Garbage collect the last users of SSL_set_debug(3)

This undocumented, incomplete public function has never done anything
useful. It will be removed from libssl. Removing it from openssl(1)
clears the way for this.

ok jsing

s_client: pause hasn't worked in ages. Just ignore it

ok jsing

Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitons

While I'm here, change the no_ssl2 and no_ssl3 options to use
OPTION_DISCARD as well instead of continuing to set a no-op
option flag.

ok jsing@ tb@

Remove the tls1.0 and 1.1 related options from the openssl(1) toolkit

ok tb@

Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Attempt to opportunistically use the host name for SNI in s_client.

ok beck@ inoguchi@ tb@

Garbage collect another unused variable.

Spotted by egcc and probably clang 13. ok tb@

Garbage collect an unused variable.

Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

Free peekaboo pbuf at end of s_client_main()

Otherwise each run of the s_client leaks 16k of memory. This hurts
in interactive mode.

ok inoguchi jsing

Clean up s_client.c

- Remove space between '*' and pointer variable.
- Add function prototype.
- Move callback function to bottom.
- Move typedef struct to up.

Change variable bio_c_out from global to local

ok tb@

Wrap long lines and put space in front of label in s_client.c

Remove c_ prefix from s_client_config member

Convert openssl(1) s_client option handling

suggestions and ok beck@ jsing@ tb@

In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by
default. To avoid hanging on a blocking read, we need to clear the
SSL_MODE_AUTO_RETRY flag in the s_client and the s_server.

ok beck inoguchi jsing

sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"
(gurn) copies getsockname() retrieves a truncated result and 14 bytes of
stack garbage get copied onwards.
ok tb

s_client: fix use of possibly uninitialized values

Set initial value to variable 'p' and 'pending'.

Reported and fix requested from leonklingele by GitHub pull request.
https://github.com/libressl-portable/portable/issues/577
https://github.com/libressl-portable/openbsd/pull/114

ok bcook@ jsing@ tb@

Add -groups option to openssl(1) s_server.

This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.

ok beck@ inoguchi@

Add -tls1_3 and -notls1_3 options to openssl(1) s_client.

Also stop using version pinned methods, instead setting the min and max
protocol versions.

Requested by inoguchi@

ok inoguchi@ tb@

Make -peekaboo mode also use SSL_pending after peeking, to ensure
SSL_pending implementation is correct.

annoying jsing@

Simplify the peekaboo code.

ok beck@

Add -peekaboo option to s_client, to test SSL_peek
peeks data before reading, compares to subsequent read.

ok jsing@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

didn't found -> didn't find.

From Edgar Pettijohn III

typo in output string; from edgar pettijohn

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

Remove NPN support - the -nextprotoneg options now become no-ops.

ok bcook@ beck@ doug@

use freezero() instead of 4-line conditional explicit_bzero + free

Add a -groups option to openssl s_client, which allows supported EC curves
to be specified as a colon separated list.

ok beck@

rearrange pledge promises into the canonical order; easier to eyeball

Display details of the server ephemeral key, based on OpenSSL.

ok doug@

Fix a bug loading the default certificate path locations.

The files would only be loaded if the CAfile or CApath locations were
succesfully loaded first. Original patch from OpenSSL:

https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190

ok beck@

Undo previous, pledge("dns") was already present. The problem was in s_server.

pledge dns so openssl can use dns.. noticed and fix by todd@
ok jcs@ deraadt@ theo@

In pledge(), put "dns" right after "inet".

Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.

From todd@

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

these do not use ioctl.h

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Fix shadowed verify_error in s_server by removing the unused global.

's_time -verify 1' will now actually verify the peer certificate.

ok beck@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers

with tweaks & ok bcook@ doug@ manpage bits jmc@

Remove SSLv3 support from openssl(1) s_client.

ok miod@ bcook@ beck@

Move verify externs into the header file.

Add the possibility to use the openssl s_client tool with an http
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@

unifdef OPENSSL_NO_NEXTPROTONEG

Add ALPN support to openssl(1).

Based on OpenSSL.

convert select() to poll(). This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.

Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@

More OPENSSL_NO_TLSEXT clean up.

TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,
which was already done for libssl some time back.

None of these need <openssl/rand.h>

s_client: don't call shutdown on a non-existent socket descriptor.

from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
ok beck@, deraadt@

Use O_NONBLOCK over FIONBIO.

Prefer this because it is the POSIX standard and has consistent behavior
across platforms.

Use BIO_socket_nbio consistently across the tree.

from Jonas 'Sortie' Termansen, ok deraadt@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitons

While I'm here, change the no_ssl2 and no_ssl3 options to use
OPTION_DISCARD as well instead of continuing to set a no-op
option flag.

ok jsing@ tb@

Remove the tls1.0 and 1.1 related options from the openssl(1) toolkit

ok tb@

Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Attempt to opportunistically use the host name for SNI in s_client.

ok beck@ inoguchi@ tb@

Garbage collect another unused variable.

Spotted by egcc and probably clang 13. ok tb@

Garbage collect an unused variable.

Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

Free peekaboo pbuf at end of s_client_main()

Otherwise each run of the s_client leaks 16k of memory. This hurts
in interactive mode.

ok inoguchi jsing

Clean up s_client.c

- Remove space between '*' and pointer variable.
- Add function prototype.
- Move callback function to bottom.
- Move typedef struct to up.

Change variable bio_c_out from global to local

ok tb@

Wrap long lines and put space in front of label in s_client.c

Remove c_ prefix from s_client_config member

Convert openssl(1) s_client option handling

suggestions and ok beck@ jsing@ tb@

In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by
default. To avoid hanging on a blocking read, we need to clear the
SSL_MODE_AUTO_RETRY flag in the s_client and the s_server.

ok beck inoguchi jsing

sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"
(gurn) copies getsockname() retrieves a truncated result and 14 bytes of
stack garbage get copied onwards.
ok tb

s_client: fix use of possibly uninitialized values

Set initial value to variable 'p' and 'pending'.

Reported and fix requested from leonklingele by GitHub pull request.
https://github.com/libressl-portable/portable/issues/577
https://github.com/libressl-portable/openbsd/pull/114

ok bcook@ jsing@ tb@

Add -groups option to openssl(1) s_server.

This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.

ok beck@ inoguchi@

Add -tls1_3 and -notls1_3 options to openssl(1) s_client.

Also stop using version pinned methods, instead setting the min and max
protocol versions.

Requested by inoguchi@

ok inoguchi@ tb@

Make -peekaboo mode also use SSL_pending after peeking, to ensure
SSL_pending implementation is correct.

annoying jsing@

Simplify the peekaboo code.

ok beck@

Add -peekaboo option to s_client, to test SSL_peek
peeks data before reading, compares to subsequent read.

ok jsing@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

didn't found -> didn't find.

From Edgar Pettijohn III

typo in output string; from edgar pettijohn

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

Remove NPN support - the -nextprotoneg options now become no-ops.

ok bcook@ beck@ doug@

use freezero() instead of 4-line conditional explicit_bzero + free

Add a -groups option to openssl s_client, which allows supported EC curves
to be specified as a colon separated list.

ok beck@

rearrange pledge promises into the canonical order; easier to eyeball

Display details of the server ephemeral key, based on OpenSSL.

ok doug@

Fix a bug loading the default certificate path locations.

The files would only be loaded if the CAfile or CApath locations were
succesfully loaded first. Original patch from OpenSSL:

https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190

ok beck@

Undo previous, pledge("dns") was already present. The problem was in s_server.

pledge dns so openssl can use dns.. noticed and fix by todd@
ok jcs@ deraadt@ theo@

In pledge(), put "dns" right after "inet".

Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.

From todd@

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

these do not use ioctl.h

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Fix shadowed verify_error in s_server by removing the unused global.

's_time -verify 1' will now actually verify the peer certificate.

ok beck@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers

with tweaks & ok bcook@ doug@ manpage bits jmc@

Remove SSLv3 support from openssl(1) s_client.

ok miod@ bcook@ beck@

Move verify externs into the header file.

Add the possibility to use the openssl s_client tool with an http
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@

unifdef OPENSSL_NO_NEXTPROTONEG

Add ALPN support to openssl(1).

Based on OpenSSL.

convert select() to poll(). This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.

Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@

More OPENSSL_NO_TLSEXT clean up.

TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,
which was already done for libssl some time back.

None of these need <openssl/rand.h>

s_client: don't call shutdown on a non-existent socket descriptor.

from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
ok beck@, deraadt@

Use O_NONBLOCK over FIONBIO.

Prefer this because it is the POSIX standard and has consistent behavior
across platforms.

Use BIO_socket_nbio consistently across the tree.

from Jonas 'Sortie' Termansen, ok deraadt@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Attempt to opportunistically use the host name for SNI in s_client.

ok beck@ inoguchi@ tb@

Garbage collect another unused variable.

Spotted by egcc and probably clang 13. ok tb@

Garbage collect an unused variable.

Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

Free peekaboo pbuf at end of s_client_main()

Otherwise each run of the s_client leaks 16k of memory. This hurts
in interactive mode.

ok inoguchi jsing

Clean up s_client.c

- Remove space between '*' and pointer variable.
- Add function prototype.
- Move callback function to bottom.
- Move typedef struct to up.

Change variable bio_c_out from global to local

ok tb@

Wrap long lines and put space in front of label in s_client.c

Remove c_ prefix from s_client_config member

Convert openssl(1) s_client option handling

suggestions and ok beck@ jsing@ tb@

In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by
default. To avoid hanging on a blocking read, we need to clear the
SSL_MODE_AUTO_RETRY flag in the s_client and the s_server.

ok beck inoguchi jsing

sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"
(gurn) copies getsockname() retrieves a truncated result and 14 bytes of
stack garbage get copied onwards.
ok tb

s_client: fix use of possibly uninitialized values

Set initial value to variable 'p' and 'pending'.

Reported and fix requested from leonklingele by GitHub pull request.
https://github.com/libressl-portable/portable/issues/577
https://github.com/libressl-portable/openbsd/pull/114

ok bcook@ jsing@ tb@

Add -groups option to openssl(1) s_server.

This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.

ok beck@ inoguchi@

Add -tls1_3 and -notls1_3 options to openssl(1) s_client.

Also stop using version pinned methods, instead setting the min and max
protocol versions.

Requested by inoguchi@

ok inoguchi@ tb@

Make -peekaboo mode also use SSL_pending after peeking, to ensure
SSL_pending implementation is correct.

annoying jsing@

Simplify the peekaboo code.

ok beck@

Add -peekaboo option to s_client, to test SSL_peek
peeks data before reading, compares to subsequent read.

ok jsing@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

didn't found -> didn't find.

From Edgar Pettijohn III

typo in output string; from edgar pettijohn

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

Remove NPN support - the -nextprotoneg options now become no-ops.

ok bcook@ beck@ doug@

use freezero() instead of 4-line conditional explicit_bzero + free

Add a -groups option to openssl s_client, which allows supported EC curves
to be specified as a colon separated list.

ok beck@

rearrange pledge promises into the canonical order; easier to eyeball

Display details of the server ephemeral key, based on OpenSSL.

ok doug@

Fix a bug loading the default certificate path locations.

The files would only be loaded if the CAfile or CApath locations were
succesfully loaded first. Original patch from OpenSSL:

https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190

ok beck@

Undo previous, pledge("dns") was already present. The problem was in s_server.

pledge dns so openssl can use dns.. noticed and fix by todd@
ok jcs@ deraadt@ theo@

In pledge(), put "dns" right after "inet".

Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.

From todd@

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

these do not use ioctl.h

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Fix shadowed verify_error in s_server by removing the unused global.

's_time -verify 1' will now actually verify the peer certificate.

ok beck@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers

with tweaks & ok bcook@ doug@ manpage bits jmc@

Remove SSLv3 support from openssl(1) s_client.

ok miod@ bcook@ beck@

Move verify externs into the header file.

Add the possibility to use the openssl s_client tool with an http
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@

unifdef OPENSSL_NO_NEXTPROTONEG

Add ALPN support to openssl(1).

Based on OpenSSL.

convert select() to poll(). This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.

Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@

More OPENSSL_NO_TLSEXT clean up.

TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,
which was already done for libssl some time back.

None of these need <openssl/rand.h>

s_client: don't call shutdown on a non-existent socket descriptor.

from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
ok beck@, deraadt@

Use O_NONBLOCK over FIONBIO.

Prefer this because it is the POSIX standard and has consistent behavior
across platforms.

Use BIO_socket_nbio consistently across the tree.

from Jonas 'Sortie' Termansen, ok deraadt@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Attempt to opportunistically use the host name for SNI in s_client.

ok beck@ inoguchi@ tb@

Garbage collect another unused variable.

Spotted by egcc and probably clang 13. ok tb@

Garbage collect an unused variable.

Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

Free peekaboo pbuf at end of s_client_main()

Otherwise each run of the s_client leaks 16k of memory. This hurts
in interactive mode.

ok inoguchi jsing

Clean up s_client.c

- Remove space between '*' and pointer variable.
- Add function prototype.
- Move callback function to bottom.
- Move typedef struct to up.

Change variable bio_c_out from global to local

ok tb@

Wrap long lines and put space in front of label in s_client.c

Remove c_ prefix from s_client_config member

Convert openssl(1) s_client option handling

suggestions and ok beck@ jsing@ tb@

In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by
default. To avoid hanging on a blocking read, we need to clear the
SSL_MODE_AUTO_RETRY flag in the s_client and the s_server.

ok beck inoguchi jsing

sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"
(gurn) copies getsockname() retrieves a truncated result and 14 bytes of
stack garbage get copied onwards.
ok tb

s_client: fix use of possibly uninitialized values

Set initial value to variable 'p' and 'pending'.

Reported and fix requested from leonklingele by GitHub pull request.
https://github.com/libressl-portable/portable/issues/577
https://github.com/libressl-portable/openbsd/pull/114

ok bcook@ jsing@ tb@

Add -groups option to openssl(1) s_server.

This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.

ok beck@ inoguchi@

Add -tls1_3 and -notls1_3 options to openssl(1) s_client.

Also stop using version pinned methods, instead setting the min and max
protocol versions.

Requested by inoguchi@

ok inoguchi@ tb@

Make -peekaboo mode also use SSL_pending after peeking, to ensure
SSL_pending implementation is correct.

annoying jsing@

Simplify the peekaboo code.

ok beck@

Add -peekaboo option to s_client, to test SSL_peek
peeks data before reading, compares to subsequent read.

ok jsing@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

didn't found -> didn't find.

From Edgar Pettijohn III

typo in output string; from edgar pettijohn

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

Remove NPN support - the -nextprotoneg options now become no-ops.

ok bcook@ beck@ doug@

use freezero() instead of 4-line conditional explicit_bzero + free

Add a -groups option to openssl s_client, which allows supported EC curves
to be specified as a colon separated list.

ok beck@

rearrange pledge promises into the canonical order; easier to eyeball

Display details of the server ephemeral key, based on OpenSSL.

ok doug@

Fix a bug loading the default certificate path locations.

The files would only be loaded if the CAfile or CApath locations were
succesfully loaded first. Original patch from OpenSSL:

https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190

ok beck@

Undo previous, pledge("dns") was already present. The problem was in s_server.

pledge dns so openssl can use dns.. noticed and fix by todd@
ok jcs@ deraadt@ theo@

In pledge(), put "dns" right after "inet".

Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.

From todd@

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

these do not use ioctl.h

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Fix shadowed verify_error in s_server by removing the unused global.

's_time -verify 1' will now actually verify the peer certificate.

ok beck@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers

with tweaks & ok bcook@ doug@ manpage bits jmc@

Remove SSLv3 support from openssl(1) s_client.

ok miod@ bcook@ beck@

Move verify externs into the header file.

Add the possibility to use the openssl s_client tool with an http
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@

unifdef OPENSSL_NO_NEXTPROTONEG

Add ALPN support to openssl(1).

Based on OpenSSL.

convert select() to poll(). This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.

Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@

More OPENSSL_NO_TLSEXT clean up.

TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,
which was already done for libssl some time back.

None of these need <openssl/rand.h>

s_client: don't call shutdown on a non-existent socket descriptor.

from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
ok beck@, deraadt@

Use O_NONBLOCK over FIONBIO.

Prefer this because it is the POSIX standard and has consistent behavior
across platforms.

Use BIO_socket_nbio consistently across the tree.

from Jonas 'Sortie' Termansen, ok deraadt@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Attempt to opportunistically use the host name for SNI in s_client.

ok beck@ inoguchi@ tb@

Garbage collect another unused variable.

Spotted by egcc and probably clang 13. ok tb@

Garbage collect an unused variable.

Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

Free peekaboo pbuf at end of s_client_main()

Otherwise each run of the s_client leaks 16k of memory. This hurts
in interactive mode.

ok inoguchi jsing

Clean up s_client.c

- Remove space between '*' and pointer variable.
- Add function prototype.
- Move callback function to bottom.
- Move typedef struct to up.

Change variable bio_c_out from global to local

ok tb@

Wrap long lines and put space in front of label in s_client.c

Remove c_ prefix from s_client_config member

Convert openssl(1) s_client option handling

suggestions and ok beck@ jsing@ tb@

In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by
default. To avoid hanging on a blocking read, we need to clear the
SSL_MODE_AUTO_RETRY flag in the s_client and the s_server.

ok beck inoguchi jsing

sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"
(gurn) copies getsockname() retrieves a truncated result and 14 bytes of
stack garbage get copied onwards.
ok tb

s_client: fix use of possibly uninitialized values

Set initial value to variable 'p' and 'pending'.

Reported and fix requested from leonklingele by GitHub pull request.
https://github.com/libressl-portable/portable/issues/577
https://github.com/libressl-portable/openbsd/pull/114

ok bcook@ jsing@ tb@

Add -groups option to openssl(1) s_server.

This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.

ok beck@ inoguchi@

Add -tls1_3 and -notls1_3 options to openssl(1) s_client.

Also stop using version pinned methods, instead setting the min and max
protocol versions.

Requested by inoguchi@

ok inoguchi@ tb@

Make -peekaboo mode also use SSL_pending after peeking, to ensure
SSL_pending implementation is correct.

annoying jsing@

Simplify the peekaboo code.

ok beck@

Add -peekaboo option to s_client, to test SSL_peek
peeks data before reading, compares to subsequent read.

ok jsing@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

didn't found -> didn't find.

From Edgar Pettijohn III

typo in output string; from edgar pettijohn

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

Remove NPN support - the -nextprotoneg options now become no-ops.

ok bcook@ beck@ doug@

use freezero() instead of 4-line conditional explicit_bzero + free

Add a -groups option to openssl s_client, which allows supported EC curves
to be specified as a colon separated list.

ok beck@

rearrange pledge promises into the canonical order; easier to eyeball

Display details of the server ephemeral key, based on OpenSSL.

ok doug@

Fix a bug loading the default certificate path locations.

The files would only be loaded if the CAfile or CApath locations were
succesfully loaded first. Original patch from OpenSSL:

https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190

ok beck@

Undo previous, pledge("dns") was already present. The problem was in s_server.

pledge dns so openssl can use dns.. noticed and fix by todd@
ok jcs@ deraadt@ theo@

In pledge(), put "dns" right after "inet".

Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.

From todd@

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

these do not use ioctl.h

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Fix shadowed verify_error in s_server by removing the unused global.

's_time -verify 1' will now actually verify the peer certificate.

ok beck@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers

with tweaks & ok bcook@ doug@ manpage bits jmc@

Remove SSLv3 support from openssl(1) s_client.

ok miod@ bcook@ beck@

Move verify externs into the header file.

Add the possibility to use the openssl s_client tool with an http
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@

unifdef OPENSSL_NO_NEXTPROTONEG

Add ALPN support to openssl(1).

Based on OpenSSL.

convert select() to poll(). This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.

Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@

More OPENSSL_NO_TLSEXT clean up.

TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,
which was already done for libssl some time back.

None of these need <openssl/rand.h>

s_client: don't call shutdown on a non-existent socket descriptor.

from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
ok beck@, deraadt@

Use O_NONBLOCK over FIONBIO.

Prefer this because it is the POSIX standard and has consistent behavior
across platforms.

Use BIO_socket_nbio consistently across the tree.

from Jonas 'Sortie' Termansen, ok deraadt@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Attempt to opportunistically use the host name for SNI in s_client.

ok beck@ inoguchi@ tb@

Garbage collect another unused variable.

Spotted by egcc and probably clang 13. ok tb@

Garbage collect an unused variable.

Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

Free peekaboo pbuf at end of s_client_main()

Otherwise each run of the s_client leaks 16k of memory. This hurts
in interactive mode.

ok inoguchi jsing

Clean up s_client.c

- Remove space between '*' and pointer variable.
- Add function prototype.
- Move callback function to bottom.
- Move typedef struct to up.

Change variable bio_c_out from global to local

ok tb@

Wrap long lines and put space in front of label in s_client.c

Remove c_ prefix from s_client_config member

Convert openssl(1) s_client option handling

suggestions and ok beck@ jsing@ tb@

In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by
default. To avoid hanging on a blocking read, we need to clear the
SSL_MODE_AUTO_RETRY flag in the s_client and the s_server.

ok beck inoguchi jsing

sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"
(gurn) copies getsockname() retrieves a truncated result and 14 bytes of
stack garbage get copied onwards.
ok tb

s_client: fix use of possibly uninitialized values

Set initial value to variable 'p' and 'pending'.

Reported and fix requested from leonklingele by GitHub pull request.
https://github.com/libressl-portable/portable/issues/577
https://github.com/libressl-portable/openbsd/pull/114

ok bcook@ jsing@ tb@

Add -groups option to openssl(1) s_server.

This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.

ok beck@ inoguchi@

Add -tls1_3 and -notls1_3 options to openssl(1) s_client.

Also stop using version pinned methods, instead setting the min and max
protocol versions.

Requested by inoguchi@

ok inoguchi@ tb@

Make -peekaboo mode also use SSL_pending after peeking, to ensure
SSL_pending implementation is correct.

annoying jsing@

Simplify the peekaboo code.

ok beck@

Add -peekaboo option to s_client, to test SSL_peek
peeks data before reading, compares to subsequent read.

ok jsing@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

didn't found -> didn't find.

From Edgar Pettijohn III

typo in output string; from edgar pettijohn

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

Remove NPN support - the -nextprotoneg options now become no-ops.

ok bcook@ beck@ doug@

use freezero() instead of 4-line conditional explicit_bzero + free

Add a -groups option to openssl s_client, which allows supported EC curves
to be specified as a colon separated list.

ok beck@

rearrange pledge promises into the canonical order; easier to eyeball

Display details of the server ephemeral key, based on OpenSSL.

ok doug@

Fix a bug loading the default certificate path locations.

The files would only be loaded if the CAfile or CApath locations were
succesfully loaded first. Original patch from OpenSSL:

https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190

ok beck@

Undo previous, pledge("dns") was already present. The problem was in s_server.

pledge dns so openssl can use dns.. noticed and fix by todd@
ok jcs@ deraadt@ theo@

In pledge(), put "dns" right after "inet".

Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.

From todd@

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

these do not use ioctl.h

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Fix shadowed verify_error in s_server by removing the unused global.

's_time -verify 1' will now actually verify the peer certificate.

ok beck@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers

with tweaks & ok bcook@ doug@ manpage bits jmc@

Remove SSLv3 support from openssl(1) s_client.

ok miod@ bcook@ beck@

Move verify externs into the header file.

Add the possibility to use the openssl s_client tool with an http
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@

unifdef OPENSSL_NO_NEXTPROTONEG

Add ALPN support to openssl(1).

Based on OpenSSL.

convert select() to poll(). This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.

Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@

More OPENSSL_NO_TLSEXT clean up.

TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,
which was already done for libssl some time back.

None of these need <openssl/rand.h>

s_client: don't call shutdown on a non-existent socket descriptor.

from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
ok beck@, deraadt@

Use O_NONBLOCK over FIONBIO.

Prefer this because it is the POSIX standard and has consistent behavior
across platforms.

Use BIO_socket_nbio consistently across the tree.

from Jonas 'Sortie' Termansen, ok deraadt@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Garbage collect another unused variable.

Spotted by egcc and probably clang 13. ok tb@

Garbage collect an unused variable.

Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

Free peekaboo pbuf at end of s_client_main()

Otherwise each run of the s_client leaks 16k of memory. This hurts
in interactive mode.

ok inoguchi jsing

Clean up s_client.c

- Remove space between '*' and pointer variable.
- Add function prototype.
- Move callback function to bottom.
- Move typedef struct to up.

Change variable bio_c_out from global to local

ok tb@

Wrap long lines and put space in front of label in s_client.c

Remove c_ prefix from s_client_config member

Convert openssl(1) s_client option handling

suggestions and ok beck@ jsing@ tb@

In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by
default. To avoid hanging on a blocking read, we need to clear the
SSL_MODE_AUTO_RETRY flag in the s_client and the s_server.

ok beck inoguchi jsing

sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"
(gurn) copies getsockname() retrieves a truncated result and 14 bytes of
stack garbage get copied onwards.
ok tb

s_client: fix use of possibly uninitialized values

Set initial value to variable 'p' and 'pending'.

Reported and fix requested from leonklingele by GitHub pull request.
https://github.com/libressl-portable/portable/issues/577
https://github.com/libressl-portable/openbsd/pull/114

ok bcook@ jsing@ tb@

Add -groups option to openssl(1) s_server.

This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.

ok beck@ inoguchi@

Add -tls1_3 and -notls1_3 options to openssl(1) s_client.

Also stop using version pinned methods, instead setting the min and max
protocol versions.

Requested by inoguchi@

ok inoguchi@ tb@

Make -peekaboo mode also use SSL_pending after peeking, to ensure
SSL_pending implementation is correct.

annoying jsing@

Simplify the peekaboo code.

ok beck@

Add -peekaboo option to s_client, to test SSL_peek
peeks data before reading, compares to subsequent read.

ok jsing@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

didn't found -> didn't find.

From Edgar Pettijohn III

typo in output string; from edgar pettijohn

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

Remove NPN support - the -nextprotoneg options now become no-ops.

ok bcook@ beck@ doug@

use freezero() instead of 4-line conditional explicit_bzero + free

Add a -groups option to openssl s_client, which allows supported EC curves
to be specified as a colon separated list.

ok beck@

rearrange pledge promises into the canonical order; easier to eyeball

Display details of the server ephemeral key, based on OpenSSL.

ok doug@

Fix a bug loading the default certificate path locations.

The files would only be loaded if the CAfile or CApath locations were
succesfully loaded first. Original patch from OpenSSL:

https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190

ok beck@

Undo previous, pledge("dns") was already present. The problem was in s_server.

pledge dns so openssl can use dns.. noticed and fix by todd@
ok jcs@ deraadt@ theo@

In pledge(), put "dns" right after "inet".

Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.

From todd@

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

these do not use ioctl.h

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Fix shadowed verify_error in s_server by removing the unused global.

's_time -verify 1' will now actually verify the peer certificate.

ok beck@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers

with tweaks & ok bcook@ doug@ manpage bits jmc@

Remove SSLv3 support from openssl(1) s_client.

ok miod@ bcook@ beck@

Move verify externs into the header file.

Add the possibility to use the openssl s_client tool with an http
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@

unifdef OPENSSL_NO_NEXTPROTONEG

Add ALPN support to openssl(1).

Based on OpenSSL.

convert select() to poll(). This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.

Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@

More OPENSSL_NO_TLSEXT clean up.

TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,
which was already done for libssl some time back.

None of these need <openssl/rand.h>

s_client: don't call shutdown on a non-existent socket descriptor.

from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
ok beck@, deraadt@

Use O_NONBLOCK over FIONBIO.

Prefer this because it is the POSIX standard and has consistent behavior
across platforms.

Use BIO_socket_nbio consistently across the tree.

from Jonas 'Sortie' Termansen, ok deraadt@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Garbage collect an unused variable.

Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

Free peekaboo pbuf at end of s_client_main()

Otherwise each run of the s_client leaks 16k of memory. This hurts
in interactive mode.

ok inoguchi jsing

Clean up s_client.c

- Remove space between '*' and pointer variable.
- Add function prototype.
- Move callback function to bottom.
- Move typedef struct to up.

Change variable bio_c_out from global to local

ok tb@

Wrap long lines and put space in front of label in s_client.c

Remove c_ prefix from s_client_config member