OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST,
OPT_MAXFRAGLEN, OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES,
OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE,
+ OPT_TFO,
OPT_V_ENUM,
OPT_X_ENUM,
OPT_S_ENUM, OPT_IGNORE_UNEXPECTED_EOF,
"Do not load certificates from the default certificates store"},
{"requestCAfile", OPT_REQCAFILE, '<',
"PEM format file of CA names to send to the server"},
+#if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)
+ {"tfo", OPT_TFO, '-', "Connect using TCP Fast Open"},
+#endif
{"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"},
{"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',
"DANE TLSA rrdata presentation form"},
#ifndef OPENSSL_NO_KTLS
int enable_ktls = 0;
#endif
+ int tfo = 0;
+ BIO_ADDR *tfo_addr = NULL;
FD_ZERO(&readfds);
FD_ZERO(&writefds);
if (!opt_pair(opt_arg(), services, &starttls_proto))
goto end;
break;
+ case OPT_TFO:
+ tfo = 1;
+ break;
case OPT_SERVERNAME:
servername = opt_arg();
break;
"-dane_tlsa_domain option.\n", prog);
goto end;
}
+#ifndef OPENSSL_NO_DTLS
+ if (isdtls && tfo) {
+ BIO_printf(bio_err, "%s: DTLS does not support the -tfo option\n", prog);
+ goto end;
+ }
+#endif
+ if (tfo)
+ BIO_printf(bio_c_out, "Connecting via TFO\n");
re_start:
if (init_client(&sock, host, port, bindhost, bindport, socket_family,
- socket_type, protocol) == 0) {
+ socket_type, protocol, tfo, &tfo_addr) == 0) {
BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
BIO_closesocket(sock);
goto end;
goto end;
}
+ /* Now that we're using a BIO... */
+ if (tfo_addr != NULL)
+ (void)BIO_set_conn_address(sbio, tfo_addr);
+ if (tfo)
+ (void)BIO_set_tfo(sbio, 1);
+
if (nbio_test) {
BIO *test;
case SSL_ERROR_SYSCALL:
if ((k != 0) || (cbuf_len != 0)) {
- BIO_printf(bio_err, "write:errno=%d\n",
- get_last_socket_error());
- goto shut;
+ int sockerr = get_last_socket_error();
+
+ if (!tfo || sockerr != EISCONN) {
+ BIO_printf(bio_err, "write:errno=%d\n", sockerr);
+ goto shut;
+ }
} else {
read_tty = 1;
write_ssl = 0;
OPENSSL_free(srp_arg.srppassin);
#endif
OPENSSL_free(sname_alloc);
+ BIO_ADDR_free(tfo_addr);
OPENSSL_free(connectstr);
OPENSSL_free(bindstr);
OPENSSL_free(bindhost);