BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
+ BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
+ BIO_printf(bio_err," for those protocols that support it, where\n");
+ BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
+ BIO_printf(bio_err," only \"smtp\" is supported.\n");
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
SSL *con=NULL,*con2=NULL;
X509_STORE *store = NULL;
int s,k,width,state=0;
- char *cbuf=NULL,*sbuf=NULL;
+ char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
+ int smtp_starttls = 0;
int prexit = 0, vflags = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
- ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
+ ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+ ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
else if (strcmp(*argv,"-nbio") == 0)
{ c_nbio=1; }
#endif
+ else if (strcmp(*argv,"-starttls") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ++argv;
+ if (strcmp(*argv,"smtp") == 0)
+ smtp_starttls = 1;
+ else
+ goto bad;
+ }
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
goto end;
}
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
+
+ e = setup_engine(bio_err, engine_id, 1);
+
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
}
}
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
-
- e = setup_engine(bio_err, engine_id, 1);
-
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
sbuf_len=0;
sbuf_off=0;
+ /* This is an ugly hack that does a lot of assumptions */
+ if (smtp_starttls)
+ {
+ BIO_read(sbio,mbuf,BUFSIZZ);
+ BIO_printf(sbio,"STARTTLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
+
for (;;)
{
FD_ZERO(&readfds);
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
+ if (smtp_starttls)
+ {
+ BIO_printf(bio_err,"%s",mbuf);
+ /* We don't need to know any more */
+ smtp_starttls = 0;
+ }
+
if (reconnect)
{
reconnect--;
goto shut;
}
}
-#ifdef OPENSSL_SYS_WINDOWS
- /* Assume Windows can always write */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+ /* Assume Windows/DOS can always write */
else if (!ssl_pending && write_tty)
#else
else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
if (ctx != NULL) SSL_CTX_free(ctx);
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+ if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
for (i=0; i<sk_X509_num(sk); i++)
{
X509_NAME_oneline(X509_get_subject_name(
- sk_X509_value(sk,i)),buf,BUFSIZ);
+ sk_X509_value(sk,i)),buf,sizeof buf);
BIO_printf(bio,"%2d s:%s\n",i,buf);
X509_NAME_oneline(X509_get_issuer_name(
- sk_X509_value(sk,i)),buf,BUFSIZ);
+ sk_X509_value(sk,i)),buf,sizeof buf);
BIO_printf(bio," i:%s\n",buf);
if (c_showcerts)
PEM_write_bio_X509(bio,sk_X509_value(sk,i));
if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
PEM_write_bio_X509(bio,peer);
X509_NAME_oneline(X509_get_subject_name(peer),
- buf,BUFSIZ);
+ buf,sizeof buf);
BIO_printf(bio,"subject=%s\n",buf);
X509_NAME_oneline(X509_get_issuer_name(peer),
- buf,BUFSIZ);
+ buf,sizeof buf);
BIO_printf(bio,"issuer=%s\n",buf);
}
else
{
BIO_printf(bio,"---\nNo client certificate CA names sent\n");
}
- p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
+ p=SSL_get_shared_ciphers(s,buf,sizeof buf);
if (p != NULL)
{
/* This works only for SSL 2. In later protocol
projects / openssl.git / blobdiff