[thirdparty/openssl.git] / apps / s_client.c

/* apps/s_client.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define USE_SOCKETS
#ifdef NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
#include "x509.h"
#include "ssl.h"
#include "err.h"
#include "pem.h"
#include "s_apps.h"

#undef PROG
#define PROG	s_client_main

/*#define SSL_HOST_NAME	"www.netscape.com" */
/*#define SSL_HOST_NAME	"193.118.187.102" */
#define SSL_HOST_NAME	"localhost"

/*#define TEST_CERT "client.pem" */ /* no default cert. */

#undef BUFSIZZ
#define BUFSIZZ 1024*8

extern int verify_depth;
extern int verify_error;

#ifdef FIONBIO
static int c_nbio=0;
#endif
static int c_Pause=0;
static int c_debug=0;
static int c_showcerts=0;

#ifndef NOPROTO
static void sc_usage(void);
static void print_stuff(BIO *berr,SSL *con,int full);
#else
static void sc_usage();
static void print_stuff();
#endif

static BIO *bio_c_out=NULL;
static int c_quiet=0;

static void sc_usage(void)
	{
	BIO_printf(bio_err,"usage: s_client args\n");
	BIO_printf(bio_err,"\n");
	BIO_printf(bio_err," -host host     - use -connect instead\n");
	BIO_printf(bio_err," -port port     - use -connect instead\n");
	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);

	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
	BIO_printf(bio_err,"                 not specified but cert file is.\n");
	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
	BIO_printf(bio_err," -debug        - extra output\n");
	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
#ifdef FIONBIO
	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
#endif
	BIO_printf(bio_err," -quiet        - no s_client output\n");
	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
	BIO_printf(bio_err,"                 command to see what is available\n");

	}

int MAIN(int argc, char **argv)
	{
	int off=0;
	SSL *con=NULL,*con2=NULL;
	int s,k,width,state=0;
	char *cbuf=NULL,*sbuf=NULL;
	int cbuf_len,cbuf_off;
	int sbuf_len,sbuf_off;
	fd_set readfds,writefds;
	short port=PORT;
	int full_log=1;
	char *host=SSL_HOST_NAME;
	char *cert_file=NULL,*key_file=NULL;
	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
	SSL_CTX *ctx=NULL;
	int ret=1,in_init=1,i,nbio_test=0;
	SSL_METHOD *meth=NULL;
	BIO *sbio;
	/*static struct timeval timeout={10,0};*/

#if !defined(NO_SSL2) && !defined(NO_SSL3)
	meth=SSLv23_client_method();
#elif !defined(NO_SSL3)
	meth=SSLv3_client_method();
#elif !defined(NO_SSL2)
	meth=SSLv2_client_method();
#endif

	apps_startup();
	c_Pause=0;
	c_quiet=0;
	c_debug=0;
	c_showcerts=0;

	if (bio_err == NULL)
		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
		((sbuf=Malloc(BUFSIZZ)) == NULL))
		{
		BIO_printf(bio_err,"out of memory\n");
		goto end;
		}

	verify_depth=0;
	verify_error=X509_V_OK;
#ifdef FIONBIO
	c_nbio=0;
#endif

	argc--;
	argv++;
	while (argc >= 1)
		{
		if	(strcmp(*argv,"-host") == 0)
			{
			if (--argc < 1) goto bad;
			host= *(++argv);
			}
		else if	(strcmp(*argv,"-port") == 0)
			{
			if (--argc < 1) goto bad;
			port=atoi(*(++argv));
			if (port == 0) goto bad;
			}
		else if (strcmp(*argv,"-connect") == 0)
			{
			if (--argc < 1) goto bad;
			if (!extract_host_port(*(++argv),&host,NULL,&port))
				goto bad;
			}
		else if	(strcmp(*argv,"-verify") == 0)
			{
			verify=SSL_VERIFY_PEER;
			if (--argc < 1) goto bad;
			verify_depth=atoi(*(++argv));
			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
			}
		else if	(strcmp(*argv,"-cert") == 0)
			{
			if (--argc < 1) goto bad;
			cert_file= *(++argv);
			}
		else if	(strcmp(*argv,"-quiet") == 0)
			c_quiet=1;
		else if	(strcmp(*argv,"-pause") == 0)
			c_Pause=1;
		else if	(strcmp(*argv,"-debug") == 0)
			c_debug=1;
		else if	(strcmp(*argv,"-showcerts") == 0)
			c_showcerts=1;
		else if	(strcmp(*argv,"-nbio_test") == 0)
			nbio_test=1;
		else if	(strcmp(*argv,"-state") == 0)
			state=1;
#ifndef NO_SSL2
		else if	(strcmp(*argv,"-ssl2") == 0)
			meth=SSLv2_client_method();
#endif
#ifndef NO_SSL3
		else if	(strcmp(*argv,"-ssl3") == 0)
			meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
		else if	(strcmp(*argv,"-tls1") == 0)
			meth=TLSv1_client_method();
#endif
		else if (strcmp(*argv,"-bugs") == 0)
			bugs=1;
		else if	(strcmp(*argv,"-key") == 0)
			{
			if (--argc < 1) goto bad;
			key_file= *(++argv);
			}
		else if	(strcmp(*argv,"-reconnect") == 0)
			{
			reconnect=5;
			}
		else if	(strcmp(*argv,"-CApath") == 0)
			{
			if (--argc < 1) goto bad;
			CApath= *(++argv);
			}
		else if	(strcmp(*argv,"-CAfile") == 0)
			{
			if (--argc < 1) goto bad;
			CAfile= *(++argv);
			}
		else if (strcmp(*argv,"-no_tls1") == 0)
			off|=SSL_OP_NO_TLSv1;
		else if (strcmp(*argv,"-no_ssl3") == 0)
			off|=SSL_OP_NO_SSLv3;
		else if (strcmp(*argv,"-no_ssl2") == 0)
			off|=SSL_OP_NO_SSLv2;
		else if	(strcmp(*argv,"-cipher") == 0)
			{
			if (--argc < 1) goto bad;
			cipher= *(++argv);
			}
#ifdef FIONBIO
		else if (strcmp(*argv,"-nbio") == 0)
			{ c_nbio=1; }
#endif
		else
			{
			BIO_printf(bio_err,"unknown option %s\n",*argv);
			badop=1;
			break;
			}
		argc--;
		argv++;
		}
	if (badop)
		{
bad:
		sc_usage();
		goto end;
		}

	if (bio_c_out == NULL)
		{
		if (c_quiet)
			{
			bio_c_out=BIO_new(BIO_s_null());
			}
		else
			{
			if (bio_c_out == NULL)
				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
			}
		}

	SSLeay_add_ssl_algorithms();
	ctx=SSL_CTX_new(meth);
	if (ctx == NULL)
		{
		ERR_print_errors(bio_err);
		goto end;
		}

	if (bugs)
		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
	else
		SSL_CTX_set_options(ctx,off);

	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
	if (cipher != NULL)
		SSL_CTX_set_cipher_list(ctx,cipher);
#if 0
	else
		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
#endif

	SSL_CTX_set_verify(ctx,verify,verify_callback);
	if (!set_cert_stuff(ctx,cert_file,key_file))
		goto end;

	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
		(!SSL_CTX_set_default_verify_paths(ctx)))
		{
		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
		ERR_print_errors(bio_err);
		/* goto end; */
		}

	SSL_load_error_strings();

	con=(SSL *)SSL_new(ctx);
/*	SSL_set_cipher_list(con,"RC4-MD5"); */

re_start:

	if (init_client(&s,host,port) == 0)
		{
		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
		SHUTDOWN(s);
		goto end;
		}
	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);

#ifdef FIONBIO
	if (c_nbio)
		{
		unsigned long l=1;
		BIO_printf(bio_c_out,"turning on non blocking io\n");
		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
			{
			ERR_print_errors(bio_err);
			goto end;
			}
		}
#endif                                              
	if (c_Pause & 0x01) con->debug=1;
	sbio=BIO_new_socket(s,BIO_NOCLOSE);

	if (nbio_test)
		{
		BIO *test;

		test=BIO_new(BIO_f_nbio_test());
		sbio=BIO_push(test,sbio);
		}

	if (c_debug)
		{
		con->debug=1;
		BIO_set_callback(sbio,bio_dump_cb);
		BIO_set_callback_arg(sbio,bio_c_out);
		}

	SSL_set_bio(con,sbio,sbio);
	SSL_set_connect_state(con);

	/* ok, lets connect */
	width=SSL_get_fd(con)+1;

	read_tty=1;
	write_tty=0;
	tty_on=0;
	read_ssl=1;
	write_ssl=1;
	
	cbuf_len=0;
	cbuf_off=0;
	sbuf_len=0;
	sbuf_off=0;

	for (;;)
		{
		FD_ZERO(&readfds);
		FD_ZERO(&writefds);

		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
			{
			in_init=1;
			tty_on=0;
			}
		else
			{
			tty_on=1;
			if (in_init)
				{
				in_init=0;
				print_stuff(bio_c_out,con,full_log);
				if (full_log > 0) full_log--;

				if (reconnect)
					{
					reconnect--;
					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
					SSL_shutdown(con);
					SSL_set_connect_state(con);
					SHUTDOWN(SSL_get_fd(con));
					goto re_start;
					}
				}
			}

		ssl_pending = read_ssl && SSL_pending(con);

		if (!ssl_pending)
			{
#ifndef WINDOWS
			if (tty_on)
				{
				if (read_tty)  FD_SET(fileno(stdin),&readfds);
				if (write_tty) FD_SET(fileno(stdout),&writefds);
				}
#endif
			if (read_ssl)
				FD_SET(SSL_get_fd(con),&readfds);
			if (write_ssl)
				FD_SET(SSL_get_fd(con),&writefds);

/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/

			i=select(width,&readfds,&writefds,NULL,NULL);
			if ( i < 0)
				{
				BIO_printf(bio_err,"bad select %d\n",
				get_last_socket_error());
				goto shut;
				/* goto end; */
				}
			}

		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
			{
			k=SSL_write(con,&(cbuf[cbuf_off]),
				(unsigned int)cbuf_len);
			switch (SSL_get_error(con,k))
				{
			case SSL_ERROR_NONE:
				cbuf_off+=k;
				cbuf_len-=k;
				if (k <= 0) goto end;
				/* we have done a  write(con,NULL,0); */
				if (cbuf_len <= 0)
					{
					read_tty=1;
					write_ssl=0;
					}
				else /* if (cbuf_len > 0) */
					{
					read_tty=0;
					write_ssl=1;
					}
				break;
			case SSL_ERROR_WANT_WRITE:
				BIO_printf(bio_c_out,"write W BLOCK\n");
				write_ssl=1;
				read_tty=0;
				break;
			case SSL_ERROR_WANT_READ:
				BIO_printf(bio_c_out,"write R BLOCK\n");
				write_tty=0;
				read_ssl=1;
				write_ssl=0;
				break;
			case SSL_ERROR_WANT_X509_LOOKUP:
				BIO_printf(bio_c_out,"write X BLOCK\n");
				break;
			case SSL_ERROR_ZERO_RETURN:
				if (cbuf_len != 0)
					{
					BIO_printf(bio_c_out,"shutdown\n");
					goto shut;
					}
				else
					{
					read_tty=1;
					write_ssl=0;
					break;
					}
				
			case SSL_ERROR_SYSCALL:
				if ((k != 0) || (cbuf_len != 0))
					{
					BIO_printf(bio_err,"write:errno=%d\n",
						get_last_socket_error());
					goto shut;
					}
				else
					{
					read_tty=1;
					write_ssl=0;
					}
				break;
			case SSL_ERROR_SSL:
				ERR_print_errors(bio_err);
				goto shut;
				}
			}
#ifndef WINDOWS
		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
			{
			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);

			if (i <= 0)
				{
				BIO_printf(bio_c_out,"DONE\n");
				goto shut;
				/* goto end; */
				}

			sbuf_len-=i;;
			sbuf_off+=i;
			if (sbuf_len <= 0)
				{
				read_ssl=1;
				write_tty=0;
				}
			}
#endif
		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
			{
#ifdef RENEG
{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
#endif
#if 1
			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
#else
/* Demo for pending and peek :-) */
			k=SSL_read(con,sbuf,16);
{ char zbuf[10240]; 
printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
}
#endif

			switch (SSL_get_error(con,k))
				{
			case SSL_ERROR_NONE:
				if (k <= 0)
					goto end;
				sbuf_off=0;
				sbuf_len=k;

				read_ssl=0;
				write_tty=1;
				break;
			case SSL_ERROR_WANT_WRITE:
				BIO_printf(bio_c_out,"read W BLOCK\n");
				write_ssl=1;
				read_tty=0;
				break;
			case SSL_ERROR_WANT_READ:
				BIO_printf(bio_c_out,"read R BLOCK\n");
				write_tty=0;
				read_ssl=1;
				if ((read_tty == 0) && (write_ssl == 0))
					write_ssl=1;
				break;
			case SSL_ERROR_WANT_X509_LOOKUP:
				BIO_printf(bio_c_out,"read X BLOCK\n");
				break;
			case SSL_ERROR_SYSCALL:
				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
				goto shut;
			case SSL_ERROR_ZERO_RETURN:
				BIO_printf(bio_c_out,"closed\n");
				goto shut;
			case SSL_ERROR_SSL:
				ERR_print_errors(bio_err);
				goto shut;
				/* break; */
				}
			}

#ifndef WINDOWS
		else if (FD_ISSET(fileno(stdin),&readfds))
			{
			i=read(fileno(stdin),cbuf,BUFSIZZ);

			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
				{
				BIO_printf(bio_err,"DONE\n");
				goto shut;
				}

			if ((!c_quiet) && (cbuf[0] == 'R'))
				{
				BIO_printf(bio_err,"RENEGOTIATING\n");
				SSL_renegotiate(con);
				cbuf_len=0;
				}
			else
				{
				cbuf_len=i;
				cbuf_off=0;
				}

			write_ssl=1;
			read_tty=0;
			}
#endif
		}
shut:
	SSL_shutdown(con);
	SHUTDOWN(SSL_get_fd(con));
	ret=0;
end:
	if (con != NULL) SSL_free(con);
	if (con2 != NULL) SSL_free(con2);
	if (ctx != NULL) SSL_CTX_free(ctx);
	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
	if (bio_c_out != NULL)
		{
		BIO_free(bio_c_out);
		bio_c_out=NULL;
		}
	EXIT(ret);
	}


static void print_stuff(BIO *bio, SSL *s, int full)
	{
	X509 *peer=NULL;
	char *p;
	static char *space="                ";
	char buf[BUFSIZ];
	STACK_OF(X509) *sk;
	STACK_OF(X509_NAME) *sk2;
	SSL_CIPHER *c;
	X509_NAME *xn;
	int j,i;

	if (full)
		{
		sk=SSL_get_peer_cert_chain(s);
		if (sk != NULL)
			{
			BIO_printf(bio,"---\nCertificate chain\n");
			for (i=0; i<sk_X509_num(sk); i++)
				{
				X509_NAME_oneline(X509_get_subject_name(
					sk_X509_value(sk,i)),buf,BUFSIZ);
				BIO_printf(bio,"%2d s:%s\n",i,buf);
				X509_NAME_oneline(X509_get_issuer_name(
					sk_X509_value(sk,i)),buf,BUFSIZ);
				BIO_printf(bio,"   i:%s\n",buf);
				if (c_showcerts)
					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
				}
			}

		BIO_printf(bio,"---\n");
		peer=SSL_get_peer_certificate(s);
		if (peer != NULL)
			{
			BIO_printf(bio,"Server certificate\n");
			if (!c_showcerts) /* Redundant if we showed the whole chain */
				PEM_write_bio_X509(bio,peer);
			X509_NAME_oneline(X509_get_subject_name(peer),
				buf,BUFSIZ);
			BIO_printf(bio,"subject=%s\n",buf);
			X509_NAME_oneline(X509_get_issuer_name(peer),
				buf,BUFSIZ);
			BIO_printf(bio,"issuer=%s\n",buf);
			}
		else
			BIO_printf(bio,"no peer certificate available\n");

		sk2=SSL_get_client_CA_list(s);
		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
			{
			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
			for (i=0; i<sk_X509_NAME_num(sk2); i++)
				{
				xn=sk_X509_NAME_value(sk2,i);
				X509_NAME_oneline(xn,buf,sizeof(buf));
				BIO_write(bio,buf,strlen(buf));
				BIO_write(bio,"\n",1);
				}
			}
		else
			{
			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
			}
		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
		if (p != NULL)
			{
			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
			j=i=0;
			while (*p)
				{
				if (*p == ':')
					{
					BIO_write(bio,space,15-j%25);
					i++;
					j=0;
					BIO_write(bio,((i%3)?" ":"\n"),1);
					}
				else
					{
					BIO_write(bio,p,1);
					j++;
					}
				p++;
				}
			BIO_write(bio,"\n",1);
			}

		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
			BIO_number_read(SSL_get_rbio(s)),
			BIO_number_written(SSL_get_wbio(s)));
		}
	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
	c=SSL_get_current_cipher(s);
	BIO_printf(bio,"%s, Cipher is %s\n",
		SSL_CIPHER_get_version(c),
		SSL_CIPHER_get_name(c));
	if (peer != NULL) {
		EVP_PKEY *pktmp;
		pktmp = X509_get_pubkey(peer);
		BIO_printf(bio,"Server public key is %d bit\n",
							 EVP_PKEY_bits(pktmp));
		EVP_PKEY_free(pktmp);
	}
	SSL_SESSION_print(bio,SSL_get_session(s));
	BIO_printf(bio,"---\n");
	if (peer != NULL)
		X509_free(peer);
	}
Commit	Line	Data
d02b48c6	1	/* apps/s_client.c */
58964a49	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include <stdlib.h>
	61	#include <string.h>
	62	#define USE_SOCKETS
58964a49	63	#ifdef NO_STDIO
d02b48c6 RE	64	#define APPS_WIN16
	65	#endif
	66	#include "apps.h"
	67	#include "x509.h"
	68	#include "ssl.h"
	69	#include "err.h"
	70	#include "pem.h"
	71	#include "s_apps.h"
	72
	73	#undef PROG
	74	#define PROG s_client_main
	75
	76	/#define SSL_HOST_NAME "www.netscape.com" /
	77	/#define SSL_HOST_NAME "193.118.187.102" /
	78	#define SSL_HOST_NAME "localhost"
	79
	80	/#define TEST_CERT "client.pem" / /* no default cert. */
	81
	82	#undef BUFSIZZ
	83	#define BUFSIZZ 1024*8
	84
	85	extern int verify_depth;
	86	extern int verify_error;
	87
	88	#ifdef FIONBIO
	89	static int c_nbio=0;
	90	#endif
	91	static int c_Pause=0;
	92	static int c_debug=0;
6d02d8e4	93	static int c_showcerts=0;
d02b48c6 RE	94
	95	#ifndef NOPROTO
	96	static void sc_usage(void);
	97	static void print_stuff(BIO berr,SSL con,int full);
	98	#else
	99	static void sc_usage();
	100	static void print_stuff();
	101	#endif
	102
	103	static BIO *bio_c_out=NULL;
	104	static int c_quiet=0;
	105
6b691a5c	106	static void sc_usage(void)
d02b48c6	107	{
b6cff93d	108	BIO_printf(bio_err,"usage: s_client args\n");
d02b48c6 RE	109	BIO_printf(bio_err,"\n");
	110	BIO_printf(bio_err," -host host - use -connect instead\n");
	111	BIO_printf(bio_err," -port port - use -connect instead\n");
	112	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
	113
	114	BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
	115	BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
	116	BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n");
	117	BIO_printf(bio_err," not specified but cert file is.\n");
	118	BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
	119	BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
	120	BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
	121	BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
6d02d8e4	122	BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
d02b48c6 RE	123	BIO_printf(bio_err," -debug - extra output\n");
	124	BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
	125	BIO_printf(bio_err," -state - print the 'ssl' states\n");
	126	#ifdef FIONBIO
	127	BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
	128	#endif
	129	BIO_printf(bio_err," -quiet - no s_client output\n");
	130	BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
	131	BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
58964a49 RE	132	BIO_printf(bio_err," -tls1 - just use TLSv1\n");
58964a49 RE	133	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
d02b48c6	134	BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
e170a5c0	135	BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n");
dfeab068	136	BIO_printf(bio_err," command to see what is available\n");
d02b48c6 RE	137
	138	}
	139
6b691a5c	140	int MAIN(int argc, char **argv)
d02b48c6	141	{
58964a49	142	int off=0;
d02b48c6 RE	143	SSL con=NULL,con2=NULL;
	144	int s,k,width,state=0;
	145	char cbuf=NULL,sbuf=NULL;
	146	int cbuf_len,cbuf_off;
	147	int sbuf_len,sbuf_off;
	148	fd_set readfds,writefds;
	149	short port=PORT;
	150	int full_log=1;
	151	char *host=SSL_HOST_NAME;
	152	char cert_file=NULL,key_file=NULL;
	153	char CApath=NULL,CAfile=NULL,*cipher=NULL;
	154	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
c7ac31e2	155	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
d02b48c6 RE	156	SSL_CTX *ctx=NULL;
	157	int ret=1,in_init=1,i,nbio_test=0;
	158	SSL_METHOD *meth=NULL;
	159	BIO *sbio;
	160	/static struct timeval timeout={10,0};/
	161
	162	#if !defined(NO_SSL2) && !defined(NO_SSL3)
	163	meth=SSLv23_client_method();
	164	#elif !defined(NO_SSL3)
	165	meth=SSLv3_client_method();
	166	#elif !defined(NO_SSL2)
	167	meth=SSLv2_client_method();
	168	#endif
	169
	170	apps_startup();
58964a49	171	c_Pause=0;
d02b48c6 RE	172	c_quiet=0;
d02b48c6 RE	173	c_debug=0;
6d02d8e4	174	c_showcerts=0;
d02b48c6 RE	175
	176	if (bio_err == NULL)
	177	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
	178
	179	if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) \|\|
	180	((sbuf=Malloc(BUFSIZZ)) == NULL))
	181	{
	182	BIO_printf(bio_err,"out of memory\n");
	183	goto end;
	184	}
	185
	186	verify_depth=0;
	187	verify_error=X509_V_OK;
	188	#ifdef FIONBIO
	189	c_nbio=0;
	190	#endif
	191
	192	argc--;
	193	argv++;
	194	while (argc >= 1)
	195	{
	196	if (strcmp(*argv,"-host") == 0)
	197	{
	198	if (--argc < 1) goto bad;
	199	host= *(++argv);
	200	}
	201	else if (strcmp(*argv,"-port") == 0)
	202	{
	203	if (--argc < 1) goto bad;
	204	port=atoi(*(++argv));
	205	if (port == 0) goto bad;
	206	}
	207	else if (strcmp(*argv,"-connect") == 0)
	208	{
	209	if (--argc < 1) goto bad;
	210	if (!extract_host_port(*(++argv),&host,NULL,&port))
	211	goto bad;
	212	}
	213	else if (strcmp(*argv,"-verify") == 0)
	214	{
	215	verify=SSL_VERIFY_PEER;
	216	if (--argc < 1) goto bad;
	217	verify_depth=atoi(*(++argv));
	218	BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
	219	}
	220	else if (strcmp(*argv,"-cert") == 0)
	221	{
	222	if (--argc < 1) goto bad;
	223	cert_file= *(++argv);
	224	}
	225	else if (strcmp(*argv,"-quiet") == 0)
	226	c_quiet=1;
	227	else if (strcmp(*argv,"-pause") == 0)
	228	c_Pause=1;
	229	else if (strcmp(*argv,"-debug") == 0)
	230	c_debug=1;
6d02d8e4 BM	231	else if (strcmp(*argv,"-showcerts") == 0)
6d02d8e4 BM	232	c_showcerts=1;
d02b48c6 RE	233	else if (strcmp(*argv,"-nbio_test") == 0)
	234	nbio_test=1;
	235	else if (strcmp(*argv,"-state") == 0)
	236	state=1;
	237	#ifndef NO_SSL2
	238	else if (strcmp(*argv,"-ssl2") == 0)
	239	meth=SSLv2_client_method();
	240	#endif
	241	#ifndef NO_SSL3
	242	else if (strcmp(*argv,"-ssl3") == 0)
	243	meth=SSLv3_client_method();
58964a49 RE	244	#endif
	245	#ifndef NO_TLS1
	246	else if (strcmp(*argv,"-tls1") == 0)
	247	meth=TLSv1_client_method();
d02b48c6 RE	248	#endif
	249	else if (strcmp(*argv,"-bugs") == 0)
	250	bugs=1;
	251	else if (strcmp(*argv,"-key") == 0)
	252	{
	253	if (--argc < 1) goto bad;
	254	key_file= *(++argv);
	255	}
	256	else if (strcmp(*argv,"-reconnect") == 0)
	257	{
	258	reconnect=5;
	259	}
	260	else if (strcmp(*argv,"-CApath") == 0)
	261	{
	262	if (--argc < 1) goto bad;
	263	CApath= *(++argv);
	264	}
	265	else if (strcmp(*argv,"-CAfile") == 0)
	266	{
	267	if (--argc < 1) goto bad;
	268	CAfile= *(++argv);
	269	}
58964a49 RE	270	else if (strcmp(*argv,"-no_tls1") == 0)
	271	off\|=SSL_OP_NO_TLSv1;
	272	else if (strcmp(*argv,"-no_ssl3") == 0)
	273	off\|=SSL_OP_NO_SSLv3;
	274	else if (strcmp(*argv,"-no_ssl2") == 0)
	275	off\|=SSL_OP_NO_SSLv2;
d02b48c6 RE	276	else if (strcmp(*argv,"-cipher") == 0)
	277	{
	278	if (--argc < 1) goto bad;
	279	cipher= *(++argv);
	280	}
	281	#ifdef FIONBIO
	282	else if (strcmp(*argv,"-nbio") == 0)
	283	{ c_nbio=1; }
	284	#endif
	285	else
	286	{
	287	BIO_printf(bio_err,"unknown option %s\n",*argv);
	288	badop=1;
	289	break;
	290	}
	291	argc--;
	292	argv++;
	293	}
	294	if (badop)
	295	{
	296	bad:
	297	sc_usage();
	298	goto end;
	299	}
	300
	301	if (bio_c_out == NULL)
	302	{
	303	if (c_quiet)
	304	{
	305	bio_c_out=BIO_new(BIO_s_null());
	306	}
	307	else
	308	{
	309	if (bio_c_out == NULL)
	310	bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
	311	}
	312	}
	313
	314	SSLeay_add_ssl_algorithms();
	315	ctx=SSL_CTX_new(meth);
	316	if (ctx == NULL)
	317	{
	318	ERR_print_errors(bio_err);
	319	goto end;
	320	}
	321
58964a49 RE	322	if (bugs)
	323	SSL_CTX_set_options(ctx,SSL_OP_ALL\|off);
	324	else
	325	SSL_CTX_set_options(ctx,off);
d02b48c6 RE	326
	327	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
	328	if (cipher != NULL)
	329	SSL_CTX_set_cipher_list(ctx,cipher);
	330	#if 0
	331	else
	332	SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
	333	#endif
	334
	335	SSL_CTX_set_verify(ctx,verify,verify_callback);
	336	if (!set_cert_stuff(ctx,cert_file,key_file))
	337	goto end;
	338
	339	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|
	340	(!SSL_CTX_set_default_verify_paths(ctx)))
	341	{
58964a49	342	/* BIO_printf(bio_err,"error seting default verify locations\n"); */
d02b48c6	343	ERR_print_errors(bio_err);
58964a49	344	/* goto end; */
d02b48c6 RE	345	}
	346
	347	SSL_load_error_strings();
	348
	349	con=(SSL *)SSL_new(ctx);
58964a49	350	/* SSL_set_cipher_list(con,"RC4-MD5"); */
d02b48c6 RE	351
	352	re_start:
	353
	354	if (init_client(&s,host,port) == 0)
	355	{
58964a49	356	BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
d02b48c6 RE	357	SHUTDOWN(s);
	358	goto end;
	359	}
	360	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
	361
	362	#ifdef FIONBIO
	363	if (c_nbio)
	364	{
	365	unsigned long l=1;
	366	BIO_printf(bio_c_out,"turning on non blocking io\n");
58964a49 RE	367	if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
	368	{
	369	ERR_print_errors(bio_err);
	370	goto end;
	371	}
d02b48c6 RE	372	}
	373	#endif
	374	if (c_Pause & 0x01) con->debug=1;
	375	sbio=BIO_new_socket(s,BIO_NOCLOSE);
	376
	377	if (nbio_test)
	378	{
	379	BIO *test;
	380
	381	test=BIO_new(BIO_f_nbio_test());
	382	sbio=BIO_push(test,sbio);
	383	}
	384
	385	if (c_debug)
	386	{
	387	con->debug=1;
	388	BIO_set_callback(sbio,bio_dump_cb);
	389	BIO_set_callback_arg(sbio,bio_c_out);
	390	}
	391
	392	SSL_set_bio(con,sbio,sbio);
	393	SSL_set_connect_state(con);
	394
	395	/* ok, lets connect */
	396	width=SSL_get_fd(con)+1;
	397
	398	read_tty=1;
	399	write_tty=0;
	400	tty_on=0;
	401	read_ssl=1;
	402	write_ssl=1;
	403
	404	cbuf_len=0;
	405	cbuf_off=0;
	406	sbuf_len=0;
	407	sbuf_off=0;
	408
	409	for (;;)
	410	{
	411	FD_ZERO(&readfds);
	412	FD_ZERO(&writefds);
	413
58964a49	414	if (SSL_in_init(con) && !SSL_total_renegotiations(con))
d02b48c6 RE	415	{
	416	in_init=1;
	417	tty_on=0;
	418	}
	419	else
	420	{
	421	tty_on=1;
	422	if (in_init)
	423	{
	424	in_init=0;
	425	print_stuff(bio_c_out,con,full_log);
	426	if (full_log > 0) full_log--;
	427
	428	if (reconnect)
	429	{
	430	reconnect--;
	431	BIO_printf(bio_c_out,"drop connection and then reconnect\n");
	432	SSL_shutdown(con);
	433	SSL_set_connect_state(con);
	434	SHUTDOWN(SSL_get_fd(con));
	435	goto re_start;
	436	}
	437	}
	438	}
	439
c7ac31e2 BM	440	ssl_pending = read_ssl && SSL_pending(con);
	441
	442	if (!ssl_pending)
d02b48c6	443	{
f0f1b4e4	444	#ifndef WINDOWS
c7ac31e2 BM	445	if (tty_on)
	446	{
	447	if (read_tty) FD_SET(fileno(stdin),&readfds);
	448	if (write_tty) FD_SET(fileno(stdout),&writefds);
	449	}
d02b48c6	450	#endif
c7ac31e2 BM	451	if (read_ssl)
	452	FD_SET(SSL_get_fd(con),&readfds);
	453	if (write_ssl)
	454	FD_SET(SSL_get_fd(con),&writefds);
d02b48c6	455
c7ac31e2 BM	456	/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
c7ac31e2 BM	457	tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
d02b48c6	458
c7ac31e2 BM	459	i=select(width,&readfds,&writefds,NULL,NULL);
	460	if ( i < 0)
	461	{
	462	BIO_printf(bio_err,"bad select %d\n",
58964a49	463	get_last_socket_error());
c7ac31e2 BM	464	goto shut;
	465	/* goto end; */
	466	}
d02b48c6 RE	467	}
d02b48c6 RE	468
c7ac31e2	469	if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
d02b48c6 RE	470	{
	471	k=SSL_write(con,&(cbuf[cbuf_off]),
	472	(unsigned int)cbuf_len);
	473	switch (SSL_get_error(con,k))
	474	{
	475	case SSL_ERROR_NONE:
	476	cbuf_off+=k;
	477	cbuf_len-=k;
	478	if (k <= 0) goto end;
	479	/* we have done a write(con,NULL,0); */
	480	if (cbuf_len <= 0)
	481	{
	482	read_tty=1;
	483	write_ssl=0;
	484	}
	485	else /* if (cbuf_len > 0) */
	486	{
	487	read_tty=0;
	488	write_ssl=1;
	489	}
	490	break;
	491	case SSL_ERROR_WANT_WRITE:
	492	BIO_printf(bio_c_out,"write W BLOCK\n");
	493	write_ssl=1;
	494	read_tty=0;
	495	break;
	496	case SSL_ERROR_WANT_READ:
	497	BIO_printf(bio_c_out,"write R BLOCK\n");
	498	write_tty=0;
	499	read_ssl=1;
	500	write_ssl=0;
	501	break;
	502	case SSL_ERROR_WANT_X509_LOOKUP:
	503	BIO_printf(bio_c_out,"write X BLOCK\n");
	504	break;
	505	case SSL_ERROR_ZERO_RETURN:
	506	if (cbuf_len != 0)
	507	{
	508	BIO_printf(bio_c_out,"shutdown\n");
	509	goto shut;
	510	}
	511	else
	512	{
	513	read_tty=1;
	514	write_ssl=0;
	515	break;
	516	}
	517
	518	case SSL_ERROR_SYSCALL:
	519	if ((k != 0) \|\| (cbuf_len != 0))
	520	{
	521	BIO_printf(bio_err,"write:errno=%d\n",
58964a49	522	get_last_socket_error());
d02b48c6 RE	523	goto shut;
	524	}
	525	else
	526	{
	527	read_tty=1;
	528	write_ssl=0;
	529	}
	530	break;
	531	case SSL_ERROR_SSL:
	532	ERR_print_errors(bio_err);
	533	goto shut;
	534	}
	535	}
	536	#ifndef WINDOWS
c7ac31e2	537	else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
d02b48c6 RE	538	{
	539	i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
	540
	541	if (i <= 0)
	542	{
	543	BIO_printf(bio_c_out,"DONE\n");
	544	goto shut;
	545	/* goto end; */
	546	}
	547
	548	sbuf_len-=i;;
	549	sbuf_off+=i;
	550	if (sbuf_len <= 0)
	551	{
	552	read_ssl=1;
	553	write_tty=0;
	554	}
	555	}
	556	#endif
c7ac31e2	557	else if (ssl_pending \|\| FD_ISSET(SSL_get_fd(con),&readfds))
d02b48c6	558	{
58964a49 RE	559	#ifdef RENEG
	560	{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
	561	#endif
dfeab068	562	#if 1
58964a49	563	k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
dfeab068 RE	564	#else
	565	/* Demo for pending and peek :-) */
	566	k=SSL_read(con,sbuf,16);
	567	{ char zbuf[10240];
	568	printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
	569	}
	570	#endif
d02b48c6 RE	571
	572	switch (SSL_get_error(con,k))
	573	{
	574	case SSL_ERROR_NONE:
	575	if (k <= 0)
	576	goto end;
	577	sbuf_off=0;
	578	sbuf_len=k;
	579
	580	read_ssl=0;
	581	write_tty=1;
	582	break;
	583	case SSL_ERROR_WANT_WRITE:
	584	BIO_printf(bio_c_out,"read W BLOCK\n");
	585	write_ssl=1;
	586	read_tty=0;
	587	break;
	588	case SSL_ERROR_WANT_READ:
	589	BIO_printf(bio_c_out,"read R BLOCK\n");
	590	write_tty=0;
	591	read_ssl=1;
	592	if ((read_tty == 0) && (write_ssl == 0))
	593	write_ssl=1;
	594	break;
	595	case SSL_ERROR_WANT_X509_LOOKUP:
	596	BIO_printf(bio_c_out,"read X BLOCK\n");
	597	break;
	598	case SSL_ERROR_SYSCALL:
58964a49	599	BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
d02b48c6 RE	600	goto shut;
	601	case SSL_ERROR_ZERO_RETURN:
	602	BIO_printf(bio_c_out,"closed\n");
	603	goto shut;
	604	case SSL_ERROR_SSL:
	605	ERR_print_errors(bio_err);
	606	goto shut;
dfeab068	607	/* break; */
d02b48c6 RE	608	}
	609	}
	610
	611	#ifndef WINDOWS
	612	else if (FD_ISSET(fileno(stdin),&readfds))
	613	{
	614	i=read(fileno(stdin),cbuf,BUFSIZZ);
	615
	616	if ((!c_quiet) && ((i <= 0) \|\| (cbuf[0] == 'Q')))
	617	{
	618	BIO_printf(bio_err,"DONE\n");
	619	goto shut;
	620	}
	621
	622	if ((!c_quiet) && (cbuf[0] == 'R'))
	623	{
3bb307c1	624	BIO_printf(bio_err,"RENEGOTIATING\n");
d02b48c6	625	SSL_renegotiate(con);
3bb307c1	626	cbuf_len=0;
d02b48c6 RE	627	}
	628	else
	629	{
	630	cbuf_len=i;
	631	cbuf_off=0;
	632	}
	633
d02b48c6	634	write_ssl=1;
3bb307c1	635	read_tty=0;
d02b48c6 RE	636	}
	637	#endif
	638	}
	639	shut:
	640	SSL_shutdown(con);
	641	SHUTDOWN(SSL_get_fd(con));
	642	ret=0;
	643	end:
	644	if (con != NULL) SSL_free(con);
	645	if (con2 != NULL) SSL_free(con2);
	646	if (ctx != NULL) SSL_CTX_free(ctx);
	647	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
	648	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
	649	if (bio_c_out != NULL)
	650	{
	651	BIO_free(bio_c_out);
	652	bio_c_out=NULL;
	653	}
	654	EXIT(ret);
	655	}
	656
	657
6b691a5c	658	static void print_stuff(BIO bio, SSL s, int full)
d02b48c6	659	{
58964a49	660	X509 *peer=NULL;
d02b48c6 RE	661	char *p;
	662	static char *space=" ";
	663	char buf[BUFSIZ];
f73e07cf BL	664	STACK_OF(X509) *sk;
f73e07cf BL	665	STACK_OF(X509_NAME) *sk2;
d02b48c6 RE	666	SSL_CIPHER *c;
	667	X509_NAME *xn;
	668	int j,i;
	669
	670	if (full)
	671	{
	672	sk=SSL_get_peer_cert_chain(s);
	673	if (sk != NULL)
	674	{
dfeab068	675	BIO_printf(bio,"---\nCertificate chain\n");
f73e07cf	676	for (i=0; i<sk_X509_num(sk); i++)
d02b48c6	677	{
f73e07cf BL	678	X509_NAME_oneline(X509_get_subject_name(
f73e07cf BL	679	sk_X509_value(sk,i)),buf,BUFSIZ);
d02b48c6	680	BIO_printf(bio,"%2d s:%s\n",i,buf);
f73e07cf BL	681	X509_NAME_oneline(X509_get_issuer_name(
f73e07cf BL	682	sk_X509_value(sk,i)),buf,BUFSIZ);
d02b48c6	683	BIO_printf(bio," i:%s\n",buf);
6d02d8e4	684	if (c_showcerts)
f73e07cf	685	PEM_write_bio_X509(bio,sk_X509_value(sk,i));
d02b48c6 RE	686	}
	687	}
	688
	689	BIO_printf(bio,"---\n");
	690	peer=SSL_get_peer_certificate(s);
	691	if (peer != NULL)
	692	{
	693	BIO_printf(bio,"Server certificate\n");
6d02d8e4 BM	694	if (!c_showcerts) /* Redundant if we showed the whole chain */
6d02d8e4 BM	695	PEM_write_bio_X509(bio,peer);
d02b48c6 RE	696	X509_NAME_oneline(X509_get_subject_name(peer),
	697	buf,BUFSIZ);
	698	BIO_printf(bio,"subject=%s\n",buf);
	699	X509_NAME_oneline(X509_get_issuer_name(peer),
	700	buf,BUFSIZ);
	701	BIO_printf(bio,"issuer=%s\n",buf);
d02b48c6 RE	702	}
	703	else
	704	BIO_printf(bio,"no peer certificate available\n");
	705
f73e07cf	706	sk2=SSL_get_client_CA_list(s);
d91f8c3c	707	if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
d02b48c6 RE	708	{
d02b48c6 RE	709	BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
f73e07cf	710	for (i=0; i<sk_X509_NAME_num(sk2); i++)
d02b48c6	711	{
f73e07cf	712	xn=sk_X509_NAME_value(sk2,i);
d02b48c6 RE	713	X509_NAME_oneline(xn,buf,sizeof(buf));
	714	BIO_write(bio,buf,strlen(buf));
	715	BIO_write(bio,"\n",1);
	716	}
	717	}
	718	else
	719	{
	720	BIO_printf(bio,"---\nNo client certificate CA names sent\n");
	721	}
	722	p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
	723	if (p != NULL)
	724	{
	725	BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
	726	j=i=0;
	727	while (*p)
	728	{
	729	if (*p == ':')
	730	{
58964a49	731	BIO_write(bio,space,15-j%25);
d02b48c6 RE	732	i++;
	733	j=0;
	734	BIO_write(bio,((i%3)?" ":"\n"),1);
	735	}
	736	else
	737	{
	738	BIO_write(bio,p,1);
	739	j++;
	740	}
	741	p++;
	742	}
	743	BIO_write(bio,"\n",1);
	744	}
	745
	746	BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
	747	BIO_number_read(SSL_get_rbio(s)),
	748	BIO_number_written(SSL_get_wbio(s)));
	749	}
	750	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
	751	c=SSL_get_current_cipher(s);
	752	BIO_printf(bio,"%s, Cipher is %s\n",
	753	SSL_CIPHER_get_version(c),
	754	SSL_CIPHER_get_name(c));
a8236c8c DSH	755	if (peer != NULL) {
	756	EVP_PKEY *pktmp;
	757	pktmp = X509_get_pubkey(peer);
58964a49	758	BIO_printf(bio,"Server public key is %d bit\n",
a8236c8c DSH	759	EVP_PKEY_bits(pktmp));
	760	EVP_PKEY_free(pktmp);
	761	}
d02b48c6 RE	762	SSL_SESSION_print(bio,SSL_get_session(s));
d02b48c6 RE	763	BIO_printf(bio,"---\n");
58964a49 RE	764	if (peer != NULL)
58964a49 RE	765	X509_free(peer);
d02b48c6 RE	766	}
d02b48c6 RE	767