New option "-showcerts" for s_client

Slight cleanup in ssl/

diff --git a/CHANGES b/CHANGES
index fe22a454655b737c9bd1c90888fb2e620eefd980..44c81913a0b3da10d1549b51bfe00aa778b13627 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,14 @@
 
  Changes between 0.9.2b and 0.9.3
 
 
  Changes between 0.9.2b and 0.9.3
 

+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+

   *) Still more PKCS#12 integration. Add pkcs12 application to openssl
      application. Various cleanups and fixes.
      [Steve Henson]
   *) Still more PKCS#12 integration. Add pkcs12 application to openssl
      application. Various cleanups and fixes.
      [Steve Henson]

diff --git a/apps/s_client.c b/apps/s_client.c
index a75e8ae3112227b7e939ebc3ea7b24318008fc96..07938abb7590420cde77e7ecccc7d0a2b4fe3a6c 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -90,6 +90,7 @@ static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;

+static int c_showcerts=0;

 
 #ifndef NOPROTO
 static void sc_usage(void);
 
 #ifndef NOPROTO
 static void sc_usage(void);


@@ -118,6 +119,7 @@ static void sc_usage()
        BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
        BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
        BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
        BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
        BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
        BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");

+       BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");

        BIO_printf(bio_err," -debug        - extra output\n");
        BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
        BIO_printf(bio_err," -state        - print the 'ssl' states\n");
        BIO_printf(bio_err," -debug        - extra output\n");
        BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
        BIO_printf(bio_err," -state        - print the 'ssl' states\n");


@@ -171,6 +173,7 @@ char **argv;
        c_Pause=0;
        c_quiet=0;
        c_debug=0;
        c_Pause=0;
        c_quiet=0;
        c_debug=0;

+       c_showcerts=0;

 
        if (bio_err == NULL)
                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
        if (bio_err == NULL)
                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);


@@ -227,6 +230,8 @@ char **argv;
                        c_Pause=1;
                else if (strcmp(*argv,"-debug") == 0)
                        c_debug=1;
                        c_Pause=1;
                else if (strcmp(*argv,"-debug") == 0)
                        c_debug=1;

+               else if (strcmp(*argv,"-showcerts") == 0)
+                       c_showcerts=1;

                else if (strcmp(*argv,"-nbio_test") == 0)
                        nbio_test=1;
                else if (strcmp(*argv,"-state") == 0)
                else if (strcmp(*argv,"-nbio_test") == 0)
                        nbio_test=1;
                else if (strcmp(*argv,"-state") == 0)


@@ -675,6 +680,8 @@ int full;
                                X509_NAME_oneline(X509_get_issuer_name((X509 *)
                                        sk_value(sk,i)),buf,BUFSIZ);
                                BIO_printf(bio,"   i:%s\n",buf);
                                X509_NAME_oneline(X509_get_issuer_name((X509 *)
                                        sk_value(sk,i)),buf,BUFSIZ);
                                BIO_printf(bio,"   i:%s\n",buf);

+                               if (c_showcerts)
+                                       PEM_write_bio_X509(bio,(X509 *) sk_value(sk,i));

                                }
                        }
 
                                }
                        }
 


@@ -683,7 +690,8 @@ int full;
                if (peer != NULL)
                        {
                        BIO_printf(bio,"Server certificate\n");
                if (peer != NULL)
                        {
                        BIO_printf(bio,"Server certificate\n");

-                       PEM_write_bio_X509(bio,peer);
+                       if (!c_showcerts) /* Redundant if we showed the whole chain */
+                               PEM_write_bio_X509(bio,peer);

                        X509_NAME_oneline(X509_get_subject_name(peer),
                                buf,BUFSIZ);
                        BIO_printf(bio,"subject=%s\n",buf);
                        X509_NAME_oneline(X509_get_subject_name(peer),
                                buf,BUFSIZ);
                        BIO_printf(bio,"subject=%s\n",buf);

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 33112eeb3fa0c3e4eb23aabdee9d2c348e36c68f..d5457b03287434f9882ca1a43b32325e00d71287 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -485,7 +485,7 @@ SSL *s;
                p=buf;                                  /* header */
                d=p+9;                                  /* data section */
                *(p++)=SSL2_MT_CLIENT_HELLO;            /* type */
                p=buf;                                  /* header */
                d=p+9;                                  /* data section */
                *(p++)=SSL2_MT_CLIENT_HELLO;            /* type */

-               s2n(SSL2_CLIENT_VERSION,p);             /* version */
+               s2n(SSL2_VERSION,p);                    /* version */

                n=j=0;
 
                n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
                n=j=0;
 
                n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);

diff --git a/ssl/ssl.h b/ssl/ssl.h
index f0b143abd95c166738dfd1fcfaac666def426e52..06ca4aaa223a4fc4c8b232b6dd954b8ff99bf31f 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -477,10 +477,9 @@ struct ssl_ctx_st
 
 struct ssl_st
        {
 
 struct ssl_st
        {

-       /* procol version
-        * 2 for SSLv2
-        * 3 for SSLv3
-        * -3 for SSLv3 but accept SSLv2 */
+       /* protocol version
+        * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
+        */

        int version;
        int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
 
        int version;
        int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
 

diff --git a/ssl/ssl2.h b/ssl/ssl2.h
index 3dc94e520bb057963d9d3b21b7825a4430995e4f..95e8231dfcbfc3388d2f899fbee9906fb98b7381 100644 (file)
--- a/ssl/ssl2.h
+++ b/ssl/ssl2.h
@@ -67,8 +67,8 @@ extern "C" {
 #define SSL2_VERSION           0x0002
 #define SSL2_VERSION_MAJOR     0x00
 #define SSL2_VERSION_MINOR     0x02
 #define SSL2_VERSION           0x0002
 #define SSL2_VERSION_MAJOR     0x00
 #define SSL2_VERSION_MINOR     0x02

-#define SSL2_CLIENT_VERSION    0x0002
-#define SSL2_SERVER_VERSION    0x0002
+/* #define SSL2_CLIENT_VERSION 0x0002 */
+/* #define SSL2_SERVER_VERSION 0x0002 */

 
 /* Protocol Message Codes */
 #define SSL2_MT_ERROR                  0
 
 /* Protocol Message Codes */
 #define SSL2_MT_ERROR                  0

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index d731634c70f30523fb1ab5aa913fbcf2acbfef85..341dc63ea2cd11de3482a5cbaa015cd077991806 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -150,7 +150,7 @@ int session;
 
        if (session)
                {
 
        if (session)
                {

-               if (s->version == SSL2_CLIENT_VERSION)
+               if (s->version == SSL2_VERSION)

                        {
                        ss->ssl_version=SSL2_VERSION;
                        ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
                        {
                        ss->ssl_version=SSL2_VERSION;
                        ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;