#define BUFSIZZ 1024*8
#define S_CLIENT_IRC_READ_TIMEOUT 8
-extern int verify_depth;
-extern int verify_error;
-extern int verify_return_error;
-extern int verify_quiet;
-
static char *prog;
-static int c_nbio = 0;
-static int c_tlsextdebug = 0;
-static int c_status_req = 0;
static int c_debug = 0;
-static int c_msg = 0;
static int c_showcerts = 0;
static char *keymatexportlabel = NULL;
static int keymatexportlen = 20;
static BIO *bio_c_out = NULL;
-static BIO *bio_c_msg = NULL;
static int c_quiet = 0;
-static int c_ign_eof = 0;
-static int c_brief = 0;
static void print_stuff(BIO *berr, SSL *con, int full);
#ifndef OPENSSL_NO_OCSP
BIGNUM *r = BN_new();
int ret =
g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
- BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
+ BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
p != NULL && BN_rshift1(p, N) &&
/* p = (N-1)/2 */
- BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
+ BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
r != NULL &&
/* verify g^((N-1)/2) == -1 (mod N) */
BN_mod_exp(r, g, p, N, bn_ctx) &&
(o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+ || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
/* Free |*dest| and optionally set it to a copy of |source|. */
static void freeandcopy(char **dest, const char *source)
{
char *ctlog_file = NULL;
int ct_validation = 0;
#endif
- int min_version = 0, max_version = 0;
+ int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
int async = 0;
unsigned int split_send_fragment = 0;
unsigned int max_pipelines = 0;
enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
int count4or6 = 0;
+ int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0;
+ int c_tlsextdebug = 0, c_status_req = 0;
+ BIO *bio_c_msg = NULL;
FD_ZERO(&readfds);
FD_ZERO(&writefds);
prog = opt_progname(argv[0]);
c_quiet = 0;
- c_ign_eof = 0;
c_debug = 0;
- c_msg = 0;
c_showcerts = 0;
c_nbio = 0;
- verify_depth = 0;
- verify_error = X509_V_OK;
vpm = X509_VERIFY_PARAM_new();
- cbuf = app_malloc(BUFSIZZ, "cbuf");
- sbuf = app_malloc(BUFSIZZ, "sbuf");
- mbuf = app_malloc(BUFSIZZ, "mbuf");
cctx = SSL_CONF_CTX_new();
if (vpm == NULL || cctx == NULL) {
goto end;
}
+ cbuf = app_malloc(BUFSIZZ, "cbuf");
+ sbuf = app_malloc(BUFSIZZ, "sbuf");
+ mbuf = app_malloc(BUFSIZZ, "mbuf");
+
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
prog = opt_init(argc, argv, s_client_options);
prog);
goto end;
}
+
+ if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+ BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+ goto end;
+ }
+ if (IS_NO_PROT_FLAG(o))
+ no_prot_opt++;
+ if (prot_opt == 1 && no_prot_opt) {
+ BIO_printf(bio_err, "Cannot supply both a protocol flag and "
+ "\"-no_<prot>\"\n");
+ goto end;
+ }
+
switch (o) {
case OPT_EOF:
case OPT_ERR:
break;
case OPT_VERIFY:
verify = SSL_VERIFY_PEER;
- verify_depth = atoi(opt_arg());
+ verify_args.depth = atoi(opt_arg());
if (!c_quiet)
- BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_CERT:
cert_file = opt_arg();
goto opthelp;
break;
case OPT_VERIFY_RET_ERROR:
- verify_return_error = 1;
+ verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
- verify_quiet = 1;
+ verify_args.quiet = 1;
break;
case OPT_BRIEF:
- c_brief = verify_quiet = c_quiet = 1;
+ c_brief = verify_args.quiet = c_quiet = 1;
break;
case OPT_S_CASES:
if (ssl_args == NULL)
}
#ifndef OPENSSL_NO_DTLS
if (socket_type == SOCK_DGRAM) {
- struct sockaddr peer;
- int peerlen = sizeof peer;
+ union BIO_sock_info_u peer_info;
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
- if (getsockname(s, &peer, (void *)&peerlen) < 0) {
+ if ((peer_info.addr = BIO_ADDR_new()) == NULL) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ BIO_closesocket(s);
+ goto end;
+ }
+ if (!BIO_sock_info(s, BIO_SOCK_INFO_ADDRESS, &peer_info)) {
BIO_printf(bio_err, "getsockname:errno=%d\n",
get_last_socket_error());
+ BIO_ADDR_free(peer_info.addr);
BIO_closesocket(s);
goto end;
}
- (void)BIO_ctrl_set_connected(sbio, &peer);
+ (void)BIO_ctrl_set_connected(sbio, peer_info.addr);
+ BIO_ADDR_free(peer_info.addr);
+ peer_info.addr = NULL;
if (enable_timeouts) {
timeout.tv_sec = 0;
{
/* Print out local port of connection: useful for debugging */
int sock;
- struct sockaddr_in ladd;
- socklen_t ladd_size = sizeof(ladd);
+ union BIO_sock_info_u info;
+
sock = SSL_get_fd(s);
- getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
- BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
+ if ((info.addr = BIO_ADDR_new()) != NULL
+ && BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) {
+ BIO_printf(bio_c_out, "LOCAL PORT is %u\n",
+ ntohs(BIO_ADDR_rawport(info.addr)));
+ }
+ BIO_ADDR_free(info.addr);
}
#endif
#endif
SSL_SESSION_print(bio, SSL_get_session(s));
- if (keymatexportlabel != NULL) {
+ if ((SSL_get_session(s) != NULL) &&
+ (keymatexportlabel != NULL)) {
BIO_printf(bio, "Keying material exporter:\n");
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);