[thirdparty/openssl.git] / apps / s_client.c

/* apps/s_client.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define USE_SOCKETS
#ifdef NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
#include "x509.h"
#include "ssl.h"
#include "err.h"
#include "pem.h"
#include "s_apps.h"

#undef PROG
#define PROG	s_client_main

/*#define SSL_HOST_NAME	"www.netscape.com" */
/*#define SSL_HOST_NAME	"193.118.187.102" */
#define SSL_HOST_NAME	"localhost"

/*#define TEST_CERT "client.pem" */ /* no default cert. */

#undef BUFSIZZ
#define BUFSIZZ 1024*8

extern int verify_depth;
extern int verify_error;

#ifdef FIONBIO
static int c_nbio=0;
#endif
static int c_Pause=0;
static int c_debug=0;
static int c_showcerts=0;

#ifndef NOPROTO
static void sc_usage(void);
static void print_stuff(BIO *berr,SSL *con,int full);
#else
static void sc_usage();
static void print_stuff();
#endif

static BIO *bio_c_out=NULL;
static int c_quiet=0;

static void sc_usage()
	{
	BIO_printf(bio_err,"usage: s_client args\n");
	BIO_printf(bio_err,"\n");
	BIO_printf(bio_err," -host host     - use -connect instead\n");
	BIO_printf(bio_err," -port port     - use -connect instead\n");
	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);

	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
	BIO_printf(bio_err,"                 not specified but cert file is.\n");
	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
	BIO_printf(bio_err," -debug        - extra output\n");
	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
#ifdef FIONBIO
	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
#endif
	BIO_printf(bio_err," -quiet        - no s_client output\n");
	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
	BIO_printf(bio_err,"                 command to see what is available\n");

	}

int MAIN(argc, argv)
int argc;
char **argv;
	{
	int off=0;
	SSL *con=NULL,*con2=NULL;
	int s,k,width,state=0;
	char *cbuf=NULL,*sbuf=NULL;
	int cbuf_len,cbuf_off;
	int sbuf_len,sbuf_off;
	fd_set readfds,writefds;
	short port=PORT;
	int full_log=1;
	char *host=SSL_HOST_NAME;
	char *cert_file=NULL,*key_file=NULL;
	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
	SSL_CTX *ctx=NULL;
	int ret=1,in_init=1,i,nbio_test=0;
	SSL_METHOD *meth=NULL;
	BIO *sbio;
	/*static struct timeval timeout={10,0};*/

#if !defined(NO_SSL2) && !defined(NO_SSL3)
	meth=SSLv23_client_method();
#elif !defined(NO_SSL3)
	meth=SSLv3_client_method();
#elif !defined(NO_SSL2)
	meth=SSLv2_client_method();
#endif

	apps_startup();
	c_Pause=0;
	c_quiet=0;
	c_debug=0;
	c_showcerts=0;

	if (bio_err == NULL)
		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
		((sbuf=Malloc(BUFSIZZ)) == NULL))
		{
		BIO_printf(bio_err,"out of memory\n");
		goto end;
		}

	verify_depth=0;
	verify_error=X509_V_OK;
#ifdef FIONBIO
	c_nbio=0;
#endif

	argc--;
	argv++;
	while (argc >= 1)
		{
		if	(strcmp(*argv,"-host") == 0)
			{
			if (--argc < 1) goto bad;
			host= *(++argv);
			}
		else if	(strcmp(*argv,"-port") == 0)
			{
			if (--argc < 1) goto bad;
			port=atoi(*(++argv));
			if (port == 0) goto bad;
			}
		else if (strcmp(*argv,"-connect") == 0)
			{
			if (--argc < 1) goto bad;
			if (!extract_host_port(*(++argv),&host,NULL,&port))
				goto bad;
			}
		else if	(strcmp(*argv,"-verify") == 0)
			{
			verify=SSL_VERIFY_PEER;
			if (--argc < 1) goto bad;
			verify_depth=atoi(*(++argv));
			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
			}
		else if	(strcmp(*argv,"-cert") == 0)
			{
			if (--argc < 1) goto bad;
			cert_file= *(++argv);
			}
		else if	(strcmp(*argv,"-quiet") == 0)
			c_quiet=1;
		else if	(strcmp(*argv,"-pause") == 0)
			c_Pause=1;
		else if	(strcmp(*argv,"-debug") == 0)
			c_debug=1;
		else if	(strcmp(*argv,"-showcerts") == 0)
			c_showcerts=1;
		else if	(strcmp(*argv,"-nbio_test") == 0)
			nbio_test=1;
		else if	(strcmp(*argv,"-state") == 0)
			state=1;
#ifndef NO_SSL2
		else if	(strcmp(*argv,"-ssl2") == 0)
			meth=SSLv2_client_method();
#endif
#ifndef NO_SSL3
		else if	(strcmp(*argv,"-ssl3") == 0)
			meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
		else if	(strcmp(*argv,"-tls1") == 0)
			meth=TLSv1_client_method();
#endif
		else if (strcmp(*argv,"-bugs") == 0)
			bugs=1;
		else if	(strcmp(*argv,"-key") == 0)
			{
			if (--argc < 1) goto bad;
			key_file= *(++argv);
			}
		else if	(strcmp(*argv,"-reconnect") == 0)
			{
			reconnect=5;
			}
		else if	(strcmp(*argv,"-CApath") == 0)
			{
			if (--argc < 1) goto bad;
			CApath= *(++argv);
			}
		else if	(strcmp(*argv,"-CAfile") == 0)
			{
			if (--argc < 1) goto bad;
			CAfile= *(++argv);
			}
		else if (strcmp(*argv,"-no_tls1") == 0)
			off|=SSL_OP_NO_TLSv1;
		else if (strcmp(*argv,"-no_ssl3") == 0)
			off|=SSL_OP_NO_SSLv3;
		else if (strcmp(*argv,"-no_ssl2") == 0)
			off|=SSL_OP_NO_SSLv2;
		else if	(strcmp(*argv,"-cipher") == 0)
			{
			if (--argc < 1) goto bad;
			cipher= *(++argv);
			}
#ifdef FIONBIO
		else if (strcmp(*argv,"-nbio") == 0)
			{ c_nbio=1; }
#endif
		else
			{
			BIO_printf(bio_err,"unknown option %s\n",*argv);
			badop=1;
			break;
			}
		argc--;
		argv++;
		}
	if (badop)
		{
bad:
		sc_usage();
		goto end;
		}

	if (bio_c_out == NULL)
		{
		if (c_quiet)
			{
			bio_c_out=BIO_new(BIO_s_null());
			}
		else
			{
			if (bio_c_out == NULL)
				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
			}
		}

	SSLeay_add_ssl_algorithms();
	ctx=SSL_CTX_new(meth);
	if (ctx == NULL)
		{
		ERR_print_errors(bio_err);
		goto end;
		}

	if (bugs)
		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
	else
		SSL_CTX_set_options(ctx,off);

	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
	if (cipher != NULL)
		SSL_CTX_set_cipher_list(ctx,cipher);
#if 0
	else
		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
#endif

	SSL_CTX_set_verify(ctx,verify,verify_callback);
	if (!set_cert_stuff(ctx,cert_file,key_file))
		goto end;

	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
		(!SSL_CTX_set_default_verify_paths(ctx)))
		{
		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
		ERR_print_errors(bio_err);
		/* goto end; */
		}

	SSL_load_error_strings();

	con=(SSL *)SSL_new(ctx);
/*	SSL_set_cipher_list(con,"RC4-MD5"); */

re_start:

	if (init_client(&s,host,port) == 0)
		{
		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
		SHUTDOWN(s);
		goto end;
		}
	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);

#ifdef FIONBIO
	if (c_nbio)
		{
		unsigned long l=1;
		BIO_printf(bio_c_out,"turning on non blocking io\n");
		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
			{
			ERR_print_errors(bio_err);
			goto end;
			}
		}
#endif                                              
	if (c_Pause & 0x01) con->debug=1;
	sbio=BIO_new_socket(s,BIO_NOCLOSE);

	if (nbio_test)
		{
		BIO *test;

		test=BIO_new(BIO_f_nbio_test());
		sbio=BIO_push(test,sbio);
		}

	if (c_debug)
		{
		con->debug=1;
		BIO_set_callback(sbio,bio_dump_cb);
		BIO_set_callback_arg(sbio,bio_c_out);
		}

	SSL_set_bio(con,sbio,sbio);
	SSL_set_connect_state(con);

	/* ok, lets connect */
	width=SSL_get_fd(con)+1;

	read_tty=1;
	write_tty=0;
	tty_on=0;
	read_ssl=1;
	write_ssl=1;
	
	cbuf_len=0;
	cbuf_off=0;
	sbuf_len=0;
	sbuf_off=0;

	for (;;)
		{
		FD_ZERO(&readfds);
		FD_ZERO(&writefds);

		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
			{
			in_init=1;
			tty_on=0;
			}
		else
			{
			tty_on=1;
			if (in_init)
				{
				in_init=0;
				print_stuff(bio_c_out,con,full_log);
				if (full_log > 0) full_log--;

				if (reconnect)
					{
					reconnect--;
					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
					SSL_shutdown(con);
					SSL_set_connect_state(con);
					SHUTDOWN(SSL_get_fd(con));
					goto re_start;
					}
				}
			}

		ssl_pending = read_ssl && SSL_pending(con);

		if (!ssl_pending)
#ifndef WINDOWS
			{
			if (tty_on)
				{
				if (read_tty)  FD_SET(fileno(stdin),&readfds);
				if (write_tty) FD_SET(fileno(stdout),&writefds);
				}
#endif
			if (read_ssl)
				FD_SET(SSL_get_fd(con),&readfds);
			if (write_ssl)
				FD_SET(SSL_get_fd(con),&writefds);

/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/

			i=select(width,&readfds,&writefds,NULL,NULL);
			if ( i < 0)
				{
				BIO_printf(bio_err,"bad select %d\n",
				get_last_socket_error());
				goto shut;
				/* goto end; */
				}
			}

		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
			{
			k=SSL_write(con,&(cbuf[cbuf_off]),
				(unsigned int)cbuf_len);
			switch (SSL_get_error(con,k))
				{
			case SSL_ERROR_NONE:
				cbuf_off+=k;
				cbuf_len-=k;
				if (k <= 0) goto end;
				/* we have done a  write(con,NULL,0); */
				if (cbuf_len <= 0)
					{
					read_tty=1;
					write_ssl=0;
					}
				else /* if (cbuf_len > 0) */
					{
					read_tty=0;
					write_ssl=1;
					}
				break;
			case SSL_ERROR_WANT_WRITE:
				BIO_printf(bio_c_out,"write W BLOCK\n");
				write_ssl=1;
				read_tty=0;
				break;
			case SSL_ERROR_WANT_READ:
				BIO_printf(bio_c_out,"write R BLOCK\n");
				write_tty=0;
				read_ssl=1;
				write_ssl=0;
				break;
			case SSL_ERROR_WANT_X509_LOOKUP:
				BIO_printf(bio_c_out,"write X BLOCK\n");
				break;
			case SSL_ERROR_ZERO_RETURN:
				if (cbuf_len != 0)
					{
					BIO_printf(bio_c_out,"shutdown\n");
					goto shut;
					}
				else
					{
					read_tty=1;
					write_ssl=0;
					break;
					}
				
			case SSL_ERROR_SYSCALL:
				if ((k != 0) || (cbuf_len != 0))
					{
					BIO_printf(bio_err,"write:errno=%d\n",
						get_last_socket_error());
					goto shut;
					}
				else
					{
					read_tty=1;
					write_ssl=0;
					}
				break;
			case SSL_ERROR_SSL:
				ERR_print_errors(bio_err);
				goto shut;
				}
			}
#ifndef WINDOWS
		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
			{
			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);

			if (i <= 0)
				{
				BIO_printf(bio_c_out,"DONE\n");
				goto shut;
				/* goto end; */
				}

			sbuf_len-=i;;
			sbuf_off+=i;
			if (sbuf_len <= 0)
				{
				read_ssl=1;
				write_tty=0;
				}
			}
#endif
		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
			{
#ifdef RENEG
{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
#endif
#if 1
			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
#else
/* Demo for pending and peek :-) */
			k=SSL_read(con,sbuf,16);
{ char zbuf[10240]; 
printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
}
#endif

			switch (SSL_get_error(con,k))
				{
			case SSL_ERROR_NONE:
				if (k <= 0)
					goto end;
				sbuf_off=0;
				sbuf_len=k;

				read_ssl=0;
				write_tty=1;
				break;
			case SSL_ERROR_WANT_WRITE:
				BIO_printf(bio_c_out,"read W BLOCK\n");
				write_ssl=1;
				read_tty=0;
				break;
			case SSL_ERROR_WANT_READ:
				BIO_printf(bio_c_out,"read R BLOCK\n");
				write_tty=0;
				read_ssl=1;
				if ((read_tty == 0) && (write_ssl == 0))
					write_ssl=1;
				break;
			case SSL_ERROR_WANT_X509_LOOKUP:
				BIO_printf(bio_c_out,"read X BLOCK\n");
				break;
			case SSL_ERROR_SYSCALL:
				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
				goto shut;
			case SSL_ERROR_ZERO_RETURN:
				BIO_printf(bio_c_out,"closed\n");
				goto shut;
			case SSL_ERROR_SSL:
				ERR_print_errors(bio_err);
				goto shut;
				/* break; */
				}
			}

#ifndef WINDOWS
		else if (FD_ISSET(fileno(stdin),&readfds))
			{
			i=read(fileno(stdin),cbuf,BUFSIZZ);

			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
				{
				BIO_printf(bio_err,"DONE\n");
				goto shut;
				}

			if ((!c_quiet) && (cbuf[0] == 'R'))
				{
				BIO_printf(bio_err,"RENEGOTIATING\n");
				SSL_renegotiate(con);
				cbuf_len=0;
				}
			else
				{
				cbuf_len=i;
				cbuf_off=0;
				}

			write_ssl=1;
			read_tty=0;
			}
#endif
		}
shut:
	SSL_shutdown(con);
	SHUTDOWN(SSL_get_fd(con));
	ret=0;
end:
	if (con != NULL) SSL_free(con);
	if (con2 != NULL) SSL_free(con2);
	if (ctx != NULL) SSL_CTX_free(ctx);
	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
	if (bio_c_out != NULL)
		{
		BIO_free(bio_c_out);
		bio_c_out=NULL;
		}
	EXIT(ret);
	}


static void print_stuff(bio,s,full)
BIO *bio;
SSL *s;
int full;
	{
	X509 *peer=NULL;
	char *p;
	static char *space="                ";
	char buf[BUFSIZ];
	STACK_OF(X509) *sk;
	STACK_OF(X509_NAME) *sk2;
	SSL_CIPHER *c;
	X509_NAME *xn;
	int j,i;

	if (full)
		{
		sk=SSL_get_peer_cert_chain(s);
		if (sk != NULL)
			{
			BIO_printf(bio,"---\nCertificate chain\n");
			for (i=0; i<sk_X509_num(sk); i++)
				{
				X509_NAME_oneline(X509_get_subject_name(
					sk_X509_value(sk,i)),buf,BUFSIZ);
				BIO_printf(bio,"%2d s:%s\n",i,buf);
				X509_NAME_oneline(X509_get_issuer_name(
					sk_X509_value(sk,i)),buf,BUFSIZ);
				BIO_printf(bio,"   i:%s\n",buf);
				if (c_showcerts)
					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
				}
			}

		BIO_printf(bio,"---\n");
		peer=SSL_get_peer_certificate(s);
		if (peer != NULL)
			{
			BIO_printf(bio,"Server certificate\n");
			if (!c_showcerts) /* Redundant if we showed the whole chain */
				PEM_write_bio_X509(bio,peer);
			X509_NAME_oneline(X509_get_subject_name(peer),
				buf,BUFSIZ);
			BIO_printf(bio,"subject=%s\n",buf);
			X509_NAME_oneline(X509_get_issuer_name(peer),
				buf,BUFSIZ);
			BIO_printf(bio,"issuer=%s\n",buf);
			}
		else
			BIO_printf(bio,"no peer certificate available\n");

		sk2=SSL_get_client_CA_list(s);
		if ((sk != NULL) && (sk_X509_NAME_num(sk2) > 0))
			{
			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
			for (i=0; i<sk_X509_NAME_num(sk2); i++)
				{
				xn=sk_X509_NAME_value(sk2,i);
				X509_NAME_oneline(xn,buf,sizeof(buf));
				BIO_write(bio,buf,strlen(buf));
				BIO_write(bio,"\n",1);
				}
			}
		else
			{
			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
			}
		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
		if (p != NULL)
			{
			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
			j=i=0;
			while (*p)
				{
				if (*p == ':')
					{
					BIO_write(bio,space,15-j%25);
					i++;
					j=0;
					BIO_write(bio,((i%3)?" ":"\n"),1);
					}
				else
					{
					BIO_write(bio,p,1);
					j++;
					}
				p++;
				}
			BIO_write(bio,"\n",1);
			}

		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
			BIO_number_read(SSL_get_rbio(s)),
			BIO_number_written(SSL_get_wbio(s)));
		}
	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
	c=SSL_get_current_cipher(s);
	BIO_printf(bio,"%s, Cipher is %s\n",
		SSL_CIPHER_get_version(c),
		SSL_CIPHER_get_name(c));
	if (peer != NULL) {
		EVP_PKEY *pktmp;
		pktmp = X509_get_pubkey(peer);
		BIO_printf(bio,"Server public key is %d bit\n",
							 EVP_PKEY_bits(pktmp));
		EVP_PKEY_free(pktmp);
	}
	SSL_SESSION_print(bio,SSL_get_session(s));
	BIO_printf(bio,"---\n");
	if (peer != NULL)
		X509_free(peer);
	}
Commit	Line	Data
d02b48c6	1	/* apps/s_client.c */
58964a49	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include <stdlib.h>
	61	#include <string.h>
	62	#define USE_SOCKETS
58964a49	63	#ifdef NO_STDIO
d02b48c6 RE	64	#define APPS_WIN16
	65	#endif
	66	#include "apps.h"
	67	#include "x509.h"
	68	#include "ssl.h"
	69	#include "err.h"
	70	#include "pem.h"
	71	#include "s_apps.h"
	72
	73	#undef PROG
	74	#define PROG s_client_main
	75
	76	/#define SSL_HOST_NAME "www.netscape.com" /
	77	/#define SSL_HOST_NAME "193.118.187.102" /
	78	#define SSL_HOST_NAME "localhost"
	79
	80	/#define TEST_CERT "client.pem" / /* no default cert. */
	81
	82	#undef BUFSIZZ
	83	#define BUFSIZZ 1024*8
	84
	85	extern int verify_depth;
	86	extern int verify_error;
	87
	88	#ifdef FIONBIO
	89	static int c_nbio=0;
	90	#endif
	91	static int c_Pause=0;
	92	static int c_debug=0;
6d02d8e4	93	static int c_showcerts=0;
d02b48c6 RE	94
	95	#ifndef NOPROTO
	96	static void sc_usage(void);
	97	static void print_stuff(BIO berr,SSL con,int full);
	98	#else
	99	static void sc_usage();
	100	static void print_stuff();
	101	#endif
	102
	103	static BIO *bio_c_out=NULL;
	104	static int c_quiet=0;
	105
	106	static void sc_usage()
	107	{
b6cff93d	108	BIO_printf(bio_err,"usage: s_client args\n");
d02b48c6 RE	109	BIO_printf(bio_err,"\n");
	110	BIO_printf(bio_err," -host host - use -connect instead\n");
	111	BIO_printf(bio_err," -port port - use -connect instead\n");
	112	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
	113
	114	BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
	115	BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
	116	BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n");
	117	BIO_printf(bio_err," not specified but cert file is.\n");
	118	BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
	119	BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
	120	BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
	121	BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
6d02d8e4	122	BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
d02b48c6 RE	123	BIO_printf(bio_err," -debug - extra output\n");
	124	BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
	125	BIO_printf(bio_err," -state - print the 'ssl' states\n");
	126	#ifdef FIONBIO
	127	BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
	128	#endif
	129	BIO_printf(bio_err," -quiet - no s_client output\n");
	130	BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
	131	BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
58964a49 RE	132	BIO_printf(bio_err," -tls1 - just use TLSv1\n");
58964a49 RE	133	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
d02b48c6	134	BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
e170a5c0	135	BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n");
dfeab068	136	BIO_printf(bio_err," command to see what is available\n");
d02b48c6 RE	137
	138	}
	139
	140	int MAIN(argc, argv)
	141	int argc;
	142	char **argv;
	143	{
58964a49	144	int off=0;
d02b48c6 RE	145	SSL con=NULL,con2=NULL;
	146	int s,k,width,state=0;
	147	char cbuf=NULL,sbuf=NULL;
	148	int cbuf_len,cbuf_off;
	149	int sbuf_len,sbuf_off;
	150	fd_set readfds,writefds;
	151	short port=PORT;
	152	int full_log=1;
	153	char *host=SSL_HOST_NAME;
	154	char cert_file=NULL,key_file=NULL;
	155	char CApath=NULL,CAfile=NULL,*cipher=NULL;
	156	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
c7ac31e2	157	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
d02b48c6 RE	158	SSL_CTX *ctx=NULL;
	159	int ret=1,in_init=1,i,nbio_test=0;
	160	SSL_METHOD *meth=NULL;
	161	BIO *sbio;
	162	/static struct timeval timeout={10,0};/
	163
	164	#if !defined(NO_SSL2) && !defined(NO_SSL3)
	165	meth=SSLv23_client_method();
	166	#elif !defined(NO_SSL3)
	167	meth=SSLv3_client_method();
	168	#elif !defined(NO_SSL2)
	169	meth=SSLv2_client_method();
	170	#endif
	171
	172	apps_startup();
58964a49	173	c_Pause=0;
d02b48c6 RE	174	c_quiet=0;
d02b48c6 RE	175	c_debug=0;
6d02d8e4	176	c_showcerts=0;
d02b48c6 RE	177
	178	if (bio_err == NULL)
	179	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
	180
	181	if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) \|\|
	182	((sbuf=Malloc(BUFSIZZ)) == NULL))
	183	{
	184	BIO_printf(bio_err,"out of memory\n");
	185	goto end;
	186	}
	187
	188	verify_depth=0;
	189	verify_error=X509_V_OK;
	190	#ifdef FIONBIO
	191	c_nbio=0;
	192	#endif
	193
	194	argc--;
	195	argv++;
	196	while (argc >= 1)
	197	{
	198	if (strcmp(*argv,"-host") == 0)
	199	{
	200	if (--argc < 1) goto bad;
	201	host= *(++argv);
	202	}
	203	else if (strcmp(*argv,"-port") == 0)
	204	{
	205	if (--argc < 1) goto bad;
	206	port=atoi(*(++argv));
	207	if (port == 0) goto bad;
	208	}
	209	else if (strcmp(*argv,"-connect") == 0)
	210	{
	211	if (--argc < 1) goto bad;
	212	if (!extract_host_port(*(++argv),&host,NULL,&port))
	213	goto bad;
	214	}
	215	else if (strcmp(*argv,"-verify") == 0)
	216	{
	217	verify=SSL_VERIFY_PEER;
	218	if (--argc < 1) goto bad;
	219	verify_depth=atoi(*(++argv));
	220	BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
	221	}
	222	else if (strcmp(*argv,"-cert") == 0)
	223	{
	224	if (--argc < 1) goto bad;
	225	cert_file= *(++argv);
	226	}
	227	else if (strcmp(*argv,"-quiet") == 0)
	228	c_quiet=1;
	229	else if (strcmp(*argv,"-pause") == 0)
	230	c_Pause=1;
	231	else if (strcmp(*argv,"-debug") == 0)
	232	c_debug=1;
6d02d8e4 BM	233	else if (strcmp(*argv,"-showcerts") == 0)
6d02d8e4 BM	234	c_showcerts=1;
d02b48c6 RE	235	else if (strcmp(*argv,"-nbio_test") == 0)
	236	nbio_test=1;
	237	else if (strcmp(*argv,"-state") == 0)
	238	state=1;
	239	#ifndef NO_SSL2
	240	else if (strcmp(*argv,"-ssl2") == 0)
	241	meth=SSLv2_client_method();
	242	#endif
	243	#ifndef NO_SSL3
	244	else if (strcmp(*argv,"-ssl3") == 0)
	245	meth=SSLv3_client_method();
58964a49 RE	246	#endif
	247	#ifndef NO_TLS1
	248	else if (strcmp(*argv,"-tls1") == 0)
	249	meth=TLSv1_client_method();
d02b48c6 RE	250	#endif
	251	else if (strcmp(*argv,"-bugs") == 0)
	252	bugs=1;
	253	else if (strcmp(*argv,"-key") == 0)
	254	{
	255	if (--argc < 1) goto bad;
	256	key_file= *(++argv);
	257	}
	258	else if (strcmp(*argv,"-reconnect") == 0)
	259	{
	260	reconnect=5;
	261	}
	262	else if (strcmp(*argv,"-CApath") == 0)
	263	{
	264	if (--argc < 1) goto bad;
	265	CApath= *(++argv);
	266	}
	267	else if (strcmp(*argv,"-CAfile") == 0)
	268	{
	269	if (--argc < 1) goto bad;
	270	CAfile= *(++argv);
	271	}
58964a49 RE	272	else if (strcmp(*argv,"-no_tls1") == 0)
	273	off\|=SSL_OP_NO_TLSv1;
	274	else if (strcmp(*argv,"-no_ssl3") == 0)
	275	off\|=SSL_OP_NO_SSLv3;
	276	else if (strcmp(*argv,"-no_ssl2") == 0)
	277	off\|=SSL_OP_NO_SSLv2;
d02b48c6 RE	278	else if (strcmp(*argv,"-cipher") == 0)
	279	{
	280	if (--argc < 1) goto bad;
	281	cipher= *(++argv);
	282	}
	283	#ifdef FIONBIO
	284	else if (strcmp(*argv,"-nbio") == 0)
	285	{ c_nbio=1; }
	286	#endif
	287	else
	288	{
	289	BIO_printf(bio_err,"unknown option %s\n",*argv);
	290	badop=1;
	291	break;
	292	}
	293	argc--;
	294	argv++;
	295	}
	296	if (badop)
	297	{
	298	bad:
	299	sc_usage();
	300	goto end;
	301	}
	302
	303	if (bio_c_out == NULL)
	304	{
	305	if (c_quiet)
	306	{
	307	bio_c_out=BIO_new(BIO_s_null());
	308	}
	309	else
	310	{
	311	if (bio_c_out == NULL)
	312	bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
	313	}
	314	}
	315
	316	SSLeay_add_ssl_algorithms();
	317	ctx=SSL_CTX_new(meth);
	318	if (ctx == NULL)
	319	{
	320	ERR_print_errors(bio_err);
	321	goto end;
	322	}
	323
58964a49 RE	324	if (bugs)
	325	SSL_CTX_set_options(ctx,SSL_OP_ALL\|off);
	326	else
	327	SSL_CTX_set_options(ctx,off);
d02b48c6 RE	328
	329	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
	330	if (cipher != NULL)
	331	SSL_CTX_set_cipher_list(ctx,cipher);
	332	#if 0
	333	else
	334	SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
	335	#endif
	336
	337	SSL_CTX_set_verify(ctx,verify,verify_callback);
	338	if (!set_cert_stuff(ctx,cert_file,key_file))
	339	goto end;
	340
	341	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|
	342	(!SSL_CTX_set_default_verify_paths(ctx)))
	343	{
58964a49	344	/* BIO_printf(bio_err,"error seting default verify locations\n"); */
d02b48c6	345	ERR_print_errors(bio_err);
58964a49	346	/* goto end; */
d02b48c6 RE	347	}
	348
	349	SSL_load_error_strings();
	350
	351	con=(SSL *)SSL_new(ctx);
58964a49	352	/* SSL_set_cipher_list(con,"RC4-MD5"); */
d02b48c6 RE	353
	354	re_start:
	355
	356	if (init_client(&s,host,port) == 0)
	357	{
58964a49	358	BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
d02b48c6 RE	359	SHUTDOWN(s);
	360	goto end;
	361	}
	362	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
	363
	364	#ifdef FIONBIO
	365	if (c_nbio)
	366	{
	367	unsigned long l=1;
	368	BIO_printf(bio_c_out,"turning on non blocking io\n");
58964a49 RE	369	if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
	370	{
	371	ERR_print_errors(bio_err);
	372	goto end;
	373	}
d02b48c6 RE	374	}
	375	#endif
	376	if (c_Pause & 0x01) con->debug=1;
	377	sbio=BIO_new_socket(s,BIO_NOCLOSE);
	378
	379	if (nbio_test)
	380	{
	381	BIO *test;
	382
	383	test=BIO_new(BIO_f_nbio_test());
	384	sbio=BIO_push(test,sbio);
	385	}
	386
	387	if (c_debug)
	388	{
	389	con->debug=1;
	390	BIO_set_callback(sbio,bio_dump_cb);
	391	BIO_set_callback_arg(sbio,bio_c_out);
	392	}
	393
	394	SSL_set_bio(con,sbio,sbio);
	395	SSL_set_connect_state(con);
	396
	397	/* ok, lets connect */
	398	width=SSL_get_fd(con)+1;
	399
	400	read_tty=1;
	401	write_tty=0;
	402	tty_on=0;
	403	read_ssl=1;
	404	write_ssl=1;
	405
	406	cbuf_len=0;
	407	cbuf_off=0;
	408	sbuf_len=0;
	409	sbuf_off=0;
	410
	411	for (;;)
	412	{
	413	FD_ZERO(&readfds);
	414	FD_ZERO(&writefds);
	415
58964a49	416	if (SSL_in_init(con) && !SSL_total_renegotiations(con))
d02b48c6 RE	417	{
	418	in_init=1;
	419	tty_on=0;
	420	}
	421	else
	422	{
	423	tty_on=1;
	424	if (in_init)
	425	{
	426	in_init=0;
	427	print_stuff(bio_c_out,con,full_log);
	428	if (full_log > 0) full_log--;
	429
	430	if (reconnect)
	431	{
	432	reconnect--;
	433	BIO_printf(bio_c_out,"drop connection and then reconnect\n");
	434	SSL_shutdown(con);
	435	SSL_set_connect_state(con);
	436	SHUTDOWN(SSL_get_fd(con));
	437	goto re_start;
	438	}
	439	}
	440	}
	441
c7ac31e2 BM	442	ssl_pending = read_ssl && SSL_pending(con);
	443
	444	if (!ssl_pending)
d02b48c6	445	#ifndef WINDOWS
d02b48c6	446	{
c7ac31e2 BM	447	if (tty_on)
	448	{
	449	if (read_tty) FD_SET(fileno(stdin),&readfds);
	450	if (write_tty) FD_SET(fileno(stdout),&writefds);
	451	}
d02b48c6	452	#endif
c7ac31e2 BM	453	if (read_ssl)
	454	FD_SET(SSL_get_fd(con),&readfds);
	455	if (write_ssl)
	456	FD_SET(SSL_get_fd(con),&writefds);
d02b48c6	457
c7ac31e2 BM	458	/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
c7ac31e2 BM	459	tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
d02b48c6	460
c7ac31e2 BM	461	i=select(width,&readfds,&writefds,NULL,NULL);
	462	if ( i < 0)
	463	{
	464	BIO_printf(bio_err,"bad select %d\n",
58964a49	465	get_last_socket_error());
c7ac31e2 BM	466	goto shut;
	467	/* goto end; */
	468	}
d02b48c6 RE	469	}
d02b48c6 RE	470
c7ac31e2	471	if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
d02b48c6 RE	472	{
	473	k=SSL_write(con,&(cbuf[cbuf_off]),
	474	(unsigned int)cbuf_len);
	475	switch (SSL_get_error(con,k))
	476	{
	477	case SSL_ERROR_NONE:
	478	cbuf_off+=k;
	479	cbuf_len-=k;
	480	if (k <= 0) goto end;
	481	/* we have done a write(con,NULL,0); */
	482	if (cbuf_len <= 0)
	483	{
	484	read_tty=1;
	485	write_ssl=0;
	486	}
	487	else /* if (cbuf_len > 0) */
	488	{
	489	read_tty=0;
	490	write_ssl=1;
	491	}
	492	break;
	493	case SSL_ERROR_WANT_WRITE:
	494	BIO_printf(bio_c_out,"write W BLOCK\n");
	495	write_ssl=1;
	496	read_tty=0;
	497	break;
	498	case SSL_ERROR_WANT_READ:
	499	BIO_printf(bio_c_out,"write R BLOCK\n");
	500	write_tty=0;
	501	read_ssl=1;
	502	write_ssl=0;
	503	break;
	504	case SSL_ERROR_WANT_X509_LOOKUP:
	505	BIO_printf(bio_c_out,"write X BLOCK\n");
	506	break;
	507	case SSL_ERROR_ZERO_RETURN:
	508	if (cbuf_len != 0)
	509	{
	510	BIO_printf(bio_c_out,"shutdown\n");
	511	goto shut;
	512	}
	513	else
	514	{
	515	read_tty=1;
	516	write_ssl=0;
	517	break;
	518	}
	519
	520	case SSL_ERROR_SYSCALL:
	521	if ((k != 0) \|\| (cbuf_len != 0))
	522	{
	523	BIO_printf(bio_err,"write:errno=%d\n",
58964a49	524	get_last_socket_error());
d02b48c6 RE	525	goto shut;
	526	}
	527	else
	528	{
	529	read_tty=1;
	530	write_ssl=0;
	531	}
	532	break;
	533	case SSL_ERROR_SSL:
	534	ERR_print_errors(bio_err);
	535	goto shut;
	536	}
	537	}
	538	#ifndef WINDOWS
c7ac31e2	539	else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
d02b48c6 RE	540	{
	541	i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
	542
	543	if (i <= 0)
	544	{
	545	BIO_printf(bio_c_out,"DONE\n");
	546	goto shut;
	547	/* goto end; */
	548	}
	549
	550	sbuf_len-=i;;
	551	sbuf_off+=i;
	552	if (sbuf_len <= 0)
	553	{
	554	read_ssl=1;
	555	write_tty=0;
	556	}
	557	}
	558	#endif
c7ac31e2	559	else if (ssl_pending \|\| FD_ISSET(SSL_get_fd(con),&readfds))
d02b48c6	560	{
58964a49 RE	561	#ifdef RENEG
	562	{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
	563	#endif
dfeab068	564	#if 1
58964a49	565	k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
dfeab068 RE	566	#else
	567	/* Demo for pending and peek :-) */
	568	k=SSL_read(con,sbuf,16);
	569	{ char zbuf[10240];
	570	printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
	571	}
	572	#endif
d02b48c6 RE	573
	574	switch (SSL_get_error(con,k))
	575	{
	576	case SSL_ERROR_NONE:
	577	if (k <= 0)
	578	goto end;
	579	sbuf_off=0;
	580	sbuf_len=k;
	581
	582	read_ssl=0;
	583	write_tty=1;
	584	break;
	585	case SSL_ERROR_WANT_WRITE:
	586	BIO_printf(bio_c_out,"read W BLOCK\n");
	587	write_ssl=1;
	588	read_tty=0;
	589	break;
	590	case SSL_ERROR_WANT_READ:
	591	BIO_printf(bio_c_out,"read R BLOCK\n");
	592	write_tty=0;
	593	read_ssl=1;
	594	if ((read_tty == 0) && (write_ssl == 0))
	595	write_ssl=1;
	596	break;
	597	case SSL_ERROR_WANT_X509_LOOKUP:
	598	BIO_printf(bio_c_out,"read X BLOCK\n");
	599	break;
	600	case SSL_ERROR_SYSCALL:
58964a49	601	BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
d02b48c6 RE	602	goto shut;
	603	case SSL_ERROR_ZERO_RETURN:
	604	BIO_printf(bio_c_out,"closed\n");
	605	goto shut;
	606	case SSL_ERROR_SSL:
	607	ERR_print_errors(bio_err);
	608	goto shut;
dfeab068	609	/* break; */
d02b48c6 RE	610	}
	611	}
	612
	613	#ifndef WINDOWS
	614	else if (FD_ISSET(fileno(stdin),&readfds))
	615	{
	616	i=read(fileno(stdin),cbuf,BUFSIZZ);
	617
	618	if ((!c_quiet) && ((i <= 0) \|\| (cbuf[0] == 'Q')))
	619	{
	620	BIO_printf(bio_err,"DONE\n");
	621	goto shut;
	622	}
	623
	624	if ((!c_quiet) && (cbuf[0] == 'R'))
	625	{
3bb307c1	626	BIO_printf(bio_err,"RENEGOTIATING\n");
d02b48c6	627	SSL_renegotiate(con);
3bb307c1	628	cbuf_len=0;
d02b48c6 RE	629	}
	630	else
	631	{
	632	cbuf_len=i;
	633	cbuf_off=0;
	634	}
	635
d02b48c6	636	write_ssl=1;
3bb307c1	637	read_tty=0;
d02b48c6 RE	638	}
	639	#endif
	640	}
	641	shut:
	642	SSL_shutdown(con);
	643	SHUTDOWN(SSL_get_fd(con));
	644	ret=0;
	645	end:
	646	if (con != NULL) SSL_free(con);
	647	if (con2 != NULL) SSL_free(con2);
	648	if (ctx != NULL) SSL_CTX_free(ctx);
	649	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
	650	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
	651	if (bio_c_out != NULL)
	652	{
	653	BIO_free(bio_c_out);
	654	bio_c_out=NULL;
	655	}
	656	EXIT(ret);
	657	}
	658
	659
	660	static void print_stuff(bio,s,full)
	661	BIO *bio;
	662	SSL *s;
	663	int full;
	664	{
58964a49	665	X509 *peer=NULL;
d02b48c6 RE	666	char *p;
	667	static char *space=" ";
	668	char buf[BUFSIZ];
f73e07cf BL	669	STACK_OF(X509) *sk;
f73e07cf BL	670	STACK_OF(X509_NAME) *sk2;
d02b48c6 RE	671	SSL_CIPHER *c;
	672	X509_NAME *xn;
	673	int j,i;
	674
	675	if (full)
	676	{
	677	sk=SSL_get_peer_cert_chain(s);
	678	if (sk != NULL)
	679	{
dfeab068	680	BIO_printf(bio,"---\nCertificate chain\n");
f73e07cf	681	for (i=0; i<sk_X509_num(sk); i++)
d02b48c6	682	{
f73e07cf BL	683	X509_NAME_oneline(X509_get_subject_name(
f73e07cf BL	684	sk_X509_value(sk,i)),buf,BUFSIZ);
d02b48c6	685	BIO_printf(bio,"%2d s:%s\n",i,buf);
f73e07cf BL	686	X509_NAME_oneline(X509_get_issuer_name(
f73e07cf BL	687	sk_X509_value(sk,i)),buf,BUFSIZ);
d02b48c6	688	BIO_printf(bio," i:%s\n",buf);
6d02d8e4	689	if (c_showcerts)
f73e07cf	690	PEM_write_bio_X509(bio,sk_X509_value(sk,i));
d02b48c6 RE	691	}
	692	}
	693
	694	BIO_printf(bio,"---\n");
	695	peer=SSL_get_peer_certificate(s);
	696	if (peer != NULL)
	697	{
	698	BIO_printf(bio,"Server certificate\n");
6d02d8e4 BM	699	if (!c_showcerts) /* Redundant if we showed the whole chain */
6d02d8e4 BM	700	PEM_write_bio_X509(bio,peer);
d02b48c6 RE	701	X509_NAME_oneline(X509_get_subject_name(peer),
	702	buf,BUFSIZ);
	703	BIO_printf(bio,"subject=%s\n",buf);
	704	X509_NAME_oneline(X509_get_issuer_name(peer),
	705	buf,BUFSIZ);
	706	BIO_printf(bio,"issuer=%s\n",buf);
d02b48c6 RE	707	}
	708	else
	709	BIO_printf(bio,"no peer certificate available\n");
	710
f73e07cf BL	711	sk2=SSL_get_client_CA_list(s);
f73e07cf BL	712	if ((sk != NULL) && (sk_X509_NAME_num(sk2) > 0))
d02b48c6 RE	713	{
d02b48c6 RE	714	BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
f73e07cf	715	for (i=0; i<sk_X509_NAME_num(sk2); i++)
d02b48c6	716	{
f73e07cf	717	xn=sk_X509_NAME_value(sk2,i);
d02b48c6 RE	718	X509_NAME_oneline(xn,buf,sizeof(buf));
	719	BIO_write(bio,buf,strlen(buf));
	720	BIO_write(bio,"\n",1);
	721	}
	722	}
	723	else
	724	{
	725	BIO_printf(bio,"---\nNo client certificate CA names sent\n");
	726	}
	727	p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
	728	if (p != NULL)
	729	{
	730	BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
	731	j=i=0;
	732	while (*p)
	733	{
	734	if (*p == ':')
	735	{
58964a49	736	BIO_write(bio,space,15-j%25);
d02b48c6 RE	737	i++;
	738	j=0;
	739	BIO_write(bio,((i%3)?" ":"\n"),1);
	740	}
	741	else
	742	{
	743	BIO_write(bio,p,1);
	744	j++;
	745	}
	746	p++;
	747	}
	748	BIO_write(bio,"\n",1);
	749	}
	750
	751	BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
	752	BIO_number_read(SSL_get_rbio(s)),
	753	BIO_number_written(SSL_get_wbio(s)));
	754	}
	755	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
	756	c=SSL_get_current_cipher(s);
	757	BIO_printf(bio,"%s, Cipher is %s\n",
	758	SSL_CIPHER_get_version(c),
	759	SSL_CIPHER_get_name(c));
a8236c8c DSH	760	if (peer != NULL) {
	761	EVP_PKEY *pktmp;
	762	pktmp = X509_get_pubkey(peer);
58964a49	763	BIO_printf(bio,"Server public key is %d bit\n",
a8236c8c DSH	764	EVP_PKEY_bits(pktmp));
	765	EVP_PKEY_free(pktmp);
	766	}
d02b48c6 RE	767	SSL_SESSION_print(bio,SSL_get_session(s));
d02b48c6 RE	768	BIO_printf(bio,"---\n");
58964a49 RE	769	if (peer != NULL)
58964a49 RE	770	X509_free(peer);
d02b48c6 RE	771	}
d02b48c6 RE	772