cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
if (cipher == NULL) {
BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+ OPENSSL_free(key);
return 0;
}
#endif
-static char *srtp_profiles = NULL;
-
#ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
#endif
OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
- OPT_FORCE_PHA,
+ OPT_ENABLE_PHA,
OPT_R_ENUM
} OPTION_CHOICE;
"Disable name checks when matching DANE-EE(3) TLSA records"},
{"reconnect", OPT_RECONNECT, '-',
"Drop and re-make the connection with the same Session-ID"},
- {"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"},
+ {"showcerts", OPT_SHOWCERTS, '-',
+ "Show all certificates sent by the server"},
{"debug", OPT_DEBUG, '-', "Extra output"},
{"msg", OPT_MSG, '-', "Show protocol messages"},
{"msgfile", OPT_MSGFILE, '>',
OPT_R_OPTIONS,
{"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
{"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
+#ifndef OPENSSL_NO_SRTP
{"use_srtp", OPT_USE_SRTP, 's',
"Offer SRTP key management with a colon-separated profile list"},
+#endif
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
#endif
{"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
{"early_data", OPT_EARLY_DATA, '<', "File to send as early data"},
- {"force_pha", OPT_FORCE_PHA, '-', "Force-enable post-handshake-authentication"},
+ {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"},
{NULL, OPT_EOF, 0x00, NULL}
};
*dest = OPENSSL_strdup(source);
}
-static int new_session_cb(SSL *S, SSL_SESSION *sess)
+static int new_session_cb(SSL *s, SSL_SESSION *sess)
{
- BIO *stmp = BIO_new_file(sess_out, "w");
- if (stmp == NULL) {
- BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
- } else {
- PEM_write_bio_SSL_SESSION(stmp, sess);
- BIO_free(stmp);
+ if (sess_out != NULL) {
+ BIO *stmp = BIO_new_file(sess_out, "w");
+
+ if (stmp == NULL) {
+ BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
+ } else {
+ PEM_write_bio_SSL_SESSION(stmp, sess);
+ BIO_free(stmp);
+ }
+ }
+
+ /*
+ * Session data gets dumped on connection for TLSv1.2 and below, and on
+ * arrival of the NewSessionTicket for TLSv1.3.
+ */
+ if (SSL_version(s) == TLS1_3_VERSION) {
+ BIO_printf(bio_c_out,
+ "---\nPost-Handshake New Session Ticket arrived:\n");
+ SSL_SESSION_print(bio_c_out, sess);
+ BIO_printf(bio_c_out, "---\n");
}
/*
int srp_lateuser = 0;
SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
#endif
+#ifndef OPENSSL_NO_SRTP
+ char *srtp_profiles = NULL;
+#endif
#ifndef OPENSSL_NO_CT
char *ctlog_file = NULL;
int ct_validation = 0;
int isdtls = 0;
#endif
char *psksessf = NULL;
- int force_pha = 0;
+ int enable_pha = 0;
FD_ZERO(&readfds);
FD_ZERO(&writefds);
noservername = 1;
break;
case OPT_USE_SRTP:
+#ifndef OPENSSL_NO_SRTP
srtp_profiles = opt_arg();
+#endif
break;
case OPT_KEYMATEXPORT:
keymatexportlabel = opt_arg();
case OPT_EARLY_DATA:
early_data_file = opt_arg();
break;
- case OPT_FORCE_PHA:
- force_pha = 1;
+ case OPT_ENABLE_PHA:
+ enable_pha = 1;
break;
}
}
goto end;
}
+ SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
* come at any time. Therefore we use a callback to write out the session
* when we know about it. This approach works for < TLSv1.3 as well.
*/
- if (sess_out != NULL) {
- SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT
- | SSL_SESS_CACHE_NO_INTERNAL_STORE);
- SSL_CTX_sess_set_new_cb(ctx, new_session_cb);
- }
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT
+ | SSL_SESS_CACHE_NO_INTERNAL_STORE);
+ SSL_CTX_sess_set_new_cb(ctx, new_session_cb);
if (set_keylog_file(ctx, keylog_file))
goto end;
if (con == NULL)
goto end;
- if (force_pha)
- SSL_force_post_handshake_auth(con);
+ if (enable_pha)
+ SSL_set_post_handshake_auth(con, 1);
if (sess_in != NULL) {
SSL_SESSION *sess;
FD_ZERO(&readfds);
FD_ZERO(&writefds);
- if ((SSL_version(con) == DTLS1_VERSION) &&
- DTLSv1_get_timeout(con, &timeout))
+ if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
}
}
- if ((SSL_version(con) == DTLS1_VERSION)
- && DTLSv1_handle_timeout(con) > 0) {
+ if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0)
BIO_printf(bio_err, "TIMEOUT occurred\n");
- }
if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
- /*
- * Give the socket time to send its last data before we close it.
- * No amount of setting SO_LINGER etc on the socket seems to persuade
- * Windows to send the data before closing the socket...but sleeping
- * for a short time seems to do it (units in ms)
- * TODO: Find a better way to do this
- */
-#if defined(OPENSSL_SYS_WINDOWS)
- Sleep(50);
-#elif defined(OPENSSL_SYS_CYGWIN)
- usleep(50000);
-#endif
-
/*
* If we ended with an alert being sent, but still with data in the
* network buffer to be read, then calling BIO_closesocket() will
* TCP-RST. This seems to allow the peer to read the alert data.
*/
shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
+ /*
+ * We just said we have nothing else to say, but it doesn't mean that
+ * the other side has nothing. It's even recommended to consume incoming
+ * data. [In testing context this ensures that alerts are passed on...]
+ */
+ timeout.tv_sec = 0;
+ timeout.tv_usec = 500000; /* some extreme round-trip */
+ do {
+ FD_ZERO(&readfds);
+ openssl_fdset(s, &readfds);
+ } while (select(s + 1, &readfds, NULL, NULL, &timeout) > 0
+ && BIO_read(sbio, sbuf, BUFSIZZ) > 0);
+
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {
X509 *peer = NULL;
STACK_OF(X509) *sk;
const SSL_CIPHER *c;
- int i;
+ int i, istls13 = (SSL_version(s) == TLS1_3_VERSION);
+ long verify_result;
#ifndef OPENSSL_NO_COMP
const COMP_METHOD *comp, *expansion;
#endif
}
#endif
- if (SSL_version(s) == TLS1_3_VERSION) {
+ if (istls13) {
switch (SSL_get_early_data_status(s)) {
case SSL_EARLY_DATA_NOT_SENT:
BIO_printf(bio, "Early data was not sent\n");
break;
}
+
+ /*
+ * We also print the verify results when we dump session information,
+ * but in TLSv1.3 we may not get that right away (or at all) depending
+ * on when we get a NewSessionTicket. Therefore we print it now as well.
+ */
+ verify_result = SSL_get_verify_result(s);
+ BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result,
+ X509_verify_cert_error_string(verify_result));
+ } else {
+ /* In TLSv1.3 we do this on arrival of a NewSessionTicket */
+ SSL_SESSION_print(bio, SSL_get_session(s));
}
- SSL_SESSION_print(bio, SSL_get_session(s));
if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) {
BIO_printf(bio, "Keying material exporter:\n");
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
projects / openssl.git / blobdiff