]> git.ipfire.org Git - thirdparty/openssl.git/blame - apps/s_client.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
make update
[thirdparty/openssl.git] / apps / s_client.c
CommitLineData
d02b48c6 1/* apps/s_client.c */
58964a49 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6
RE		 3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
a661b653 58/* ====================================================================
b1277b99 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
a661b653
BM		 60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
ddac1974
NL		 111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
d02b48c6 137
1b1a6e78 138#include <assert.h>
ddac1974 139#include <ctype.h>
8c197cc5
UM		 140#include <stdio.h>
141#include <stdlib.h>
142#include <string.h>
be1bd923 143#include <openssl/e_os2.h>
cf1b7d96 144#ifdef OPENSSL_NO_STDIO
8c197cc5
UM		 145#define APPS_WIN16
146#endif
147
7d7d2cbc
UM		 148/* With IPv6, it looks like Digital has mixed up the proper order of
149 recursive header file inclusion, resulting in the compiler complaining
150 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
151 is needed to have fileno() declared correctly... So let's define u_int */
bc36ee62 152#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
7d7d2cbc
UM		 153#define __U_INT
154typedef unsigned int u_int;
155#endif
156
d02b48c6 157#define USE_SOCKETS
d02b48c6 158#include "apps.h"
ec577822
BM		 159#include <openssl/x509.h>
160#include <openssl/ssl.h>
161#include <openssl/err.h>
162#include <openssl/pem.h>
1372965e 163#include <openssl/rand.h>
67c8e7f4 164#include <openssl/ocsp.h>
1e26a8ba 165#include <openssl/bn.h>
edc032b5
BL		 166#ifndef OPENSSL_NO_SRP
167#include <openssl/srp.h>
168#endif
d02b48c6 169#include "s_apps.h"
36d16f8e 170#include "timeouts.h"
d02b48c6 171
bc36ee62 172#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
75e0770d 173/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
7d7d2cbc
UM		 174#undef FIONBIO
175#endif
176
4700aea9
UM		 177#if defined(OPENSSL_SYS_BEOS_R5)
178#include <fcntl.h>
179#endif
180
d02b48c6
RE		 181#undef PROG
182#define PROG s_client_main
183
184/*#define SSL_HOST_NAME "www.netscape.com" */
185/*#define SSL_HOST_NAME "193.118.187.102" */
186#define SSL_HOST_NAME "localhost"
187
188/*#define TEST_CERT "client.pem" */ /* no default cert. */
189
190#undef BUFSIZZ
191#define BUFSIZZ 1024*8
192
193extern int verify_depth;
194extern int verify_error;
5d20c4fb 195extern int verify_return_error;
d02b48c6
RE		 196
197#ifdef FIONBIO
198static int c_nbio=0;
199#endif
200static int c_Pause=0;
201static int c_debug=0;
6434abbf
DSH		 202#ifndef OPENSSL_NO_TLSEXT
203static int c_tlsextdebug=0;
67c8e7f4 204static int c_status_req=0;
6434abbf 205#endif
a661b653 206static int c_msg=0;
6d02d8e4 207static int c_showcerts=0;
d02b48c6 208
e0af0405
BL		 209static char *keymatexportlabel=NULL;
210static int keymatexportlen=20;
211
d02b48c6
RE		 212static void sc_usage(void);
213static void print_stuff(BIO *berr,SSL *con,int full);
0702150f 214#ifndef OPENSSL_NO_TLSEXT
67c8e7f4 215static int ocsp_resp_cb(SSL *s, void *arg);
0702150f 216#endif
d02b48c6
RE		 217static BIO *bio_c_out=NULL;
218static int c_quiet=0;
ce301b6b 219static int c_ign_eof=0;
d02b48c6 220
ddac1974
NL		 221#ifndef OPENSSL_NO_PSK
222/* Default PSK identity and key */
223static char *psk_identity="Client_identity";
f3b7bdad 224/*char *psk_key=NULL; by default PSK is not used */
ddac1974
NL		 225
226static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
227 unsigned int max_identity_len, unsigned char *psk,
228 unsigned int max_psk_len)
229 {
230 unsigned int psk_len = 0;
231 int ret;
232 BIGNUM *bn=NULL;
233
234 if (c_debug)
235 BIO_printf(bio_c_out, "psk_client_cb\n");
236 if (!hint)
237 {
238 /* no ServerKeyExchange message*/
239 if (c_debug)
240 BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n");
241 }
242 else if (c_debug)
243 BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
244
245 /* lookup PSK identity and PSK key based on the given identity hint here */
0ed6b526 246 ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
a0aa8b4b 247 if (ret < 0 || (unsigned int)ret > max_identity_len)
ddac1974
NL		 248 goto out_err;
249 if (c_debug)
250 BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret);
251 ret=BN_hex2bn(&bn, psk_key);
252 if (!ret)
253 {
254 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
255 if (bn)
256 BN_free(bn);
257 return 0;
258 }
259
a0aa8b4b 260 if ((unsigned int)BN_num_bytes(bn) > max_psk_len)
ddac1974
NL		 261 {
262 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
263 max_psk_len, BN_num_bytes(bn));
264 BN_free(bn);
265 return 0;
266 }
267
268 psk_len=BN_bn2bin(bn, psk);
269 BN_free(bn);
270 if (psk_len == 0)
271 goto out_err;
272
273 if (c_debug)
274 BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
275
276 return psk_len;
277 out_err:
278 if (c_debug)
279 BIO_printf(bio_err, "Error in PSK client callback\n");
280 return 0;
281 }
282#endif
283
6b691a5c 284static void sc_usage(void)
d02b48c6 285 {
b6cff93d 286 BIO_printf(bio_err,"usage: s_client args\n");
d02b48c6
RE		 287 BIO_printf(bio_err,"\n");
288 BIO_printf(bio_err," -host host - use -connect instead\n");
289 BIO_printf(bio_err," -port port - use -connect instead\n");
290 BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
291
292 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
293 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
826a42a0
DSH		 294 BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
295 BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
d02b48c6 296 BIO_printf(bio_err," not specified but cert file is.\n");
826a42a0
DSH		 297 BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
298 BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
d02b48c6
RE		 299 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
300 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
301 BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
302 BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
6d02d8e4 303 BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
d02b48c6 304 BIO_printf(bio_err," -debug - extra output\n");
02a00bb0
AP		 305#ifdef WATT32
306 BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
307#endif
a661b653 308 BIO_printf(bio_err," -msg - Show protocol messages\n");
d02b48c6
RE		 309 BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
310 BIO_printf(bio_err," -state - print the 'ssl' states\n");
311#ifdef FIONBIO
312 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
1bdb8633 313#endif
1bdb8633 314 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
d02b48c6 315 BIO_printf(bio_err," -quiet - no s_client output\n");
ce301b6b 316 BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
020d67fb 317 BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
ddac1974
NL		 318#ifndef OPENSSL_NO_PSK
319 BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
320 BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
79bd20fd 321# ifndef OPENSSL_NO_JPAKE
f3b7bdad
BL		 322 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
323# endif
edc032b5
BL		 324#endif
325#ifndef OPENSSL_NO_SRP
326 BIO_printf(bio_err," -srpuser user - SRP authentification for 'user'\n");
327 BIO_printf(bio_err," -srppass arg - password for 'user'\n");
328 BIO_printf(bio_err," -srp_lateuser - SRP username into second ClientHello message\n");
329 BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known g N values.\n");
330 BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
ddac1974 331#endif
d02b48c6
RE		 332 BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
333 BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
7409d7ad 334 BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n");
637f374a 335 BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
58964a49 336 BIO_printf(bio_err," -tls1 - just use TLSv1\n");
36d16f8e 337 BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
046f2101 338 BIO_printf(bio_err," -mtu - set the link layer MTU\n");
7409d7ad 339 BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
d02b48c6 340 BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
836f9960 341 BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
657e60fa 342 BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
dfeab068 343 BIO_printf(bio_err," command to see what is available\n");
135c0af1
RL		 344 BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
345 BIO_printf(bio_err," for those protocols that support it, where\n");
346 BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
d5bbead4
BL		 347 BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
348 BIO_printf(bio_err," are supported.\n");
0b13e9f0 349#ifndef OPENSSL_NO_ENGINE
5270e702 350 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
0b13e9f0 351#endif
52b621db 352 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
014f62b6
DSH		 353 BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
354 BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
ed3883d2
BM		 355#ifndef OPENSSL_NO_TLSEXT
356 BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n");
d24a9c8f 357 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
67c8e7f4 358 BIO_printf(bio_err," -status - request certificate status from server\n");
d24a9c8f 359 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
bf48836c 360# ifndef OPENSSL_NO_NEXTPROTONEG
ee2ffc27
BL		 361 BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
362# endif
ed3883d2 363#endif
2942dde5 364 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
333f926d 365 BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
e0af0405
BL		 366 BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
367 BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
d02b48c6
RE		 368 }
369
ed3883d2
BM		 370#ifndef OPENSSL_NO_TLSEXT
371
372/* This is a context that we pass to callbacks */
373typedef struct tlsextctx_st {
374 BIO * biodebug;
375 int ack;
376} tlsextctx;
377
378
b1277b99
BM		 379static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
380 {
ed3883d2 381 tlsextctx * p = (tlsextctx *) arg;
8de5b7f5 382 const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
ed3883d2
BM		 383 if (SSL_get_servername_type(s) != -1)
384 p->ack = !SSL_session_reused(s) && hn != NULL;
385 else
f1fd4544 386 BIO_printf(bio_err,"Can't use SSL_get_servername\n");
ed3883d2 387
241520e6 388 return SSL_TLSEXT_ERR_OK;
b1277b99 389 }
ee2ffc27 390
edc032b5
BL		 391#ifndef OPENSSL_NO_SRP
392
393/* This is a context that we pass to all callbacks */
394typedef struct srp_arg_st
395 {
396 char *srppassin;
397 char *srplogin;
398 int msg; /* copy from c_msg */
399 int debug; /* copy from c_debug */
400 int amp; /* allow more groups */
401 int strength /* minimal size for N */ ;
402 } SRP_ARG;
403
404#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
405
f2fc3075 406static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
edc032b5
BL		 407 {
408 BN_CTX *bn_ctx = BN_CTX_new();
409 BIGNUM *p = BN_new();
410 BIGNUM *r = BN_new();
411 int ret =
412 g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
f2fc3075 413 BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
edc032b5
BL		 414 p != NULL && BN_rshift1(p, N) &&
415
416 /* p = (N-1)/2 */
f2fc3075 417 BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
edc032b5
BL		 418 r != NULL &&
419
420 /* verify g^((N-1)/2) == -1 (mod N) */
421 BN_mod_exp(r, g, p, N, bn_ctx) &&
422 BN_add_word(r, 1) &&
423 BN_cmp(r, N) == 0;
424
425 if(r)
426 BN_free(r);
427 if(p)
428 BN_free(p);
429 if(bn_ctx)
430 BN_CTX_free(bn_ctx);
431 return ret;
432 }
433
f2fc3075
DSH		 434/* This callback is used here for two purposes:
435 - extended debugging
436 - making some primality tests for unknown groups
437 The callback is only called for a non default group.
438
439 An application does not need the call back at all if
440 only the stanard groups are used. In real life situations,
441 client and server already share well known groups,
442 thus there is no need to verify them.
443 Furthermore, in case that a server actually proposes a group that
444 is not one of those defined in RFC 5054, it is more appropriate
445 to add the group to a static list and then compare since
446 primality tests are rather cpu consuming.
447*/
448
edc032b5
BL		 449static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)
450 {
451 SRP_ARG *srp_arg = (SRP_ARG *)arg;
452 BIGNUM *N = NULL, *g = NULL;
453 if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s)))
454 return 0;
455 if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1)
456 {
457 BIO_printf(bio_err, "SRP parameters:\n");
458 BIO_printf(bio_err,"\tN="); BN_print(bio_err,N);
459 BIO_printf(bio_err,"\n\tg="); BN_print(bio_err,g);
460 BIO_printf(bio_err,"\n");
461 }
462
463 if (SRP_check_known_gN_param(g,N))
464 return 1;
465
466 if (srp_arg->amp == 1)
467 {
468 if (srp_arg->debug)
469 BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
470
f2fc3075 471/* The srp_moregroups is a real debugging feature.
edc032b5
BL		 472 Implementors should rather add the value to the known ones.
473 The minimal size has already been tested.
474*/
f2fc3075 475 if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N,g))
edc032b5
BL		 476 return 1;
477 }
478 BIO_printf(bio_err, "SRP param N and g rejected.\n");
479 return 0;
480 }
481
482#define PWD_STRLEN 1024
483
484static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
485 {
486 SRP_ARG *srp_arg = (SRP_ARG *)arg;
487 char *pass = (char *)OPENSSL_malloc(PWD_STRLEN+1);
488 PW_CB_DATA cb_tmp;
489 int l;
490
491 cb_tmp.password = (char *)srp_arg->srppassin;
492 cb_tmp.prompt_info = "SRP user";
493 if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp))<0)
494 {
495 BIO_printf (bio_err, "Can't read Password\n");
496 OPENSSL_free(pass);
497 return NULL;
498 }
499 *(pass+l)= '\0';
500
501 return pass;
502 }
503
edc032b5 504#endif
333f926d 505 char *srtp_profiles = NULL;
edc032b5 506
bf48836c 507# ifndef OPENSSL_NO_NEXTPROTONEG
ee2ffc27
BL		 508/* This the context that we pass to next_proto_cb */
509typedef struct tlsextnextprotoctx_st {
510 unsigned char *data;
511 unsigned short len;
512 int status;
513} tlsextnextprotoctx;
514
515static tlsextnextprotoctx next_proto;
516
517static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
518 {
519 tlsextnextprotoctx *ctx = arg;
520
521 if (!c_quiet)
522 {
523 /* We can assume that |in| is syntactically valid. */
524 unsigned i;
525 BIO_printf(bio_c_out, "Protocols advertised by server: ");
526 for (i = 0; i < inlen; )
527 {
528 if (i)
529 BIO_write(bio_c_out, ", ", 2);
530 BIO_write(bio_c_out, &in[i + 1], in[i]);
531 i += in[i] + 1;
532 }
533 BIO_write(bio_c_out, "\n", 1);
534 }
535
536 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
537 return SSL_TLSEXT_ERR_OK;
538 }
bf48836c 539# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
ed3883d2
BM		 540#endif
541
85c67492
RL		 542enum
543{
544 PROTO_OFF = 0,
545 PROTO_SMTP,
546 PROTO_POP3,
547 PROTO_IMAP,
d5bbead4 548 PROTO_FTP,
640b86cb 549 PROTO_XMPP
85c67492
RL		 550};
551
667ac4ec
RE		 552int MAIN(int, char **);
553
6b691a5c 554int MAIN(int argc, char **argv)
d02b48c6 555 {
ef51b4b9 556 unsigned int off=0, clr=0;
67b6f1ca 557 SSL *con=NULL;
4f7a2ab8
DSH		 558#ifndef OPENSSL_NO_KRB5
559 KSSL_CTX *kctx;
560#endif
d02b48c6 561 int s,k,width,state=0;
135c0af1 562 char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
d02b48c6
RE		 563 int cbuf_len,cbuf_off;
564 int sbuf_len,sbuf_off;
565 fd_set readfds,writefds;
566 short port=PORT;
567 int full_log=1;
568 char *host=SSL_HOST_NAME;
569 char *cert_file=NULL,*key_file=NULL;
826a42a0
DSH		 570 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
571 char *passarg = NULL, *pass = NULL;
572 X509 *cert = NULL;
573 EVP_PKEY *key = NULL;
d02b48c6
RE		 574 char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
575 int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
1bdb8633 576 int crlf=0;
c7ac31e2 577 int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
d02b48c6
RE		 578 SSL_CTX *ctx=NULL;
579 int ret=1,in_init=1,i,nbio_test=0;
85c67492 580 int starttls_proto = PROTO_OFF;
db99779b
DSH		 581 int prexit = 0;
582 X509_VERIFY_PARAM *vpm = NULL;
583 int badarg = 0;
4ebb342f 584 const SSL_METHOD *meth=NULL;
b1277b99 585 int socket_type=SOCK_STREAM;
d02b48c6 586 BIO *sbio;
52b621db 587 char *inrand=NULL;
85c67492 588 int mbuf_len=0;
b972fbaa 589 struct timeval timeout, *timeoutp;
0b13e9f0 590#ifndef OPENSSL_NO_ENGINE
5270e702 591 char *engine_id=NULL;
59d2d48f 592 char *ssl_client_engine_id=NULL;
70531c14 593 ENGINE *ssl_client_engine=NULL;
0b13e9f0 594#endif
70531c14 595 ENGINE *e=NULL;
4700aea9 596#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
06f4536a 597 struct timeval tv;
4700aea9
UM		 598#if defined(OPENSSL_SYS_BEOS_R5)
599 int stdin_set = 0;
600#endif
06f4536a 601#endif
ed3883d2
BM		 602#ifndef OPENSSL_NO_TLSEXT
603 char *servername = NULL;
604 tlsextctx tlsextcbp =
605 {NULL,0};
bf48836c 606# ifndef OPENSSL_NO_NEXTPROTONEG
ee2ffc27
BL		 607 const char *next_proto_neg_in = NULL;
608# endif
ed3883d2 609#endif
6434abbf
DSH		 610 char *sess_in = NULL;
611 char *sess_out = NULL;
36d16f8e 612 struct sockaddr peer;
6c61726b 613 int peerlen = sizeof(peer);
36d16f8e 614 int enable_timeouts = 0 ;
b1277b99 615 long socket_mtu = 0;
79bd20fd 616#ifndef OPENSSL_NO_JPAKE
6caa4edd 617 char *jpake_secret = NULL;
ed551cdd 618#endif
edc032b5
BL		 619#ifndef OPENSSL_NO_SRP
620 char * srppass = NULL;
621 int srp_lateuser = 0;
622 SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
623#endif
36d16f8e 624
cf1b7d96 625#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
d02b48c6 626 meth=SSLv23_client_method();
cf1b7d96 627#elif !defined(OPENSSL_NO_SSL3)
d02b48c6 628 meth=SSLv3_client_method();
cf1b7d96 629#elif !defined(OPENSSL_NO_SSL2)
d02b48c6
RE		 630 meth=SSLv2_client_method();
631#endif
632
633 apps_startup();
58964a49 634 c_Pause=0;
d02b48c6 635 c_quiet=0;
ce301b6b 636 c_ign_eof=0;
d02b48c6 637 c_debug=0;
a661b653 638 c_msg=0;
6d02d8e4 639 c_showcerts=0;
d02b48c6
RE		 640
641 if (bio_err == NULL)
642 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
643
3647bee2
DSH		 644 if (!load_config(bio_err, NULL))
645 goto end;
646
26a3a48d 647 if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
135c0af1
RL		 648 ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
649 ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
d02b48c6
RE		 650 {
651 BIO_printf(bio_err,"out of memory\n");
652 goto end;
653 }
654
655 verify_depth=0;
656 verify_error=X509_V_OK;
657#ifdef FIONBIO
658 c_nbio=0;
659#endif
660
661 argc--;
662 argv++;
663 while (argc >= 1)
664 {
665 if (strcmp(*argv,"-host") == 0)
666 {
667 if (--argc < 1) goto bad;
668 host= *(++argv);
669 }
670 else if (strcmp(*argv,"-port") == 0)
671 {
672 if (--argc < 1) goto bad;
673 port=atoi(*(++argv));
674 if (port == 0) goto bad;
675 }
676 else if (strcmp(*argv,"-connect") == 0)
677 {
678 if (--argc < 1) goto bad;
679 if (!extract_host_port(*(++argv),&host,NULL,&port))
680 goto bad;
681 }
682 else if (strcmp(*argv,"-verify") == 0)
683 {
684 verify=SSL_VERIFY_PEER;
685 if (--argc < 1) goto bad;
686 verify_depth=atoi(*(++argv));
687 BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
688 }
689 else if (strcmp(*argv,"-cert") == 0)
690 {
691 if (--argc < 1) goto bad;
692 cert_file= *(++argv);
693 }
6434abbf
DSH		 694 else if (strcmp(*argv,"-sess_out") == 0)
695 {
696 if (--argc < 1) goto bad;
697 sess_out = *(++argv);
698 }
699 else if (strcmp(*argv,"-sess_in") == 0)
700 {
701 if (--argc < 1) goto bad;
702 sess_in = *(++argv);
703 }
826a42a0
DSH		 704 else if (strcmp(*argv,"-certform") == 0)
705 {
706 if (--argc < 1) goto bad;
707 cert_format = str2fmt(*(++argv));
708 }
db99779b
DSH		 709 else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
710 {
711 if (badarg)
712 goto bad;
713 continue;
714 }
5d20c4fb
DSH		 715 else if (strcmp(*argv,"-verify_return_error") == 0)
716 verify_return_error = 1;
c3ed3b6e
DSH		 717 else if (strcmp(*argv,"-prexit") == 0)
718 prexit=1;
1bdb8633
BM		 719 else if (strcmp(*argv,"-crlf") == 0)
720 crlf=1;
d02b48c6 721 else if (strcmp(*argv,"-quiet") == 0)
ce301b6b 722 {
d02b48c6 723 c_quiet=1;
ce301b6b
RL		 724 c_ign_eof=1;
725 }
726 else if (strcmp(*argv,"-ign_eof") == 0)
727 c_ign_eof=1;
020d67fb
LJ		 728 else if (strcmp(*argv,"-no_ign_eof") == 0)
729 c_ign_eof=0;
d02b48c6
RE		 730 else if (strcmp(*argv,"-pause") == 0)
731 c_Pause=1;
732 else if (strcmp(*argv,"-debug") == 0)
733 c_debug=1;
6434abbf
DSH		 734#ifndef OPENSSL_NO_TLSEXT
735 else if (strcmp(*argv,"-tlsextdebug") == 0)
736 c_tlsextdebug=1;
67c8e7f4
DSH		 737 else if (strcmp(*argv,"-status") == 0)
738 c_status_req=1;
6434abbf 739#endif
02a00bb0
AP		 740#ifdef WATT32
741 else if (strcmp(*argv,"-wdebug") == 0)
742 dbug_init();
743#endif
a661b653
BM		 744 else if (strcmp(*argv,"-msg") == 0)
745 c_msg=1;
6d02d8e4
BM		 746 else if (strcmp(*argv,"-showcerts") == 0)
747 c_showcerts=1;
d02b48c6
RE		 748 else if (strcmp(*argv,"-nbio_test") == 0)
749 nbio_test=1;
750 else if (strcmp(*argv,"-state") == 0)
751 state=1;
ddac1974
NL		 752#ifndef OPENSSL_NO_PSK
753 else if (strcmp(*argv,"-psk_identity") == 0)
754 {
755 if (--argc < 1) goto bad;
756 psk_identity=*(++argv);
757 }
758 else if (strcmp(*argv,"-psk") == 0)
759 {
760 size_t j;
761
762 if (--argc < 1) goto bad;
763 psk_key=*(++argv);
764 for (j = 0; j < strlen(psk_key); j++)
765 {
766 if (isxdigit((int)psk_key[j]))
767 continue;
768 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
769 goto bad;
770 }
771 }
772#endif
edc032b5
BL		 773#ifndef OPENSSL_NO_SRP
774 else if (strcmp(*argv,"-srpuser") == 0)
775 {
776 if (--argc < 1) goto bad;
777 srp_arg.srplogin= *(++argv);
778 meth=TLSv1_client_method();
779 }
780 else if (strcmp(*argv,"-srppass") == 0)
781 {
782 if (--argc < 1) goto bad;
783 srppass= *(++argv);
784 meth=TLSv1_client_method();
785 }
786 else if (strcmp(*argv,"-srp_strength") == 0)
787 {
788 if (--argc < 1) goto bad;
789 srp_arg.strength=atoi(*(++argv));
790 BIO_printf(bio_err,"SRP minimal length for N is %d\n",srp_arg.strength);
791 meth=TLSv1_client_method();
792 }
793 else if (strcmp(*argv,"-srp_lateuser") == 0)
794 {
795 srp_lateuser= 1;
796 meth=TLSv1_client_method();
797 }
798 else if (strcmp(*argv,"-srp_moregroups") == 0)
799 {
800 srp_arg.amp=1;
801 meth=TLSv1_client_method();
802 }
803#endif
cf1b7d96 804#ifndef OPENSSL_NO_SSL2
d02b48c6
RE		 805 else if (strcmp(*argv,"-ssl2") == 0)
806 meth=SSLv2_client_method();
807#endif
cf1b7d96 808#ifndef OPENSSL_NO_SSL3
d02b48c6
RE		 809 else if (strcmp(*argv,"-ssl3") == 0)
810 meth=SSLv3_client_method();
58964a49 811#endif
cf1b7d96 812#ifndef OPENSSL_NO_TLS1
7409d7ad
DSH		 813 else if (strcmp(*argv,"-tls1_2") == 0)
814 meth=TLSv1_2_client_method();
637f374a
DSH		 815 else if (strcmp(*argv,"-tls1_1") == 0)
816 meth=TLSv1_1_client_method();
58964a49
RE		 817 else if (strcmp(*argv,"-tls1") == 0)
818 meth=TLSv1_client_method();
36d16f8e
BL		 819#endif
820#ifndef OPENSSL_NO_DTLS1
821 else if (strcmp(*argv,"-dtls1") == 0)
822 {
823 meth=DTLSv1_client_method();
b1277b99 824 socket_type=SOCK_DGRAM;
36d16f8e
BL		 825 }
826 else if (strcmp(*argv,"-timeout") == 0)
827 enable_timeouts=1;
828 else if (strcmp(*argv,"-mtu") == 0)
829 {
830 if (--argc < 1) goto bad;
b1277b99 831 socket_mtu = atol(*(++argv));
36d16f8e 832 }
d02b48c6
RE		 833#endif
834 else if (strcmp(*argv,"-bugs") == 0)
835 bugs=1;
826a42a0
DSH		 836 else if (strcmp(*argv,"-keyform") == 0)
837 {
838 if (--argc < 1) goto bad;
839 key_format = str2fmt(*(++argv));
840 }
841 else if (strcmp(*argv,"-pass") == 0)
842 {
843 if (--argc < 1) goto bad;
844 passarg = *(++argv);
845 }
d02b48c6
RE		 846 else if (strcmp(*argv,"-key") == 0)
847 {
848 if (--argc < 1) goto bad;
849 key_file= *(++argv);
850 }
851 else if (strcmp(*argv,"-reconnect") == 0)
852 {
853 reconnect=5;
854 }
855 else if (strcmp(*argv,"-CApath") == 0)
856 {
857 if (--argc < 1) goto bad;
858 CApath= *(++argv);
859 }
860 else if (strcmp(*argv,"-CAfile") == 0)
861 {
862 if (--argc < 1) goto bad;
863 CAfile= *(++argv);
864 }
7409d7ad
DSH		 865 else if (strcmp(*argv,"-no_tls1_2") == 0)
866 off|=SSL_OP_NO_TLSv1_2;
637f374a
DSH		 867 else if (strcmp(*argv,"-no_tls1_1") == 0)
868 off|=SSL_OP_NO_TLSv1_1;
58964a49
RE		 869 else if (strcmp(*argv,"-no_tls1") == 0)
870 off|=SSL_OP_NO_TLSv1;
871 else if (strcmp(*argv,"-no_ssl3") == 0)
872 off|=SSL_OP_NO_SSLv3;
873 else if (strcmp(*argv,"-no_ssl2") == 0)
874 off|=SSL_OP_NO_SSLv2;
566dda07
DSH		 875 else if (strcmp(*argv,"-no_comp") == 0)
876 { off|=SSL_OP_NO_COMPRESSION; }
6434abbf
DSH		 877#ifndef OPENSSL_NO_TLSEXT
878 else if (strcmp(*argv,"-no_ticket") == 0)
879 { off|=SSL_OP_NO_TICKET; }
bf48836c 880# ifndef OPENSSL_NO_NEXTPROTONEG
ee2ffc27
BL		 881 else if (strcmp(*argv,"-nextprotoneg") == 0)
882 {
883 if (--argc < 1) goto bad;
884 next_proto_neg_in = *(++argv);
885 }
886# endif
6434abbf 887#endif
836f9960
LJ		 888 else if (strcmp(*argv,"-serverpref") == 0)
889 off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
2942dde5
DSH		 890 else if (strcmp(*argv,"-legacy_renegotiation") == 0)
891 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
ef51b4b9
DSH		 892 else if (strcmp(*argv,"-legacy_server_connect") == 0)
893 { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
894 else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
895 { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
d02b48c6
RE		 896 else if (strcmp(*argv,"-cipher") == 0)
897 {
898 if (--argc < 1) goto bad;
899 cipher= *(++argv);
900 }
901#ifdef FIONBIO
902 else if (strcmp(*argv,"-nbio") == 0)
903 { c_nbio=1; }
904#endif
135c0af1
RL		 905 else if (strcmp(*argv,"-starttls") == 0)
906 {
907 if (--argc < 1) goto bad;
908 ++argv;
909 if (strcmp(*argv,"smtp") == 0)
85c67492 910 starttls_proto = PROTO_SMTP;
4f17dfcd 911 else if (strcmp(*argv,"pop3") == 0)
85c67492
RL		 912 starttls_proto = PROTO_POP3;
913 else if (strcmp(*argv,"imap") == 0)
914 starttls_proto = PROTO_IMAP;
915 else if (strcmp(*argv,"ftp") == 0)
916 starttls_proto = PROTO_FTP;
d5bbead4
BL		 917 else if (strcmp(*argv, "xmpp") == 0)
918 starttls_proto = PROTO_XMPP;
135c0af1
RL		 919 else
920 goto bad;
921 }
0b13e9f0 922#ifndef OPENSSL_NO_ENGINE
5270e702
RL		 923 else if (strcmp(*argv,"-engine") == 0)
924 {
925 if (--argc < 1) goto bad;
926 engine_id = *(++argv);
927 }
59d2d48f
DSH		 928 else if (strcmp(*argv,"-ssl_client_engine") == 0)
929 {
930 if (--argc < 1) goto bad;
931 ssl_client_engine_id = *(++argv);
932 }
0b13e9f0 933#endif
52b621db
LJ		 934 else if (strcmp(*argv,"-rand") == 0)
935 {
936 if (--argc < 1) goto bad;
937 inrand= *(++argv);
938 }
ed3883d2
BM		 939#ifndef OPENSSL_NO_TLSEXT
940 else if (strcmp(*argv,"-servername") == 0)
941 {
942 if (--argc < 1) goto bad;
943 servername= *(++argv);
944 /* meth=TLSv1_client_method(); */
945 }
946#endif
79bd20fd 947#ifndef OPENSSL_NO_JPAKE
6caa4edd
BL		 948 else if (strcmp(*argv,"-jpake") == 0)
949 {
950 if (--argc < 1) goto bad;
951 jpake_secret = *++argv;
952 }
ed551cdd 953#endif
333f926d
BL		 954 else if (strcmp(*argv,"-use_srtp") == 0)
955 {
956 if (--argc < 1) goto bad;
957 srtp_profiles = *(++argv);
958 }
e0af0405
BL		 959 else if (strcmp(*argv,"-keymatexport") == 0)
960 {
961 if (--argc < 1) goto bad;
962 keymatexportlabel= *(++argv);
963 }
964 else if (strcmp(*argv,"-keymatexportlen") == 0)
965 {
966 if (--argc < 1) goto bad;
967 keymatexportlen=atoi(*(++argv));
968 if (keymatexportlen == 0) goto bad;
969 }
333f926d 970 else
d02b48c6
RE		 971 {
972 BIO_printf(bio_err,"unknown option %s\n",*argv);
973 badop=1;
974 break;
975 }
976 argc--;
977 argv++;
978 }
979 if (badop)
980 {
981bad:
982 sc_usage();
983 goto end;
984 }
985
79bd20fd 986#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
f3b7bdad
BL		 987 if (jpake_secret)
988 {
989 if (psk_key)
990 {
991 BIO_printf(bio_err,
992 "Can't use JPAKE and PSK together\n");
993 goto end;
994 }
995 psk_identity = "JPAKE";
996 }
997
998 if (cipher)
999 {
1000 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
1001 goto end;
1002 }
1003 cipher = "PSK";
1004#endif
1005
cead7f36
RL		 1006 OpenSSL_add_ssl_algorithms();
1007 SSL_load_error_strings();
1008
bf48836c 1009#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
ee2ffc27
BL		 1010 next_proto.status = -1;
1011 if (next_proto_neg_in)
1012 {
1013 next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
1014 if (next_proto.data == NULL)
1015 {
1016 BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
1017 goto end;
1018 }
1019 }
1020 else
1021 next_proto.data = NULL;
1022#endif
1023
0b13e9f0 1024#ifndef OPENSSL_NO_ENGINE
cead7f36 1025 e = setup_engine(bio_err, engine_id, 1);
59d2d48f
DSH		 1026 if (ssl_client_engine_id)
1027 {
1028 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
1029 if (!ssl_client_engine)
1030 {
1031 BIO_printf(bio_err,
1032 "Error getting client auth engine\n");
1033 goto end;
1034 }
1035 }
1036
0b13e9f0 1037#endif
826a42a0
DSH		 1038 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
1039 {
1040 BIO_printf(bio_err, "Error getting password\n");
1041 goto end;
1042 }
1043
1044 if (key_file == NULL)
1045 key_file = cert_file;
1046
abbc186b
DSH		 1047
1048 if (key_file)
1049
826a42a0 1050 {
abbc186b
DSH		 1051
1052 key = load_key(bio_err, key_file, key_format, 0, pass, e,
1053 "client certificate private key file");
1054 if (!key)
1055 {
1056 ERR_print_errors(bio_err);
1057 goto end;
1058 }
1059
826a42a0
DSH		 1060 }
1061
abbc186b 1062 if (cert_file)
826a42a0 1063
826a42a0 1064 {
abbc186b
DSH		 1065 cert = load_cert(bio_err,cert_file,cert_format,
1066 NULL, e, "client certificate file");
1067
1068 if (!cert)
1069 {
1070 ERR_print_errors(bio_err);
1071 goto end;
1072 }
826a42a0 1073 }
cead7f36 1074
52b621db
LJ		 1075 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1076 && !RAND_status())
1077 {
1078 BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
1079 }
1080 if (inrand != NULL)
1081 BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
1082 app_RAND_load_files(inrand));
a31011e8 1083
d02b48c6
RE		 1084 if (bio_c_out == NULL)
1085 {
a661b653 1086 if (c_quiet && !c_debug && !c_msg)
d02b48c6
RE		 1087 {
1088 bio_c_out=BIO_new(BIO_s_null());
1089 }
1090 else
1091 {
1092 if (bio_c_out == NULL)
1093 bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
1094 }
1095 }
1096
edc032b5
BL		 1097#ifndef OPENSSL_NO_SRP
1098 if(!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL))
1099 {
1100 BIO_printf(bio_err, "Error getting password\n");
1101 goto end;
1102 }
1103#endif
1104
d02b48c6
RE		 1105 ctx=SSL_CTX_new(meth);
1106 if (ctx == NULL)
1107 {
1108 ERR_print_errors(bio_err);
1109 goto end;
1110 }
1111
db99779b
DSH		 1112 if (vpm)
1113 SSL_CTX_set1_param(ctx, vpm);
1114
59d2d48f
DSH		 1115#ifndef OPENSSL_NO_ENGINE
1116 if (ssl_client_engine)
1117 {
1118 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
1119 {
1120 BIO_puts(bio_err, "Error setting client auth engine\n");
1121 ERR_print_errors(bio_err);
1122 ENGINE_free(ssl_client_engine);
1123 goto end;
1124 }
1125 ENGINE_free(ssl_client_engine);
1126 }
1127#endif
1128
ddac1974 1129#ifndef OPENSSL_NO_PSK
79bd20fd
DSH		 1130#ifdef OPENSSL_NO_JPAKE
1131 if (psk_key != NULL)
1132#else
f3b7bdad 1133 if (psk_key != NULL || jpake_secret)
79bd20fd 1134#endif
ddac1974
NL		 1135 {
1136 if (c_debug)
f3b7bdad 1137 BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
ddac1974
NL		 1138 SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
1139 }
333f926d
BL		 1140 if (srtp_profiles != NULL)
1141 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
ddac1974 1142#endif
58964a49
RE		 1143 if (bugs)
1144 SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
1145 else
1146 SSL_CTX_set_options(ctx,off);
ef51b4b9
DSH		 1147
1148 if (clr)
1149 SSL_CTX_clear_options(ctx, clr);
36d16f8e
BL		 1150 /* DTLS: partial reads end up discarding unread UDP bytes :-(
1151 * Setting read ahead solves this problem.
1152 */
b1277b99 1153 if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
d02b48c6 1154
bf48836c 1155#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
ee2ffc27
BL		 1156 if (next_proto.data)
1157 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
1158#endif
1159
d02b48c6
RE		 1160 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
1161 if (cipher != NULL)
fabce041 1162 if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
657e60fa 1163 BIO_printf(bio_err,"error setting cipher list\n");
fabce041
DSH		 1164 ERR_print_errors(bio_err);
1165 goto end;
1166 }
d02b48c6
RE		 1167#if 0
1168 else
1169 SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
1170#endif
1171
1172 SSL_CTX_set_verify(ctx,verify,verify_callback);
826a42a0 1173 if (!set_cert_key_stuff(ctx,cert,key))
d02b48c6
RE		 1174 goto end;
1175
1176 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
1177 (!SSL_CTX_set_default_verify_paths(ctx)))
1178 {
657e60fa 1179 /* BIO_printf(bio_err,"error setting default verify locations\n"); */
d02b48c6 1180 ERR_print_errors(bio_err);
58964a49 1181 /* goto end; */
d02b48c6
RE		 1182 }
1183
ed3883d2 1184#ifndef OPENSSL_NO_TLSEXT
b1277b99
BM		 1185 if (servername != NULL)
1186 {
ed3883d2
BM		 1187 tlsextcbp.biodebug = bio_err;
1188 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1189 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
b1277b99 1190 }
edc032b5
BL		 1191#ifndef OPENSSL_NO_SRP
1192 if (srp_arg.srplogin)
1193 {
f2fc3075 1194 if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))
edc032b5
BL		 1195 {
1196 BIO_printf(bio_err,"Unable to set SRP username\n");
1197 goto end;
1198 }
1199 srp_arg.msg = c_msg;
1200 srp_arg.debug = c_debug ;
1201 SSL_CTX_set_srp_cb_arg(ctx,&srp_arg);
1202 SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
1203 SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
1204 if (c_msg || c_debug || srp_arg.amp == 0)
1205 SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb);
1206 }
1207
1208#endif
ed3883d2 1209#endif
d02b48c6 1210
82fc1d9c 1211 con=SSL_new(ctx);
6434abbf
DSH		 1212 if (sess_in)
1213 {
1214 SSL_SESSION *sess;
1215 BIO *stmp = BIO_new_file(sess_in, "r");
1216 if (!stmp)
1217 {
1218 BIO_printf(bio_err, "Can't open session file %s\n",
1219 sess_in);
1220 ERR_print_errors(bio_err);
1221 goto end;
1222 }
1223 sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
1224 BIO_free(stmp);
1225 if (!sess)
1226 {
1227 BIO_printf(bio_err, "Can't open session file %s\n",
1228 sess_in);
1229 ERR_print_errors(bio_err);
1230 goto end;
1231 }
1232 SSL_set_session(con, sess);
1233 SSL_SESSION_free(sess);
1234 }
ed3883d2 1235#ifndef OPENSSL_NO_TLSEXT
b1277b99
BM		 1236 if (servername != NULL)
1237 {
a13c20f6 1238 if (!SSL_set_tlsext_host_name(con,servername))
b1277b99 1239 {
ed3883d2
BM		 1240 BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
1241 ERR_print_errors(bio_err);
1242 goto end;
b1277b99 1243 }
ed3883d2 1244 }
ed3883d2 1245#endif
cf1b7d96 1246#ifndef OPENSSL_NO_KRB5
4f7a2ab8 1247 if (con && (kctx = kssl_ctx_new()) != NULL)
f9b3bff6 1248 {
4f7a2ab8
DSH		 1249 SSL_set0_kssl_ctx(con, kctx);
1250 kssl_ctx_setstring(kctx, KSSL_SERVER, host);
f9b3bff6 1251 }
cf1b7d96 1252#endif /* OPENSSL_NO_KRB5 */
58964a49 1253/* SSL_set_cipher_list(con,"RC4-MD5"); */
761772d7
BM		 1254#if 0
1255#ifdef TLSEXT_TYPE_opaque_prf_input
86d4bc3a 1256 SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
761772d7
BM		 1257#endif
1258#endif
d02b48c6
RE		 1259
1260re_start:
1261
b1277b99 1262 if (init_client(&s,host,port,socket_type) == 0)
d02b48c6 1263 {
58964a49 1264 BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
d02b48c6
RE		 1265 SHUTDOWN(s);
1266 goto end;
1267 }
1268 BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
1269
1270#ifdef FIONBIO
1271 if (c_nbio)
1272 {
1273 unsigned long l=1;
1274 BIO_printf(bio_c_out,"turning on non blocking io\n");
58964a49
RE		 1275 if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
1276 {
1277 ERR_print_errors(bio_err);
1278 goto end;
1279 }
d02b48c6
RE		 1280 }
1281#endif
08557cf2 1282 if (c_Pause & 0x01) SSL_set_debug(con, 1);
36d16f8e
BL		 1283
1284 if ( SSL_version(con) == DTLS1_VERSION)
1285 {
36d16f8e
BL		 1286
1287 sbio=BIO_new_dgram(s,BIO_NOCLOSE);
6c61726b 1288 if (getsockname(s, &peer, (void *)&peerlen) < 0)
36d16f8e
BL		 1289 {
1290 BIO_printf(bio_err, "getsockname:errno=%d\n",
1291 get_last_socket_error());
1292 SHUTDOWN(s);
1293 goto end;
1294 }
1295
710069c1 1296 (void)BIO_ctrl_set_connected(sbio, 1, &peer);
36d16f8e 1297
b1277b99 1298 if (enable_timeouts)
36d16f8e
BL		 1299 {
1300 timeout.tv_sec = 0;
1301 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1302 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1303
1304 timeout.tv_sec = 0;
1305 timeout.tv_usec = DGRAM_SND_TIMEOUT;
1306 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1307 }
1308
046f2101 1309 if (socket_mtu > 28)
36d16f8e
BL		 1310 {
1311 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
046f2101 1312 SSL_set_mtu(con, socket_mtu - 28);
36d16f8e
BL		 1313 }
1314 else
1315 /* want to do MTU discovery */
1316 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1317 }
1318 else
1319 sbio=BIO_new_socket(s,BIO_NOCLOSE);
1320
d02b48c6
RE		 1321 if (nbio_test)
1322 {
1323 BIO *test;
1324
1325 test=BIO_new(BIO_f_nbio_test());
1326 sbio=BIO_push(test,sbio);
1327 }
1328
1329 if (c_debug)
1330 {
08557cf2 1331 SSL_set_debug(con, 1);
25495640 1332 BIO_set_callback(sbio,bio_dump_callback);
7806f3dd 1333 BIO_set_callback_arg(sbio,(char *)bio_c_out);
d02b48c6 1334 }
a661b653
BM		 1335 if (c_msg)
1336 {
1337 SSL_set_msg_callback(con, msg_cb);
1338 SSL_set_msg_callback_arg(con, bio_c_out);
1339 }
6434abbf
DSH		 1340#ifndef OPENSSL_NO_TLSEXT
1341 if (c_tlsextdebug)
1342 {
1343 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1344 SSL_set_tlsext_debug_arg(con, bio_c_out);
1345 }
67c8e7f4
DSH		 1346 if (c_status_req)
1347 {
1348 SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
1349 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
1350 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
1351#if 0
1352{
1353STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
1354OCSP_RESPID *id = OCSP_RESPID_new();
1355id->value.byKey = ASN1_OCTET_STRING_new();
1356id->type = V_OCSP_RESPID_KEY;
1357ASN1_STRING_set(id->value.byKey, "Hello World", -1);
1358sk_OCSP_RESPID_push(ids, id);
1359SSL_set_tlsext_status_ids(con, ids);
1360}
1361#endif
1362 }
6434abbf 1363#endif
79bd20fd 1364#ifndef OPENSSL_NO_JPAKE
6caa4edd
BL		 1365 if (jpake_secret)
1366 jpake_client_auth(bio_c_out, sbio, jpake_secret);
ed551cdd 1367#endif
6caa4edd 1368
d02b48c6
RE		 1369 SSL_set_bio(con,sbio,sbio);
1370 SSL_set_connect_state(con);
1371
1372 /* ok, lets connect */
1373 width=SSL_get_fd(con)+1;
1374
1375 read_tty=1;
1376 write_tty=0;
1377 tty_on=0;
1378 read_ssl=1;
1379 write_ssl=1;
1380
1381 cbuf_len=0;
1382 cbuf_off=0;
1383 sbuf_len=0;
1384 sbuf_off=0;
1385
135c0af1 1386 /* This is an ugly hack that does a lot of assumptions */
ee373e7f
LJ		 1387 /* We do have to handle multi-line responses which may come
1388 in a single packet or not. We therefore have to use
1389 BIO_gets() which does need a buffering BIO. So during
1390 the initial chitchat we do push a buffering BIO into the
1391 chain that is removed again later on to not disturb the
1392 rest of the s_client operation. */
85c67492 1393 if (starttls_proto == PROTO_SMTP)
135c0af1 1394 {
8d72476e 1395 int foundit=0;
ee373e7f
LJ		 1396 BIO *fbio = BIO_new(BIO_f_buffer());
1397 BIO_push(fbio, sbio);
85c67492
RL		 1398 /* wait for multi-line response to end from SMTP */
1399 do
1400 {
ee373e7f 1401 mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
85c67492
RL		 1402 }
1403 while (mbuf_len>3 && mbuf[3]=='-');
8d72476e 1404 /* STARTTLS command requires EHLO... */
ee373e7f 1405 BIO_printf(fbio,"EHLO openssl.client.net\r\n");
710069c1 1406 (void)BIO_flush(fbio);
8d72476e
LJ		 1407 /* wait for multi-line response to end EHLO SMTP response */
1408 do
1409 {
ee373e7f 1410 mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
8d72476e
LJ		 1411 if (strstr(mbuf,"STARTTLS"))
1412 foundit=1;
1413 }
1414 while (mbuf_len>3 && mbuf[3]=='-');
710069c1 1415 (void)BIO_flush(fbio);
ee373e7f
LJ		 1416 BIO_pop(fbio);
1417 BIO_free(fbio);
8d72476e
LJ		 1418 if (!foundit)
1419 BIO_printf(bio_err,
1420 "didn't found starttls in server response,"
1421 " try anyway...\n");
135c0af1
RL		 1422 BIO_printf(sbio,"STARTTLS\r\n");
1423 BIO_read(sbio,sbuf,BUFSIZZ);
1424 }
85c67492 1425 else if (starttls_proto == PROTO_POP3)
4f17dfcd
LJ		 1426 {
1427 BIO_read(sbio,mbuf,BUFSIZZ);
1428 BIO_printf(sbio,"STLS\r\n");
1429 BIO_read(sbio,sbuf,BUFSIZZ);
1430 }
85c67492
RL		 1431 else if (starttls_proto == PROTO_IMAP)
1432 {
8d72476e 1433 int foundit=0;
ee373e7f
LJ		 1434 BIO *fbio = BIO_new(BIO_f_buffer());
1435 BIO_push(fbio, sbio);
1436 BIO_gets(fbio,mbuf,BUFSIZZ);
8d72476e 1437 /* STARTTLS command requires CAPABILITY... */
ee373e7f 1438 BIO_printf(fbio,". CAPABILITY\r\n");
710069c1 1439 (void)BIO_flush(fbio);
8d72476e
LJ		 1440 /* wait for multi-line CAPABILITY response */
1441 do
1442 {
ee373e7f 1443 mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
8d72476e
LJ		 1444 if (strstr(mbuf,"STARTTLS"))
1445 foundit=1;
1446 }
ee373e7f 1447 while (mbuf_len>3 && mbuf[0]!='.');
710069c1 1448 (void)BIO_flush(fbio);
ee373e7f
LJ		 1449 BIO_pop(fbio);
1450 BIO_free(fbio);
8d72476e
LJ		 1451 if (!foundit)
1452 BIO_printf(bio_err,
1453 "didn't found STARTTLS in server response,"
1454 " try anyway...\n");
1455 BIO_printf(sbio,". STARTTLS\r\n");
85c67492
RL		 1456 BIO_read(sbio,sbuf,BUFSIZZ);
1457 }
1458 else if (starttls_proto == PROTO_FTP)
1459 {
ee373e7f
LJ		 1460 BIO *fbio = BIO_new(BIO_f_buffer());
1461 BIO_push(fbio, sbio);
85c67492
RL		 1462 /* wait for multi-line response to end from FTP */
1463 do
1464 {
ee373e7f 1465 mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
85c67492
RL		 1466 }
1467 while (mbuf_len>3 && mbuf[3]=='-');
710069c1 1468 (void)BIO_flush(fbio);
ee373e7f
LJ		 1469 BIO_pop(fbio);
1470 BIO_free(fbio);
85c67492
RL		 1471 BIO_printf(sbio,"AUTH TLS\r\n");
1472 BIO_read(sbio,sbuf,BUFSIZZ);
1473 }
d5bbead4
BL		 1474 if (starttls_proto == PROTO_XMPP)
1475 {
1476 int seen = 0;
1477 BIO_printf(sbio,"<stream:stream "
1478 "xmlns:stream='http://etherx.jabber.org/streams' "
1479 "xmlns='jabber:client' to='%s' version='1.0'>", host);
1480 seen = BIO_read(sbio,mbuf,BUFSIZZ);
1481 mbuf[seen] = 0;
1482 while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
1483 {
1484 if (strstr(mbuf, "/stream:features>"))
1485 goto shut;
1486 seen = BIO_read(sbio,mbuf,BUFSIZZ);
1487 mbuf[seen] = 0;
1488 }
1489 BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
1490 seen = BIO_read(sbio,sbuf,BUFSIZZ);
1491 sbuf[seen] = 0;
1492 if (!strstr(sbuf, "<proceed"))
1493 goto shut;
1494 mbuf[0] = 0;
1495 }
135c0af1 1496
d02b48c6
RE		 1497 for (;;)
1498 {
1499 FD_ZERO(&readfds);
1500 FD_ZERO(&writefds);
1501
b972fbaa
DSH		 1502 if ((SSL_version(con) == DTLS1_VERSION) &&
1503 DTLSv1_get_timeout(con, &timeout))
1504 timeoutp = &timeout;
1505 else
1506 timeoutp = NULL;
1507
58964a49 1508 if (SSL_in_init(con) && !SSL_total_renegotiations(con))
d02b48c6
RE		 1509 {
1510 in_init=1;
1511 tty_on=0;
1512 }
1513 else
1514 {
1515 tty_on=1;
1516 if (in_init)
1517 {
1518 in_init=0;
761772d7 1519#if 0 /* This test doesn't really work as intended (needs to be fixed) */
ed3883d2 1520#ifndef OPENSSL_NO_TLSEXT
b166f13e
BM		 1521 if (servername != NULL && !SSL_session_reused(con))
1522 {
1523 BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
1524 }
761772d7 1525#endif
ed3883d2 1526#endif
6434abbf
DSH		 1527 if (sess_out)
1528 {
1529 BIO *stmp = BIO_new_file(sess_out, "w");
1530 if (stmp)
1531 {
1532 PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
1533 BIO_free(stmp);
1534 }
1535 else
1536 BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
1537 }
d02b48c6
RE		 1538 print_stuff(bio_c_out,con,full_log);
1539 if (full_log > 0) full_log--;
1540
4f17dfcd 1541 if (starttls_proto)
135c0af1
RL		 1542 {
1543 BIO_printf(bio_err,"%s",mbuf);
1544 /* We don't need to know any more */
85c67492 1545 starttls_proto = PROTO_OFF;
135c0af1
RL		 1546 }
1547
d02b48c6
RE		 1548 if (reconnect)
1549 {
1550 reconnect--;
1551 BIO_printf(bio_c_out,"drop connection and then reconnect\n");
1552 SSL_shutdown(con);
1553 SSL_set_connect_state(con);
1554 SHUTDOWN(SSL_get_fd(con));
1555 goto re_start;
1556 }
1557 }
1558 }
1559
c7ac31e2
BM		 1560 ssl_pending = read_ssl && SSL_pending(con);
1561
1562 if (!ssl_pending)
d02b48c6 1563 {
4700aea9 1564#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
c7ac31e2
BM		 1565 if (tty_on)
1566 {
7bf7333d
DSH		 1567 if (read_tty) openssl_fdset(fileno(stdin),&readfds);
1568 if (write_tty) openssl_fdset(fileno(stdout),&writefds);
c7ac31e2 1569 }
c7ac31e2 1570 if (read_ssl)
7bf7333d 1571 openssl_fdset(SSL_get_fd(con),&readfds);
c7ac31e2 1572 if (write_ssl)
7bf7333d 1573 openssl_fdset(SSL_get_fd(con),&writefds);
06f4536a
DSH		 1574#else
1575 if(!tty_on || !write_tty) {
1576 if (read_ssl)
7bf7333d 1577 openssl_fdset(SSL_get_fd(con),&readfds);
06f4536a 1578 if (write_ssl)
7bf7333d 1579 openssl_fdset(SSL_get_fd(con),&writefds);
06f4536a
DSH		 1580 }
1581#endif
c7ac31e2
BM		 1582/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
1583 tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
d02b48c6 1584
75e0770d 1585 /* Note: under VMS with SOCKETSHR the second parameter
7d7d2cbc
UM		 1586 * is currently of type (int *) whereas under other
1587 * systems it is (void *) if you don't have a cast it
1588 * will choke the compiler: if you do have a cast then
1589 * you can either go for (int *) or (void *).
1590 */
3d7c4a5a
RL		 1591#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
1592 /* Under Windows/DOS we make the assumption that we can
06f4536a
DSH		 1593 * always write to the tty: therefore if we need to
1594 * write to the tty we just fall through. Otherwise
1595 * we timeout the select every second and see if there
1596 * are any keypresses. Note: this is a hack, in a proper
1597 * Windows application we wouldn't do this.
1598 */
4ec19e20 1599 i=0;
06f4536a
DSH		 1600 if(!write_tty) {
1601 if(read_tty) {
1602 tv.tv_sec = 1;
1603 tv.tv_usec = 0;
1604 i=select(width,(void *)&readfds,(void *)&writefds,
1605 NULL,&tv);
3d7c4a5a 1606#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
0bf23d9b
RL		 1607 if(!i && (!_kbhit() || !read_tty) ) continue;
1608#else
a9ef75c5 1609 if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
0bf23d9b 1610#endif
06f4536a 1611 } else i=select(width,(void *)&readfds,(void *)&writefds,
b972fbaa 1612 NULL,timeoutp);
06f4536a 1613 }
47c1735a
RL		 1614#elif defined(OPENSSL_SYS_NETWARE)
1615 if(!write_tty) {
1616 if(read_tty) {
1617 tv.tv_sec = 1;
1618 tv.tv_usec = 0;
1619 i=select(width,(void *)&readfds,(void *)&writefds,
1620 NULL,&tv);
1621 } else i=select(width,(void *)&readfds,(void *)&writefds,
b972fbaa 1622 NULL,timeoutp);
47c1735a 1623 }
4700aea9
UM		 1624#elif defined(OPENSSL_SYS_BEOS_R5)
1625 /* Under BeOS-R5 the situation is similar to DOS */
1626 i=0;
1627 stdin_set = 0;
1628 (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
1629 if(!write_tty) {
1630 if(read_tty) {
1631 tv.tv_sec = 1;
1632 tv.tv_usec = 0;
1633 i=select(width,(void *)&readfds,(void *)&writefds,
1634 NULL,&tv);
1635 if (read(fileno(stdin), sbuf, 0) >= 0)
1636 stdin_set = 1;
1637 if (!i && (stdin_set != 1 || !read_tty))
1638 continue;
1639 } else i=select(width,(void *)&readfds,(void *)&writefds,
b972fbaa 1640 NULL,timeoutp);
4700aea9
UM		 1641 }
1642 (void)fcntl(fileno(stdin), F_SETFL, 0);
06f4536a 1643#else
7d7d2cbc 1644 i=select(width,(void *)&readfds,(void *)&writefds,
b972fbaa 1645 NULL,timeoutp);
06f4536a 1646#endif
c7ac31e2
BM		 1647 if ( i < 0)
1648 {
1649 BIO_printf(bio_err,"bad select %d\n",
58964a49 1650 get_last_socket_error());
c7ac31e2
BM		 1651 goto shut;
1652 /* goto end; */
1653 }
d02b48c6
RE		 1654 }
1655
b972fbaa
DSH		 1656 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
1657 {
1658 BIO_printf(bio_err,"TIMEOUT occured\n");
1659 }
1660
c7ac31e2 1661 if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
d02b48c6
RE		 1662 {
1663 k=SSL_write(con,&(cbuf[cbuf_off]),
1664 (unsigned int)cbuf_len);
1665 switch (SSL_get_error(con,k))
1666 {
1667 case SSL_ERROR_NONE:
1668 cbuf_off+=k;
1669 cbuf_len-=k;
1670 if (k <= 0) goto end;
1671 /* we have done a write(con,NULL,0); */
1672 if (cbuf_len <= 0)
1673 {
1674 read_tty=1;
1675 write_ssl=0;
1676 }
1677 else /* if (cbuf_len > 0) */
1678 {
1679 read_tty=0;
1680 write_ssl=1;
1681 }
1682 break;
1683 case SSL_ERROR_WANT_WRITE:
1684 BIO_printf(bio_c_out,"write W BLOCK\n");
1685 write_ssl=1;
1686 read_tty=0;
1687 break;
1688 case SSL_ERROR_WANT_READ:
1689 BIO_printf(bio_c_out,"write R BLOCK\n");
1690 write_tty=0;
1691 read_ssl=1;
1692 write_ssl=0;
1693 break;
1694 case SSL_ERROR_WANT_X509_LOOKUP:
1695 BIO_printf(bio_c_out,"write X BLOCK\n");
1696 break;
1697 case SSL_ERROR_ZERO_RETURN:
1698 if (cbuf_len != 0)
1699 {
1700 BIO_printf(bio_c_out,"shutdown\n");
0e1dba93 1701 ret = 0;
d02b48c6
RE		 1702 goto shut;
1703 }
1704 else
1705 {
1706 read_tty=1;
1707 write_ssl=0;
1708 break;
1709 }
1710
1711 case SSL_ERROR_SYSCALL:
1712 if ((k != 0) || (cbuf_len != 0))
1713 {
1714 BIO_printf(bio_err,"write:errno=%d\n",
58964a49 1715 get_last_socket_error());
d02b48c6
RE		 1716 goto shut;
1717 }
1718 else
1719 {
1720 read_tty=1;
1721 write_ssl=0;
1722 }
1723 break;
1724 case SSL_ERROR_SSL:
1725 ERR_print_errors(bio_err);
1726 goto shut;
1727 }
1728 }
4700aea9
UM		 1729#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
1730 /* Assume Windows/DOS/BeOS can always write */
06f4536a
DSH		 1731 else if (!ssl_pending && write_tty)
1732#else
c7ac31e2 1733 else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
06f4536a 1734#endif
d02b48c6 1735 {
a53955d8
UM		 1736#ifdef CHARSET_EBCDIC
1737 ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
1738#endif
ffa10187 1739 i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
d02b48c6
RE		 1740
1741 if (i <= 0)
1742 {
1743 BIO_printf(bio_c_out,"DONE\n");
0e1dba93 1744 ret = 0;
d02b48c6
RE		 1745 goto shut;
1746 /* goto end; */
1747 }
1748
1749 sbuf_len-=i;;
1750 sbuf_off+=i;
1751 if (sbuf_len <= 0)
1752 {
1753 read_ssl=1;
1754 write_tty=0;
1755 }
1756 }
c7ac31e2 1757 else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
d02b48c6 1758 {
58964a49
RE		 1759#ifdef RENEG
1760{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
1761#endif
dfeab068 1762#if 1
58964a49 1763 k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
dfeab068
RE		 1764#else
1765/* Demo for pending and peek :-) */
1766 k=SSL_read(con,sbuf,16);
1767{ char zbuf[10240];
1768printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
1769}
1770#endif
d02b48c6
RE		 1771
1772 switch (SSL_get_error(con,k))
1773 {
1774 case SSL_ERROR_NONE:
1775 if (k <= 0)
1776 goto end;
1777 sbuf_off=0;
1778 sbuf_len=k;
1779
1780 read_ssl=0;
1781 write_tty=1;
1782 break;
1783 case SSL_ERROR_WANT_WRITE:
1784 BIO_printf(bio_c_out,"read W BLOCK\n");
1785 write_ssl=1;
1786 read_tty=0;
1787 break;
1788 case SSL_ERROR_WANT_READ:
1789 BIO_printf(bio_c_out,"read R BLOCK\n");
1790 write_tty=0;
1791 read_ssl=1;
1792 if ((read_tty == 0) && (write_ssl == 0))
1793 write_ssl=1;
1794 break;
1795 case SSL_ERROR_WANT_X509_LOOKUP:
1796 BIO_printf(bio_c_out,"read X BLOCK\n");
1797 break;
1798 case SSL_ERROR_SYSCALL:
0e1dba93
DSH		 1799 ret=get_last_socket_error();
1800 BIO_printf(bio_err,"read:errno=%d\n",ret);
d02b48c6
RE		 1801 goto shut;
1802 case SSL_ERROR_ZERO_RETURN:
1803 BIO_printf(bio_c_out,"closed\n");
0e1dba93 1804 ret=0;
d02b48c6
RE		 1805 goto shut;
1806 case SSL_ERROR_SSL:
1807 ERR_print_errors(bio_err);
1808 goto shut;
dfeab068 1809 /* break; */
d02b48c6
RE		 1810 }
1811 }
1812
3d7c4a5a
RL		 1813#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
1814#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
0bf23d9b
RL		 1815 else if (_kbhit())
1816#else
a9ef75c5 1817 else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
0bf23d9b 1818#endif
4d8743f4 1819#elif defined (OPENSSL_SYS_NETWARE)
ffa10187 1820 else if (_kbhit())
4700aea9
UM		 1821#elif defined(OPENSSL_SYS_BEOS_R5)
1822 else if (stdin_set)
06f4536a 1823#else
d02b48c6 1824 else if (FD_ISSET(fileno(stdin),&readfds))
06f4536a 1825#endif
d02b48c6 1826 {
1bdb8633
BM		 1827 if (crlf)
1828 {
1829 int j, lf_num;
1830
ffa10187 1831 i=raw_read_stdin(cbuf,BUFSIZZ/2);
1bdb8633
BM		 1832 lf_num = 0;
1833 /* both loops are skipped when i <= 0 */
1834 for (j = 0; j < i; j++)
1835 if (cbuf[j] == '\n')
1836 lf_num++;
1837 for (j = i-1; j >= 0; j--)
1838 {
1839 cbuf[j+lf_num] = cbuf[j];
1840 if (cbuf[j] == '\n')
1841 {
1842 lf_num--;
1843 i++;
1844 cbuf[j+lf_num] = '\r';
1845 }
1846 }
1847 assert(lf_num == 0);
1848 }
1849 else
ffa10187 1850 i=raw_read_stdin(cbuf,BUFSIZZ);
d02b48c6 1851
ce301b6b 1852 if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
d02b48c6
RE		 1853 {
1854 BIO_printf(bio_err,"DONE\n");
0e1dba93 1855 ret=0;
d02b48c6
RE		 1856 goto shut;
1857 }
1858
ce301b6b 1859 if ((!c_ign_eof) && (cbuf[0] == 'R'))
d02b48c6 1860 {
3bb307c1 1861 BIO_printf(bio_err,"RENEGOTIATING\n");
d02b48c6 1862 SSL_renegotiate(con);
3bb307c1 1863 cbuf_len=0;
d02b48c6
RE		 1864 }
1865 else
1866 {
1867 cbuf_len=i;
1868 cbuf_off=0;
a53955d8
UM		 1869#ifdef CHARSET_EBCDIC
1870 ebcdic2ascii(cbuf, cbuf, i);
1871#endif
d02b48c6
RE		 1872 }
1873
d02b48c6 1874 write_ssl=1;
3bb307c1 1875 read_tty=0;
d02b48c6 1876 }
d02b48c6 1877 }
0e1dba93
DSH		 1878
1879 ret=0;
d02b48c6 1880shut:
b166f13e
BM		 1881 if (in_init)
1882 print_stuff(bio_c_out,con,full_log);
d02b48c6
RE		 1883 SSL_shutdown(con);
1884 SHUTDOWN(SSL_get_fd(con));
d02b48c6 1885end:
d916ba1b
NL		 1886 if (con != NULL)
1887 {
1888 if (prexit != 0)
1889 print_stuff(bio_c_out,con,1);
1890 SSL_free(con);
1891 }
d02b48c6 1892 if (ctx != NULL) SSL_CTX_free(ctx);
826a42a0
DSH		 1893 if (cert)
1894 X509_free(cert);
1895 if (key)
1896 EVP_PKEY_free(key);
1897 if (pass)
1898 OPENSSL_free(pass);
4579924b
RL		 1899 if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
1900 if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
1901 if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
d02b48c6
RE		 1902 if (bio_c_out != NULL)
1903 {
1904 BIO_free(bio_c_out);
1905 bio_c_out=NULL;
1906 }
c04f8cf4 1907 apps_shutdown();
1c3e4a36 1908 OPENSSL_EXIT(ret);
d02b48c6
RE		 1909 }
1910
1911
6b691a5c 1912static void print_stuff(BIO *bio, SSL *s, int full)
d02b48c6 1913 {
58964a49 1914 X509 *peer=NULL;
d02b48c6 1915 char *p;
7d727231 1916 static const char *space=" ";
d02b48c6 1917 char buf[BUFSIZ];
f73e07cf
BL		 1918 STACK_OF(X509) *sk;
1919 STACK_OF(X509_NAME) *sk2;
babb3798 1920 const SSL_CIPHER *c;
d02b48c6
RE		 1921 X509_NAME *xn;
1922 int j,i;
09b6c2ef 1923#ifndef OPENSSL_NO_COMP
d8ec0dcf 1924 const COMP_METHOD *comp, *expansion;
09b6c2ef 1925#endif
e0af0405 1926 unsigned char *exportedkeymat;
d02b48c6
RE		 1927
1928 if (full)
1929 {
bc2e519a
BM		 1930 int got_a_chain = 0;
1931
d02b48c6
RE		 1932 sk=SSL_get_peer_cert_chain(s);
1933 if (sk != NULL)
1934 {
bc2e519a
BM		 1935 got_a_chain = 1; /* we don't have it for SSL2 (yet) */
1936
dfeab068 1937 BIO_printf(bio,"---\nCertificate chain\n");
f73e07cf 1938 for (i=0; i<sk_X509_num(sk); i++)
d02b48c6 1939 {
f73e07cf 1940 X509_NAME_oneline(X509_get_subject_name(
54a656ef 1941 sk_X509_value(sk,i)),buf,sizeof buf);
d02b48c6 1942 BIO_printf(bio,"%2d s:%s\n",i,buf);
f73e07cf 1943 X509_NAME_oneline(X509_get_issuer_name(
54a656ef 1944 sk_X509_value(sk,i)),buf,sizeof buf);
d02b48c6 1945 BIO_printf(bio," i:%s\n",buf);
6d02d8e4 1946 if (c_showcerts)
f73e07cf 1947 PEM_write_bio_X509(bio,sk_X509_value(sk,i));
d02b48c6
RE		 1948 }
1949 }
1950
1951 BIO_printf(bio,"---\n");
1952 peer=SSL_get_peer_certificate(s);
1953 if (peer != NULL)
1954 {
1955 BIO_printf(bio,"Server certificate\n");
bc2e519a 1956 if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
6d02d8e4 1957 PEM_write_bio_X509(bio,peer);
d02b48c6 1958 X509_NAME_oneline(X509_get_subject_name(peer),
54a656ef 1959 buf,sizeof buf);
d02b48c6
RE		 1960 BIO_printf(bio,"subject=%s\n",buf);
1961 X509_NAME_oneline(X509_get_issuer_name(peer),
54a656ef 1962 buf,sizeof buf);
d02b48c6 1963 BIO_printf(bio,"issuer=%s\n",buf);
d02b48c6
RE		 1964 }
1965 else
1966 BIO_printf(bio,"no peer certificate available\n");
1967
f73e07cf 1968 sk2=SSL_get_client_CA_list(s);
d91f8c3c 1969 if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
d02b48c6
RE		 1970 {
1971 BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
f73e07cf 1972 for (i=0; i<sk_X509_NAME_num(sk2); i++)
d02b48c6 1973 {
f73e07cf 1974 xn=sk_X509_NAME_value(sk2,i);
d02b48c6
RE		 1975 X509_NAME_oneline(xn,buf,sizeof(buf));
1976 BIO_write(bio,buf,strlen(buf));
1977 BIO_write(bio,"\n",1);
1978 }
1979 }
1980 else
1981 {
1982 BIO_printf(bio,"---\nNo client certificate CA names sent\n");
1983 }
54a656ef 1984 p=SSL_get_shared_ciphers(s,buf,sizeof buf);
d02b48c6
RE		 1985 if (p != NULL)
1986 {
67a47285
BM		 1987 /* This works only for SSL 2. In later protocol
1988 * versions, the client does not know what other
1989 * ciphers (in addition to the one to be used
1990 * in the current connection) the server supports. */
1991
d02b48c6
RE		 1992 BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
1993 j=i=0;
1994 while (*p)
1995 {
1996 if (*p == ':')
1997 {
58964a49 1998 BIO_write(bio,space,15-j%25);
d02b48c6
RE		 1999 i++;
2000 j=0;
2001 BIO_write(bio,((i%3)?" ":"\n"),1);
2002 }
2003 else
2004 {
2005 BIO_write(bio,p,1);
2006 j++;
2007 }
2008 p++;
2009 }
2010 BIO_write(bio,"\n",1);
2011 }
2012
2013 BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
2014 BIO_number_read(SSL_get_rbio(s)),
2015 BIO_number_written(SSL_get_wbio(s)));
2016 }
08557cf2 2017 BIO_printf(bio,(SSL_cache_hit(s)?"---\nReused, ":"---\nNew, "));
d02b48c6
RE		 2018 c=SSL_get_current_cipher(s);
2019 BIO_printf(bio,"%s, Cipher is %s\n",
2020 SSL_CIPHER_get_version(c),
2021 SSL_CIPHER_get_name(c));
a8236c8c
DSH		 2022 if (peer != NULL) {
2023 EVP_PKEY *pktmp;
2024 pktmp = X509_get_pubkey(peer);
58964a49 2025 BIO_printf(bio,"Server public key is %d bit\n",
a8236c8c
DSH		 2026 EVP_PKEY_bits(pktmp));
2027 EVP_PKEY_free(pktmp);
2028 }
5430200b
DSH		 2029 BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
2030 SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
09b6c2ef 2031#ifndef OPENSSL_NO_COMP
f44e184e 2032 comp=SSL_get_current_compression(s);
d8ec0dcf 2033 expansion=SSL_get_current_expansion(s);
f44e184e
RL		 2034 BIO_printf(bio,"Compression: %s\n",
2035 comp ? SSL_COMP_get_name(comp) : "NONE");
2036 BIO_printf(bio,"Expansion: %s\n",
d8ec0dcf 2037 expansion ? SSL_COMP_get_name(expansion) : "NONE");
09b6c2ef 2038#endif
ee2ffc27 2039
bf48836c 2040#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
ee2ffc27
BL		 2041 if (next_proto.status != -1) {
2042 const unsigned char *proto;
2043 unsigned int proto_len;
2044 SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
2045 BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
2046 BIO_write(bio, proto, proto_len);
2047 BIO_write(bio, "\n", 1);
2048 }
2049#endif
2050
a2f9200f
DSH		 2051#ifdef SSL_DEBUG
2052 {
2053 /* Print out local port of connection: useful for debugging */
2054 int sock;
2055 struct sockaddr_in ladd;
2056 socklen_t ladd_size = sizeof(ladd);
2057 sock = SSL_get_fd(s);
2058 getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
2059 BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
2060 }
2061#endif
2062
333f926d
BL		 2063 {
2064 SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
2065
2066 if(srtp_profile)
2067 BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
2068 srtp_profile->name);
2069 }
2070
d02b48c6 2071 SSL_SESSION_print(bio,SSL_get_session(s));
e0af0405
BL		 2072 if (keymatexportlabel != NULL) {
2073 BIO_printf(bio, "Keying material exporter:\n");
2074 BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
2075 BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
2076 exportedkeymat = OPENSSL_malloc(keymatexportlen);
2077 if (exportedkeymat != NULL) {
2078 i = SSL_export_keying_material(s, exportedkeymat,
2079 keymatexportlen,
2080 keymatexportlabel,
2081 strlen(keymatexportlabel),
2082 NULL, 0, 0);
2083 if (i != keymatexportlen) {
2084 BIO_printf(bio,
2085 " Error: return value %i\n", i);
2086 } else {
2087 BIO_printf(bio, " Keying material: ");
2088 for (i=0; i<keymatexportlen; i++)
2089 BIO_printf(bio, "%02X",
2090 exportedkeymat[i]);
2091 BIO_printf(bio, "\n");
2092 }
2093 OPENSSL_free(exportedkeymat);
2094 }
2095 }
d02b48c6 2096 BIO_printf(bio,"---\n");
58964a49
RE		 2097 if (peer != NULL)
2098 X509_free(peer);
41ebed27 2099 /* flush, or debugging output gets mixed with http response */
710069c1 2100 (void)BIO_flush(bio);
d02b48c6
RE		 2101 }
2102
0702150f
DSH		 2103#ifndef OPENSSL_NO_TLSEXT
2104
67c8e7f4
DSH		 2105static int ocsp_resp_cb(SSL *s, void *arg)
2106 {
2107 const unsigned char *p;
2108 int len;
2109 OCSP_RESPONSE *rsp;
2110 len = SSL_get_tlsext_status_ocsp_resp(s, &p);
2111 BIO_puts(arg, "OCSP response: ");
2112 if (!p)
2113 {
2114 BIO_puts(arg, "no response sent\n");
2115 return 1;
2116 }
2117 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
2118 if (!rsp)
2119 {
2120 BIO_puts(arg, "response parse error\n");
2121 BIO_dump_indent(arg, (char *)p, len, 4);
2122 return 0;
2123 }
2124 BIO_puts(arg, "\n======================================\n");
2125 OCSP_RESPONSE_print(arg, rsp, 0);
2126 BIO_puts(arg, "======================================\n");
2127 OCSP_RESPONSE_free(rsp);
2128 return 1;
2129 }
0702150f
DSH		 2130
2131#endif
A mirror of the official openssl repository