Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
[openssl.git] / apps / s_client.c
1 /* apps/s_client.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #define USE_SOCKETS
63 #ifdef NO_STDIO
64 #define APPS_WIN16
65 #endif
66 #include "apps.h"
67 #include "x509.h"
68 #include "ssl.h"
69 #include "err.h"
70 #include "pem.h"
71 #include "s_apps.h"
72
73 #undef PROG
74 #define PROG    s_client_main
75
76 /*#define SSL_HOST_NAME "www.netscape.com" */
77 /*#define SSL_HOST_NAME "193.118.187.102" */
78 #define SSL_HOST_NAME   "localhost"
79
80 /*#define TEST_CERT "client.pem" */ /* no default cert. */
81
82 #undef BUFSIZZ
83 #define BUFSIZZ 1024*8
84
85 extern int verify_depth;
86 extern int verify_error;
87
88 #ifdef FIONBIO
89 static int c_nbio=0;
90 #endif
91 static int c_Pause=0;
92 static int c_debug=0;
93
94 #ifndef NOPROTO
95 static void sc_usage(void);
96 static void print_stuff(BIO *berr,SSL *con,int full);
97 #else
98 static void sc_usage();
99 static void print_stuff();
100 #endif
101
102 static BIO *bio_c_out=NULL;
103 static int c_quiet=0;
104
105 static void sc_usage()
106         {
107         BIO_printf(bio_err,"usage: client args\n");
108         BIO_printf(bio_err,"\n");
109         BIO_printf(bio_err," -host host     - use -connect instead\n");
110         BIO_printf(bio_err," -port port     - use -connect instead\n");
111         BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
112
113         BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
114         BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
115         BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
116         BIO_printf(bio_err,"                 not specified but cert file is.\n");
117         BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
118         BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
119         BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
120         BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
121         BIO_printf(bio_err," -debug        - extra output\n");
122         BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
123         BIO_printf(bio_err," -state        - print the 'ssl' states\n");
124 #ifdef FIONBIO
125         BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
126 #endif
127         BIO_printf(bio_err," -quiet        - no s_client output\n");
128         BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
129         BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
130         BIO_printf(bio_err," -tls1         - just use TLSv1\n");
131         BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
132         BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
133         BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
134         BIO_printf(bio_err,"                 command to see what is available\n");
135
136         }
137
138 int MAIN(argc, argv)
139 int argc;
140 char **argv;
141         {
142         int off=0;
143         SSL *con=NULL,*con2=NULL;
144         int s,k,width,state=0;
145         char *cbuf=NULL,*sbuf=NULL;
146         int cbuf_len,cbuf_off;
147         int sbuf_len,sbuf_off;
148         fd_set readfds,writefds;
149         short port=PORT;
150         int full_log=1;
151         char *host=SSL_HOST_NAME;
152         char *cert_file=NULL,*key_file=NULL;
153         char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
154         int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
155         int write_tty,read_tty,write_ssl,read_ssl,tty_on;
156         SSL_CTX *ctx=NULL;
157         int ret=1,in_init=1,i,nbio_test=0;
158         SSL_METHOD *meth=NULL;
159         BIO *sbio;
160         /*static struct timeval timeout={10,0};*/
161
162 #if !defined(NO_SSL2) && !defined(NO_SSL3)
163         meth=SSLv23_client_method();
164 #elif !defined(NO_SSL3)
165         meth=SSLv3_client_method();
166 #elif !defined(NO_SSL2)
167         meth=SSLv2_client_method();
168 #endif
169
170         apps_startup();
171         c_Pause=0;
172         c_quiet=0;
173         c_debug=0;
174
175         if (bio_err == NULL)
176                 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
177
178         if (    ((cbuf=Malloc(BUFSIZZ)) == NULL) ||
179                 ((sbuf=Malloc(BUFSIZZ)) == NULL))
180                 {
181                 BIO_printf(bio_err,"out of memory\n");
182                 goto end;
183                 }
184
185         verify_depth=0;
186         verify_error=X509_V_OK;
187 #ifdef FIONBIO
188         c_nbio=0;
189 #endif
190
191         argc--;
192         argv++;
193         while (argc >= 1)
194                 {
195                 if      (strcmp(*argv,"-host") == 0)
196                         {
197                         if (--argc < 1) goto bad;
198                         host= *(++argv);
199                         }
200                 else if (strcmp(*argv,"-port") == 0)
201                         {
202                         if (--argc < 1) goto bad;
203                         port=atoi(*(++argv));
204                         if (port == 0) goto bad;
205                         }
206                 else if (strcmp(*argv,"-connect") == 0)
207                         {
208                         if (--argc < 1) goto bad;
209                         if (!extract_host_port(*(++argv),&host,NULL,&port))
210                                 goto bad;
211                         }
212                 else if (strcmp(*argv,"-verify") == 0)
213                         {
214                         verify=SSL_VERIFY_PEER;
215                         if (--argc < 1) goto bad;
216                         verify_depth=atoi(*(++argv));
217                         BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
218                         }
219                 else if (strcmp(*argv,"-cert") == 0)
220                         {
221                         if (--argc < 1) goto bad;
222                         cert_file= *(++argv);
223                         }
224                 else if (strcmp(*argv,"-quiet") == 0)
225                         c_quiet=1;
226                 else if (strcmp(*argv,"-pause") == 0)
227                         c_Pause=1;
228                 else if (strcmp(*argv,"-debug") == 0)
229                         c_debug=1;
230                 else if (strcmp(*argv,"-nbio_test") == 0)
231                         nbio_test=1;
232                 else if (strcmp(*argv,"-state") == 0)
233                         state=1;
234 #ifndef NO_SSL2
235                 else if (strcmp(*argv,"-ssl2") == 0)
236                         meth=SSLv2_client_method();
237 #endif
238 #ifndef NO_SSL3
239                 else if (strcmp(*argv,"-ssl3") == 0)
240                         meth=SSLv3_client_method();
241 #endif
242 #ifndef NO_TLS1
243                 else if (strcmp(*argv,"-tls1") == 0)
244                         meth=TLSv1_client_method();
245 #endif
246                 else if (strcmp(*argv,"-bugs") == 0)
247                         bugs=1;
248                 else if (strcmp(*argv,"-key") == 0)
249                         {
250                         if (--argc < 1) goto bad;
251                         key_file= *(++argv);
252                         }
253                 else if (strcmp(*argv,"-reconnect") == 0)
254                         {
255                         reconnect=5;
256                         }
257                 else if (strcmp(*argv,"-CApath") == 0)
258                         {
259                         if (--argc < 1) goto bad;
260                         CApath= *(++argv);
261                         }
262                 else if (strcmp(*argv,"-CAfile") == 0)
263                         {
264                         if (--argc < 1) goto bad;
265                         CAfile= *(++argv);
266                         }
267                 else if (strcmp(*argv,"-no_tls1") == 0)
268                         off|=SSL_OP_NO_TLSv1;
269                 else if (strcmp(*argv,"-no_ssl3") == 0)
270                         off|=SSL_OP_NO_SSLv3;
271                 else if (strcmp(*argv,"-no_ssl2") == 0)
272                         off|=SSL_OP_NO_SSLv2;
273                 else if (strcmp(*argv,"-cipher") == 0)
274                         {
275                         if (--argc < 1) goto bad;
276                         cipher= *(++argv);
277                         }
278 #ifdef FIONBIO
279                 else if (strcmp(*argv,"-nbio") == 0)
280                         { c_nbio=1; }
281 #endif
282                 else
283                         {
284                         BIO_printf(bio_err,"unknown option %s\n",*argv);
285                         badop=1;
286                         break;
287                         }
288                 argc--;
289                 argv++;
290                 }
291         if (badop)
292                 {
293 bad:
294                 sc_usage();
295                 goto end;
296                 }
297
298         if (bio_c_out == NULL)
299                 {
300                 if (c_quiet)
301                         {
302                         bio_c_out=BIO_new(BIO_s_null());
303                         }
304                 else
305                         {
306                         if (bio_c_out == NULL)
307                                 bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
308                         }
309                 }
310
311         SSLeay_add_ssl_algorithms();
312         ctx=SSL_CTX_new(meth);
313         if (ctx == NULL)
314                 {
315                 ERR_print_errors(bio_err);
316                 goto end;
317                 }
318
319         if (bugs)
320                 SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
321         else
322                 SSL_CTX_set_options(ctx,off);
323
324         if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
325         if (cipher != NULL)
326                 SSL_CTX_set_cipher_list(ctx,cipher);
327 #if 0
328         else
329                 SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
330 #endif
331
332         SSL_CTX_set_verify(ctx,verify,verify_callback);
333         if (!set_cert_stuff(ctx,cert_file,key_file))
334                 goto end;
335
336         if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
337                 (!SSL_CTX_set_default_verify_paths(ctx)))
338                 {
339                 /* BIO_printf(bio_err,"error seting default verify locations\n"); */
340                 ERR_print_errors(bio_err);
341                 /* goto end; */
342                 }
343
344         SSL_load_error_strings();
345
346         con=(SSL *)SSL_new(ctx);
347 /*      SSL_set_cipher_list(con,"RC4-MD5"); */
348
349 re_start:
350
351         if (init_client(&s,host,port) == 0)
352                 {
353                 BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
354                 SHUTDOWN(s);
355                 goto end;
356                 }
357         BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
358
359 #ifdef FIONBIO
360         if (c_nbio)
361                 {
362                 unsigned long l=1;
363                 BIO_printf(bio_c_out,"turning on non blocking io\n");
364                 if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
365                         {
366                         ERR_print_errors(bio_err);
367                         goto end;
368                         }
369                 }
370 #endif                                              
371         if (c_Pause & 0x01) con->debug=1;
372         sbio=BIO_new_socket(s,BIO_NOCLOSE);
373
374         if (nbio_test)
375                 {
376                 BIO *test;
377
378                 test=BIO_new(BIO_f_nbio_test());
379                 sbio=BIO_push(test,sbio);
380                 }
381
382         if (c_debug)
383                 {
384                 con->debug=1;
385                 BIO_set_callback(sbio,bio_dump_cb);
386                 BIO_set_callback_arg(sbio,bio_c_out);
387                 }
388
389         SSL_set_bio(con,sbio,sbio);
390         SSL_set_connect_state(con);
391
392         /* ok, lets connect */
393         width=SSL_get_fd(con)+1;
394
395         read_tty=1;
396         write_tty=0;
397         tty_on=0;
398         read_ssl=1;
399         write_ssl=1;
400         
401         cbuf_len=0;
402         cbuf_off=0;
403         sbuf_len=0;
404         sbuf_off=0;
405
406         for (;;)
407                 {
408                 FD_ZERO(&readfds);
409                 FD_ZERO(&writefds);
410
411                 if (SSL_in_init(con) && !SSL_total_renegotiations(con))
412                         {
413                         in_init=1;
414                         tty_on=0;
415                         }
416                 else
417                         {
418                         tty_on=1;
419                         if (in_init)
420                                 {
421                                 in_init=0;
422                                 print_stuff(bio_c_out,con,full_log);
423                                 if (full_log > 0) full_log--;
424
425                                 if (reconnect)
426                                         {
427                                         reconnect--;
428                                         BIO_printf(bio_c_out,"drop connection and then reconnect\n");
429                                         SSL_shutdown(con);
430                                         SSL_set_connect_state(con);
431                                         SHUTDOWN(SSL_get_fd(con));
432                                         goto re_start;
433                                         }
434                                 }
435                         }
436
437 #ifndef WINDOWS
438                 if (tty_on)
439                         {
440                         if (read_tty)  FD_SET(fileno(stdin),&readfds);
441                         if (write_tty) FD_SET(fileno(stdout),&writefds);
442                         }
443 #endif
444                 if (read_ssl)
445                         FD_SET(SSL_get_fd(con),&readfds);
446                 if (write_ssl)
447                         FD_SET(SSL_get_fd(con),&writefds);
448
449 /*              printf("mode tty(%d %d%d) ssl(%d%d)\n",
450                         tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
451
452                 i=select(width,&readfds,&writefds,NULL,NULL);
453                 if ( i < 0)
454                         {
455                         BIO_printf(bio_err,"bad select %d\n",
456                                 get_last_socket_error());
457                         goto shut;
458                         /* goto end; */
459                         }
460
461                 if (FD_ISSET(SSL_get_fd(con),&writefds))
462                         {
463                         k=SSL_write(con,&(cbuf[cbuf_off]),
464                                 (unsigned int)cbuf_len);
465                         switch (SSL_get_error(con,k))
466                                 {
467                         case SSL_ERROR_NONE:
468                                 cbuf_off+=k;
469                                 cbuf_len-=k;
470                                 if (k <= 0) goto end;
471                                 /* we have done a  write(con,NULL,0); */
472                                 if (cbuf_len <= 0)
473                                         {
474                                         read_tty=1;
475                                         write_ssl=0;
476                                         }
477                                 else /* if (cbuf_len > 0) */
478                                         {
479                                         read_tty=0;
480                                         write_ssl=1;
481                                         }
482                                 break;
483                         case SSL_ERROR_WANT_WRITE:
484                                 BIO_printf(bio_c_out,"write W BLOCK\n");
485                                 write_ssl=1;
486                                 read_tty=0;
487                                 break;
488                         case SSL_ERROR_WANT_READ:
489                                 BIO_printf(bio_c_out,"write R BLOCK\n");
490                                 write_tty=0;
491                                 read_ssl=1;
492                                 write_ssl=0;
493                                 break;
494                         case SSL_ERROR_WANT_X509_LOOKUP:
495                                 BIO_printf(bio_c_out,"write X BLOCK\n");
496                                 break;
497                         case SSL_ERROR_ZERO_RETURN:
498                                 if (cbuf_len != 0)
499                                         {
500                                         BIO_printf(bio_c_out,"shutdown\n");
501                                         goto shut;
502                                         }
503                                 else
504                                         {
505                                         read_tty=1;
506                                         write_ssl=0;
507                                         break;
508                                         }
509                                 
510                         case SSL_ERROR_SYSCALL:
511                                 if ((k != 0) || (cbuf_len != 0))
512                                         {
513                                         BIO_printf(bio_err,"write:errno=%d\n",
514                                                 get_last_socket_error());
515                                         goto shut;
516                                         }
517                                 else
518                                         {
519                                         read_tty=1;
520                                         write_ssl=0;
521                                         }
522                                 break;
523                         case SSL_ERROR_SSL:
524                                 ERR_print_errors(bio_err);
525                                 goto shut;
526                                 }
527                         }
528 #ifndef WINDOWS
529                 else if (FD_ISSET(fileno(stdout),&writefds))
530                         {
531                         i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
532
533                         if (i <= 0)
534                                 {
535                                 BIO_printf(bio_c_out,"DONE\n");
536                                 goto shut;
537                                 /* goto end; */
538                                 }
539
540                         sbuf_len-=i;;
541                         sbuf_off+=i;
542                         if (sbuf_len <= 0)
543                                 {
544                                 read_ssl=1;
545                                 write_tty=0;
546                                 }
547                         }
548 #endif
549                 else if (FD_ISSET(SSL_get_fd(con),&readfds))
550                         {
551 #ifdef RENEG
552 { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
553 #endif
554 #if 1
555                         k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
556 #else
557 /* Demo for pending and peek :-) */
558                         k=SSL_read(con,sbuf,16);
559 { char zbuf[10240]; 
560 printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
561 }
562 #endif
563
564                         switch (SSL_get_error(con,k))
565                                 {
566                         case SSL_ERROR_NONE:
567                                 if (k <= 0)
568                                         goto end;
569                                 sbuf_off=0;
570                                 sbuf_len=k;
571
572                                 read_ssl=0;
573                                 write_tty=1;
574                                 break;
575                         case SSL_ERROR_WANT_WRITE:
576                                 BIO_printf(bio_c_out,"read W BLOCK\n");
577                                 write_ssl=1;
578                                 read_tty=0;
579                                 break;
580                         case SSL_ERROR_WANT_READ:
581                                 BIO_printf(bio_c_out,"read R BLOCK\n");
582                                 write_tty=0;
583                                 read_ssl=1;
584                                 if ((read_tty == 0) && (write_ssl == 0))
585                                         write_ssl=1;
586                                 break;
587                         case SSL_ERROR_WANT_X509_LOOKUP:
588                                 BIO_printf(bio_c_out,"read X BLOCK\n");
589                                 break;
590                         case SSL_ERROR_SYSCALL:
591                                 BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
592                                 goto shut;
593                         case SSL_ERROR_ZERO_RETURN:
594                                 BIO_printf(bio_c_out,"closed\n");
595                                 goto shut;
596                         case SSL_ERROR_SSL:
597                                 ERR_print_errors(bio_err);
598                                 goto shut;
599                                 /* break; */
600                                 }
601                         }
602
603 #ifndef WINDOWS
604                 else if (FD_ISSET(fileno(stdin),&readfds))
605                         {
606                         i=read(fileno(stdin),cbuf,BUFSIZZ);
607
608                         if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
609                                 {
610                                 BIO_printf(bio_err,"DONE\n");
611                                 goto shut;
612                                 }
613
614                         if ((!c_quiet) && (cbuf[0] == 'R'))
615                                 {
616                                 SSL_renegotiate(con);
617                                 read_tty=0;
618                                 write_ssl=1;
619                                 }
620                         else
621                                 {
622                                 cbuf_len=i;
623                                 cbuf_off=0;
624                                 }
625
626                         read_tty=0;
627                         write_ssl=1;
628                         }
629 #endif
630                 }
631 shut:
632         SSL_shutdown(con);
633         SHUTDOWN(SSL_get_fd(con));
634         ret=0;
635 end:
636         if (con != NULL) SSL_free(con);
637         if (con2 != NULL) SSL_free(con2);
638         if (ctx != NULL) SSL_CTX_free(ctx);
639         if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
640         if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
641         if (bio_c_out != NULL)
642                 {
643                 BIO_free(bio_c_out);
644                 bio_c_out=NULL;
645                 }
646         EXIT(ret);
647         }
648
649
650 static void print_stuff(bio,s,full)
651 BIO *bio;
652 SSL *s;
653 int full;
654         {
655         X509 *peer=NULL;
656         char *p;
657         static char *space="                ";
658         char buf[BUFSIZ];
659         STACK *sk;
660         SSL_CIPHER *c;
661         X509_NAME *xn;
662         int j,i;
663
664         if (full)
665                 {
666                 sk=SSL_get_peer_cert_chain(s);
667                 if (sk != NULL)
668                         {
669                         BIO_printf(bio,"---\nCertificate chain\n");
670                         for (i=0; i<sk_num(sk); i++)
671                                 {
672                                 X509_NAME_oneline(X509_get_subject_name((X509 *)
673                                         sk_value(sk,i)),buf,BUFSIZ);
674                                 BIO_printf(bio,"%2d s:%s\n",i,buf);
675                                 X509_NAME_oneline(X509_get_issuer_name((X509 *)
676                                         sk_value(sk,i)),buf,BUFSIZ);
677                                 BIO_printf(bio,"   i:%s\n",buf);
678                                 }
679                         }
680
681                 BIO_printf(bio,"---\n");
682                 peer=SSL_get_peer_certificate(s);
683                 if (peer != NULL)
684                         {
685                         BIO_printf(bio,"Server certificate\n");
686                         PEM_write_bio_X509(bio,peer);
687                         X509_NAME_oneline(X509_get_subject_name(peer),
688                                 buf,BUFSIZ);
689                         BIO_printf(bio,"subject=%s\n",buf);
690                         X509_NAME_oneline(X509_get_issuer_name(peer),
691                                 buf,BUFSIZ);
692                         BIO_printf(bio,"issuer=%s\n",buf);
693                         }
694                 else
695                         BIO_printf(bio,"no peer certificate available\n");
696
697                 sk=SSL_get_client_CA_list(s);
698                 if ((sk != NULL) && (sk_num(sk) > 0))
699                         {
700                         BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
701                         for (i=0; i<sk_num(sk); i++)
702                                 {
703                                 xn=(X509_NAME *)sk_value(sk,i);
704                                 X509_NAME_oneline(xn,buf,sizeof(buf));
705                                 BIO_write(bio,buf,strlen(buf));
706                                 BIO_write(bio,"\n",1);
707                                 }
708                         }
709                 else
710                         {
711                         BIO_printf(bio,"---\nNo client certificate CA names sent\n");
712                         }
713                 p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
714                 if (p != NULL)
715                         {
716                         BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
717                         j=i=0;
718                         while (*p)
719                                 {
720                                 if (*p == ':')
721                                         {
722                                         BIO_write(bio,space,15-j%25);
723                                         i++;
724                                         j=0;
725                                         BIO_write(bio,((i%3)?" ":"\n"),1);
726                                         }
727                                 else
728                                         {
729                                         BIO_write(bio,p,1);
730                                         j++;
731                                         }
732                                 p++;
733                                 }
734                         BIO_write(bio,"\n",1);
735                         }
736
737                 BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
738                         BIO_number_read(SSL_get_rbio(s)),
739                         BIO_number_written(SSL_get_wbio(s)));
740                 }
741         BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
742         c=SSL_get_current_cipher(s);
743         BIO_printf(bio,"%s, Cipher is %s\n",
744                 SSL_CIPHER_get_version(c),
745                 SSL_CIPHER_get_name(c));
746         if (peer != NULL)
747                 BIO_printf(bio,"Server public key is %d bit\n",
748                         EVP_PKEY_bits(X509_get_pubkey(peer)));
749         SSL_SESSION_print(bio,SSL_get_session(s));
750         BIO_printf(bio,"---\n");
751         if (peer != NULL)
752                 X509_free(peer);
753         }
754