* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <openssl/e_os2.h>
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include <openssl/rand.h>
#include "s_apps.h"
#ifdef OPENSSL_SYS_WINDOWS
#endif
static int c_Pause=0;
static int c_debug=0;
+static int c_msg=0;
static int c_showcerts=0;
static void sc_usage(void);
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -debug - extra output\n");
+ BIO_printf(bio_err," -msg - Show protocol messages\n");
BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
BIO_printf(bio_err," -state - print the 'ssl' states\n");
#ifdef FIONBIO
BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
+ BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
+ BIO_printf(bio_err," for those protocols that support it, where\n");
+ BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
+ BIO_printf(bio_err," only \"smtp\" is supported.\n");
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
{
int off=0;
SSL *con=NULL,*con2=NULL;
+ X509_STORE *store = NULL;
int s,k,width,state=0;
- char *cbuf=NULL,*sbuf=NULL;
+ char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
- int prexit = 0;
+ int smtp_starttls = 0;
+ int prexit = 0, vflags = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
char *inrand=NULL;
c_quiet=0;
c_ign_eof=0;
c_debug=0;
+ c_msg=0;
c_showcerts=0;
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
- ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
+ ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+ ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
if (--argc < 1) goto bad;
cert_file= *(++argv);
}
+ else if (strcmp(*argv,"-crl_check") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ else if (strcmp(*argv,"-crl_check_all") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (strcmp(*argv,"-prexit") == 0)
prexit=1;
else if (strcmp(*argv,"-crlf") == 0)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
c_debug=1;
+ else if (strcmp(*argv,"-msg") == 0)
+ c_msg=1;
else if (strcmp(*argv,"-showcerts") == 0)
c_showcerts=1;
else if (strcmp(*argv,"-nbio_test") == 0)
else if (strcmp(*argv,"-nbio") == 0)
{ c_nbio=1; }
#endif
+ else if (strcmp(*argv,"-starttls") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ++argv;
+ if (strcmp(*argv,"smtp") == 0)
+ smtp_starttls = 1;
+ else
+ goto bad;
+ }
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
goto end;
}
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
+
+ e = setup_engine(bio_err, engine_id, 1);
+
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
if (bio_c_out == NULL)
{
- if (c_quiet)
+ if (c_quiet && !c_debug && !c_msg)
{
bio_c_out=BIO_new(BIO_s_null());
}
}
}
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
-
- if (engine_id != NULL)
- {
- if((e = ENGINE_by_id(engine_id)) == NULL)
- {
- BIO_printf(bio_err,"invalid engine\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- if (c_debug)
- {
- ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
- 0, bio_err, 0);
- }
- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
- {
- BIO_printf(bio_err,"can't use that engine\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
- ENGINE_free(e);
- }
-
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
/* goto end; */
}
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
con=SSL_new(ctx);
#ifndef OPENSSL_NO_KRB5
BIO_set_callback(sbio,bio_dump_cb);
BIO_set_callback_arg(sbio,bio_c_out);
}
+ if (c_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_c_out);
+ }
SSL_set_bio(con,sbio,sbio);
SSL_set_connect_state(con);
sbuf_len=0;
sbuf_off=0;
+ /* This is an ugly hack that does a lot of assumptions */
+ if (smtp_starttls)
+ {
+ BIO_read(sbio,mbuf,BUFSIZZ);
+ BIO_printf(sbio,"STARTTLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
+
for (;;)
{
FD_ZERO(&readfds);
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
+ if (smtp_starttls)
+ {
+ BIO_printf(bio_err,"%s",mbuf);
+ /* We don't need to know any more */
+ smtp_starttls = 0;
+ }
+
if (reconnect)
{
reconnect--;
if (ctx != NULL) SSL_CTX_free(ctx);
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+ if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
+ apps_shutdown();
EXIT(ret);
}
BIO_printf(bio,"---\n");
if (peer != NULL)
X509_free(peer);
+ /* flush, or debugging output gets mixed with http response */
+ BIO_flush(bio);
}
projects / openssl.git / blobdiff