X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_client.c;h=5b4cd4839fe29f53c6f279909f15bc77fe308dc7;hp=c338b0c5250a5b07f43383f1e3c0c6d5927e8cea;hb=b7dffce017aa045272c42eeb5da40804015a759a;hpb=6bea2a72a8bfe94bb7298374d1977b2ca580c415 diff --git a/apps/s_client.c b/apps/s_client.c index c338b0c525..5b4cd4839f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -141,6 +141,8 @@ #include #include +#ifndef OPENSSL_NO_SOCK + /* * With IPv6, it looks like Digital has mixed up the proper order of * recursive header file inclusion, resulting in the compiler complaining @@ -884,14 +886,13 @@ int s_client_main(int argc, char **argv) char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p; char *xmpphost = NULL; const char *ehlo = "mail.example.com"; - struct sockaddr peer; struct timeval timeout, *timeoutp; fd_set readfds, writefds; int noCApath = 0, noCAfile = 0; int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM; int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0; int prexit = 0; - int enable_timeouts = 0, sdebug = 0, peerlen = sizeof peer; + int sdebug = 0; int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0; int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0; int sbuf_len, sbuf_off, cmdletters = 1; @@ -900,13 +901,17 @@ int s_client_main(int argc, char **argv) int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; int read_buf_len = 0; int fallback_scsv = 0; - long socket_mtu = 0, randamt = 0; + long randamt = 0; OPTION_CHOICE o; +#ifndef OPENSSL_NO_DTLS + int enable_timeouts = 0; + long socket_mtu = 0; +#endif #ifndef OPENSSL_NO_ENGINE ENGINE *ssl_client_engine = NULL; #endif ENGINE *e = NULL; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) struct timeval tv; #endif char *servername = NULL; @@ -928,6 +933,7 @@ int s_client_main(int argc, char **argv) char *ctlog_file = NULL; ct_validation_cb ct_validation = NULL; #endif + int min_version = 0, max_version = 0; FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -1199,25 +1205,30 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_SRP case OPT_SRPUSER: srp_arg.srplogin = opt_arg(); - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; case OPT_SRPPASS: srppass = opt_arg(); - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; case OPT_SRP_STRENGTH: srp_arg.strength = atoi(opt_arg()); BIO_printf(bio_err, "SRP minimal length for N is %d\n", srp_arg.strength); - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; case OPT_SRP_LATEUSER: srp_lateuser = 1; - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; case OPT_SRP_MOREGROUPS: srp_arg.amp = 1; - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; #else case OPT_SRPUSER: @@ -1231,24 +1242,20 @@ int s_client_main(int argc, char **argv) ssl_config = opt_arg(); break; case OPT_SSL3: -#ifndef OPENSSL_NO_SSL3 - meth = SSLv3_client_method(); -#endif + min_version = SSL3_VERSION; + max_version = SSL3_VERSION; break; case OPT_TLS1_2: -#ifndef OPENSSL_NO_TLS1_2 - meth = TLSv1_2_client_method(); -#endif + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; break; case OPT_TLS1_1: -#ifndef OPENSSL_NO_TLS1_1 - meth = TLSv1_1_client_method(); -#endif + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; break; case OPT_TLS1: -#ifndef OPENSSL_NO_TLS1 - meth = TLSv1_client_method(); -#endif + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; break; case OPT_DTLS: #ifndef OPENSSL_NO_DTLS @@ -1258,13 +1265,17 @@ int s_client_main(int argc, char **argv) break; case OPT_DTLS1: #ifndef OPENSSL_NO_DTLS1 - meth = DTLSv1_client_method(); + meth = DTLS_client_method(); + min_version = DTLS1_VERSION; + max_version = DTLS1_VERSION; socket_type = SOCK_DGRAM; #endif break; case OPT_DTLS1_2: #ifndef OPENSSL_NO_DTLS1_2 - meth = DTLSv1_2_client_method(); + meth = DTLS_client_method(); + min_version = DTLS1_2_VERSION; + max_version = DTLS1_2_VERSION; socket_type = SOCK_DGRAM; #endif break; @@ -1566,6 +1577,11 @@ int s_client_main(int argc, char **argv) } } + if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) + goto end; + if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) + goto end; + if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { BIO_printf(bio_err, "Error setting verify params\n"); ERR_print_errors(bio_err); @@ -1802,7 +1818,10 @@ int s_client_main(int argc, char **argv) } BIO_printf(bio_c_out, "Turned on non blocking io\n"); } +#ifndef OPENSSL_NO_DTLS if (socket_type == SOCK_DGRAM) { + struct sockaddr peer; + int peerlen = sizeof peer; sbio = BIO_new_dgram(s, BIO_NOCLOSE); if (getsockname(s, &peer, (void *)&peerlen) < 0) { @@ -1841,6 +1860,7 @@ int s_client_main(int argc, char **argv) /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); } else +#endif /* OPENSSL_NO_DTLS */ sbio = BIO_new_socket(s, BIO_NOCLOSE); if (nbio_test) { @@ -2054,7 +2074,7 @@ int s_client_main(int argc, char **argv) BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); - BIO_printf(fbio, "CONNECT %s\r\n\r\n", connectstr); + BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n\r\n", connectstr); (void)BIO_flush(fbio); /* wait for multi-line response to end CONNECT response */ do { @@ -2199,7 +2219,7 @@ int s_client_main(int argc, char **argv) ssl_pending = read_ssl && SSL_has_pending(con); if (!ssl_pending) { -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) if (tty_on) { if (read_tty) openssl_fdset(fileno(stdin), &readfds); @@ -2257,17 +2277,6 @@ int s_client_main(int argc, char **argv) i = select(width, (void *)&readfds, (void *)&writefds, NULL, timeoutp); } -#elif defined(OPENSSL_SYS_NETWARE) - if (!write_tty) { - if (read_tty) { - tv.tv_sec = 1; - tv.tv_usec = 0; - i = select(width, (void *)&readfds, (void *)&writefds, - NULL, &tv); - } else - i = select(width, (void *)&readfds, (void *)&writefds, - NULL, timeoutp); - } #else i = select(width, (void *)&readfds, (void *)&writefds, NULL, timeoutp); @@ -2349,7 +2358,7 @@ int s_client_main(int argc, char **argv) goto shut; } } -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) /* Assume Windows/DOS/BeOS can always write */ else if (!ssl_pending && write_tty) #else @@ -2444,8 +2453,6 @@ int s_client_main(int argc, char **argv) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) # endif -#elif defined (OPENSSL_SYS_NETWARE) - else if (_kbhit()) #else else if (FD_ISSET(fileno(stdin), &readfds)) #endif @@ -2558,6 +2565,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) unsigned char *exportedkeymat; #ifndef OPENSSL_NO_CT const STACK_OF(SCT) *scts; + const SSL_CTX *ctx = SSL_get_SSL_CTX(s); #endif if (full) { @@ -2622,8 +2630,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) } if (scts != NULL && sk_SCT_num(scts) > 0) { + const CTLOG_STORE *log_store = SSL_CTX_get0_ctlog_store(ctx); + BIO_printf(bio, "---\n"); - SCT_LIST_print(scts, bio, 0, "\n---\n"); + SCT_LIST_print(scts, bio, 0, "\n---\n", log_store); BIO_printf(bio, "\n"); } #endif @@ -2749,3 +2759,5 @@ static int ocsp_resp_cb(SSL *s, void *arg) OCSP_RESPONSE_free(rsp); return 1; } + +#endif