version 1.5, 2014/10/22 13:51:31 |
version 1.6, 2014/11/06 14:50:12 |
|
|
static int c_nbio = 0; |
static int c_nbio = 0; |
static int c_Pause = 0; |
static int c_Pause = 0; |
static int c_debug = 0; |
static int c_debug = 0; |
#ifndef OPENSSL_NO_TLSEXT |
|
static int c_tlsextdebug = 0; |
static int c_tlsextdebug = 0; |
static int c_status_req = 0; |
static int c_status_req = 0; |
#endif |
|
static int c_msg = 0; |
static int c_msg = 0; |
static int c_showcerts = 0; |
static int c_showcerts = 0; |
|
|
|
|
|
|
static void sc_usage(void); |
static void sc_usage(void); |
static void print_stuff(BIO * berr, SSL * con, int full); |
static void print_stuff(BIO * berr, SSL * con, int full); |
#ifndef OPENSSL_NO_TLSEXT |
|
static int ocsp_resp_cb(SSL * s, void *arg); |
static int ocsp_resp_cb(SSL * s, void *arg); |
#endif |
|
static BIO *bio_c_out = NULL; |
static BIO *bio_c_out = NULL; |
static int c_quiet = 0; |
static int c_quiet = 0; |
static int c_ign_eof = 0; |
static int c_ign_eof = 0; |
|
|
#endif |
#endif |
BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); |
BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); |
BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); |
BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); |
#ifndef OPENSSL_NO_TLSEXT |
|
BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n"); |
BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n"); |
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
BIO_printf(bio_err, " -status - request certificate status from server\n"); |
BIO_printf(bio_err, " -status - request certificate status from server\n"); |
|
|
#ifndef OPENSSL_NO_NEXTPROTONEG |
#ifndef OPENSSL_NO_NEXTPROTONEG |
BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); |
BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); |
#endif |
#endif |
#endif |
|
#ifndef OPENSSL_NO_SRTP |
#ifndef OPENSSL_NO_SRTP |
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
#endif |
#endif |
|
|
BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); |
BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); |
} |
} |
|
|
#ifndef OPENSSL_NO_TLSEXT |
|
|
|
/* This is a context that we pass to callbacks */ |
/* This is a context that we pass to callbacks */ |
typedef struct tlsextctx_st { |
typedef struct tlsextctx_st { |
|
|
return SSL_TLSEXT_ERR_OK; |
return SSL_TLSEXT_ERR_OK; |
} |
} |
#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ |
#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ |
#endif |
|
|
|
enum { |
enum { |
PROTO_OFF = 0, |
PROTO_OFF = 0, |
|
|
ENGINE *ssl_client_engine = NULL; |
ENGINE *ssl_client_engine = NULL; |
#endif |
#endif |
ENGINE *e = NULL; |
ENGINE *e = NULL; |
#ifndef OPENSSL_NO_TLSEXT |
|
char *servername = NULL; |
char *servername = NULL; |
tlsextctx tlsextcbp = |
tlsextctx tlsextcbp = |
{NULL, 0}; |
{NULL, 0}; |
#ifndef OPENSSL_NO_NEXTPROTONEG |
#ifndef OPENSSL_NO_NEXTPROTONEG |
const char *next_proto_neg_in = NULL; |
const char *next_proto_neg_in = NULL; |
#endif |
#endif |
#endif |
|
char *sess_in = NULL; |
char *sess_in = NULL; |
char *sess_out = NULL; |
char *sess_out = NULL; |
struct sockaddr peer; |
struct sockaddr peer; |
|
|
c_Pause = 1; |
c_Pause = 1; |
else if (strcmp(*argv, "-debug") == 0) |
else if (strcmp(*argv, "-debug") == 0) |
c_debug = 1; |
c_debug = 1; |
#ifndef OPENSSL_NO_TLSEXT |
|
else if (strcmp(*argv, "-tlsextdebug") == 0) |
else if (strcmp(*argv, "-tlsextdebug") == 0) |
c_tlsextdebug = 1; |
c_tlsextdebug = 1; |
else if (strcmp(*argv, "-status") == 0) |
else if (strcmp(*argv, "-status") == 0) |
c_status_req = 1; |
c_status_req = 1; |
#endif |
|
else if (strcmp(*argv, "-msg") == 0) |
else if (strcmp(*argv, "-msg") == 0) |
c_msg = 1; |
c_msg = 1; |
else if (strcmp(*argv, "-showcerts") == 0) |
else if (strcmp(*argv, "-showcerts") == 0) |
|
|
else if (strcmp(*argv, "-no_comp") == 0) { |
else if (strcmp(*argv, "-no_comp") == 0) { |
off |= SSL_OP_NO_COMPRESSION; |
off |= SSL_OP_NO_COMPRESSION; |
} |
} |
#ifndef OPENSSL_NO_TLSEXT |
|
else if (strcmp(*argv, "-no_ticket") == 0) { |
else if (strcmp(*argv, "-no_ticket") == 0) { |
off |= SSL_OP_NO_TICKET; |
off |= SSL_OP_NO_TICKET; |
} |
} |
|
|
next_proto_neg_in = *(++argv); |
next_proto_neg_in = *(++argv); |
} |
} |
#endif |
#endif |
#endif |
|
else if (strcmp(*argv, "-serverpref") == 0) |
else if (strcmp(*argv, "-serverpref") == 0) |
off |= SSL_OP_CIPHER_SERVER_PREFERENCE; |
off |= SSL_OP_CIPHER_SERVER_PREFERENCE; |
else if (strcmp(*argv, "-legacy_renegotiation") == 0) |
else if (strcmp(*argv, "-legacy_renegotiation") == 0) |
|
|
} else if (strcmp(*argv, "-6") == 0) { |
} else if (strcmp(*argv, "-6") == 0) { |
af = AF_INET6; |
af = AF_INET6; |
} |
} |
#ifndef OPENSSL_NO_TLSEXT |
|
else if (strcmp(*argv, "-servername") == 0) { |
else if (strcmp(*argv, "-servername") == 0) { |
if (--argc < 1) |
if (--argc < 1) |
goto bad; |
goto bad; |
servername = *(++argv); |
servername = *(++argv); |
/* meth=TLSv1_client_method(); */ |
/* meth=TLSv1_client_method(); */ |
} |
} |
#endif |
|
#ifndef OPENSSL_NO_SRTP |
#ifndef OPENSSL_NO_SRTP |
else if (strcmp(*argv, "-use_srtp") == 0) { |
else if (strcmp(*argv, "-use_srtp") == 0) { |
if (--argc < 1) |
if (--argc < 1) |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
/* goto end; */ |
/* goto end; */ |
} |
} |
#ifndef OPENSSL_NO_TLSEXT |
|
if (servername != NULL) { |
if (servername != NULL) { |
tlsextcbp.biodebug = bio_err; |
tlsextcbp.biodebug = bio_err; |
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); |
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); |
} |
} |
#endif |
|
|
|
con = SSL_new(ctx); |
con = SSL_new(ctx); |
if (sess_in) { |
if (sess_in) { |
|
|
SSL_set_session(con, sess); |
SSL_set_session(con, sess); |
SSL_SESSION_free(sess); |
SSL_SESSION_free(sess); |
} |
} |
#ifndef OPENSSL_NO_TLSEXT |
|
if (servername != NULL) { |
if (servername != NULL) { |
if (!SSL_set_tlsext_host_name(con, servername)) { |
if (!SSL_set_tlsext_host_name(con, servername)) { |
BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); |
BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); |
|
|
goto end; |
goto end; |
} |
} |
} |
} |
#endif |
|
/* SSL_set_cipher_list(con,"RC4-MD5"); */ |
/* SSL_set_cipher_list(con,"RC4-MD5"); */ |
|
|
re_start: |
re_start: |
|
|
SSL_set_msg_callback(con, msg_cb); |
SSL_set_msg_callback(con, msg_cb); |
SSL_set_msg_callback_arg(con, bio_c_out); |
SSL_set_msg_callback_arg(con, bio_c_out); |
} |
} |
#ifndef OPENSSL_NO_TLSEXT |
|
if (c_tlsextdebug) { |
if (c_tlsextdebug) { |
SSL_set_tlsext_debug_callback(con, tlsext_cb); |
SSL_set_tlsext_debug_callback(con, tlsext_cb); |
SSL_set_tlsext_debug_arg(con, bio_c_out); |
SSL_set_tlsext_debug_arg(con, bio_c_out); |
|
|
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); |
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); |
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); |
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); |
} |
} |
#endif |
|
|
|
SSL_set_bio(con, sbio, sbio); |
SSL_set_bio(con, sbio, sbio); |
SSL_set_connect_state(con); |
SSL_set_connect_state(con); |
|
|
(void) BIO_flush(bio); |
(void) BIO_flush(bio); |
} |
} |
|
|
#ifndef OPENSSL_NO_TLSEXT |
|
|
|
static int |
static int |
ocsp_resp_cb(SSL * s, void *arg) |
ocsp_resp_cb(SSL * s, void *arg) |
|
|
return 1; |
return 1; |
} |
} |
|
|
#endif |
|