[thirdparty/openssl.git] / apps / s_client.c

/* apps/s_client.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define USE_SOCKETS
#ifdef NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
#include "x509.h"
#include "ssl.h"
#include "err.h"
#include "pem.h"
#include "s_apps.h"

#undef PROG
#define PROG	s_client_main

/*#define SSL_HOST_NAME	"www.netscape.com" */
/*#define SSL_HOST_NAME	"193.118.187.102" */
#define SSL_HOST_NAME	"localhost"

/*#define TEST_CERT "client.pem" */ /* no default cert. */

#undef BUFSIZZ
#define BUFSIZZ 1024*8

extern int verify_depth;
extern int verify_error;

#ifdef FIONBIO
static int c_nbio=0;
#endif
static int c_Pause=0;
static int c_debug=0;

#ifndef NOPROTO
static void sc_usage(void);
static void print_stuff(BIO *berr,SSL *con,int full);
#else
static void sc_usage();
static void print_stuff();
#endif

static BIO *bio_c_out=NULL;
static int c_quiet=0;

static void sc_usage()
	{
	BIO_printf(bio_err,"usage: client args\n");
	BIO_printf(bio_err,"\n");
	BIO_printf(bio_err," -host host     - use -connect instead\n");
	BIO_printf(bio_err," -port port     - use -connect instead\n");
	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);

	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
	BIO_printf(bio_err,"                 not specified but cert file is.\n");
	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
	BIO_printf(bio_err," -debug        - extra output\n");
	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
#ifdef FIONBIO
	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
#endif
	BIO_printf(bio_err," -quiet        - no s_client output\n");
	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
	BIO_printf(bio_err,"                 command to see what is available\n");

	}

int MAIN(argc, argv)
int argc;
char **argv;
	{
	int off=0;
	SSL *con=NULL,*con2=NULL;
	int s,k,width,state=0;
	char *cbuf=NULL,*sbuf=NULL;
	int cbuf_len,cbuf_off;
	int sbuf_len,sbuf_off;
	fd_set readfds,writefds;
	short port=PORT;
	int full_log=1;
	char *host=SSL_HOST_NAME;
	char *cert_file=NULL,*key_file=NULL;
	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
	SSL_CTX *ctx=NULL;
	int ret=1,in_init=1,i,nbio_test=0;
	SSL_METHOD *meth=NULL;
	BIO *sbio;
	/*static struct timeval timeout={10,0};*/

#if !defined(NO_SSL2) && !defined(NO_SSL3)
	meth=SSLv23_client_method();
#elif !defined(NO_SSL3)
	meth=SSLv3_client_method();
#elif !defined(NO_SSL2)
	meth=SSLv2_client_method();
#endif

	apps_startup();
	c_Pause=0;
	c_quiet=0;
	c_debug=0;

	if (bio_err == NULL)
		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
		((sbuf=Malloc(BUFSIZZ)) == NULL))
		{
		BIO_printf(bio_err,"out of memory\n");
		goto end;
		}

	verify_depth=0;
	verify_error=X509_V_OK;
#ifdef FIONBIO
	c_nbio=0;
#endif

	argc--;
	argv++;
	while (argc >= 1)
		{
		if	(strcmp(*argv,"-host") == 0)
			{
			if (--argc < 1) goto bad;
			host= *(++argv);
			}
		else if	(strcmp(*argv,"-port") == 0)
			{
			if (--argc < 1) goto bad;
			port=atoi(*(++argv));
			if (port == 0) goto bad;
			}
		else if (strcmp(*argv,"-connect") == 0)
			{
			if (--argc < 1) goto bad;
			if (!extract_host_port(*(++argv),&host,NULL,&port))
				goto bad;
			}
		else if	(strcmp(*argv,"-verify") == 0)
			{
			verify=SSL_VERIFY_PEER;
			if (--argc < 1) goto bad;
			verify_depth=atoi(*(++argv));
			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
			}
		else if	(strcmp(*argv,"-cert") == 0)
			{
			if (--argc < 1) goto bad;
			cert_file= *(++argv);
			}
		else if	(strcmp(*argv,"-quiet") == 0)
			c_quiet=1;
		else if	(strcmp(*argv,"-pause") == 0)
			c_Pause=1;
		else if	(strcmp(*argv,"-debug") == 0)
			c_debug=1;
		else if	(strcmp(*argv,"-nbio_test") == 0)
			nbio_test=1;
		else if	(strcmp(*argv,"-state") == 0)
			state=1;
#ifndef NO_SSL2
		else if	(strcmp(*argv,"-ssl2") == 0)
			meth=SSLv2_client_method();
#endif
#ifndef NO_SSL3
		else if	(strcmp(*argv,"-ssl3") == 0)
			meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
		else if	(strcmp(*argv,"-tls1") == 0)
			meth=TLSv1_client_method();
#endif
		else if (strcmp(*argv,"-bugs") == 0)
			bugs=1;
		else if	(strcmp(*argv,"-key") == 0)
			{
			if (--argc < 1) goto bad;
			key_file= *(++argv);
			}
		else if	(strcmp(*argv,"-reconnect") == 0)
			{
			reconnect=5;
			}
		else if	(strcmp(*argv,"-CApath") == 0)
			{
			if (--argc < 1) goto bad;
			CApath= *(++argv);
			}
		else if	(strcmp(*argv,"-CAfile") == 0)
			{
			if (--argc < 1) goto bad;
			CAfile= *(++argv);
			}
		else if (strcmp(*argv,"-no_tls1") == 0)
			off|=SSL_OP_NO_TLSv1;
		else if (strcmp(*argv,"-no_ssl3") == 0)
			off|=SSL_OP_NO_SSLv3;
		else if (strcmp(*argv,"-no_ssl2") == 0)
			off|=SSL_OP_NO_SSLv2;
		else if	(strcmp(*argv,"-cipher") == 0)
			{
			if (--argc < 1) goto bad;
			cipher= *(++argv);
			}
#ifdef FIONBIO
		else if (strcmp(*argv,"-nbio") == 0)
			{ c_nbio=1; }
#endif
		else
			{
			BIO_printf(bio_err,"unknown option %s\n",*argv);
			badop=1;
			break;
			}
		argc--;
		argv++;
		}
	if (badop)
		{
bad:
		sc_usage();
		goto end;
		}

	if (bio_c_out == NULL)
		{
		if (c_quiet)
			{
			bio_c_out=BIO_new(BIO_s_null());
			}
		else
			{
			if (bio_c_out == NULL)
				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
			}
		}

	SSLeay_add_ssl_algorithms();
	ctx=SSL_CTX_new(meth);
	if (ctx == NULL)
		{
		ERR_print_errors(bio_err);
		goto end;
		}

	if (bugs)
		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
	else
		SSL_CTX_set_options(ctx,off);

	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
	if (cipher != NULL)
		SSL_CTX_set_cipher_list(ctx,cipher);
#if 0
	else
		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
#endif

	SSL_CTX_set_verify(ctx,verify,verify_callback);
	if (!set_cert_stuff(ctx,cert_file,key_file))
		goto end;

	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
		(!SSL_CTX_set_default_verify_paths(ctx)))
		{
		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
		ERR_print_errors(bio_err);
		/* goto end; */
		}

	SSL_load_error_strings();

	con=(SSL *)SSL_new(ctx);
/*	SSL_set_cipher_list(con,"RC4-MD5"); */

re_start:

	if (init_client(&s,host,port) == 0)
		{
		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
		SHUTDOWN(s);
		goto end;
		}
	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);

#ifdef FIONBIO
	if (c_nbio)
		{
		unsigned long l=1;
		BIO_printf(bio_c_out,"turning on non blocking io\n");
		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
			{
			ERR_print_errors(bio_err);
			goto end;
			}
		}
#endif                                              
	if (c_Pause & 0x01) con->debug=1;
	sbio=BIO_new_socket(s,BIO_NOCLOSE);

	if (nbio_test)
		{
		BIO *test;

		test=BIO_new(BIO_f_nbio_test());
		sbio=BIO_push(test,sbio);
		}

	if (c_debug)
		{
		con->debug=1;
		BIO_set_callback(sbio,bio_dump_cb);
		BIO_set_callback_arg(sbio,bio_c_out);
		}

	SSL_set_bio(con,sbio,sbio);
	SSL_set_connect_state(con);

	/* ok, lets connect */
	width=SSL_get_fd(con)+1;

	read_tty=1;
	write_tty=0;
	tty_on=0;
	read_ssl=1;
	write_ssl=1;
	
	cbuf_len=0;
	cbuf_off=0;
	sbuf_len=0;
	sbuf_off=0;

	for (;;)
		{
		FD_ZERO(&readfds);
		FD_ZERO(&writefds);

		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
			{
			in_init=1;
			tty_on=0;
			}
		else
			{
			tty_on=1;
			if (in_init)
				{
				in_init=0;
				print_stuff(bio_c_out,con,full_log);
				if (full_log > 0) full_log--;

				if (reconnect)
					{
					reconnect--;
					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
					SSL_shutdown(con);
					SSL_set_connect_state(con);
					SHUTDOWN(SSL_get_fd(con));
					goto re_start;
					}
				}
			}

#ifndef WINDOWS
		if (tty_on)
			{
			if (read_tty)  FD_SET(fileno(stdin),&readfds);
			if (write_tty) FD_SET(fileno(stdout),&writefds);
			}
#endif
		if (read_ssl)
			FD_SET(SSL_get_fd(con),&readfds);
		if (write_ssl)
			FD_SET(SSL_get_fd(con),&writefds);

/*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/

		i=select(width,&readfds,&writefds,NULL,NULL);
		if ( i < 0)
			{
			BIO_printf(bio_err,"bad select %d\n",
				get_last_socket_error());
			goto shut;
			/* goto end; */
			}

		if (FD_ISSET(SSL_get_fd(con),&writefds))
			{
			k=SSL_write(con,&(cbuf[cbuf_off]),
				(unsigned int)cbuf_len);
			switch (SSL_get_error(con,k))
				{
			case SSL_ERROR_NONE:
				cbuf_off+=k;
				cbuf_len-=k;
				if (k <= 0) goto end;
				/* we have done a  write(con,NULL,0); */
				if (cbuf_len <= 0)
					{
					read_tty=1;
					write_ssl=0;
					}
				else /* if (cbuf_len > 0) */
					{
					read_tty=0;
					write_ssl=1;
					}
				break;
			case SSL_ERROR_WANT_WRITE:
				BIO_printf(bio_c_out,"write W BLOCK\n");
				write_ssl=1;
				read_tty=0;
				break;
			case SSL_ERROR_WANT_READ:
				BIO_printf(bio_c_out,"write R BLOCK\n");
				write_tty=0;
				read_ssl=1;
				write_ssl=0;
				break;
			case SSL_ERROR_WANT_X509_LOOKUP:
				BIO_printf(bio_c_out,"write X BLOCK\n");
				break;
			case SSL_ERROR_ZERO_RETURN:
				if (cbuf_len != 0)
					{
					BIO_printf(bio_c_out,"shutdown\n");
					goto shut;
					}
				else
					{
					read_tty=1;
					write_ssl=0;
					break;
					}
				
			case SSL_ERROR_SYSCALL:
				if ((k != 0) || (cbuf_len != 0))
					{
					BIO_printf(bio_err,"write:errno=%d\n",
						get_last_socket_error());
					goto shut;
					}
				else
					{
					read_tty=1;
					write_ssl=0;
					}
				break;
			case SSL_ERROR_SSL:
				ERR_print_errors(bio_err);
				goto shut;
				}
			}
#ifndef WINDOWS
		else if (FD_ISSET(fileno(stdout),&writefds))
			{
			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);

			if (i <= 0)
				{
				BIO_printf(bio_c_out,"DONE\n");
				goto shut;
				/* goto end; */
				}

			sbuf_len-=i;;
			sbuf_off+=i;
			if (sbuf_len <= 0)
				{
				read_ssl=1;
				write_tty=0;
				}
			}
#endif
		else if (FD_ISSET(SSL_get_fd(con),&readfds))
			{
#ifdef RENEG
{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
#endif
#if 1
			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
#else
/* Demo for pending and peek :-) */
			k=SSL_read(con,sbuf,16);
{ char zbuf[10240]; 
printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
}
#endif

			switch (SSL_get_error(con,k))
				{
			case SSL_ERROR_NONE:
				if (k <= 0)
					goto end;
				sbuf_off=0;
				sbuf_len=k;

				read_ssl=0;
				write_tty=1;
				break;
			case SSL_ERROR_WANT_WRITE:
				BIO_printf(bio_c_out,"read W BLOCK\n");
				write_ssl=1;
				read_tty=0;
				break;
			case SSL_ERROR_WANT_READ:
				BIO_printf(bio_c_out,"read R BLOCK\n");
				write_tty=0;
				read_ssl=1;
				if ((read_tty == 0) && (write_ssl == 0))
					write_ssl=1;
				break;
			case SSL_ERROR_WANT_X509_LOOKUP:
				BIO_printf(bio_c_out,"read X BLOCK\n");
				break;
			case SSL_ERROR_SYSCALL:
				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
				goto shut;
			case SSL_ERROR_ZERO_RETURN:
				BIO_printf(bio_c_out,"closed\n");
				goto shut;
			case SSL_ERROR_SSL:
				ERR_print_errors(bio_err);
				goto shut;
				/* break; */
				}
			}

#ifndef WINDOWS
		else if (FD_ISSET(fileno(stdin),&readfds))
			{
			i=read(fileno(stdin),cbuf,BUFSIZZ);

			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
				{
				BIO_printf(bio_err,"DONE\n");
				goto shut;
				}

			if ((!c_quiet) && (cbuf[0] == 'R'))
				{
				SSL_renegotiate(con);
				read_tty=0;
				write_ssl=1;
				}
			else
				{
				cbuf_len=i;
				cbuf_off=0;
				}

			read_tty=0;
			write_ssl=1;
			}
#endif
		}
shut:
	SSL_shutdown(con);
	SHUTDOWN(SSL_get_fd(con));
	ret=0;
end:
	if (con != NULL) SSL_free(con);
	if (con2 != NULL) SSL_free(con2);
	if (ctx != NULL) SSL_CTX_free(ctx);
	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
	if (bio_c_out != NULL)
		{
		BIO_free(bio_c_out);
		bio_c_out=NULL;
		}
	EXIT(ret);
	}


static void print_stuff(bio,s,full)
BIO *bio;
SSL *s;
int full;
	{
	X509 *peer=NULL;
	char *p;
	static char *space="                ";
	char buf[BUFSIZ];
	STACK *sk;
	SSL_CIPHER *c;
	X509_NAME *xn;
	int j,i;

	if (full)
		{
		sk=SSL_get_peer_cert_chain(s);
		if (sk != NULL)
			{
			BIO_printf(bio,"---\nCertificate chain\n");
			for (i=0; i<sk_num(sk); i++)
				{
				X509_NAME_oneline(X509_get_subject_name((X509 *)
					sk_value(sk,i)),buf,BUFSIZ);
				BIO_printf(bio,"%2d s:%s\n",i,buf);
				X509_NAME_oneline(X509_get_issuer_name((X509 *)
					sk_value(sk,i)),buf,BUFSIZ);
				BIO_printf(bio,"   i:%s\n",buf);
				}
			}

		BIO_printf(bio,"---\n");
		peer=SSL_get_peer_certificate(s);
		if (peer != NULL)
			{
			BIO_printf(bio,"Server certificate\n");
			PEM_write_bio_X509(bio,peer);
			X509_NAME_oneline(X509_get_subject_name(peer),
				buf,BUFSIZ);
			BIO_printf(bio,"subject=%s\n",buf);
			X509_NAME_oneline(X509_get_issuer_name(peer),
				buf,BUFSIZ);
			BIO_printf(bio,"issuer=%s\n",buf);
			}
		else
			BIO_printf(bio,"no peer certificate available\n");

		sk=SSL_get_client_CA_list(s);
		if ((sk != NULL) && (sk_num(sk) > 0))
			{
			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
			for (i=0; i<sk_num(sk); i++)
				{
				xn=(X509_NAME *)sk_value(sk,i);
				X509_NAME_oneline(xn,buf,sizeof(buf));
				BIO_write(bio,buf,strlen(buf));
				BIO_write(bio,"\n",1);
				}
			}
		else
			{
			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
			}
		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
		if (p != NULL)
			{
			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
			j=i=0;
			while (*p)
				{
				if (*p == ':')
					{
					BIO_write(bio,space,15-j%25);
					i++;
					j=0;
					BIO_write(bio,((i%3)?" ":"\n"),1);
					}
				else
					{
					BIO_write(bio,p,1);
					j++;
					}
				p++;
				}
			BIO_write(bio,"\n",1);
			}

		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
			BIO_number_read(SSL_get_rbio(s)),
			BIO_number_written(SSL_get_wbio(s)));
		}
	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
	c=SSL_get_current_cipher(s);
	BIO_printf(bio,"%s, Cipher is %s\n",
		SSL_CIPHER_get_version(c),
		SSL_CIPHER_get_name(c));
	if (peer != NULL)
		BIO_printf(bio,"Server public key is %d bit\n",
			EVP_PKEY_bits(X509_get_pubkey(peer)));
	SSL_SESSION_print(bio,SSL_get_session(s));
	BIO_printf(bio,"---\n");
	if (peer != NULL)
		X509_free(peer);
	}
Commit	Line	Data
d02b48c6	1	/* apps/s_client.c */
58964a49	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include <stdlib.h>
	61	#include <string.h>
	62	#define USE_SOCKETS
58964a49	63	#ifdef NO_STDIO
d02b48c6 RE	64	#define APPS_WIN16
	65	#endif
	66	#include "apps.h"
	67	#include "x509.h"
	68	#include "ssl.h"
	69	#include "err.h"
	70	#include "pem.h"
	71	#include "s_apps.h"
	72
	73	#undef PROG
	74	#define PROG s_client_main
	75
	76	/#define SSL_HOST_NAME "www.netscape.com" /
	77	/#define SSL_HOST_NAME "193.118.187.102" /
	78	#define SSL_HOST_NAME "localhost"
	79
	80	/#define TEST_CERT "client.pem" / /* no default cert. */
	81
	82	#undef BUFSIZZ
	83	#define BUFSIZZ 1024*8
	84
	85	extern int verify_depth;
	86	extern int verify_error;
	87
	88	#ifdef FIONBIO
	89	static int c_nbio=0;
	90	#endif
	91	static int c_Pause=0;
	92	static int c_debug=0;
	93
	94	#ifndef NOPROTO
	95	static void sc_usage(void);
	96	static void print_stuff(BIO berr,SSL con,int full);
	97	#else
	98	static void sc_usage();
	99	static void print_stuff();
	100	#endif
	101
	102	static BIO *bio_c_out=NULL;
	103	static int c_quiet=0;
	104
	105	static void sc_usage()
	106	{
	107	BIO_printf(bio_err,"usage: client args\n");
	108	BIO_printf(bio_err,"\n");
	109	BIO_printf(bio_err," -host host - use -connect instead\n");
	110	BIO_printf(bio_err," -port port - use -connect instead\n");
	111	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
	112
	113	BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
	114	BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
	115	BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n");
	116	BIO_printf(bio_err," not specified but cert file is.\n");
	117	BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
	118	BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
	119	BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
	120	BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
	121	BIO_printf(bio_err," -debug - extra output\n");
	122	BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
	123	BIO_printf(bio_err," -state - print the 'ssl' states\n");
	124	#ifdef FIONBIO
	125	BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
	126	#endif
	127	BIO_printf(bio_err," -quiet - no s_client output\n");
128	BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
129	BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
58964a49 RE	130	BIO_printf(bio_err," -tls1 - just use TLSv1\n");
58964a49 RE	131	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
d02b48c6 RE	132	BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
d02b48c6 RE	133	BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'ssleay ciphers'\n");
dfeab068	134	BIO_printf(bio_err," command to see what is available\n");
d02b48c6 RE	135
	136	}
	137
	138	int MAIN(argc, argv)
	139	int argc;
	140	char **argv;
	141	{
58964a49	142	int off=0;
d02b48c6 RE	143	SSL con=NULL,con2=NULL;
	144	int s,k,width,state=0;
	145	char cbuf=NULL,sbuf=NULL;
	146	int cbuf_len,cbuf_off;
	147	int sbuf_len,sbuf_off;
	148	fd_set readfds,writefds;
	149	short port=PORT;
	150	int full_log=1;
	151	char *host=SSL_HOST_NAME;
	152	char cert_file=NULL,key_file=NULL;
	153	char CApath=NULL,CAfile=NULL,*cipher=NULL;
	154	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
	155	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
	156	SSL_CTX *ctx=NULL;
	157	int ret=1,in_init=1,i,nbio_test=0;
	158	SSL_METHOD *meth=NULL;
	159	BIO *sbio;
	160	/static struct timeval timeout={10,0};/
	161
	162	#if !defined(NO_SSL2) && !defined(NO_SSL3)
	163	meth=SSLv23_client_method();
	164	#elif !defined(NO_SSL3)
	165	meth=SSLv3_client_method();
	166	#elif !defined(NO_SSL2)
	167	meth=SSLv2_client_method();
	168	#endif
	169
	170	apps_startup();
58964a49	171	c_Pause=0;
d02b48c6 RE	172	c_quiet=0;
	173	c_debug=0;
	174
	175	if (bio_err == NULL)
	176	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
	177
	178	if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) \|\|
	179	((sbuf=Malloc(BUFSIZZ)) == NULL))
	180	{
	181	BIO_printf(bio_err,"out of memory\n");
	182	goto end;
	183	}
	184
	185	verify_depth=0;
	186	verify_error=X509_V_OK;
	187	#ifdef FIONBIO
	188	c_nbio=0;
	189	#endif
	190
	191	argc--;
	192	argv++;
	193	while (argc >= 1)
	194	{
	195	if (strcmp(*argv,"-host") == 0)
	196	{
	197	if (--argc < 1) goto bad;
	198	host= *(++argv);
	199	}
	200	else if (strcmp(*argv,"-port") == 0)
	201	{
	202	if (--argc < 1) goto bad;
	203	port=atoi(*(++argv));
	204	if (port == 0) goto bad;
	205	}
	206	else if (strcmp(*argv,"-connect") == 0)
	207	{
	208	if (--argc < 1) goto bad;
	209	if (!extract_host_port(*(++argv),&host,NULL,&port))
	210	goto bad;
	211	}
	212	else if (strcmp(*argv,"-verify") == 0)
	213	{
	214	verify=SSL_VERIFY_PEER;
	215	if (--argc < 1) goto bad;
	216	verify_depth=atoi(*(++argv));
	217	BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
	218	}
	219	else if (strcmp(*argv,"-cert") == 0)
	220	{
	221	if (--argc < 1) goto bad;
	222	cert_file= *(++argv);
	223	}
	224	else if (strcmp(*argv,"-quiet") == 0)
	225	c_quiet=1;
	226	else if (strcmp(*argv,"-pause") == 0)
	227	c_Pause=1;
	228	else if (strcmp(*argv,"-debug") == 0)
	229	c_debug=1;
	230	else if (strcmp(*argv,"-nbio_test") == 0)
	231	nbio_test=1;
	232	else if (strcmp(*argv,"-state") == 0)
	233	state=1;
	234	#ifndef NO_SSL2
	235	else if (strcmp(*argv,"-ssl2") == 0)
236	meth=SSLv2_client_method();
237	#endif
238	#ifndef NO_SSL3
239	else if (strcmp(*argv,"-ssl3") == 0)
240	meth=SSLv3_client_method();
58964a49 RE	241	#endif
	242	#ifndef NO_TLS1
	243	else if (strcmp(*argv,"-tls1") == 0)
	244	meth=TLSv1_client_method();
d02b48c6 RE	245	#endif
	246	else if (strcmp(*argv,"-bugs") == 0)
	247	bugs=1;
	248	else if (strcmp(*argv,"-key") == 0)
	249	{
	250	if (--argc < 1) goto bad;
	251	key_file= *(++argv);
	252	}
	253	else if (strcmp(*argv,"-reconnect") == 0)
	254	{
	255	reconnect=5;
	256	}
	257	else if (strcmp(*argv,"-CApath") == 0)
	258	{
	259	if (--argc < 1) goto bad;
	260	CApath= *(++argv);
	261	}
	262	else if (strcmp(*argv,"-CAfile") == 0)
	263	{
	264	if (--argc < 1) goto bad;
	265	CAfile= *(++argv);
	266	}
58964a49 RE	267	else if (strcmp(*argv,"-no_tls1") == 0)
	268	off\|=SSL_OP_NO_TLSv1;
	269	else if (strcmp(*argv,"-no_ssl3") == 0)
	270	off\|=SSL_OP_NO_SSLv3;
	271	else if (strcmp(*argv,"-no_ssl2") == 0)
	272	off\|=SSL_OP_NO_SSLv2;
d02b48c6 RE	273	else if (strcmp(*argv,"-cipher") == 0)
	274	{
	275	if (--argc < 1) goto bad;
	276	cipher= *(++argv);
	277	}
	278	#ifdef FIONBIO
	279	else if (strcmp(*argv,"-nbio") == 0)
	280	{ c_nbio=1; }
	281	#endif
	282	else
	283	{
	284	BIO_printf(bio_err,"unknown option %s\n",*argv);
	285	badop=1;
	286	break;
	287	}
	288	argc--;
	289	argv++;
	290	}
	291	if (badop)
	292	{
	293	bad:
	294	sc_usage();
	295	goto end;
	296	}
	297
	298	if (bio_c_out == NULL)
	299	{
	300	if (c_quiet)
	301	{
	302	bio_c_out=BIO_new(BIO_s_null());
	303	}
	304	else
	305	{
	306	if (bio_c_out == NULL)
	307	bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
	308	}
	309	}
	310
	311	SSLeay_add_ssl_algorithms();
	312	ctx=SSL_CTX_new(meth);
	313	if (ctx == NULL)
	314	{
	315	ERR_print_errors(bio_err);
	316	goto end;
	317	}
	318
58964a49 RE	319	if (bugs)
	320	SSL_CTX_set_options(ctx,SSL_OP_ALL\|off);
	321	else
	322	SSL_CTX_set_options(ctx,off);
d02b48c6 RE	323
	324	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
	325	if (cipher != NULL)
	326	SSL_CTX_set_cipher_list(ctx,cipher);
	327	#if 0
	328	else
	329	SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
	330	#endif
	331
	332	SSL_CTX_set_verify(ctx,verify,verify_callback);
	333	if (!set_cert_stuff(ctx,cert_file,key_file))
	334	goto end;
	335
	336	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|
	337	(!SSL_CTX_set_default_verify_paths(ctx)))
	338	{
58964a49	339	/* BIO_printf(bio_err,"error seting default verify locations\n"); */
d02b48c6	340	ERR_print_errors(bio_err);
58964a49	341	/* goto end; */
d02b48c6 RE	342	}
	343
	344	SSL_load_error_strings();
	345
	346	con=(SSL *)SSL_new(ctx);
58964a49	347	/* SSL_set_cipher_list(con,"RC4-MD5"); */
d02b48c6 RE	348
	349	re_start:
	350
	351	if (init_client(&s,host,port) == 0)
	352	{
58964a49	353	BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
d02b48c6 RE	354	SHUTDOWN(s);
	355	goto end;
	356	}
	357	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
	358
	359	#ifdef FIONBIO
	360	if (c_nbio)
	361	{
	362	unsigned long l=1;
	363	BIO_printf(bio_c_out,"turning on non blocking io\n");
58964a49 RE	364	if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
	365	{
	366	ERR_print_errors(bio_err);
	367	goto end;
	368	}
d02b48c6 RE	369	}
	370	#endif
	371	if (c_Pause & 0x01) con->debug=1;
	372	sbio=BIO_new_socket(s,BIO_NOCLOSE);
	373
	374	if (nbio_test)
	375	{
	376	BIO *test;
	377
	378	test=BIO_new(BIO_f_nbio_test());
	379	sbio=BIO_push(test,sbio);
	380	}
	381
	382	if (c_debug)
	383	{
	384	con->debug=1;
	385	BIO_set_callback(sbio,bio_dump_cb);
	386	BIO_set_callback_arg(sbio,bio_c_out);
	387	}
	388
	389	SSL_set_bio(con,sbio,sbio);
	390	SSL_set_connect_state(con);
	391
	392	/* ok, lets connect */
	393	width=SSL_get_fd(con)+1;
	394
	395	read_tty=1;
	396	write_tty=0;
	397	tty_on=0;
	398	read_ssl=1;
	399	write_ssl=1;
	400
	401	cbuf_len=0;
	402	cbuf_off=0;
	403	sbuf_len=0;
	404	sbuf_off=0;
	405
	406	for (;;)
	407	{
	408	FD_ZERO(&readfds);
	409	FD_ZERO(&writefds);
	410
58964a49	411	if (SSL_in_init(con) && !SSL_total_renegotiations(con))
d02b48c6 RE	412	{
	413	in_init=1;
	414	tty_on=0;
	415	}
	416	else
	417	{
	418	tty_on=1;
	419	if (in_init)
	420	{
	421	in_init=0;
	422	print_stuff(bio_c_out,con,full_log);
	423	if (full_log > 0) full_log--;
	424
	425	if (reconnect)
	426	{
	427	reconnect--;
	428	BIO_printf(bio_c_out,"drop connection and then reconnect\n");
	429	SSL_shutdown(con);
	430	SSL_set_connect_state(con);
	431	SHUTDOWN(SSL_get_fd(con));
	432	goto re_start;
	433	}
	434	}
	435	}
	436
	437	#ifndef WINDOWS
	438	if (tty_on)
	439	{
	440	if (read_tty) FD_SET(fileno(stdin),&readfds);
	441	if (write_tty) FD_SET(fileno(stdout),&writefds);
	442	}
	443	#endif
	444	if (read_ssl)
	445	FD_SET(SSL_get_fd(con),&readfds);
	446	if (write_ssl)
	447	FD_SET(SSL_get_fd(con),&writefds);
	448
	449	/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
	450	tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
	451
d02b48c6 RE	452	i=select(width,&readfds,&writefds,NULL,NULL);
	453	if ( i < 0)
	454	{
58964a49 RE	455	BIO_printf(bio_err,"bad select %d\n",
58964a49 RE	456	get_last_socket_error());
d02b48c6 RE	457	goto shut;
	458	/* goto end; */
	459	}
	460
	461	if (FD_ISSET(SSL_get_fd(con),&writefds))
	462	{
	463	k=SSL_write(con,&(cbuf[cbuf_off]),
	464	(unsigned int)cbuf_len);
	465	switch (SSL_get_error(con,k))
	466	{
	467	case SSL_ERROR_NONE:
	468	cbuf_off+=k;
	469	cbuf_len-=k;
	470	if (k <= 0) goto end;
	471	/* we have done a write(con,NULL,0); */
	472	if (cbuf_len <= 0)
	473	{
	474	read_tty=1;
	475	write_ssl=0;
	476	}
	477	else /* if (cbuf_len > 0) */
	478	{
	479	read_tty=0;
	480	write_ssl=1;
	481	}
	482	break;
	483	case SSL_ERROR_WANT_WRITE:
	484	BIO_printf(bio_c_out,"write W BLOCK\n");
	485	write_ssl=1;
	486	read_tty=0;
	487	break;
	488	case SSL_ERROR_WANT_READ:
	489	BIO_printf(bio_c_out,"write R BLOCK\n");
	490	write_tty=0;
	491	read_ssl=1;
	492	write_ssl=0;
	493	break;
	494	case SSL_ERROR_WANT_X509_LOOKUP:
	495	BIO_printf(bio_c_out,"write X BLOCK\n");
	496	break;
	497	case SSL_ERROR_ZERO_RETURN:
	498	if (cbuf_len != 0)
	499	{
	500	BIO_printf(bio_c_out,"shutdown\n");
	501	goto shut;
	502	}
	503	else
	504	{
	505	read_tty=1;
	506	write_ssl=0;
	507	break;
	508	}
	509
	510	case SSL_ERROR_SYSCALL:
	511	if ((k != 0) \|\| (cbuf_len != 0))
	512	{
	513	BIO_printf(bio_err,"write:errno=%d\n",
58964a49	514	get_last_socket_error());
d02b48c6 RE	515	goto shut;
	516	}
	517	else
	518	{
	519	read_tty=1;
	520	write_ssl=0;
	521	}
	522	break;
	523	case SSL_ERROR_SSL:
	524	ERR_print_errors(bio_err);
	525	goto shut;
	526	}
	527	}
	528	#ifndef WINDOWS
	529	else if (FD_ISSET(fileno(stdout),&writefds))
	530	{
	531	i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
	532
	533	if (i <= 0)
	534	{
	535	BIO_printf(bio_c_out,"DONE\n");
	536	goto shut;
	537	/* goto end; */
	538	}
	539
	540	sbuf_len-=i;;
	541	sbuf_off+=i;
	542	if (sbuf_len <= 0)
	543	{
	544	read_ssl=1;
	545	write_tty=0;
	546	}
	547	}
	548	#endif
	549	else if (FD_ISSET(SSL_get_fd(con),&readfds))
	550	{
58964a49 RE	551	#ifdef RENEG
	552	{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
	553	#endif
dfeab068	554	#if 1
58964a49	555	k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
dfeab068 RE	556	#else
	557	/* Demo for pending and peek :-) */
	558	k=SSL_read(con,sbuf,16);
	559	{ char zbuf[10240];
	560	printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
	561	}
	562	#endif
d02b48c6 RE	563
	564	switch (SSL_get_error(con,k))
	565	{
	566	case SSL_ERROR_NONE:
	567	if (k <= 0)
	568	goto end;
	569	sbuf_off=0;
	570	sbuf_len=k;
	571
	572	read_ssl=0;
	573	write_tty=1;
	574	break;
	575	case SSL_ERROR_WANT_WRITE:
	576	BIO_printf(bio_c_out,"read W BLOCK\n");
	577	write_ssl=1;
	578	read_tty=0;
	579	break;
	580	case SSL_ERROR_WANT_READ:
	581	BIO_printf(bio_c_out,"read R BLOCK\n");
	582	write_tty=0;
	583	read_ssl=1;
	584	if ((read_tty == 0) && (write_ssl == 0))
	585	write_ssl=1;
	586	break;
	587	case SSL_ERROR_WANT_X509_LOOKUP:
	588	BIO_printf(bio_c_out,"read X BLOCK\n");
	589	break;
	590	case SSL_ERROR_SYSCALL:
58964a49	591	BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
d02b48c6 RE	592	goto shut;
	593	case SSL_ERROR_ZERO_RETURN:
	594	BIO_printf(bio_c_out,"closed\n");
	595	goto shut;
	596	case SSL_ERROR_SSL:
	597	ERR_print_errors(bio_err);
	598	goto shut;
dfeab068	599	/* break; */
d02b48c6 RE	600	}
	601	}
	602
	603	#ifndef WINDOWS
	604	else if (FD_ISSET(fileno(stdin),&readfds))
	605	{
	606	i=read(fileno(stdin),cbuf,BUFSIZZ);
	607
	608	if ((!c_quiet) && ((i <= 0) \|\| (cbuf[0] == 'Q')))
	609	{
	610	BIO_printf(bio_err,"DONE\n");
	611	goto shut;
	612	}
	613
	614	if ((!c_quiet) && (cbuf[0] == 'R'))
	615	{
	616	SSL_renegotiate(con);
	617	read_tty=0;
	618	write_ssl=1;
	619	}
	620	else
	621	{
	622	cbuf_len=i;
	623	cbuf_off=0;
	624	}
	625
	626	read_tty=0;
	627	write_ssl=1;
	628	}
	629	#endif
	630	}
	631	shut:
	632	SSL_shutdown(con);
	633	SHUTDOWN(SSL_get_fd(con));
	634	ret=0;
	635	end:
	636	if (con != NULL) SSL_free(con);
	637	if (con2 != NULL) SSL_free(con2);
	638	if (ctx != NULL) SSL_CTX_free(ctx);
	639	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
	640	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
	641	if (bio_c_out != NULL)
	642	{
	643	BIO_free(bio_c_out);
	644	bio_c_out=NULL;
	645	}
	646	EXIT(ret);
	647	}
	648
	649
	650	static void print_stuff(bio,s,full)
	651	BIO *bio;
	652	SSL *s;
	653	int full;
	654	{
58964a49	655	X509 *peer=NULL;
d02b48c6 RE	656	char *p;
	657	static char *space=" ";
	658	char buf[BUFSIZ];
	659	STACK *sk;
	660	SSL_CIPHER *c;
	661	X509_NAME *xn;
	662	int j,i;
	663
	664	if (full)
	665	{
	666	sk=SSL_get_peer_cert_chain(s);
	667	if (sk != NULL)
	668	{
dfeab068	669	BIO_printf(bio,"---\nCertificate chain\n");
d02b48c6 RE	670	for (i=0; i<sk_num(sk); i++)
	671	{
	672	X509_NAME_oneline(X509_get_subject_name((X509 *)
	673	sk_value(sk,i)),buf,BUFSIZ);
	674	BIO_printf(bio,"%2d s:%s\n",i,buf);
	675	X509_NAME_oneline(X509_get_issuer_name((X509 *)
	676	sk_value(sk,i)),buf,BUFSIZ);
	677	BIO_printf(bio," i:%s\n",buf);
	678	}
	679	}
	680
	681	BIO_printf(bio,"---\n");
	682	peer=SSL_get_peer_certificate(s);
	683	if (peer != NULL)
	684	{
	685	BIO_printf(bio,"Server certificate\n");
	686	PEM_write_bio_X509(bio,peer);
	687	X509_NAME_oneline(X509_get_subject_name(peer),
	688	buf,BUFSIZ);
	689	BIO_printf(bio,"subject=%s\n",buf);
	690	X509_NAME_oneline(X509_get_issuer_name(peer),
	691	buf,BUFSIZ);
	692	BIO_printf(bio,"issuer=%s\n",buf);
d02b48c6 RE	693	}
	694	else
	695	BIO_printf(bio,"no peer certificate available\n");
	696
	697	sk=SSL_get_client_CA_list(s);
	698	if ((sk != NULL) && (sk_num(sk) > 0))
	699	{
	700	BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
	701	for (i=0; i<sk_num(sk); i++)
	702	{
	703	xn=(X509_NAME *)sk_value(sk,i);
	704	X509_NAME_oneline(xn,buf,sizeof(buf));
	705	BIO_write(bio,buf,strlen(buf));
	706	BIO_write(bio,"\n",1);
	707	}
	708	}
	709	else
	710	{
	711	BIO_printf(bio,"---\nNo client certificate CA names sent\n");
	712	}
	713	p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
	714	if (p != NULL)
	715	{
	716	BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
	717	j=i=0;
	718	while (*p)
	719	{
	720	if (*p == ':')
	721	{
58964a49	722	BIO_write(bio,space,15-j%25);
d02b48c6 RE	723	i++;
	724	j=0;
	725	BIO_write(bio,((i%3)?" ":"\n"),1);
	726	}
	727	else
	728	{
	729	BIO_write(bio,p,1);
	730	j++;
	731	}
	732	p++;
	733	}
	734	BIO_write(bio,"\n",1);
	735	}
	736
	737	BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
	738	BIO_number_read(SSL_get_rbio(s)),
	739	BIO_number_written(SSL_get_wbio(s)));
	740	}
	741	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
	742	c=SSL_get_current_cipher(s);
	743	BIO_printf(bio,"%s, Cipher is %s\n",
	744	SSL_CIPHER_get_version(c),
	745	SSL_CIPHER_get_name(c));
58964a49 RE	746	if (peer != NULL)
	747	BIO_printf(bio,"Server public key is %d bit\n",
	748	EVP_PKEY_bits(X509_get_pubkey(peer)));
d02b48c6 RE	749	SSL_SESSION_print(bio,SSL_get_session(s));
d02b48c6 RE	750	BIO_printf(bio,"---\n");
58964a49 RE	751	if (peer != NULL)
58964a49 RE	752	X509_free(peer);
d02b48c6 RE	753	}
d02b48c6 RE	754