Add -prexit command to s_client and patch some BIO
[openssl.git] / apps / s_client.c
1 /* apps/s_client.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <assert.h>
60 #include <stdio.h>
61 #include <stdlib.h>
62 #include <string.h>
63 #ifdef NO_STDIO
64 #define APPS_WIN16
65 #endif
66
67 /* With IPv6, it looks like Digital has mixed up the proper order of
68    recursive header file inclusion, resulting in the compiler complaining
69    that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
70    is needed to have fileno() declared correctly...  So let's define u_int */
71 #if defined(VMS) && defined(__DECC) && !defined(__U_INT)
72 #define __U_INT
73 typedef unsigned int u_int;
74 #endif
75
76 #define USE_SOCKETS
77 #include "apps.h"
78 #include <openssl/x509.h>
79 #include <openssl/ssl.h>
80 #include <openssl/err.h>
81 #include <openssl/pem.h>
82 #include "s_apps.h"
83
84 #ifdef WINDOWS
85 #include <conio.h>
86 #endif
87
88
89 #if (defined(VMS) && __VMS_VER < 70000000)
90 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
91 #undef FIONBIO
92 #endif
93
94 #if defined(NO_RSA) && !defined(NO_SSL2)
95 #define NO_SSL2
96 #endif
97
98 #undef PROG
99 #define PROG    s_client_main
100
101 /*#define SSL_HOST_NAME "www.netscape.com" */
102 /*#define SSL_HOST_NAME "193.118.187.102" */
103 #define SSL_HOST_NAME   "localhost"
104
105 /*#define TEST_CERT "client.pem" */ /* no default cert. */
106
107 #undef BUFSIZZ
108 #define BUFSIZZ 1024*8
109
110 extern int verify_depth;
111 extern int verify_error;
112
113 #ifdef FIONBIO
114 static int c_nbio=0;
115 #endif
116 static int c_Pause=0;
117 static int c_debug=0;
118 static int c_showcerts=0;
119
120 static void sc_usage(void);
121 static void print_stuff(BIO *berr,SSL *con,int full);
122 static BIO *bio_c_out=NULL;
123 static int c_quiet=0;
124
125 static void sc_usage(void)
126         {
127         BIO_printf(bio_err,"usage: s_client args\n");
128         BIO_printf(bio_err,"\n");
129         BIO_printf(bio_err," -host host     - use -connect instead\n");
130         BIO_printf(bio_err," -port port     - use -connect instead\n");
131         BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
132
133         BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
134         BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
135         BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
136         BIO_printf(bio_err,"                 not specified but cert file is.\n");
137         BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
138         BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
139         BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
140         BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
141         BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
142         BIO_printf(bio_err," -debug        - extra output\n");
143         BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
144         BIO_printf(bio_err," -state        - print the 'ssl' states\n");
145 #ifdef FIONBIO
146         BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
147 #endif
148         BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
149         BIO_printf(bio_err," -quiet        - no s_client output\n");
150         BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
151         BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
152         BIO_printf(bio_err," -tls1         - just use TLSv1\n");
153         BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
154         BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
155         BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
156         BIO_printf(bio_err,"                 command to see what is available\n");
157
158         }
159
160 int MAIN(int argc, char **argv)
161         {
162         int off=0;
163         SSL *con=NULL,*con2=NULL;
164         int s,k,width,state=0;
165         char *cbuf=NULL,*sbuf=NULL;
166         int cbuf_len,cbuf_off;
167         int sbuf_len,sbuf_off;
168         fd_set readfds,writefds;
169         short port=PORT;
170         int full_log=1;
171         char *host=SSL_HOST_NAME;
172         char *cert_file=NULL,*key_file=NULL;
173         char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
174         int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
175         int crlf=0;
176         int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
177         SSL_CTX *ctx=NULL;
178         int ret=1,in_init=1,i,nbio_test=0;
179         int prexit = 0;
180         SSL_METHOD *meth=NULL;
181         BIO *sbio;
182 #ifdef WINDOWS
183         struct timeval tv;
184 #endif
185
186 #if !defined(NO_SSL2) && !defined(NO_SSL3)
187         meth=SSLv23_client_method();
188 #elif !defined(NO_SSL3)
189         meth=SSLv3_client_method();
190 #elif !defined(NO_SSL2)
191         meth=SSLv2_client_method();
192 #endif
193
194         apps_startup();
195         c_Pause=0;
196         c_quiet=0;
197         c_debug=0;
198         c_showcerts=0;
199
200         if (bio_err == NULL)
201                 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
202
203         if (    ((cbuf=Malloc(BUFSIZZ)) == NULL) ||
204                 ((sbuf=Malloc(BUFSIZZ)) == NULL))
205                 {
206                 BIO_printf(bio_err,"out of memory\n");
207                 goto end;
208                 }
209
210         verify_depth=0;
211         verify_error=X509_V_OK;
212 #ifdef FIONBIO
213         c_nbio=0;
214 #endif
215
216         argc--;
217         argv++;
218         while (argc >= 1)
219                 {
220                 if      (strcmp(*argv,"-host") == 0)
221                         {
222                         if (--argc < 1) goto bad;
223                         host= *(++argv);
224                         }
225                 else if (strcmp(*argv,"-port") == 0)
226                         {
227                         if (--argc < 1) goto bad;
228                         port=atoi(*(++argv));
229                         if (port == 0) goto bad;
230                         }
231                 else if (strcmp(*argv,"-connect") == 0)
232                         {
233                         if (--argc < 1) goto bad;
234                         if (!extract_host_port(*(++argv),&host,NULL,&port))
235                                 goto bad;
236                         }
237                 else if (strcmp(*argv,"-verify") == 0)
238                         {
239                         verify=SSL_VERIFY_PEER;
240                         if (--argc < 1) goto bad;
241                         verify_depth=atoi(*(++argv));
242                         BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
243                         }
244                 else if (strcmp(*argv,"-cert") == 0)
245                         {
246                         if (--argc < 1) goto bad;
247                         cert_file= *(++argv);
248                         }
249                 else if (strcmp(*argv,"-prexit") == 0)
250                         prexit=1;
251                 else if (strcmp(*argv,"-crlf") == 0)
252                         crlf=1;
253                 else if (strcmp(*argv,"-quiet") == 0)
254                         c_quiet=1;
255                 else if (strcmp(*argv,"-pause") == 0)
256                         c_Pause=1;
257                 else if (strcmp(*argv,"-debug") == 0)
258                         c_debug=1;
259                 else if (strcmp(*argv,"-showcerts") == 0)
260                         c_showcerts=1;
261                 else if (strcmp(*argv,"-nbio_test") == 0)
262                         nbio_test=1;
263                 else if (strcmp(*argv,"-state") == 0)
264                         state=1;
265 #ifndef NO_SSL2
266                 else if (strcmp(*argv,"-ssl2") == 0)
267                         meth=SSLv2_client_method();
268 #endif
269 #ifndef NO_SSL3
270                 else if (strcmp(*argv,"-ssl3") == 0)
271                         meth=SSLv3_client_method();
272 #endif
273 #ifndef NO_TLS1
274                 else if (strcmp(*argv,"-tls1") == 0)
275                         meth=TLSv1_client_method();
276 #endif
277                 else if (strcmp(*argv,"-bugs") == 0)
278                         bugs=1;
279                 else if (strcmp(*argv,"-key") == 0)
280                         {
281                         if (--argc < 1) goto bad;
282                         key_file= *(++argv);
283                         }
284                 else if (strcmp(*argv,"-reconnect") == 0)
285                         {
286                         reconnect=5;
287                         }
288                 else if (strcmp(*argv,"-CApath") == 0)
289                         {
290                         if (--argc < 1) goto bad;
291                         CApath= *(++argv);
292                         }
293                 else if (strcmp(*argv,"-CAfile") == 0)
294                         {
295                         if (--argc < 1) goto bad;
296                         CAfile= *(++argv);
297                         }
298                 else if (strcmp(*argv,"-no_tls1") == 0)
299                         off|=SSL_OP_NO_TLSv1;
300                 else if (strcmp(*argv,"-no_ssl3") == 0)
301                         off|=SSL_OP_NO_SSLv3;
302                 else if (strcmp(*argv,"-no_ssl2") == 0)
303                         off|=SSL_OP_NO_SSLv2;
304                 else if (strcmp(*argv,"-cipher") == 0)
305                         {
306                         if (--argc < 1) goto bad;
307                         cipher= *(++argv);
308                         }
309 #ifdef FIONBIO
310                 else if (strcmp(*argv,"-nbio") == 0)
311                         { c_nbio=1; }
312 #endif
313                 else
314                         {
315                         BIO_printf(bio_err,"unknown option %s\n",*argv);
316                         badop=1;
317                         break;
318                         }
319                 argc--;
320                 argv++;
321                 }
322         if (badop)
323                 {
324 bad:
325                 sc_usage();
326                 goto end;
327                 }
328
329         app_RAND_load_file(NULL, bio_err, 0);
330
331         if (bio_c_out == NULL)
332                 {
333                 if (c_quiet)
334                         {
335                         bio_c_out=BIO_new(BIO_s_null());
336                         }
337                 else
338                         {
339                         if (bio_c_out == NULL)
340                                 bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
341                         }
342                 }
343
344         SSLeay_add_ssl_algorithms();
345         ctx=SSL_CTX_new(meth);
346         if (ctx == NULL)
347                 {
348                 ERR_print_errors(bio_err);
349                 goto end;
350                 }
351
352         if (bugs)
353                 SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
354         else
355                 SSL_CTX_set_options(ctx,off);
356
357         if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
358         if (cipher != NULL)
359                 SSL_CTX_set_cipher_list(ctx,cipher);
360 #if 0
361         else
362                 SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
363 #endif
364
365         SSL_CTX_set_verify(ctx,verify,verify_callback);
366         if (!set_cert_stuff(ctx,cert_file,key_file))
367                 goto end;
368
369         if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
370                 (!SSL_CTX_set_default_verify_paths(ctx)))
371                 {
372                 /* BIO_printf(bio_err,"error seting default verify locations\n"); */
373                 ERR_print_errors(bio_err);
374                 /* goto end; */
375                 }
376
377         SSL_load_error_strings();
378
379         con=(SSL *)SSL_new(ctx);
380 /*      SSL_set_cipher_list(con,"RC4-MD5"); */
381
382 re_start:
383
384         if (init_client(&s,host,port) == 0)
385                 {
386                 BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
387                 SHUTDOWN(s);
388                 goto end;
389                 }
390         BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
391
392 #ifdef FIONBIO
393         if (c_nbio)
394                 {
395                 unsigned long l=1;
396                 BIO_printf(bio_c_out,"turning on non blocking io\n");
397                 if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
398                         {
399                         ERR_print_errors(bio_err);
400                         goto end;
401                         }
402                 }
403 #endif                                              
404         if (c_Pause & 0x01) con->debug=1;
405         sbio=BIO_new_socket(s,BIO_NOCLOSE);
406
407         if (nbio_test)
408                 {
409                 BIO *test;
410
411                 test=BIO_new(BIO_f_nbio_test());
412                 sbio=BIO_push(test,sbio);
413                 }
414
415         if (c_debug)
416                 {
417                 con->debug=1;
418                 BIO_set_callback(sbio,bio_dump_cb);
419                 BIO_set_callback_arg(sbio,bio_c_out);
420                 }
421
422         SSL_set_bio(con,sbio,sbio);
423         SSL_set_connect_state(con);
424
425         /* ok, lets connect */
426         width=SSL_get_fd(con)+1;
427
428         read_tty=1;
429         write_tty=0;
430         tty_on=0;
431         read_ssl=1;
432         write_ssl=1;
433         
434         cbuf_len=0;
435         cbuf_off=0;
436         sbuf_len=0;
437         sbuf_off=0;
438
439         for (;;)
440                 {
441                 FD_ZERO(&readfds);
442                 FD_ZERO(&writefds);
443
444                 if (SSL_in_init(con) && !SSL_total_renegotiations(con))
445                         {
446                         in_init=1;
447                         tty_on=0;
448                         }
449                 else
450                         {
451                         tty_on=1;
452                         if (in_init)
453                                 {
454                                 in_init=0;
455                                 print_stuff(bio_c_out,con,full_log);
456                                 if (full_log > 0) full_log--;
457
458                                 if (reconnect)
459                                         {
460                                         reconnect--;
461                                         BIO_printf(bio_c_out,"drop connection and then reconnect\n");
462                                         SSL_shutdown(con);
463                                         SSL_set_connect_state(con);
464                                         SHUTDOWN(SSL_get_fd(con));
465                                         goto re_start;
466                                         }
467                                 }
468                         }
469
470                 ssl_pending = read_ssl && SSL_pending(con);
471
472                 if (!ssl_pending)
473                         {
474 #ifndef WINDOWS
475                         if (tty_on)
476                                 {
477                                 if (read_tty)  FD_SET(fileno(stdin),&readfds);
478                                 if (write_tty) FD_SET(fileno(stdout),&writefds);
479                                 }
480                         if (read_ssl)
481                                 FD_SET(SSL_get_fd(con),&readfds);
482                         if (write_ssl)
483                                 FD_SET(SSL_get_fd(con),&writefds);
484 #else
485                         if(!tty_on || !write_tty) {
486                                 if (read_ssl)
487                                         FD_SET(SSL_get_fd(con),&readfds);
488                                 if (write_ssl)
489                                         FD_SET(SSL_get_fd(con),&writefds);
490                         }
491 #endif
492 /*                      printf("mode tty(%d %d%d) ssl(%d%d)\n",
493                                 tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
494
495                         /* Note: under VMS with SOCKETSHR the second parameter
496                          * is currently of type (int *) whereas under other
497                          * systems it is (void *) if you don't have a cast it
498                          * will choke the compiler: if you do have a cast then
499                          * you can either go for (int *) or (void *).
500                          */
501 #ifdef WINDOWS
502                         /* Under Windows we make the assumption that we can
503                          * always write to the tty: therefore if we need to
504                          * write to the tty we just fall through. Otherwise
505                          * we timeout the select every second and see if there
506                          * are any keypresses. Note: this is a hack, in a proper
507                          * Windows application we wouldn't do this.
508                          */
509                         if(!write_tty) {
510                                 if(read_tty) {
511                                         tv.tv_sec = 1;
512                                         tv.tv_usec = 0;
513                                         i=select(width,(void *)&readfds,(void *)&writefds,
514                                                  NULL,&tv);
515                                         if(!i && (!_kbhit() || !read_tty) ) continue;
516                                 } else  i=select(width,(void *)&readfds,(void *)&writefds,
517                                          NULL,NULL);
518                         }
519 #else
520                         i=select(width,(void *)&readfds,(void *)&writefds,
521                                  NULL,NULL);
522 #endif
523                         if ( i < 0)
524                                 {
525                                 BIO_printf(bio_err,"bad select %d\n",
526                                 get_last_socket_error());
527                                 goto shut;
528                                 /* goto end; */
529                                 }
530                         }
531
532                 if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
533                         {
534                         k=SSL_write(con,&(cbuf[cbuf_off]),
535                                 (unsigned int)cbuf_len);
536                         switch (SSL_get_error(con,k))
537                                 {
538                         case SSL_ERROR_NONE:
539                                 cbuf_off+=k;
540                                 cbuf_len-=k;
541                                 if (k <= 0) goto end;
542                                 /* we have done a  write(con,NULL,0); */
543                                 if (cbuf_len <= 0)
544                                         {
545                                         read_tty=1;
546                                         write_ssl=0;
547                                         }
548                                 else /* if (cbuf_len > 0) */
549                                         {
550                                         read_tty=0;
551                                         write_ssl=1;
552                                         }
553                                 break;
554                         case SSL_ERROR_WANT_WRITE:
555                                 BIO_printf(bio_c_out,"write W BLOCK\n");
556                                 write_ssl=1;
557                                 read_tty=0;
558                                 break;
559                         case SSL_ERROR_WANT_READ:
560                                 BIO_printf(bio_c_out,"write R BLOCK\n");
561                                 write_tty=0;
562                                 read_ssl=1;
563                                 write_ssl=0;
564                                 break;
565                         case SSL_ERROR_WANT_X509_LOOKUP:
566                                 BIO_printf(bio_c_out,"write X BLOCK\n");
567                                 break;
568                         case SSL_ERROR_ZERO_RETURN:
569                                 if (cbuf_len != 0)
570                                         {
571                                         BIO_printf(bio_c_out,"shutdown\n");
572                                         goto shut;
573                                         }
574                                 else
575                                         {
576                                         read_tty=1;
577                                         write_ssl=0;
578                                         break;
579                                         }
580                                 
581                         case SSL_ERROR_SYSCALL:
582                                 if ((k != 0) || (cbuf_len != 0))
583                                         {
584                                         BIO_printf(bio_err,"write:errno=%d\n",
585                                                 get_last_socket_error());
586                                         goto shut;
587                                         }
588                                 else
589                                         {
590                                         read_tty=1;
591                                         write_ssl=0;
592                                         }
593                                 break;
594                         case SSL_ERROR_SSL:
595                                 ERR_print_errors(bio_err);
596                                 goto shut;
597                                 }
598                         }
599 #ifdef WINDOWS
600                 /* Assume Windows can always write */
601                 else if (!ssl_pending && write_tty)
602 #else
603                 else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
604 #endif
605                         {
606 #ifdef CHARSET_EBCDIC
607                         ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
608 #endif
609                         i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
610
611                         if (i <= 0)
612                                 {
613                                 BIO_printf(bio_c_out,"DONE\n");
614                                 goto shut;
615                                 /* goto end; */
616                                 }
617
618                         sbuf_len-=i;;
619                         sbuf_off+=i;
620                         if (sbuf_len <= 0)
621                                 {
622                                 read_ssl=1;
623                                 write_tty=0;
624                                 }
625                         }
626                 else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
627                         {
628 #ifdef RENEG
629 { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
630 #endif
631 #if 1
632                         k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
633 #else
634 /* Demo for pending and peek :-) */
635                         k=SSL_read(con,sbuf,16);
636 { char zbuf[10240]; 
637 printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
638 }
639 #endif
640
641                         switch (SSL_get_error(con,k))
642                                 {
643                         case SSL_ERROR_NONE:
644                                 if (k <= 0)
645                                         goto end;
646                                 sbuf_off=0;
647                                 sbuf_len=k;
648
649                                 read_ssl=0;
650                                 write_tty=1;
651                                 break;
652                         case SSL_ERROR_WANT_WRITE:
653                                 BIO_printf(bio_c_out,"read W BLOCK\n");
654                                 write_ssl=1;
655                                 read_tty=0;
656                                 break;
657                         case SSL_ERROR_WANT_READ:
658                                 BIO_printf(bio_c_out,"read R BLOCK\n");
659                                 write_tty=0;
660                                 read_ssl=1;
661                                 if ((read_tty == 0) && (write_ssl == 0))
662                                         write_ssl=1;
663                                 break;
664                         case SSL_ERROR_WANT_X509_LOOKUP:
665                                 BIO_printf(bio_c_out,"read X BLOCK\n");
666                                 break;
667                         case SSL_ERROR_SYSCALL:
668                                 BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
669                                 goto shut;
670                         case SSL_ERROR_ZERO_RETURN:
671                                 BIO_printf(bio_c_out,"closed\n");
672                                 goto shut;
673                         case SSL_ERROR_SSL:
674                                 ERR_print_errors(bio_err);
675                                 goto shut;
676                                 /* break; */
677                                 }
678                         }
679
680 #ifdef WINDOWS
681                 else if (_kbhit())
682 #else
683                 else if (FD_ISSET(fileno(stdin),&readfds))
684 #endif
685                         {
686                         if (crlf)
687                                 {
688                                 int j, lf_num;
689
690                                 i=read(fileno(stdin),cbuf,BUFSIZZ/2);
691                                 lf_num = 0;
692                                 /* both loops are skipped when i <= 0 */
693                                 for (j = 0; j < i; j++)
694                                         if (cbuf[j] == '\n')
695                                                 lf_num++;
696                                 for (j = i-1; j >= 0; j--)
697                                         {
698                                         cbuf[j+lf_num] = cbuf[j];
699                                         if (cbuf[j] == '\n')
700                                                 {
701                                                 lf_num--;
702                                                 i++;
703                                                 cbuf[j+lf_num] = '\r';
704                                                 }
705                                         }
706                                 assert(lf_num == 0);
707                                 }
708                         else
709                                 i=read(fileno(stdin),cbuf,BUFSIZZ);
710
711                         if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
712                                 {
713                                 BIO_printf(bio_err,"DONE\n");
714                                 goto shut;
715                                 }
716
717                         if ((!c_quiet) && (cbuf[0] == 'R'))
718                                 {
719                                 BIO_printf(bio_err,"RENEGOTIATING\n");
720                                 SSL_renegotiate(con);
721                                 cbuf_len=0;
722                                 }
723                         else
724                                 {
725                                 cbuf_len=i;
726                                 cbuf_off=0;
727 #ifdef CHARSET_EBCDIC
728                                 ebcdic2ascii(cbuf, cbuf, i);
729 #endif
730                                 }
731
732                         write_ssl=1;
733                         read_tty=0;
734                         }
735                 }
736 shut:
737         SSL_shutdown(con);
738         SHUTDOWN(SSL_get_fd(con));
739         ret=0;
740 end:
741         if(prexit) print_stuff(bio_c_out,con,1);
742         if (con != NULL) SSL_free(con);
743         if (con2 != NULL) SSL_free(con2);
744         if (ctx != NULL) SSL_CTX_free(ctx);
745         if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
746         if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
747         if (bio_c_out != NULL)
748                 {
749                 BIO_free(bio_c_out);
750                 bio_c_out=NULL;
751                 }
752         EXIT(ret);
753         }
754
755
756 static void print_stuff(BIO *bio, SSL *s, int full)
757         {
758         X509 *peer=NULL;
759         char *p;
760         static char *space="                ";
761         char buf[BUFSIZ];
762         STACK_OF(X509) *sk;
763         STACK_OF(X509_NAME) *sk2;
764         SSL_CIPHER *c;
765         X509_NAME *xn;
766         int j,i;
767
768         if (full)
769                 {
770                 int got_a_chain = 0;
771
772                 sk=SSL_get_peer_cert_chain(s);
773                 if (sk != NULL)
774                         {
775                         got_a_chain = 1; /* we don't have it for SSL2 (yet) */
776
777                         BIO_printf(bio,"---\nCertificate chain\n");
778                         for (i=0; i<sk_X509_num(sk); i++)
779                                 {
780                                 X509_NAME_oneline(X509_get_subject_name(
781                                         sk_X509_value(sk,i)),buf,BUFSIZ);
782                                 BIO_printf(bio,"%2d s:%s\n",i,buf);
783                                 X509_NAME_oneline(X509_get_issuer_name(
784                                         sk_X509_value(sk,i)),buf,BUFSIZ);
785                                 BIO_printf(bio,"   i:%s\n",buf);
786                                 if (c_showcerts)
787                                         PEM_write_bio_X509(bio,sk_X509_value(sk,i));
788                                 }
789                         }
790
791                 BIO_printf(bio,"---\n");
792                 peer=SSL_get_peer_certificate(s);
793                 if (peer != NULL)
794                         {
795                         BIO_printf(bio,"Server certificate\n");
796                         if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
797                                 PEM_write_bio_X509(bio,peer);
798                         X509_NAME_oneline(X509_get_subject_name(peer),
799                                 buf,BUFSIZ);
800                         BIO_printf(bio,"subject=%s\n",buf);
801                         X509_NAME_oneline(X509_get_issuer_name(peer),
802                                 buf,BUFSIZ);
803                         BIO_printf(bio,"issuer=%s\n",buf);
804                         }
805                 else
806                         BIO_printf(bio,"no peer certificate available\n");
807
808                 sk2=SSL_get_client_CA_list(s);
809                 if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
810                         {
811                         BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
812                         for (i=0; i<sk_X509_NAME_num(sk2); i++)
813                                 {
814                                 xn=sk_X509_NAME_value(sk2,i);
815                                 X509_NAME_oneline(xn,buf,sizeof(buf));
816                                 BIO_write(bio,buf,strlen(buf));
817                                 BIO_write(bio,"\n",1);
818                                 }
819                         }
820                 else
821                         {
822                         BIO_printf(bio,"---\nNo client certificate CA names sent\n");
823                         }
824                 p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
825                 if (p != NULL)
826                         {
827                         /* This works only for SSL 2.  In later protocol
828                          * versions, the client does not know what other
829                          * ciphers (in addition to the one to be used
830                          * in the current connection) the server supports. */
831
832                         BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
833                         j=i=0;
834                         while (*p)
835                                 {
836                                 if (*p == ':')
837                                         {
838                                         BIO_write(bio,space,15-j%25);
839                                         i++;
840                                         j=0;
841                                         BIO_write(bio,((i%3)?" ":"\n"),1);
842                                         }
843                                 else
844                                         {
845                                         BIO_write(bio,p,1);
846                                         j++;
847                                         }
848                                 p++;
849                                 }
850                         BIO_write(bio,"\n",1);
851                         }
852
853                 BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
854                         BIO_number_read(SSL_get_rbio(s)),
855                         BIO_number_written(SSL_get_wbio(s)));
856                 }
857         BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
858         c=SSL_get_current_cipher(s);
859         BIO_printf(bio,"%s, Cipher is %s\n",
860                 SSL_CIPHER_get_version(c),
861                 SSL_CIPHER_get_name(c));
862         if (peer != NULL) {
863                 EVP_PKEY *pktmp;
864                 pktmp = X509_get_pubkey(peer);
865                 BIO_printf(bio,"Server public key is %d bit\n",
866                                                          EVP_PKEY_bits(pktmp));
867                 EVP_PKEY_free(pktmp);
868         }
869         SSL_SESSION_print(bio,SSL_get_session(s));
870         BIO_printf(bio,"---\n");
871         if (peer != NULL)
872                 X509_free(peer);
873         }
874