#include <openssl/rand.h>
#include "s_apps.h"
-#ifdef OPENSSL_SYS_WINDOWS
-#include <conio.h>
-#endif
-
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
#ifdef fileno
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
- BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n");
+ BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
BIO_printf(bio_err," not specified but cert file is.\n");
+ BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
- BIO_printf(bio_err," only \"smtp\" is supported.\n");
+ BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
+ int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
+ char *passarg = NULL, *pass = NULL;
+ X509 *cert = NULL;
+ EVP_PKEY *key = NULL;
char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
int crlf=0;
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
- int smtp_starttls = 0;
+ int starttls_proto = 0;
int prexit = 0, vflags = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
ENGINE *e=NULL;
-#ifdef OPENSSL_SYS_WINDOWS
+#endif
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
#endif
if (--argc < 1) goto bad;
cert_file= *(++argv);
}
+ else if (strcmp(*argv,"-certform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ cert_format = str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-crl_check") == 0)
vflags |= X509_V_FLAG_CRL_CHECK;
else if (strcmp(*argv,"-crl_check_all") == 0)
#endif
else if (strcmp(*argv,"-bugs") == 0)
bugs=1;
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ key_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-pass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passarg = *(++argv);
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
if (--argc < 1) goto bad;
++argv;
if (strcmp(*argv,"smtp") == 0)
- smtp_starttls = 1;
+ starttls_proto = 1;
+ else if (strcmp(*argv,"pop3") == 0)
+ starttls_proto = 2;
else
goto bad;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+#endif
+ if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (key_file == NULL)
+ key_file = cert_file;
+
+ key = load_key(bio_err, key_file, key_format, 0, pass, e,
+ "client certificate private key file");
+ if (!key)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ cert = load_cert(bio_err,cert_file,cert_format,
+ NULL, e, "client certificate file");
+
+ if (!cert)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
#endif
SSL_CTX_set_verify(ctx,verify,verify_callback);
- if (!set_cert_stuff(ctx,cert_file,key_file))
+ if (!set_cert_key_stuff(ctx,cert,key))
goto end;
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
if (c_debug)
{
con->debug=1;
- BIO_set_callback(sbio,bio_dump_cb);
+ BIO_set_callback(sbio,bio_dump_callback);
BIO_set_callback_arg(sbio,bio_c_out);
}
if (c_msg)
sbuf_off=0;
/* This is an ugly hack that does a lot of assumptions */
- if (smtp_starttls)
+ if (starttls_proto == 1)
{
BIO_read(sbio,mbuf,BUFSIZZ);
BIO_printf(sbio,"STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
+ if (starttls_proto == 2)
+ {
+ BIO_read(sbio,mbuf,BUFSIZZ);
+ BIO_printf(sbio,"STLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
for (;;)
{
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
- if (smtp_starttls)
+ if (starttls_proto)
{
BIO_printf(bio_err,"%s",mbuf);
/* We don't need to know any more */
- smtp_starttls = 0;
+ starttls_proto = 0;
}
if (reconnect)
if (!ssl_pending)
{
-#ifndef OPENSSL_SYS_WINDOWS
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
-#ifdef OPENSSL_SYS_WINDOWS
- /* Under Windows we make the assumption that we can
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+ /* Under Windows/DOS we make the assumption that we can
* always write to the tty: therefore if we need to
* write to the tty we just fall through. Otherwise
* we timeout the select every second and see if there
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
-#ifdef OPENSSL_SYS_WINCE
+#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if(!i && (!_kbhit() || !read_tty) ) continue;
#else
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
}
+#elif defined(OPENSSL_SYS_NETWARE)
+ if(!write_tty) {
+ if(read_tty) {
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,&tv);
+ } else i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,NULL);
+ }
#else
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
goto shut;
}
}
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
/* Assume Windows/DOS can always write */
else if (!ssl_pending && write_tty)
#else
}
}
-#ifdef OPENSSL_SYS_WINDOWS
-#ifdef OPENSSL_SYS_WINCE
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
#else
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
#endif
+#elif defined (OPENSSL_SYS_NETWARE)
+ else if (_kbhit())
#else
else if (FD_ISSET(fileno(stdin),&readfds))
#endif
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
- if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
- if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
- if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); }
+ if (cert)
+ X509_free(cert);
+ if (key)
+ EVP_PKEY_free(key);
+ if (pass)
+ OPENSSL_free(pass);
+ if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+ if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+ if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
apps_shutdown();
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
SSL_CIPHER *c;
X509_NAME *xn;
int j,i;
+ const COMP_METHOD *comp, *expansion;
if (full)
{
EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
+ comp=SSL_get_current_compression(s);
+ expansion=SSL_get_current_expansion(s);
+ BIO_printf(bio,"Compression: %s\n",
+ comp ? SSL_COMP_get_name(comp) : "NONE");
+ BIO_printf(bio,"Expansion: %s\n",
+ expansion ? SSL_COMP_get_name(expansion) : "NONE");
SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n");
if (peer != NULL)
projects / openssl.git / blobdiff