}
typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_COMMON,
OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_BIND, OPT_UNIX,
OPT_XMPPHOST, OPT_VERIFY, OPT_NAMEOPT,
OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
OPT_ENABLE_PHA,
OPT_SCTP_LABEL_BUG,
+ OPT_KTLS,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
{"srp_strength", OPT_SRP_STRENGTH, 'p',
"(deprecated) Minimal length in bits for N"},
#endif
+#ifndef OPENSSL_NO_KTLS
+ {"ktls", OPT_KTLS, '-', "Enable Kernel TLS for sending and receiving"},
+#endif
OPT_R_OPTIONS,
OPT_S_OPTIONS,
struct timeval timeout, *timeoutp;
fd_set readfds, writefds;
int noCApath = 0, noCAfile = 0, noCAstore = 0;
- int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
- int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
+ int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_UNDEF;
+ int key_format = FORMAT_UNDEF, crlf = 0, full_log = 1, mbuf_len = 0;
int prexit = 0;
int sdebug = 0;
int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
int ret = 1, in_init = 1, i, nbio_test = 0, sock = -1, k, width, state = 0;
int sbuf_len, sbuf_off, cmdletters = 1;
int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
- int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
+ int starttls_proto = PROTO_OFF, crl_format = FORMAT_UNDEF, crl_download = 0;
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
int at_eof = 0;
int sctp_label_bug = 0;
#endif
int ignore_unexpected_eof = 0;
+#ifndef OPENSSL_NO_KTLS
+ int enable_ktls = 0;
+#endif
FD_ZERO(&readfds);
FD_ZERO(&writefds);
case OPT_ENABLE_PHA:
enable_pha = 1;
break;
+ case OPT_KTLS:
+#ifndef OPENSSL_NO_KTLS
+ enable_ktls = 1;
+#endif
+ break;
}
}
/* Optional argument is connect string if -connect not used. */
- argc = opt_num_rest();
- if (argc == 1) {
+ if (opt_num_rest() == 1) {
/* Don't allow -connect and a separate argument. */
if (connectstr != NULL) {
BIO_printf(bio_err,
}
connect_type = use_inet;
freeandcopy(&connectstr, *opt_rest());
- } else if (argc != 0) {
+ } else if (!opt_check_rest_arg(NULL)) {
goto opthelp;
}
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
if (count4or6 >= 2) {
BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
}
if (cert_file != NULL) {
- cert = load_cert_pass(cert_file, 1, pass, "client certificate");
+ cert = load_cert_pass(cert_file, cert_format, 1, pass,
+ "client certificate");
if (cert == NULL)
goto end;
}
if (crl_file != NULL) {
X509_CRL *crl;
- crl = load_crl(crl_file, "CRL");
+ crl = load_crl(crl_file, crl_format, 0, "CRL");
if (crl == NULL)
goto end;
crls = sk_X509_CRL_new_null();
if (ignore_unexpected_eof)
SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
+#ifndef OPENSSL_NO_KTLS
+ if (enable_ktls)
+ SSL_CTX_set_options(ctx, SSL_OP_ENABLE_KTLS);
+#endif
if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
BIO_printf(bio_err, "Error setting verify params\n");
if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) {
if (servername == NULL) {
- if(host == NULL || is_dNS_name(host))
+ if (host == NULL || is_dNS_name(host))
servername = (host == NULL) ? "localhost" : host;
}
if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
}
if (c_debug) {
- BIO_set_callback(sbio, bio_dump_callback);
+ BIO_set_callback_ex(sbio, bio_dump_callback);
BIO_set_callback_arg(sbio, (char *)bio_c_out);
}
if (c_msg) {
*/
if (mbuf_len > 1 && mbuf[0] == '"') {
make_uppercase(mbuf);
- if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0)
+ if (HAS_PREFIX(mbuf, "\"STARTTLS\""))
foundit = 1;
}
} while (mbuf_len > 1 && mbuf[0] == '"');
*/
strncpy(sbuf, mbuf, 2);
make_uppercase(sbuf);
- if (strncmp(sbuf, "OK", 2) != 0) {
+ if (!HAS_PREFIX(sbuf, "OK")) {
BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
goto shut;
}
tty_on = 1;
if (in_init) {
in_init = 0;
-
if (c_brief) {
BIO_puts(bio_err, "CONNECTION ESTABLISHED\n");
print_ssl_summary(con);
BIO_printf(bio_err, "RENEGOTIATING\n");
SSL_renegotiate(con);
cbuf_len = 0;
- } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
+ } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k')
&& cmdletters) {
BIO_printf(bio_err, "KEYUPDATE\n");
SSL_key_update(con,
}
}
- ret = 0;
shut:
if (in_init)
print_stuff(bio_c_out, con, full_log);
X509_free(cert);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
EVP_PKEY_free(key);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
OPENSSL_free(pass);
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
#endif
OPENSSL_free(connectstr);
OPENSSL_free(bindstr);
+ OPENSSL_free(bindhost);
+ OPENSSL_free(bindport);
OPENSSL_free(host);
OPENSSL_free(port);
OPENSSL_free(thost);
public_key = X509_get_pubkey(sk_X509_value(sk, i));
if (public_key != NULL) {
BIO_printf(bio, " a:PKEY: %s, %d (bit); sigalg: %s\n",
- OBJ_nid2sn(EVP_PKEY_base_id(public_key)),
- EVP_PKEY_bits(public_key),
+ OBJ_nid2sn(EVP_PKEY_get_base_id(public_key)),
+ EVP_PKEY_get_bits(public_key),
OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i))));
EVP_PKEY_free(public_key);
}
pktmp = X509_get0_pubkey(peer);
BIO_printf(bio, "Server public key is %d bit\n",
- EVP_PKEY_bits(pktmp));
+ EVP_PKEY_get_bits(pktmp));
}
- BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+
+ ssl_print_secure_renegotiation_notes(bio, s);
+
#ifndef OPENSSL_NO_COMP
comp = SSL_get_current_compression(s);
expansion = SSL_get_current_expansion(s);
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
exportedkeymat = app_malloc(keymatexportlen, "export key");
- if (!SSL_export_keying_material(s, exportedkeymat,
+ if (SSL_export_keying_material(s, exportedkeymat,
keymatexportlen,
keymatexportlabel,
strlen(keymatexportlabel),
- NULL, 0, 0)) {
+ NULL, 0, 0) <= 0) {
BIO_printf(bio, " Error\n");
} else {
BIO_printf(bio, " Keying material: ");