if (c_nbio) { |
749 |
if (!c_quiet) |
||
750 |
BIO_printf(bio_c_out, "turning on non blocking io\n"); |
||
751 |
if (!BIO_socket_nbio(s, 1)) { |
||
752 |
ERR_print_errors(bio_err); |
||
753 |
goto end; |
||
754 |
} |
||
755 |
} |
||
756 |
✓✗ | 8 |
if (c_Pause & 0x01) |
757 |
8 |
SSL_set_debug(con, 1); |
|
758 |
|||
759 |
✗✓ | 8 |
if (SSL_version(con) == DTLS1_VERSION) { |
760 |
|||
761 |
sbio = BIO_new_dgram(s, BIO_NOCLOSE); |
||
762 |
if (getsockname(s, &peer, (void *) &peerlen) < 0) { |
||
763 |
BIO_printf(bio_err, "getsockname:errno=%d\n", |
||
764 |
errno); |
||
765 |
shutdown(s, SHUT_RD); |
||
766 |
close(s); |
||
767 |
goto end; |
||
768 |
} |
||
769 |
(void) BIO_ctrl_set_connected(sbio, 1, &peer); |
||
770 |
|||
771 |
if (enable_timeouts) { |
||
772 |
timeout.tv_sec = 0; |
||
773 |
timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
||
774 |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); |
||
775 |
|||
776 |
timeout.tv_sec = 0; |
||
777 |
timeout.tv_usec = DGRAM_SND_TIMEOUT; |
||
778 |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); |
||
779 |
} |
||
780 |
if (socket_mtu > 28) { |
||
781 |
SSL_set_options(con, SSL_OP_NO_QUERY_MTU); |
||
782 |
SSL_set_mtu(con, socket_mtu - 28); |
||
783 |
} else |
||
784 |
/* want to do MTU discovery */ |
||
785 |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); |
||
786 |
} else |
||
787 |
8 |
sbio = BIO_new_socket(s, BIO_NOCLOSE); |
|
788 |
|||
789 |
✗✓ | 8 |
if (nbio_test) { |
790 |
BIO *test; |
||
791 |
|||
792 |
test = BIO_new(BIO_f_nbio_test()); |
||
793 |
sbio = BIO_push(test, sbio); |
||
794 |
} |
||
795 |
✗✓ | 8 |
if (c_debug) { |
796 |
SSL_set_debug(con, 1); |
||
797 |
BIO_set_callback(sbio, bio_dump_callback); |
||
798 |
BIO_set_callback_arg(sbio, (char *) bio_c_out); |
||
799 |
} |
||
800 |
✗✓ | 8 |
if (c_msg) { |
801 |
SSL_set_msg_callback(con, msg_cb); |
||
802 |
SSL_set_msg_callback_arg(con, bio_c_out); |
||
803 |
} |
||
804 |
✗✓ | 8 |
if (c_tlsextdebug) { |
805 |
SSL_set_tlsext_debug_callback(con, tlsext_cb); |
||
806 |
SSL_set_tlsext_debug_arg(con, bio_c_out); |
||
807 |
} |
||
808 |
✗✓ | 8 |
if (c_status_req) { |
809 |
SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); |
||
810 |
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); |
||
811 |
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); |
||
812 |
} |
||
813 |
|||
814 |
8 |
SSL_set_bio(con, sbio, sbio); |
|
815 |
8 |
SSL_set_connect_state(con); |
|
816 |
|||
817 |
/* ok, lets connect */ |
||
818 |
read_tty = 1; |
||
819 |
write_tty = 0; |
||
820 |
tty_on = 0; |
||
821 |
read_ssl = 1; |
||
822 |
write_ssl = 1; |
||
823 |
|||
824 |
cbuf_len = 0; |
||
825 |
cbuf_off = 0; |
||
826 |
sbuf_len = 0; |
||
827 |
sbuf_off = 0; |
||
828 |
|||
829 |
/* This is an ugly hack that does a lot of assumptions */ |
||
830 |
/* |
||
831 |
* We do have to handle multi-line responses which may come in a |
||
832 |
* single packet or not. We therefore have to use BIO_gets() which |
||
833 |
* does need a buffering BIO. So during the initial chitchat we do |
||
834 |
* push a buffering BIO into the chain that is removed again later on |
||
835 |
* to not disturb the rest of the s_client operation. |
||
836 |
*/ |
||
837 |
✗✓ | 8 |
if (starttls_proto == PROTO_SMTP || starttls_proto == PROTO_LMTP) { |
838 |
int foundit = 0; |
||
839 |
BIO *fbio = BIO_new(BIO_f_buffer()); |
||
840 |
BIO_push(fbio, sbio); |
||
841 |
/* wait for multi-line response to end from SMTP */ |
||
842 |
do { |
||
843 |
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); |
||
844 |
} |
||
845 |
while (mbuf_len > 3 && mbuf[3] == '-'); |
||
846 |
/* STARTTLS command requires EHLO... */ |
||
847 |
BIO_printf(fbio, "%cHLO openssl.client.net\r\n", |
||
848 |
starttls_proto == PROTO_SMTP ? 'E' : 'L'); |
||
849 |
(void) BIO_flush(fbio); |
||
850 |
/* wait for multi-line response to end EHLO SMTP response */ |
||
851 |
do { |
||
852 |
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); |
||
853 |
if (strstr(mbuf, "STARTTLS")) |
||
854 |
foundit = 1; |
||
855 |
} |
||
856 |
while (mbuf_len > 3 && mbuf[3] == '-'); |
||
857 |
(void) BIO_flush(fbio); |
||
858 |
BIO_pop(fbio); |
||
859 |
BIO_free(fbio); |
||
860 |
if (!foundit) |
||
861 |
BIO_printf(bio_err, |
||
862 |
"didn't found starttls in server response," |
||
863 |
" try anyway...\n"); |
||
864 |
BIO_printf(sbio, "STARTTLS\r\n"); |
||
865 |
BIO_read(sbio, sbuf, BUFSIZZ); |
||
866 |
✗✓ | 8 |
} else if (starttls_proto == PROTO_POP3) { |
867 |
mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); |
||
868 |
if (mbuf_len == -1) { |
||
869 |
BIO_printf(bio_err, "BIO_read failed\n"); |
||
870 |
goto end; |
||
871 |
} |
||
872 |
BIO_printf(sbio, "STLS\r\n"); |
||
873 |
BIO_read(sbio, sbuf, BUFSIZZ); |
||
874 |
✗✓ | 8 |
} else if (starttls_proto == PROTO_IMAP) { |
875 |
int foundit = 0; |
||
876 |
BIO *fbio = BIO_new(BIO_f_buffer()); |
||
877 |
BIO_push(fbio, sbio); |
||
878 |
BIO_gets(fbio, mbuf, BUFSIZZ); |
||
879 |
/* STARTTLS command requires CAPABILITY... */ |
||
880 |
BIO_printf(fbio, ". CAPABILITY\r\n"); |
||
881 |
(void) BIO_flush(fbio); |
||
882 |
/* wait for multi-line CAPABILITY response */ |
||
883 |
do { |
||
884 |
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); |
||
885 |
if (strstr(mbuf, "STARTTLS")) |
||
886 |
foundit = 1; |
||
887 |
} |
||
888 |
while (mbuf_len > 3 && mbuf[0] != '.'); |
||
889 |
(void) BIO_flush(fbio); |
||
890 |
BIO_pop(fbio); |
||
891 |
BIO_free(fbio); |
||
892 |
if (!foundit) |
||
893 |
BIO_printf(bio_err, |
||
894 |
"didn't found STARTTLS in server response," |
||
895 |
" try anyway...\n"); |
||
896 |
BIO_printf(sbio, ". STARTTLS\r\n"); |
||
897 |
BIO_read(sbio, sbuf, BUFSIZZ); |
||
898 |
✗✓ | 8 |
} else if (starttls_proto == PROTO_FTP) { |
899 |
BIO *fbio = BIO_new(BIO_f_buffer()); |
||
900 |
BIO_push(fbio, sbio); |
||
901 |
/* wait for multi-line response to end from FTP */ |
||
902 |
do { |
||
903 |
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); |
||
904 |
} |
||
905 |
while (mbuf_len > 3 && mbuf[3] == '-'); |
||
906 |
(void) BIO_flush(fbio); |
||
907 |
BIO_pop(fbio); |
||
908 |
BIO_free(fbio); |
||
909 |
BIO_printf(sbio, "AUTH TLS\r\n"); |
||
910 |
BIO_read(sbio, sbuf, BUFSIZZ); |
||
911 |
✗✓ | 8 |
} else if (starttls_proto == PROTO_XMPP) { |
912 |
int seen = 0; |
||
913 |
BIO_printf(sbio, "<stream:stream " |
||
914 |
"xmlns:stream='http://etherx.jabber.org/streams' " |
||
915 |
"xmlns='jabber:client' to='%s' version='1.0'>", xmpphost ? xmpphost : host); |
||
916 |
seen = BIO_read(sbio, mbuf, BUFSIZZ); |
||
917 |
|||
918 |
if (seen <= 0) |
||
919 |
goto shut; |
||
920 |
|||
921 |
mbuf[seen] = 0; |
||
922 |
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && |
||
923 |
!strstr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"")) { |
||
924 |
seen = BIO_read(sbio, mbuf, BUFSIZZ); |
||
925 |
|||
926 |
if (seen <= 0) |
||
927 |
goto shut; |
||
928 |
|||
929 |
mbuf[seen] = 0; |
||
930 |
} |
||
931 |
BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); |
||
932 |
seen = BIO_read(sbio, sbuf, BUFSIZZ); |
||
933 |
sbuf[seen] = 0; |
||
934 |
if (!strstr(sbuf, "<proceed")) |
||
935 |
goto shut; |
||
936 |
mbuf[0] = 0; |
||
937 |
✗✗✗✗ ✓ |
8 |
} else if (proxy != NULL) { |
938 |
BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n", connect); |
||
939 |
mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); |
||
940 |
if (mbuf_len == -1) { |
||
941 |
BIO_printf(bio_err, "BIO_read failed\n"); |
||
942 |
goto end; |
||
943 |
} |
||
944 |
} |
||
945 |
for (;;) { |
||
946 |
16 |
struct pollfd pfd[3]; /* stdin, stdout, socket */ |
|
947 |
int ptimeout = -1; |
||
948 |
|||
949 |
✗✓✗✗ |
16 |
if ((SSL_version(con) == DTLS1_VERSION) && |
950 |
DTLSv1_get_timeout(con, &timeout)) |
||
951 |
ptimeout = timeout.tv_sec * 1000 + timeout.tv_usec / 1000; |
||
952 |
|||
953 |
✓✓✓✗ |
24 |
if (SSL_in_init(con) && !SSL_total_renegotiations(con)) { |
954 |
in_init = 1; |
||
955 |
tty_on = 0; |
||
956 |
8 |
} else { |
|
957 |
tty_on = 1; |
||
958 |
✓✗ | 8 |
if (in_init) { |
959 |
in_init = 0; |
||
960 |
✓✗ | 8 |
if (sess_out) { |
961 |
8 |
BIO *stmp = BIO_new_file(sess_out, "w"); |
|
962 |
✓✗ | 8 |
if (stmp) { |
963 |
8 |
PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); |
|
964 |
8 |
BIO_free(stmp); |
|
965 |
8 |
} else |
|
966 |
BIO_printf(bio_err, "Error writing session file %s\n", sess_out); |
||
967 |
8 |
} |
|
968 |
8 |
print_stuff(bio_c_out, con, full_log); |
|
969 |
✓✗ | 8 |
if (full_log > 0) |
970 |
8 |
full_log--; |
|
971 |
|||
972 |
✗✓ | 8 |
if (starttls_proto) { |
973 |
BIO_write(bio_err, mbuf, mbuf_len); |
||
974 |
/* We don't need to know any more */ |
||
975 |
starttls_proto = PROTO_OFF; |
||
976 |
} |
||
977 |
✗✓ | 8 |
if (reconnect) { |
978 |
reconnect--; |
||
979 |
BIO_printf(bio_c_out, "drop connection and then reconnect\n"); |
||
980 |
SSL_shutdown(con); |
||
981 |
SSL_set_connect_state(con); |
||
982 |
shutdown(SSL_get_fd(con), SHUT_RD); |
||
983 |
close(SSL_get_fd(con)); |
||
984 |
goto re_start; |
||
985 |
} |
||
986 |
} |
||
987 |
} |
||
988 |
|||
989 |
✓✗ | 48 |
ssl_pending = read_ssl && SSL_pending(con); |
990 |
|||
991 |
16 |
pfd[0].fd = -1; |
|
992 |
16 |
pfd[1].fd = -1; |
|
993 |
✓✗ | 16 |
if (!ssl_pending) { |
994 |
✓✓ | 16 |
if (tty_on) { |
995 |
✓✗ | 8 |
if (read_tty) { |
996 |
✓✗ | 24 |
pfd[0].fd = fileno(stdin); |
997 |
8 |
pfd[0].events = POLLIN; |
|
998 |
8 |
} |
|
999 |
✗✓ | 8 |
if (write_tty) { |
1000 |
pfd[1].fd = fileno(stdout); |
||
1001 |
pfd[1].events = POLLOUT; |
||
1002 |
} |
||
1003 |
} |
||
1004 |
|||
1005 |
16 |
pfd[2].fd = SSL_get_fd(con); |
|
1006 |
16 |
pfd[2].events = 0; |
|
1007 |
✓✗ | 16 |
if (read_ssl) |
1008 |
16 |
pfd[2].events |= POLLIN; |
|
1009 |
✓✓ | 16 |
if (write_ssl) |
1010 |
8 |
pfd[2].events |= POLLOUT; |
|
1011 |
|||
1012 |
/* printf("mode tty(%d %d%d) ssl(%d%d)\n", |
||
1013 |
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ |
||
1014 |
|||
1015 |
16 |
i = poll(pfd, 3, ptimeout); |
|
1016 |
✗✓ | 16 |
if (i < 0) { |
1017 |
BIO_printf(bio_err, "bad select %d\n", |
||
1018 |
errno); |
||
1019 |
goto shut; |
||
1020 |
/* goto end; */ |
||
1021 |
} |
||
1022 |
} |
||
1023 |
✗✓✗✗ |
16 |
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) { |
1024 |
BIO_printf(bio_err, "TIMEOUT occured\n"); |
||
1025 |
} |
||
1026 |
✓✗✓✓ |
32 |
if (!ssl_pending && (pfd[2].revents & (POLLOUT|POLLERR|POLLNVAL))) { |
1027 |
✗✓ | 8 |
if (pfd[2].revents & (POLLERR|POLLNVAL)) { |
1028 |
BIO_printf(bio_err, "poll error"); |
||
1029 |
goto shut; |
||
1030 |
} |
||
1031 |
16 |
k = SSL_write(con, &(cbuf[cbuf_off]), |
|
1032 |
(unsigned int) cbuf_len); |
||
1033 |
✗✗✗✗ ✗✓✗✓ |
16 |
switch (SSL_get_error(con, k)) { |
1034 |
case SSL_ERROR_NONE: |
||
1035 |
cbuf_off += k; |
||
1036 |
cbuf_len -= k; |
||
1037 |
if (k <= 0) |
||
1038 |
goto end; |
||
1039 |
/* we have done a write(con,NULL,0); */ |
||
1040 |
if (cbuf_len <= 0) { |
||
1041 |
read_tty = 1; |
||
1042 |
write_ssl = 0; |
||
1043 |
} else { /* if (cbuf_len > 0) */ |
||
1044 |
read_tty = 0; |
||
1045 |
write_ssl = 1; |
||
1046 |
} |
||
1047 |
break; |
||
1048 |
case SSL_ERROR_WANT_WRITE: |
||
1049 |
BIO_printf(bio_c_out, "write W BLOCK\n"); |
||
1050 |
write_ssl = 1; |
||
1051 |
read_tty = 0; |
||
1052 |
break; |
||
1053 |
case SSL_ERROR_WANT_READ: |
||
1054 |
BIO_printf(bio_c_out, "write R BLOCK\n"); |
||
1055 |
write_tty = 0; |
||
1056 |
read_ssl = 1; |
||
1057 |
write_ssl = 0; |
||
1058 |
break; |
||
1059 |
case SSL_ERROR_WANT_X509_LOOKUP: |
||
1060 |
BIO_printf(bio_c_out, "write X BLOCK\n"); |
||
1061 |
break; |
||
1062 |
case SSL_ERROR_ZERO_RETURN: |
||
1063 |
if (cbuf_len != 0) { |
||
1064 |
BIO_printf(bio_c_out, "shutdown\n"); |
||
1065 |
ret = 0; |
||
1066 |
goto shut; |
||
1067 |
} else { |
||
1068 |
read_tty = 1; |
||
1069 |
write_ssl = 0; |
||
1070 |
break; |
||
1071 |
} |
||
1072 |
|||
1073 |
case SSL_ERROR_SYSCALL: |
||
1074 |
✗✓ | 8 |
if ((k != 0) || (cbuf_len != 0)) { |
1075 |
BIO_printf(bio_err, "write:errno=%d\n", |
||
1076 |
errno); |
||
1077 |
goto shut; |
||
1078 |
} else { |
||
1079 |
read_tty = 1; |
||
1080 |
write_ssl = 0; |
||
1081 |
} |
||
1082 |
8 |
break; |
|
1083 |
case SSL_ERROR_SSL: |
||
1084 |
ERR_print_errors(bio_err); |
||
1085 |
goto shut; |
||
1086 |
} |
||
1087 |
✓✗✗✓ |
16 |
} else if (!ssl_pending && |
1088 |
8 |
(pfd[1].revents & (POLLOUT|POLLERR|POLLNVAL))) { |
|
1089 |
if (pfd[1].revents & (POLLERR|POLLNVAL)) { |
||
1090 |
BIO_printf(bio_err, "poll error"); |
||
1091 |
goto shut; |
||
1092 |
} |
||
1093 |
i = write(fileno(stdout), &(sbuf[sbuf_off]), sbuf_len); |
||
1094 |
|||
1095 |
if (i <= 0) { |
||
1096 |
BIO_printf(bio_c_out, "DONE\n"); |
||
1097 |
ret = 0; |
||
1098 |
goto shut; |
||
1099 |
/* goto end; */ |
||
1100 |
} |
||
1101 |
sbuf_len -= i; |
||
1102 |
sbuf_off += i; |
||
1103 |
if (sbuf_len <= 0) { |
||
1104 |
read_ssl = 1; |
||
1105 |
write_tty = 0; |
||
1106 |
} |
||
1107 |
✓✗✗✓ |
16 |
} else if (ssl_pending || (pfd[2].revents & (POLLIN|POLLHUP))) { |
1108 |
#ifdef RENEG |
||
1109 |
{ |
||
1110 |
static int iiii; |
||
1111 |
if (++iiii == 52) { |
||
1112 |
SSL_renegotiate(con); |
||
1113 |
iiii = 0; |
||
1114 |
} |
||
1115 |
} |
||
1116 |
#endif |
||
1117 |
k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); |
||
1118 |
|||
1119 |
switch (SSL_get_error(con, k)) { |
||
1120 |
case SSL_ERROR_NONE: |
||
1121 |
if (k <= 0) |
||
1122 |
goto end; |
||
1123 |
sbuf_off = 0; |
||
1124 |
sbuf_len = k; |
||
1125 |
|||
1126 |
read_ssl = 0; |
||
1127 |
write_tty = 1; |
||
1128 |
break; |
||
1129 |
case SSL_ERROR_WANT_WRITE: |
||
1130 |
BIO_printf(bio_c_out, "read W BLOCK\n"); |
||
1131 |
write_ssl = 1; |
||
1132 |
read_tty = 0; |
||
1133 |
break; |
||
1134 |
case SSL_ERROR_WANT_READ: |
||
1135 |
BIO_printf(bio_c_out, "read R BLOCK\n"); |
||
1136 |
write_tty = 0; |
||
1137 |
read_ssl = 1; |
||
1138 |
if ((read_tty == 0) && (write_ssl == 0)) |
||
1139 |
write_ssl = 1; |
||
1140 |
break; |
||
1141 |
case SSL_ERROR_WANT_X509_LOOKUP: |
||
1142 |
BIO_printf(bio_c_out, "read X BLOCK\n"); |
||
1143 |
break; |
||
1144 |
case SSL_ERROR_SYSCALL: |
||
1145 |
ret = errno; |
||
1146 |
BIO_printf(bio_err, "read:errno=%d\n", ret); |
||
1147 |
goto shut; |
||
1148 |
case SSL_ERROR_ZERO_RETURN: |
||
1149 |
BIO_printf(bio_c_out, "closed\n"); |
||
1150 |
ret = 0; |
||
1151 |
goto shut; |
||
1152 |
case SSL_ERROR_SSL: |
||
1153 |
ERR_print_errors(bio_err); |
||
1154 |
goto shut; |
||
1155 |
/* break; */ |
||
1156 |
} |
||
1157 |
✓✗ | 8 |
} else if (pfd[0].revents) { |
1158 |
✗✓ | 8 |
if (pfd[0].revents & (POLLERR|POLLNVAL)) { |
1159 |
BIO_printf(bio_err, "poll error"); |
||
1160 |
goto shut; |
||
1161 |
} |
||
1162 |
✗✓ | 8 |
if (crlf) { |
1163 |
int j, lf_num; |
||
1164 |
|||
1165 |
i = read(fileno(stdin), cbuf, BUFSIZZ / 2); |
||
1166 |
lf_num = 0; |
||
1167 |
/* both loops are skipped when i <= 0 */ |
||
1168 |
for (j = 0; j < i; j++) |
||
1169 |
if (cbuf[j] == '\n') |
||
1170 |
lf_num++; |
||
1171 |
for (j = i - 1; j >= 0; j--) { |
||
1172 |
cbuf[j + lf_num] = cbuf[j]; |
||
1173 |
if (cbuf[j] == '\n') { |
||
1174 |
lf_num--; |
||
1175 |
i++; |
||
1176 |
cbuf[j + lf_num] = '\r'; |
||
1177 |
} |
||
1178 |
} |
||
1179 |
assert(lf_num == 0); |
||
1180 |
} else |
||
1181 |
✓✗ | 24 |
i = read(fileno(stdin), cbuf, BUFSIZZ); |
1182 |
|||
1183 |
✓✗✗✓ ✗✗ |
16 |
if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { |
1184 |
8 |
BIO_printf(bio_err, "DONE\n"); |
|
1185 |
ret = 0; |
||
1186 |
8 |
goto shut; |
|
1187 |
} |
||
1188 |
if ((!c_ign_eof) && (cbuf[0] == 'R')) { |
||
1189 |
BIO_printf(bio_err, "RENEGOTIATING\n"); |
||
1190 |
SSL_renegotiate(con); |
||
1191 |
cbuf_len = 0; |
||
1192 |
} else { |
||
1193 |
cbuf_len = i; |
||
1194 |
cbuf_off = 0; |
||
1195 |
} |
||
1196 |
|||
1197 |
write_ssl = 1; |
||
1198 |
read_tty = 0; |
||
1199 |
} |
||
1200 |
✗✓✓✓ ✓ |
40 |
} |
1201 |
|||
1202 |
ret = 0; |
||
1203 |
shut: |
||
1204 |
✗✓ | 8 |
if (in_init) |
1205 |
print_stuff(bio_c_out, con, full_log); |
||
1206 |
8 |
SSL_shutdown(con); |
|
1207 |
8 |
shutdown(SSL_get_fd(con), SHUT_RD); |
|
1208 |
8 |
close(SSL_get_fd(con)); |
|
1209 |
end: |
||
1210 |
✓✓ | 16 |
if (con != NULL) { |
1211 |
✓✗ | 8 |
if (prexit != 0) |
1212 |
8 |
print_stuff(bio_c_out, con, 1); |
|
1213 |
8 |
SSL_free(con); |
|
1214 |
8 |
} |
|
1215 |
✓✓ | 16 |
if (ctx != NULL) |
1216 |
8 |
SSL_CTX_free(ctx); |
|
1217 |
✗✓ | 16 |
if (cert) |
1218 |
X509_free(cert); |
||
1219 |
✗✓ | 16 |
if (key) |
1220 |
EVP_PKEY_free(key); |
||
1221 |
16 |
free(pass); |
|
1222 |
✓✓ | 16 |
if (vpm) |
1223 |
8 |
X509_VERIFY_PARAM_free(vpm); |
|
1224 |
16 |
freezero(cbuf, BUFSIZZ); |
|
1225 |
16 |
freezero(sbuf, BUFSIZZ); |
|
1226 |
16 |
freezero(mbuf, BUFSIZZ); |
|
1227 |
✓✓ | 16 |
if (bio_c_out != NULL) { |
1228 |
8 |
BIO_free(bio_c_out); |
|
1229 |
8 |
bio_c_out = NULL; |
|
1230 |
8 |
} |
|
1231 |
|||
1232 |
16 |
return (ret); |
|
1233 |
16 |
} |
|
1234 |
|||
1235 |
|||
1236 |
static void |
||
1237 |
print_stuff(BIO * bio, SSL * s, int full) |
||
1238 |
{ |
||
1239 |
X509 *peer = NULL; |
||
1240 |
char *p; |
||
1241 |
static const char *space = " "; |
||
1242 |
32 |
char buf[BUFSIZ]; |
|
1243 |
STACK_OF(X509) * sk; |
||
1244 |
STACK_OF(X509_NAME) * sk2; |
||
1245 |
const SSL_CIPHER *c; |
||
1246 |
X509_NAME *xn; |
||
1247 |
int j, i; |
||
1248 |
unsigned char *exportedkeymat; |
||
1249 |
|||
1250 |
✓✗ | 16 |
if (full) { |
1251 |
int got_a_chain = 0; |
||
1252 |
|||
1253 |
16 |
sk = SSL_get_peer_cert_chain(s); |
|
1254 |
✓✗ | 16 |
if (sk != NULL) { |
1255 |
got_a_chain = 1; /* we don't have it for SSL2 |
||
1256 |
* (yet) */ |
||
1257 |
|||
1258 |
16 |
BIO_printf(bio, "---\nCertificate chain\n"); |
|
1259 |
✓✓ | 96 |
for (i = 0; i < sk_X509_num(sk); i++) { |
1260 |
64 |
X509_NAME_oneline(X509_get_subject_name( |
|
1261 |
64 |
sk_X509_value(sk, i)), buf, sizeof buf); |
|
1262 |
32 |
BIO_printf(bio, "%2d s:%s\n", i, buf); |
|
1263 |
32 |
X509_NAME_oneline(X509_get_issuer_name( |
|
1264 |
32 |
sk_X509_value(sk, i)), buf, sizeof buf); |
|
1265 |
32 |
BIO_printf(bio, " i:%s\n", buf); |
|
1266 |
✓✗ | 32 |
if (c_showcerts) |
1267 |
32 |
PEM_write_bio_X509(bio, sk_X509_value(sk, i)); |
|
1268 |
} |
||
1269 |
} |
||
1270 |
16 |
BIO_printf(bio, "---\n"); |
|
1271 |
16 |
peer = SSL_get_peer_certificate(s); |
|
1272 |
✓✗ | 16 |
if (peer != NULL) { |
1273 |
16 |
BIO_printf(bio, "Server certificate\n"); |
|
1274 |
✗✓ | 16 |
if (!(c_showcerts && got_a_chain)) /* Redundant if we |
1275 |
* showed the whole |
||
1276 |
* chain */ |
||
1277 |
PEM_write_bio_X509(bio, peer); |
||
1278 |
32 |
X509_NAME_oneline(X509_get_subject_name(peer), |
|
1279 |
16 |
buf, sizeof buf); |
|
1280 |
16 |
BIO_printf(bio, "subject=%s\n", buf); |
|
1281 |
16 |
X509_NAME_oneline(X509_get_issuer_name(peer), |
|
1282 |
buf, sizeof buf); |
||
1283 |
16 |
BIO_printf(bio, "issuer=%s\n", buf); |
|
1284 |
16 |
} else |
|
1285 |
BIO_printf(bio, "no peer certificate available\n"); |
||
1286 |
|||
1287 |
16 |
sk2 = SSL_get_client_CA_list(s); |
|
1288 |
✗✓✗✗ |
16 |
if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) { |
1289 |
BIO_printf(bio, "---\nAcceptable client certificate CA names\n"); |
||
1290 |
for (i = 0; i < sk_X509_NAME_num(sk2); i++) { |
||
1291 |
xn = sk_X509_NAME_value(sk2, i); |
||
1292 |
X509_NAME_oneline(xn, buf, sizeof(buf)); |
||
1293 |
BIO_write(bio, buf, strlen(buf)); |
||
1294 |
BIO_write(bio, "\n", 1); |
||
1295 |
} |
||
1296 |
} else { |
||
1297 |
16 |
BIO_printf(bio, "---\nNo client certificate CA names sent\n"); |
|
1298 |
} |
||
1299 |
16 |
p = SSL_get_shared_ciphers(s, buf, sizeof buf); |
|
1300 |
✗✓ | 16 |
if (p != NULL) { |
1301 |
/* |
||
1302 |
* This works only for SSL 2. In later protocol |
||
1303 |
* versions, the client does not know what other |
||
1304 |
* ciphers (in addition to the one to be used in the |
||
1305 |
* current connection) the server supports. |
||
1306 |
*/ |
||
1307 |
|||
1308 |
BIO_printf(bio, "---\nCiphers common between both SSL endpoints:\n"); |
||
1309 |
j = i = 0; |
||
1310 |
while (*p) { |
||
1311 |
if (*p == ':') { |
||
1312 |
BIO_write(bio, space, 15 - j % 25); |
||
1313 |
i++; |
||
1314 |
j = 0; |
||
1315 |
BIO_write(bio, ((i % 3) ? " " : "\n"), 1); |
||
1316 |
} else { |
||
1317 |
BIO_write(bio, p, 1); |
||
1318 |
j++; |
||
1319 |
} |
||
1320 |
p++; |
||
1321 |
} |
||
1322 |
BIO_write(bio, "\n", 1); |
||
1323 |
} |
||
1324 |
|||
1325 |
16 |
ssl_print_tmp_key(bio, s); |
|
1326 |
|||
1327 |
16 |
BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n", |
|
1328 |
16 |
BIO_number_read(SSL_get_rbio(s)), |
|
1329 |
16 |
BIO_number_written(SSL_get_wbio(s))); |
|
1330 |
16 |
} |
|
1331 |
16 |
BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, ")); |
|
1332 |
16 |
c = SSL_get_current_cipher(s); |
|
1333 |
16 |
BIO_printf(bio, "%s, Cipher is %s\n", |
|
1334 |
16 |
SSL_CIPHER_get_version(c), |
|
1335 |
16 |
SSL_CIPHER_get_name(c)); |
|
1336 |
✓✗ | 16 |
if (peer != NULL) { |
1337 |
EVP_PKEY *pktmp; |
||
1338 |
16 |
pktmp = X509_get_pubkey(peer); |
|
1339 |
16 |
BIO_printf(bio, "Server public key is %d bit\n", |
|
1340 |
16 |
EVP_PKEY_bits(pktmp)); |
|
1341 |
16 |
EVP_PKEY_free(pktmp); |
|
1342 |
16 |
} |
|
1343 |
16 |
BIO_printf(bio, "Secure Renegotiation IS%s supported\n", |
|
1344 |
16 |
SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); |
|
1345 |
|||
1346 |
/* Compression is not supported and will always be none. */ |
||
1347 |
16 |
BIO_printf(bio, "Compression: NONE\n"); |
|
1348 |
16 |
BIO_printf(bio, "Expansion: NONE\n"); |
|
1349 |
|||
1350 |
#ifdef SSL_DEBUG |
||
1351 |
{ |
||
1352 |
/* Print out local port of connection: useful for debugging */ |
||
1353 |
int sock; |
||
1354 |
struct sockaddr_in ladd; |
||
1355 |
socklen_t ladd_size = sizeof(ladd); |
||
1356 |
sock = SSL_get_fd(s); |
||
1357 |
getsockname(sock, (struct sockaddr *) & ladd, &ladd_size); |
||
1358 |
BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); |
||
1359 |
} |
||
1360 |
#endif |
||
1361 |
|||
1362 |
{ |
||
1363 |
16 |
const unsigned char *proto; |
|
1364 |
16 |
unsigned int proto_len; |
|
1365 |
16 |
SSL_get0_alpn_selected(s, &proto, &proto_len); |
|
1366 |
✓✗ | 16 |
if (proto_len > 0) { |
1367 |
16 |
BIO_printf(bio, "ALPN protocol: "); |
|
1368 |
16 |
BIO_write(bio, proto, proto_len); |
|
1369 |
16 |
BIO_write(bio, "\n", 1); |
|
1370 |
16 |
} else |
|
1371 |
BIO_printf(bio, "No ALPN negotiated\n"); |
||
1372 |
16 |
} |
|
1373 |
|||
1374 |
#ifndef OPENSSL_NO_SRTP |
||
1375 |
{ |
||
1376 |
16 |
SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(s); |
|
1377 |
|||
1378 |
✗✓ | 16 |
if (srtp_profile) |
1379 |
BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n", |
||
1380 |
srtp_profile->name); |
||
1381 |
} |
||
1382 |
#endif |
||
1383 |
|||
1384 |
16 |
SSL_SESSION_print(bio, SSL_get_session(s)); |
|
1385 |
✗✓ | 16 |
if (keymatexportlabel != NULL) { |
1386 |
BIO_printf(bio, "Keying material exporter:\n"); |
||
1387 |
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); |
||
1388 |
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); |
||
1389 |
exportedkeymat = malloc(keymatexportlen); |
||
1390 |
if (exportedkeymat != NULL) { |
||
1391 |
if (!SSL_export_keying_material(s, exportedkeymat, |
||
1392 |
keymatexportlen, |
||
1393 |
keymatexportlabel, |
||
1394 |
strlen(keymatexportlabel), |
||
1395 |
NULL, 0, 0)) { |
||
1396 |
BIO_printf(bio, " Error\n"); |
||
1397 |
} else { |
||
1398 |
BIO_printf(bio, " Keying material: "); |
||
1399 |
for (i = 0; i < keymatexportlen; i++) |
||
1400 |
BIO_printf(bio, "%02X", |
||
1401 |
exportedkeymat[i]); |
||
1402 |
BIO_printf(bio, "\n"); |
||
1403 |
} |
||
1404 |
free(exportedkeymat); |
||
1405 |
} |
||
1406 |
} |
||
1407 |
16 |
BIO_printf(bio, "---\n"); |
|
1408 |
✓✗ | 16 |
if (peer != NULL) |
1409 |
16 |
X509_free(peer); |
|
1410 |
/* flush, or debugging output gets mixed with http response */ |
||
1411 |
16 |
(void) BIO_flush(bio); |
|
1412 |
16 |
} |
|
1413 |
|||
1414 |
|||
1415 |
static int |
||
1416 |
ocsp_resp_cb(SSL * s, void *arg) |
||
1417 |
{ |
||
1418 |
const unsigned char *p; |
||
1419 |
int len; |
||
1420 |
OCSP_RESPONSE *rsp; |
||
1421 |
len = SSL_get_tlsext_status_ocsp_resp(s, &p); |
||
1422 |
BIO_puts(arg, "OCSP response: "); |
||
1423 |
if (!p) { |
||
1424 |
BIO_puts(arg, "no response sent\n"); |
||
1425 |
return 1; |
||
1426 |
} |
||
1427 |
rsp = d2i_OCSP_RESPONSE(NULL, &p, len); |
||
1428 |
if (!rsp) { |
||
1429 |
BIO_puts(arg, "response parse error\n"); |
||
1430 |
BIO_dump_indent(arg, (char *) p, len, 4); |
||
1431 |
return 0; |
||
1432 |
} |
||
1433 |
BIO_puts(arg, "\n======================================\n"); |
||
1434 |
OCSP_RESPONSE_print(arg, rsp, 0); |
||
1435 |
BIO_puts(arg, "======================================\n"); |
||
1436 |
OCSP_RESPONSE_free(rsp); |
||
1437 |
return 1; |
||
1438 |
} |
||
1439 |
| Generated by: GCOVR (Version 3.3) |