* https://www.openssl.org/source/license.html
*/
+#include "e_os.h"
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
typedef unsigned int u_int;
#endif
-#define USE_SOCKETS
#include "apps.h"
#include <openssl/x509.h>
#include <openssl/ssl.h>
#endif
#include "s_apps.h"
#include "timeouts.h"
+#include "internal/sockets.h"
#if defined(__has_feature)
# if __has_feature(memory_sanitizer)
}
cipher = SSL_SESSION_get0_cipher(usesess);
-
if (cipher == NULL)
goto err;
OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO,
- OPT_SSL_CLIENT_ENGINE, OPT_RAND, OPT_IGN_EOF, OPT_NO_IGN_EOF,
+ OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF,
OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
- OPT_PSK_IDENTITY, OPT_PSK,
- OPT_PSK_SESS,
+ OPT_PSK_IDENTITY, OPT_PSK, OPT_PSK_SESS,
#ifndef OPENSSL_NO_SRP
OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
OPT_SRP_MOREGROUPS,
OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE,
OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_NOSERVERNAME, OPT_ASYNC,
- OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,
+ OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST,
OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE,
OPT_V_ENUM,
#ifndef OPENSSL_NO_CT
OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
#endif
- OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME
+ OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS s_client_options[] = {
{"starttls", OPT_STARTTLS, 's',
"Use the appropriate STARTTLS command before starting TLS"},
{"xmpphost", OPT_XMPPHOST, 's',
- "Host to use with \"-starttls xmpp[-server]\""},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ "Alias of -name option for \"-starttls xmpp[-server]\""},
+ OPT_R_OPTIONS,
{"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
{"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
{"use_srtp", OPT_USE_SRTP, 's',
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
"Export len bytes of keying material (default 20)"},
{"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
- {"name", OPT_SMTPHOST, 's',
- "Hostname to use for \"-starttls lmtp\" or \"-starttls smtp\""},
+ {"name", OPT_PROTOHOST, 's',
+ "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""},
{"CRL", OPT_CRL, '<', "CRL file to use"},
{"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"},
{"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
char *port = OPENSSL_strdup(PORT);
- char *inrand = NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
char *ReqCAfile = NULL;
char *sess_in = NULL, *crl_file = NULL, *p;
- char *xmpphost = NULL;
- const char *ehlo = "mail.example.com";
+ const char *protohost = NULL;
struct timeval timeout, *timeoutp;
fd_set readfds, writefds;
int noCApath = 0, noCAfile = 0;
#endif
int read_buf_len = 0;
int fallback_scsv = 0;
- long randamt = 0;
OPTION_CHOICE o;
#ifndef OPENSSL_NO_DTLS
int enable_timeouts = 0;
break;
#endif
case OPT_XMPPHOST:
- xmpphost = opt_arg();
- break;
- case OPT_SMTPHOST:
- ehlo = opt_arg();
+ /* fall through, since this is an alias */
+ case OPT_PROTOHOST:
+ protohost = opt_arg();
break;
case OPT_VERIFY:
verify = SSL_VERIFY_PEER;
}
#endif
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_IGN_EOF:
c_ign_eof = 1;
goto opthelp;
}
connect_type = use_inet;
- connectstr = *opt_rest();
+ freeandcopy(&connectstr, *opt_rest());
} else if (argc != 0) {
goto opthelp;
}
}
}
+#ifdef AF_UNIX
if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
BIO_printf(bio_err,
"Can't use unix sockets and datagrams together\n");
goto end;
}
+#endif
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
if (!load_excert(&exc))
goto end;
- if (!app_RAND_load_file(NULL, 1) && inrand == NULL
- && !RAND_status()) {
- BIO_printf(bio_err,
- "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL) {
- randamt = app_RAND_load_files(inrand);
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n", randamt);
- }
-
if (bio_c_out == NULL) {
if (c_quiet && !c_debug) {
bio_c_out = BIO_new(BIO_s_null());
goto end;
con = SSL_new(ctx);
+ if (con == NULL)
+ goto end;
+
if (sess_in != NULL) {
SSL_SESSION *sess;
BIO *stmp = BIO_new_file(sess_in, "r");
ERR_print_errors(bio_err);
goto end;
}
+ /* By default the SNI should be the same as was set in the session */
+ if (!noservername && servername == NULL) {
+ const char *sni = SSL_SESSION_get0_hostname(sess);
+
+ if (sni != NULL) {
+ servername = OPENSSL_strdup(sni);
+ if (servername == NULL) {
+ BIO_printf(bio_err, "Can't set server name\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ /*
+ * Force no SNI to be sent so we are consistent with the
+ * session.
+ */
+ noservername = 1;
+ }
+ }
SSL_SESSION_free(sess);
}
do {
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
} while (mbuf_len > 3 && mbuf[3] == '-');
+ if (protohost == NULL)
+ protohost = "mail.example.com";
if (starttls_proto == (int)PROTO_LMTP)
- BIO_printf(fbio, "LHLO %s\r\n", ehlo);
+ BIO_printf(fbio, "LHLO %s\r\n", protohost);
else
- BIO_printf(fbio, "EHLO %s\r\n", ehlo);
+ BIO_printf(fbio, "EHLO %s\r\n", protohost);
(void)BIO_flush(fbio);
/*
* Wait for multi-line response to end LHLO LMTP or EHLO SMTP
"xmlns:stream='http://etherx.jabber.org/streams' "
"xmlns='jabber:%s' to='%s' version='1.0'>",
starttls_proto == PROTO_XMPP ? "client" : "server",
- xmpphost ? xmpphost : host);
+ protohost ? protohost : host);
seen = BIO_read(sbio, mbuf, BUFSIZZ);
if (seen < 0) {
BIO_printf(bio_err, "BIO_read failed\n");
} else if (packet[pos++] == '\0') {
break;
}
- pos++;
}
- /* make sure we have more 15 bytes left in the packet */
+ /* make sure we have at least 15 bytes left in the packet */
if (pos + 15 > bytes) {
BIO_printf(bio_err,
"MySQL server handshake packet is broken.\n");
}
if (early_data_file != NULL
- && SSL_get0_session(con) != NULL
- && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) {
+ && ((SSL_get0_session(con) != NULL
+ && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0)
+ || (psksess != NULL
+ && SSL_SESSION_get_max_early_data(psksess) > 0))) {
BIO *edfile = BIO_new_file(early_data_file, "r");
size_t readbytes, writtenbytes;
int finish = 0;
default:
BIO_printf(bio_err, "Error writing early data\n");
BIO_free(edfile);
+ ERR_print_errors(bio_err);
goto shut;
}
}
print_stuff(bio_c_out, con, 1);
SSL_free(con);
}
+ SSL_SESSION_free(psksess);
#if !defined(OPENSSL_NO_NEXTPROTONEG)
OPENSSL_free(next_proto.data);
#endif
bio_c_out = NULL;
BIO_free(bio_c_msg);
bio_c_msg = NULL;
- return (ret);
+ return ret;
}
static void print_stuff(BIO *bio, SSL *s, int full)
projects / openssl.git / blobdiff