BIO_printf(bio_err," -connect host:port - connect over TCP/IP (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
BIO_printf(bio_err," -unix path - connect over unix domain sockets\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err," -verify_return_error - return verification errors\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
BIO_printf(bio_err," -trusted_first - Use local CA's first when building trust chain\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -debug - extra output\n");
#ifdef WATT32
BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known g N values.\n");
BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
#endif
- BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
+#endif
BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
+ BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
BIO_printf(bio_err," -mtu - set the link layer MTU\n");
- BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+ BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
- BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
}
# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
-static int serverinfo_cli_cb(SSL* s, unsigned short ext_type,
- const unsigned char* in, unsigned short inlen,
- int* al, void* arg)
+static int serverinfo_cli_parse_cb(SSL* s, unsigned int ext_type,
+ const unsigned char* in, size_t inlen,
+ int* al, void* arg)
{
char pem_name[100];
unsigned char ext_buf[4 + 65536];
char *sess_out = NULL;
struct sockaddr peer;
int peerlen = sizeof(peer);
+ int fallback_scsv = 0;
int enable_timeouts = 0 ;
long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE
meth=TLSv1_client_method();
}
#endif
-#ifndef OPENSSL_NO_SSL2
- else if (strcmp(*argv,"-ssl2") == 0)
- meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
socket_mtu = atol(*(++argv));
}
#endif
+ else if (strcmp(*argv,"-fallback_scsv") == 0)
+ {
+ fallback_scsv = 1;
+ }
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) goto bad;
}
#endif
#ifndef OPENSSL_NO_TLSEXT
- if (serverinfo_types_count)
+ for (i = 0; i < serverinfo_types_count; i++)
{
- for (i = 0; i < serverinfo_types_count; i++)
- {
- SSL_CTX_set_custom_cli_ext(ctx,
- serverinfo_types[i],
- NULL,
- serverinfo_cli_cb,
- NULL);
- }
+ SSL_CTX_add_client_custom_ext(ctx,
+ serverinfo_types[i],
+ NULL, NULL, NULL,
+ serverinfo_cli_parse_cb,
+ NULL);
}
#endif
SSL_set_session(con, sess);
SSL_SESSION_free(sess);
}
+
+ if (fallback_scsv)
+ SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL)
{
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
- if (socket_mtu > 28)
+ if (socket_mtu)
{
+ if(socket_mtu < DTLS_get_link_min_mtu(con))
+ {
+ BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+ DTLS_get_link_min_mtu(con));
+ BIO_free(sbio);
+ goto shut;
+ }
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu - 28);
+ if(!DTLS_set_link_mtu(con, socket_mtu))
+ {
+ BIO_printf(bio_err, "Failed to set MTU\n");
+ BIO_free(sbio);
+ goto shut;
+ }
}
else
/* want to do MTU discovery */
static void print_stuff(BIO *bio, SSL *s, int full)
{
X509 *peer=NULL;
- char *p;
- static const char *space=" ";
char buf[BUFSIZ];
STACK_OF(X509) *sk;
STACK_OF(X509_NAME) *sk2;
const SSL_CIPHER *c;
X509_NAME *xn;
- int j,i;
+ int i;
#ifndef OPENSSL_NO_COMP
const COMP_METHOD *comp, *expansion;
#endif
{
BIO_printf(bio,"---\nNo client certificate CA names sent\n");
}
- p=SSL_get_shared_ciphers(s,buf,sizeof buf);
- if (p != NULL)
- {
- /* This works only for SSL 2. In later protocol
- * versions, the client does not know what other
- * ciphers (in addition to the one to be used
- * in the current connection) the server supports. */
-
- BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
- j=i=0;
- while (*p)
- {
- if (*p == ':')
- {
- BIO_write(bio,space,15-j%25);
- i++;
- j=0;
- BIO_write(bio,((i%3)?" ":"\n"),1);
- }
- else
- {
- BIO_write(bio,p,1);
- j++;
- }
- p++;
- }
- BIO_write(bio,"\n",1);
- }
ssl_print_sigalgs(bio, s);
ssl_print_tmp_key(bio, s);
projects / openssl.git / blobdiff