#ifndef OPENSSL_NO_TLSEXT
static int c_tlsextdebug=0;
static int c_status_req=0;
+static int c_proof_debug=0;
#endif
static int c_msg=0;
static int c_showcerts=0;
static void print_stuff(BIO *berr,SSL *con,int full);
#ifndef OPENSSL_NO_TLSEXT
static int ocsp_resp_cb(SSL *s, void *arg);
+static int audit_proof_cb(SSL *s, void *arg);
#endif
static BIO *bio_c_out=NULL;
+static BIO *bio_c_msg=NULL;
static int c_quiet=0;
static int c_ign_eof=0;
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err," -status - request certificate status from server\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err," -proof_debug - request an audit proof and print its hex dump\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
# endif
#endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
- BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
+ BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
}
#endif
#ifndef OPENSSL_NO_TLSEXT
char *servername = NULL;
+ char *curves=NULL;
+ char *sigalgs=NULL;
+ char *client_sigalgs=NULL;
tlsextctx tlsextcbp =
{NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
- meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
- meth=SSLv2_client_method();
-#endif
apps_startup();
c_Pause=0;
c_tlsextdebug=1;
else if (strcmp(*argv,"-status") == 0)
c_status_req=1;
+ else if (strcmp(*argv,"-proof_debug") == 0)
+ c_proof_debug=1;
#endif
#ifdef WATT32
else if (strcmp(*argv,"-wdebug") == 0)
#endif
else if (strcmp(*argv,"-msg") == 0)
c_msg=1;
+ else if (strcmp(*argv,"-msgfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ bio_c_msg = BIO_new_file(*(++argv), "w");
+ }
+#ifndef OPENSSL_NO_SSL_TRACE
+ else if (strcmp(*argv,"-trace") == 0)
+ c_msg=2;
+#endif
else if (strcmp(*argv,"-showcerts") == 0)
c_showcerts=1;
else if (strcmp(*argv,"-nbio_test") == 0)
psk_key=*(++argv);
for (j = 0; j < strlen(psk_key); j++)
{
- if (isxdigit((int)psk_key[j]))
+ if (isxdigit((unsigned char)psk_key[j]))
continue;
BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
goto bad;
servername= *(++argv);
/* meth=TLSv1_client_method(); */
}
+ else if (strcmp(*argv,"-curves") == 0)
+ {
+ if (--argc < 1) goto bad;
+ curves= *(++argv);
+ }
+ else if (strcmp(*argv,"-sigalgs") == 0)
+ {
+ if (--argc < 1) goto bad;
+ sigalgs= *(++argv);
+ }
+ else if (strcmp(*argv,"-client_sigalgs") == 0)
+ {
+ if (--argc < 1) goto bad;
+ client_sigalgs= *(++argv);
+ }
#endif
#ifndef OPENSSL_NO_JPAKE
else if (strcmp(*argv,"-jpake") == 0)
#endif
SSL_CTX_set_verify(ctx,verify,verify_callback);
- if (!set_cert_key_stuff(ctx,cert,key))
+ if (!set_cert_key_stuff(ctx,cert,key, NULL))
goto end;
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
}
#ifndef OPENSSL_NO_TLSEXT
+ if (curves != NULL)
+ if(!SSL_CTX_set1_curves_list(ctx,curves)) {
+ BIO_printf(bio_err,"error setting curve list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (sigalgs != NULL)
+ if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs)) {
+ BIO_printf(bio_err,"error setting signature algorithms list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (client_sigalgs != NULL)
+ if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) {
+ BIO_printf(bio_err,"error setting client signature algorithms list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if (servername != NULL)
{
tlsextcbp.biodebug = bio_err;
}
#endif
+ if (c_proof_debug)
+ SSL_CTX_set_tlsext_authz_server_audit_proof_cb(ctx,
+ audit_proof_cb);
#endif
con=SSL_new(ctx);
}
if (c_msg)
{
- SSL_set_msg_callback(con, msg_cb);
- SSL_set_msg_callback_arg(con, bio_c_out);
+#ifndef OPENSSL_NO_SSL_TRACE
+ if (c_msg == 2)
+ SSL_set_msg_callback(con, SSL_trace);
+ else
+#endif
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out);
}
#ifndef OPENSSL_NO_TLSEXT
if (c_tlsextdebug)
SSL_renegotiate(con);
cbuf_len=0;
}
+#ifndef OPENSSL_NO_HEARTBEATS
+ else if ((!c_ign_eof) && (cbuf[0] == 'B'))
+ {
+ BIO_printf(bio_err,"HEARTBEATING\n");
+ SSL_heartbeat(con);
+ cbuf_len=0;
+ }
+#endif
else
{
cbuf_len=i;
BIO_free(bio_c_out);
bio_c_out=NULL;
}
+ if (bio_c_msg != NULL)
+ {
+ BIO_free(bio_c_msg);
+ bio_c_msg=NULL;
+ }
apps_shutdown();
OPENSSL_EXIT(ret);
}
BIO_write(bio,"\n",1);
}
+ ssl_print_sigalgs(bio, s, 1);
+
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),
BIO_number_written(SSL_get_wbio(s)));
BIO_printf(bio,"Expansion: %s\n",
expansion ? SSL_COMP_get_name(expansion) : "NONE");
#endif
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
- if (next_proto.status != -1) {
- const unsigned char *proto;
- unsigned int proto_len;
- SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
- BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
- BIO_write(bio, proto, proto_len);
- BIO_write(bio, "\n", 1);
- }
-#endif
-
+
#ifdef SSL_DEBUG
{
/* Print out local port of connection: useful for debugging */
}
#endif
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ if (next_proto.status != -1) {
+ const unsigned char *proto;
+ unsigned int proto_len;
+ SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
+ BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
+ BIO_write(bio, proto, proto_len);
+ BIO_write(bio, "\n", 1);
+ }
+#endif
+
{
SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
}
SSL_SESSION_print(bio,SSL_get_session(s));
- if (keymatexportlabel != NULL) {
+ if (keymatexportlabel != NULL)
+ {
BIO_printf(bio, "Keying material exporter:\n");
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
exportedkeymat = OPENSSL_malloc(keymatexportlen);
- if (exportedkeymat != NULL) {
- i = SSL_export_keying_material(s, exportedkeymat,
- keymatexportlen,
- keymatexportlabel,
- strlen(keymatexportlabel),
- NULL, 0, 0);
- if (i != keymatexportlen) {
- BIO_printf(bio,
- " Error: return value %i\n", i);
- } else {
+ if (exportedkeymat != NULL)
+ {
+ if (!SSL_export_keying_material(s, exportedkeymat,
+ keymatexportlen,
+ keymatexportlabel,
+ strlen(keymatexportlabel),
+ NULL, 0, 0))
+ {
+ BIO_printf(bio, " Error\n");
+ }
+ else
+ {
BIO_printf(bio, " Keying material: ");
for (i=0; i<keymatexportlen; i++)
BIO_printf(bio, "%02X",
exportedkeymat[i]);
BIO_printf(bio, "\n");
- }
+ }
OPENSSL_free(exportedkeymat);
+ }
}
- }
BIO_printf(bio,"---\n");
if (peer != NULL)
X509_free(peer);
return 1;
}
+static int audit_proof_cb(SSL *s, void *arg)
+ {
+ const unsigned char *proof;
+ size_t proof_len;
+ size_t i;
+ SSL_SESSION *sess = SSL_get_session(s);
+
+ proof = SSL_SESSION_get_tlsext_authz_server_audit_proof(sess,
+ &proof_len);
+ if (proof != NULL)
+ {
+ BIO_printf(bio_c_out, "Audit proof: ");
+ for (i = 0; i < proof_len; ++i)
+ BIO_printf(bio_c_out, "%02X", proof[i]);
+ BIO_printf(bio_c_out, "\n");
+ }
+ else
+ {
+ BIO_printf(bio_c_out, "No audit proof found.\n");
+ }
+ return 1;
+ }
#endif
projects / openssl.git / blobdiff