X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_client.c;h=019e73535a84261c63aed551eac40a066a791686;hp=114071c0a34561813af02a047ff4b26f43ff8380;hb=f84a648ca1da0177e7ed1d4b50312c5dd6a2c0c8;hpb=222417eb71a91f28381f5b3f93d7db690e8d92bf diff --git a/apps/s_client.c b/apps/s_client.c index 114071c0a3..019e73535a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -8,6 +8,7 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include #include #include @@ -28,7 +29,6 @@ typedef unsigned int u_int; #endif -#define USE_SOCKETS #include "apps.h" #include #include @@ -46,6 +46,7 @@ typedef unsigned int u_int; #endif #include "s_apps.h" #include "timeouts.h" +#include "internal/sockets.h" #if defined(__has_feature) # if __has_feature(memory_sanitizer) @@ -572,7 +573,7 @@ typedef enum OPTION_choice { OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN, OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET, OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO, - OPT_SSL_CLIENT_ENGINE, OPT_RAND, OPT_IGN_EOF, OPT_NO_IGN_EOF, + OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF, OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG, OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE, @@ -588,7 +589,7 @@ typedef enum OPTION_choice { OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_NOSERVERNAME, OPT_ASYNC, - OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST, + OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST, OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE, OPT_V_ENUM, @@ -598,7 +599,8 @@ typedef enum OPTION_choice { #ifndef OPENSSL_NO_CT OPT_CT, OPT_NOCT, OPT_CTLOG_FILE, #endif - OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME + OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, + OPT_R_ENUM } OPTION_CHOICE; const OPTIONS s_client_options[] = { @@ -653,9 +655,8 @@ const OPTIONS s_client_options[] = { {"starttls", OPT_STARTTLS, 's', "Use the appropriate STARTTLS command before starting TLS"}, {"xmpphost", OPT_XMPPHOST, 's', - "Host to use with \"-starttls xmpp[-server]\""}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + "Alias of -name option for \"-starttls xmpp[-server]\""}, + OPT_R_OPTIONS, {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"}, {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"}, {"use_srtp", OPT_USE_SRTP, 's', @@ -665,8 +666,8 @@ const OPTIONS s_client_options[] = { {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', "Export len bytes of keying material (default 20)"}, {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, - {"name", OPT_SMTPHOST, 's', - "Hostname to use for \"-starttls lmtp\" or \"-starttls smtp\""}, + {"name", OPT_PROTOHOST, 's', + "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""}, {"CRL", OPT_CRL, '<', "CRL file to use"}, {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"}, {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"}, @@ -881,12 +882,10 @@ int s_client_main(int argc, char **argv) char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; char *chCApath = NULL, *chCAfile = NULL, *host = NULL; char *port = OPENSSL_strdup(PORT); - char *inrand = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; char *ReqCAfile = NULL; char *sess_in = NULL, *crl_file = NULL, *p; - char *xmpphost = NULL; - const char *ehlo = "mail.example.com"; + const char *protohost = NULL; struct timeval timeout, *timeoutp; fd_set readfds, writefds; int noCApath = 0, noCAfile = 0; @@ -905,7 +904,6 @@ int s_client_main(int argc, char **argv) #endif int read_buf_len = 0; int fallback_scsv = 0; - long randamt = 0; OPTION_CHOICE o; #ifndef OPENSSL_NO_DTLS int enable_timeouts = 0; @@ -1059,10 +1057,9 @@ int s_client_main(int argc, char **argv) break; #endif case OPT_XMPPHOST: - xmpphost = opt_arg(); - break; - case OPT_SMTPHOST: - ehlo = opt_arg(); + /* fall through, since this is an alias */ + case OPT_PROTOHOST: + protohost = opt_arg(); break; case OPT_VERIFY: verify = SSL_VERIFY_PEER; @@ -1152,8 +1149,9 @@ int s_client_main(int argc, char **argv) } #endif break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_IGN_EOF: c_ign_eof = 1; @@ -1523,11 +1521,13 @@ int s_client_main(int argc, char **argv) } } +#ifdef AF_UNIX if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { BIO_printf(bio_err, "Can't use unix sockets and datagrams together\n"); goto end; } +#endif #ifndef OPENSSL_NO_SCTP if (protocol == IPPROTO_SCTP) { @@ -1604,16 +1604,6 @@ int s_client_main(int argc, char **argv) if (!load_excert(&exc)) goto end; - if (!app_RAND_load_file(NULL, 1) && inrand == NULL - && !RAND_status()) { - BIO_printf(bio_err, - "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) { - randamt = app_RAND_load_files(inrand); - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", randamt); - } - if (bio_c_out == NULL) { if (c_quiet && !c_debug) { bio_c_out = BIO_new(BIO_s_null()); @@ -1876,6 +1866,9 @@ int s_client_main(int argc, char **argv) goto end; con = SSL_new(ctx); + if (con == NULL) + goto end; + if (sess_in != NULL) { SSL_SESSION *sess; BIO *stmp = BIO_new_file(sess_in, "r"); @@ -1896,6 +1889,25 @@ int s_client_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + /* By default the SNI should be the same as was set in the session */ + if (!noservername && servername == NULL) { + const char *sni = SSL_SESSION_get0_hostname(sess); + + if (sni != NULL) { + servername = OPENSSL_strdup(sni); + if (servername == NULL) { + BIO_printf(bio_err, "Can't set server name\n"); + ERR_print_errors(bio_err); + goto end; + } + } else { + /* + * Force no SNI to be sent so we are consistent with the + * session. + */ + noservername = 1; + } + } SSL_SESSION_free(sess); } @@ -2087,10 +2099,12 @@ int s_client_main(int argc, char **argv) do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); } while (mbuf_len > 3 && mbuf[3] == '-'); + if (protohost == NULL) + protohost = "mail.example.com"; if (starttls_proto == (int)PROTO_LMTP) - BIO_printf(fbio, "LHLO %s\r\n", ehlo); + BIO_printf(fbio, "LHLO %s\r\n", protohost); else - BIO_printf(fbio, "EHLO %s\r\n", ehlo); + BIO_printf(fbio, "EHLO %s\r\n", protohost); (void)BIO_flush(fbio); /* * Wait for multi-line response to end LHLO LMTP or EHLO SMTP @@ -2176,7 +2190,7 @@ int s_client_main(int argc, char **argv) "xmlns:stream='http://etherx.jabber.org/streams' " "xmlns='jabber:%s' to='%s' version='1.0'>", starttls_proto == PROTO_XMPP ? "client" : "server", - xmpphost ? xmpphost : host); + protohost ? protohost : host); seen = BIO_read(sbio, mbuf, BUFSIZZ); if (seen < 0) { BIO_printf(bio_err, "BIO_read failed\n"); @@ -2608,8 +2622,10 @@ int s_client_main(int argc, char **argv) } if (early_data_file != NULL - && SSL_get0_session(con) != NULL - && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) { + && ((SSL_get0_session(con) != NULL + && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) + || (psksess != NULL + && SSL_SESSION_get_max_early_data(psksess) > 0))) { BIO *edfile = BIO_new_file(early_data_file, "r"); size_t readbytes, writtenbytes; int finish = 0; @@ -2633,6 +2649,7 @@ int s_client_main(int argc, char **argv) default: BIO_printf(bio_err, "Error writing early data\n"); BIO_free(edfile); + ERR_print_errors(bio_err); goto shut; } } @@ -3039,7 +3056,7 @@ int s_client_main(int argc, char **argv) bio_c_out = NULL; BIO_free(bio_c_msg); bio_c_msg = NULL; - return (ret); + return ret; } static void print_stuff(BIO *bio, SSL *s, int full)