#ifndef OPENSSL_NO_TLSEXT
-static const unsigned char *most_recent_supplemental_data;
-static size_t most_recent_supplemental_data_length;
+static unsigned char *generated_supp_data = NULL;
+
+static const unsigned char *most_recent_supplemental_data = NULL;
+static size_t most_recent_supplemental_data_length = 0;
static int server_provided_server_authz = 0;
static int server_provided_client_authz = 0;
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out,
- unsigned short *outlen, void *arg);
+ unsigned short *outlen, int *al, void *arg);
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen,
- void *arg);
+ int *al, void *arg);
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in,
BIO_printf(bio_err,"\n");
BIO_printf(bio_err," -host host - use -connect instead\n");
BIO_printf(bio_err," -port port - use -connect instead\n");
- BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+ BIO_printf(bio_err," -connect host:port - connect over TCP/IP (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+ BIO_printf(bio_err," -unix path - connect over unix domain sockets\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -trusted_first - Use local CA's first when building trust chain\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
- BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
# endif
+ BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
#endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
ext_buf[3] = inlen & 0xFF;
memcpy(ext_buf+4, in, inlen);
- BIO_snprintf(pem_name, sizeof(pem_name), "SERVER_INFO %d", ext_type);
+ BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
+ ext_type);
PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen);
return 1;
}
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
+ const char *unix_path = NULL;
char *xmpphost = NULL;
char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
{NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
- const char *alpn_in = NULL;
# endif
+ const char *alpn_in = NULL;
# define MAX_SI_TYPES 100
unsigned short serverinfo_types[MAX_SI_TYPES];
int serverinfo_types_count = 0;
int crl_format = FORMAT_PEM;
int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
+ int sdebug = 0;
meth=SSLv23_client_method();
if (!extract_host_port(*(++argv),&host,NULL,&port))
goto bad;
}
+ else if (strcmp(*argv,"-unix") == 0)
+ {
+ if (--argc < 1) goto bad;
+ unix_path = *(++argv);
+ }
else if (strcmp(*argv,"-xmpphost") == 0)
{
if (--argc < 1) goto bad;
else if (strcmp(*argv,"-trace") == 0)
c_msg=2;
#endif
+ else if (strcmp(*argv,"-security_debug") == 0)
+ { sdebug=1; }
+ else if (strcmp(*argv,"-security_debug_verbose") == 0)
+ { sdebug=2; }
else if (strcmp(*argv,"-showcerts") == 0)
c_showcerts=1;
else if (strcmp(*argv,"-nbio_test") == 0)
if (--argc < 1) goto bad;
next_proto_neg_in = *(++argv);
}
+# endif
else if (strcmp(*argv,"-alpn") == 0)
{
if (--argc < 1) goto bad;
alpn_in = *(++argv);
}
-# endif
else if (strcmp(*argv,"-serverinfo") == 0)
{
char *c;
goto end;
}
+ if (unix_path && (socket_type != SOCK_STREAM))
+ {
+ BIO_printf(bio_err, "Can't use unix sockets and datagrams together\n");
+ goto end;
+ }
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
if (jpake_secret)
{
goto end;
}
+ if (sdebug)
+ ssl_ctx_security_debug(ctx, bio_err, sdebug);
+
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
re_start:
- if (init_client(&s,host,port,socket_type) == 0)
+ if ((!unix_path && (init_client(&s,host,port,socket_type) == 0)) ||
+ (unix_path && (init_client_unix(&s,unix_path) == 0)))
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
"CONNECTION ESTABLISHED\n");
print_ssl_summary(bio_err, con);
}
+ /*handshake is complete - free the generated supp data allocated in the callback */
+ if (generated_supp_data)
+ {
+ OPENSSL_free(generated_supp_data);
+ generated_supp_data = NULL;
+ }
+
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
BIO_write(bio, proto, proto_len);
BIO_write(bio, "\n", 1);
}
+# endif
{
const unsigned char *proto;
unsigned int proto_len;
else
BIO_printf(bio, "No ALPN negotiated\n");
}
-# endif
#endif
{
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen,
- void *arg)
+ int *al, void *arg)
{
if (c_auth)
{
+ /*if auth_require_reneg flag is set, only send extensions if
+ renegotiation has occurred */
if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s)))
{
*out = auth_ext_data;
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ unsigned short *outlen, int *al, void *arg)
{
- unsigned char *result;
if (c_auth && server_provided_client_authz && server_provided_server_authz)
{
+ /*if auth_require_reneg flag is set, only send supplemental data if
+ renegotiation has occurred */
if (!c_auth_require_reneg
|| (c_auth_require_reneg && SSL_num_renegotiations(s)))
{
- result = OPENSSL_malloc(10);
- memcpy(result, "5432154321", 10);
- *out = result;
+ generated_supp_data = OPENSSL_malloc(10);
+ memcpy(generated_supp_data, "5432154321", 10);
+ *out = generated_supp_data;
*outlen = 10;
return 1;
}