X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_client.c;h=74d578d6bef2cc416ec1fd3eeb65c34442e4c07f;hp=60a8728c9bc837d4af966a8261b51a1d71de7458;hb=4f17dfcd752221fc7515d55642cacd9aa6d1d0af;hpb=a31011e8e0ea18f1cc79d7eb53238768ae9369c6 diff --git a/apps/s_client.c b/apps/s_client.c index 60a8728c9b..74d578d6be 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -55,12 +55,66 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include #include #include -#ifdef NO_STDIO +#include +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif @@ -68,7 +122,7 @@ recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is needed to have fileno() declared correctly... So let's define u_int */ -#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) #define __U_INT typedef unsigned int u_int; #endif @@ -79,22 +133,27 @@ typedef unsigned int u_int; #include #include #include +#include #include "s_apps.h" -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS #include #endif +#ifdef OPENSSL_SYS_WINCE +/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ +#ifdef fileno +#undef fileno +#endif +#define fileno(a) (int)_fileno(a) +#endif + -#if (defined(VMS) && __VMS_VER < 70000000) +#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif -#if defined(NO_RSA) && !defined(NO_SSL2) -#define NO_SSL2 -#endif - #undef PROG #define PROG s_client_main @@ -115,12 +174,14 @@ static int c_nbio=0; #endif static int c_Pause=0; static int c_debug=0; +static int c_msg=0; static int c_showcerts=0; static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); static BIO *bio_c_out=NULL; static int c_quiet=0; +static int c_ign_eof=0; static void sc_usage(void) { @@ -140,6 +201,7 @@ static void sc_usage(void) BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); + BIO_printf(bio_err," -msg - Show protocol messages\n"); BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err," -state - print the 'ssl' states\n"); #ifdef FIONBIO @@ -147,22 +209,35 @@ static void sc_usage(void) #endif BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err," -quiet - no s_client output\n"); + BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); - BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n"); + BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); + BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err," command to see what is available\n"); + BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); + BIO_printf(bio_err," for those protocols that support it, where\n"); + BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); + BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } +int MAIN(int, char **); + int MAIN(int argc, char **argv) { int off=0; SSL *con=NULL,*con2=NULL; + X509_STORE *store = NULL; int s,k,width,state=0; - char *cbuf=NULL,*sbuf=NULL; + char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; int sbuf_len,sbuf_off; fd_set readfds,writefds; @@ -176,31 +251,44 @@ int MAIN(int argc, char **argv) int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; + int starttls_proto = 0; + int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; BIO *sbio; -#ifdef WINDOWS + char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE + char *engine_id=NULL; + ENGINE *e=NULL; +#endif +#ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif -#if !defined(NO_SSL2) && !defined(NO_SSL3) +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_client_method(); -#elif !defined(NO_SSL3) +#elif !defined(OPENSSL_NO_SSL3) meth=SSLv3_client_method(); -#elif !defined(NO_SSL2) +#elif !defined(OPENSSL_NO_SSL2) meth=SSLv2_client_method(); #endif apps_startup(); c_Pause=0; c_quiet=0; + c_ign_eof=0; c_debug=0; + c_msg=0; c_showcerts=0; if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) || - ((sbuf=Malloc(BUFSIZZ)) == NULL)) + if (!load_config(bio_err, NULL)) + goto end; + + if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || + ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || + ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) { BIO_printf(bio_err,"out of memory\n"); goto end; @@ -245,29 +333,42 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_file= *(++argv); } + else if (strcmp(*argv,"-crl_check") == 0) + vflags |= X509_V_FLAG_CRL_CHECK; + else if (strcmp(*argv,"-crl_check_all") == 0) + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + else if (strcmp(*argv,"-prexit") == 0) + prexit=1; else if (strcmp(*argv,"-crlf") == 0) crlf=1; else if (strcmp(*argv,"-quiet") == 0) + { c_quiet=1; + c_ign_eof=1; + } + else if (strcmp(*argv,"-ign_eof") == 0) + c_ign_eof=1; else if (strcmp(*argv,"-pause") == 0) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) c_debug=1; + else if (strcmp(*argv,"-msg") == 0) + c_msg=1; else if (strcmp(*argv,"-showcerts") == 0) c_showcerts=1; else if (strcmp(*argv,"-nbio_test") == 0) nbio_test=1; else if (strcmp(*argv,"-state") == 0) state=1; -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); #endif -#ifndef NO_SSL3 +#ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) meth=SSLv3_client_method(); #endif -#ifndef NO_TLS1 +#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) meth=TLSv1_client_method(); #endif @@ -298,6 +399,8 @@ int MAIN(int argc, char **argv) off|=SSL_OP_NO_SSLv3; else if (strcmp(*argv,"-no_ssl2") == 0) off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv,"-serverpref") == 0) + off|=SSL_OP_CIPHER_SERVER_PREFERENCE; else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -307,6 +410,29 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-nbio") == 0) { c_nbio=1; } #endif + else if (strcmp(*argv,"-starttls") == 0) + { + if (--argc < 1) goto bad; + ++argv; + if (strcmp(*argv,"smtp") == 0) + starttls_proto = 1; + else if (strcmp(*argv,"pop3") == 0) + starttls_proto = 2; + else + goto bad; + } +#ifndef OPENSSL_NO_ENGINE + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine_id = *(++argv); + } +#endif + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -323,11 +449,25 @@ bad: goto end; } - app_RAND_load_file(NULL, bio_err, 0); + OpenSSL_add_ssl_algorithms(); + SSL_load_error_strings(); + +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine_id, 1); +#endif + + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL + && !RAND_status()) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); if (bio_c_out == NULL) { - if (c_quiet) + if (c_quiet && !c_debug && !c_msg) { bio_c_out=BIO_new(BIO_s_null()); } @@ -338,7 +478,6 @@ bad: } } - SSLeay_add_ssl_algorithms(); ctx=SSL_CTX_new(meth); if (ctx == NULL) { @@ -353,7 +492,11 @@ bad: if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); if (cipher != NULL) - SSL_CTX_set_cipher_list(ctx,cipher); + if(!SSL_CTX_set_cipher_list(ctx,cipher)) { + BIO_printf(bio_err,"error setting cipher list\n"); + ERR_print_errors(bio_err); + goto end; + } #if 0 else SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); @@ -366,14 +509,21 @@ bad: if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || (!SSL_CTX_set_default_verify_paths(ctx))) { - /* BIO_printf(bio_err,"error seting default verify locations\n"); */ + /* BIO_printf(bio_err,"error setting default verify locations\n"); */ ERR_print_errors(bio_err); /* goto end; */ } - SSL_load_error_strings(); + store = SSL_CTX_get_cert_store(ctx); + X509_STORE_set_flags(store, vflags); - con=(SSL *)SSL_new(ctx); + con=SSL_new(ctx); +#ifndef OPENSSL_NO_KRB5 + if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); + } +#endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ re_start: @@ -415,6 +565,11 @@ re_start: BIO_set_callback(sbio,bio_dump_cb); BIO_set_callback_arg(sbio,bio_c_out); } + if (c_msg) + { + SSL_set_msg_callback(con, msg_cb); + SSL_set_msg_callback_arg(con, bio_c_out); + } SSL_set_bio(con,sbio,sbio); SSL_set_connect_state(con); @@ -433,6 +588,20 @@ re_start: sbuf_len=0; sbuf_off=0; + /* This is an ugly hack that does a lot of assumptions */ + if (starttls_proto == 1) + { + BIO_read(sbio,mbuf,BUFSIZZ); + BIO_printf(sbio,"STARTTLS\r\n"); + BIO_read(sbio,sbuf,BUFSIZZ); + } + if (starttls_proto == 2) + { + BIO_read(sbio,mbuf,BUFSIZZ); + BIO_printf(sbio,"STLS\r\n"); + BIO_read(sbio,sbuf,BUFSIZZ); + } + for (;;) { FD_ZERO(&readfds); @@ -452,6 +621,13 @@ re_start: print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; + if (starttls_proto) + { + BIO_printf(bio_err,"%s",mbuf); + /* We don't need to know any more */ + starttls_proto = 0; + } + if (reconnect) { reconnect--; @@ -468,7 +644,7 @@ re_start: if (!ssl_pending) { -#ifndef WINDOWS +#ifndef OPENSSL_SYS_WINDOWS if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -495,7 +671,7 @@ re_start: * will choke the compiler: if you do have a cast then * you can either go for (int *) or (void *). */ -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS /* Under Windows we make the assumption that we can * always write to the tty: therefore if we need to * write to the tty we just fall through. Otherwise @@ -503,13 +679,18 @@ re_start: * are any keypresses. Note: this is a hack, in a proper * Windows application we wouldn't do this. */ + i=0; if(!write_tty) { if(read_tty) { tv.tv_sec = 1; tv.tv_usec = 0; i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); +#ifdef OPENSSL_SYS_WINCE if(!i && (!_kbhit() || !read_tty) ) continue; +#else + if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; +#endif } else i=select(width,(void *)&readfds,(void *)&writefds, NULL,NULL); } @@ -593,8 +774,8 @@ re_start: goto shut; } } -#ifdef WINDOWS - /* Assume Windows can always write */ +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) + /* Assume Windows/DOS can always write */ else if (!ssl_pending && write_tty) #else else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) @@ -674,8 +855,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 } } -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_WINCE else if (_kbhit()) +#else + else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) +#endif #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif @@ -705,13 +890,13 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 else i=read(fileno(stdin),cbuf,BUFSIZZ); - if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q'))) + if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { BIO_printf(bio_err,"DONE\n"); goto shut; } - if ((!c_quiet) && (cbuf[0] == 'R')) + if ((!c_ign_eof) && (cbuf[0] == 'R')) { BIO_printf(bio_err,"RENEGOTIATING\n"); SSL_renegotiate(con); @@ -735,17 +920,20 @@ shut: SHUTDOWN(SSL_get_fd(con)); ret=0; end: + if(prexit) print_stuff(bio_c_out,con,1); if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); - if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); } - if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); } + if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } + if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } + if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); bio_c_out=NULL; } - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } @@ -774,10 +962,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) for (i=0; i