s_client.c revision 59191
155714Skris/* apps/s_client.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 855714Skris * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1555714Skris * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 2255714Skris * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 3755714Skris * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4055714Skris * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 5255714Skris * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5855714Skris 5959191Skris#include <assert.h> 6055714Skris#include <stdio.h> 6155714Skris#include <stdlib.h> 6255714Skris#include <string.h> 6355714Skris#ifdef NO_STDIO 6455714Skris#define APPS_WIN16 6555714Skris#endif 6655714Skris 6755714Skris/* With IPv6, it looks like Digital has mixed up the proper order of 6855714Skris recursive header file inclusion, resulting in the compiler complaining 6955714Skris that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which 7055714Skris is needed to have fileno() declared correctly... So let's define u_int */ 7155714Skris#if defined(VMS) && defined(__DECC) && !defined(__U_INT) 7255714Skris#define __U_INT 7355714Skristypedef unsigned int u_int; 7455714Skris#endif 7555714Skris 7655714Skris#define USE_SOCKETS 7755714Skris#include "apps.h" 7855714Skris#include <openssl/x509.h> 7955714Skris#include <openssl/ssl.h> 8055714Skris#include <openssl/err.h> 8155714Skris#include <openssl/pem.h> 8255714Skris#include "s_apps.h" 8355714Skris 8459191Skris#ifdef WINDOWS 8559191Skris#include <conio.h> 8659191Skris#endif 8759191Skris 8859191Skris 8955714Skris#if (defined(VMS) && __VMS_VER < 70000000) 9055714Skris/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 9155714Skris#undef FIONBIO 9255714Skris#endif 9355714Skris 9455714Skris#undef PROG 9555714Skris#define PROG s_client_main 9655714Skris 9755714Skris/*#define SSL_HOST_NAME "www.netscape.com" */ 9855714Skris/*#define SSL_HOST_NAME "193.118.187.102" */ 9955714Skris#define SSL_HOST_NAME "localhost" 10055714Skris 10155714Skris/*#define TEST_CERT "client.pem" */ /* no default cert. */ 10255714Skris 10355714Skris#undef BUFSIZZ 10455714Skris#define BUFSIZZ 1024*8 10555714Skris 10655714Skrisextern int verify_depth; 10755714Skrisextern int verify_error; 10855714Skris 10955714Skris#ifdef FIONBIO 11055714Skrisstatic int c_nbio=0; 11155714Skris#endif 11255714Skrisstatic int c_Pause=0; 11355714Skrisstatic int c_debug=0; 11455714Skrisstatic int c_showcerts=0; 11555714Skris 11655714Skrisstatic void sc_usage(void); 11755714Skrisstatic void print_stuff(BIO *berr,SSL *con,int full); 11855714Skrisstatic BIO *bio_c_out=NULL; 11955714Skrisstatic int c_quiet=0; 12059191Skrisstatic int c_ign_eof=0; 12155714Skris 12255714Skrisstatic void sc_usage(void) 12355714Skris { 12455714Skris BIO_printf(bio_err,"usage: s_client args\n"); 12555714Skris BIO_printf(bio_err,"\n"); 12655714Skris BIO_printf(bio_err," -host host - use -connect instead\n"); 12755714Skris BIO_printf(bio_err," -port port - use -connect instead\n"); 12855714Skris BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); 12955714Skris 13055714Skris BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 13155714Skris BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); 13255714Skris BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n"); 13355714Skris BIO_printf(bio_err," not specified but cert file is.\n"); 13455714Skris BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 13555714Skris BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 13655714Skris BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); 13755714Skris BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); 13855714Skris BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); 13955714Skris BIO_printf(bio_err," -debug - extra output\n"); 14055714Skris BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); 14155714Skris BIO_printf(bio_err," -state - print the 'ssl' states\n"); 14255714Skris#ifdef FIONBIO 14355714Skris BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 14455714Skris#endif 14555714Skris BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 14655714Skris BIO_printf(bio_err," -quiet - no s_client output\n"); 14759191Skris BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); 14855714Skris BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); 14955714Skris BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); 15055714Skris BIO_printf(bio_err," -tls1 - just use TLSv1\n"); 15155714Skris BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); 15255714Skris BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); 15359191Skris BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); 15455714Skris BIO_printf(bio_err," command to see what is available\n"); 15555714Skris 15655714Skris } 15755714Skris 15859191Skrisint MAIN(int, char **); 15959191Skris 16055714Skrisint MAIN(int argc, char **argv) 16155714Skris { 16255714Skris int off=0; 16355714Skris SSL *con=NULL,*con2=NULL; 16455714Skris int s,k,width,state=0; 16555714Skris char *cbuf=NULL,*sbuf=NULL; 16655714Skris int cbuf_len,cbuf_off; 16755714Skris int sbuf_len,sbuf_off; 16855714Skris fd_set readfds,writefds; 16955714Skris short port=PORT; 17055714Skris int full_log=1; 17155714Skris char *host=SSL_HOST_NAME; 17255714Skris char *cert_file=NULL,*key_file=NULL; 17355714Skris char *CApath=NULL,*CAfile=NULL,*cipher=NULL; 17455714Skris int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; 17555714Skris int crlf=0; 17655714Skris int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; 17755714Skris SSL_CTX *ctx=NULL; 17855714Skris int ret=1,in_init=1,i,nbio_test=0; 17959191Skris int prexit = 0; 18055714Skris SSL_METHOD *meth=NULL; 18155714Skris BIO *sbio; 18259191Skris#ifdef WINDOWS 18359191Skris struct timeval tv; 18459191Skris#endif 18555714Skris 18655714Skris#if !defined(NO_SSL2) && !defined(NO_SSL3) 18755714Skris meth=SSLv23_client_method(); 18855714Skris#elif !defined(NO_SSL3) 18955714Skris meth=SSLv3_client_method(); 19055714Skris#elif !defined(NO_SSL2) 19155714Skris meth=SSLv2_client_method(); 19255714Skris#endif 19355714Skris 19455714Skris apps_startup(); 19555714Skris c_Pause=0; 19655714Skris c_quiet=0; 19759191Skris c_ign_eof=0; 19855714Skris c_debug=0; 19955714Skris c_showcerts=0; 20055714Skris 20155714Skris if (bio_err == NULL) 20255714Skris bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 20355714Skris 20455714Skris if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) || 20555714Skris ((sbuf=Malloc(BUFSIZZ)) == NULL)) 20655714Skris { 20755714Skris BIO_printf(bio_err,"out of memory\n"); 20855714Skris goto end; 20955714Skris } 21055714Skris 21155714Skris verify_depth=0; 21255714Skris verify_error=X509_V_OK; 21355714Skris#ifdef FIONBIO 21455714Skris c_nbio=0; 21555714Skris#endif 21655714Skris 21755714Skris argc--; 21855714Skris argv++; 21955714Skris while (argc >= 1) 22055714Skris { 22155714Skris if (strcmp(*argv,"-host") == 0) 22255714Skris { 22355714Skris if (--argc < 1) goto bad; 22455714Skris host= *(++argv); 22555714Skris } 22655714Skris else if (strcmp(*argv,"-port") == 0) 22755714Skris { 22855714Skris if (--argc < 1) goto bad; 22955714Skris port=atoi(*(++argv)); 23055714Skris if (port == 0) goto bad; 23155714Skris } 23255714Skris else if (strcmp(*argv,"-connect") == 0) 23355714Skris { 23455714Skris if (--argc < 1) goto bad; 23555714Skris if (!extract_host_port(*(++argv),&host,NULL,&port)) 23655714Skris goto bad; 23755714Skris } 23855714Skris else if (strcmp(*argv,"-verify") == 0) 23955714Skris { 24055714Skris verify=SSL_VERIFY_PEER; 24155714Skris if (--argc < 1) goto bad; 24255714Skris verify_depth=atoi(*(++argv)); 24355714Skris BIO_printf(bio_err,"verify depth is %d\n",verify_depth); 24455714Skris } 24555714Skris else if (strcmp(*argv,"-cert") == 0) 24655714Skris { 24755714Skris if (--argc < 1) goto bad; 24855714Skris cert_file= *(++argv); 24955714Skris } 25059191Skris else if (strcmp(*argv,"-prexit") == 0) 25159191Skris prexit=1; 25255714Skris else if (strcmp(*argv,"-crlf") == 0) 25355714Skris crlf=1; 25455714Skris else if (strcmp(*argv,"-quiet") == 0) 25559191Skris { 25655714Skris c_quiet=1; 25759191Skris c_ign_eof=1; 25859191Skris } 25959191Skris else if (strcmp(*argv,"-ign_eof") == 0) 26059191Skris c_ign_eof=1; 26155714Skris else if (strcmp(*argv,"-pause") == 0) 26255714Skris c_Pause=1; 26355714Skris else if (strcmp(*argv,"-debug") == 0) 26455714Skris c_debug=1; 26555714Skris else if (strcmp(*argv,"-showcerts") == 0) 26655714Skris c_showcerts=1; 26755714Skris else if (strcmp(*argv,"-nbio_test") == 0) 26855714Skris nbio_test=1; 26955714Skris else if (strcmp(*argv,"-state") == 0) 27055714Skris state=1; 27155714Skris#ifndef NO_SSL2 27255714Skris else if (strcmp(*argv,"-ssl2") == 0) 27355714Skris meth=SSLv2_client_method(); 27455714Skris#endif 27555714Skris#ifndef NO_SSL3 27655714Skris else if (strcmp(*argv,"-ssl3") == 0) 27755714Skris meth=SSLv3_client_method(); 27855714Skris#endif 27955714Skris#ifndef NO_TLS1 28055714Skris else if (strcmp(*argv,"-tls1") == 0) 28155714Skris meth=TLSv1_client_method(); 28255714Skris#endif 28355714Skris else if (strcmp(*argv,"-bugs") == 0) 28455714Skris bugs=1; 28555714Skris else if (strcmp(*argv,"-key") == 0) 28655714Skris { 28755714Skris if (--argc < 1) goto bad; 28855714Skris key_file= *(++argv); 28955714Skris } 29055714Skris else if (strcmp(*argv,"-reconnect") == 0) 29155714Skris { 29255714Skris reconnect=5; 29355714Skris } 29455714Skris else if (strcmp(*argv,"-CApath") == 0) 29555714Skris { 29655714Skris if (--argc < 1) goto bad; 29755714Skris CApath= *(++argv); 29855714Skris } 29955714Skris else if (strcmp(*argv,"-CAfile") == 0) 30055714Skris { 30155714Skris if (--argc < 1) goto bad; 30255714Skris CAfile= *(++argv); 30355714Skris } 30455714Skris else if (strcmp(*argv,"-no_tls1") == 0) 30555714Skris off|=SSL_OP_NO_TLSv1; 30655714Skris else if (strcmp(*argv,"-no_ssl3") == 0) 30755714Skris off|=SSL_OP_NO_SSLv3; 30855714Skris else if (strcmp(*argv,"-no_ssl2") == 0) 30955714Skris off|=SSL_OP_NO_SSLv2; 31055714Skris else if (strcmp(*argv,"-cipher") == 0) 31155714Skris { 31255714Skris if (--argc < 1) goto bad; 31355714Skris cipher= *(++argv); 31455714Skris } 31555714Skris#ifdef FIONBIO 31655714Skris else if (strcmp(*argv,"-nbio") == 0) 31755714Skris { c_nbio=1; } 31855714Skris#endif 31955714Skris else 32055714Skris { 32155714Skris BIO_printf(bio_err,"unknown option %s\n",*argv); 32255714Skris badop=1; 32355714Skris break; 32455714Skris } 32555714Skris argc--; 32655714Skris argv++; 32755714Skris } 32855714Skris if (badop) 32955714Skris { 33055714Skrisbad: 33155714Skris sc_usage(); 33255714Skris goto end; 33355714Skris } 33455714Skris 33559191Skris app_RAND_load_file(NULL, bio_err, 0); 33659191Skris 33755714Skris if (bio_c_out == NULL) 33855714Skris { 33955714Skris if (c_quiet) 34055714Skris { 34155714Skris bio_c_out=BIO_new(BIO_s_null()); 34255714Skris } 34355714Skris else 34455714Skris { 34555714Skris if (bio_c_out == NULL) 34655714Skris bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); 34755714Skris } 34855714Skris } 34955714Skris 35059191Skris OpenSSL_add_ssl_algorithms(); 35159191Skris SSL_load_error_strings(); 35255714Skris ctx=SSL_CTX_new(meth); 35355714Skris if (ctx == NULL) 35455714Skris { 35555714Skris ERR_print_errors(bio_err); 35655714Skris goto end; 35755714Skris } 35855714Skris 35955714Skris if (bugs) 36055714Skris SSL_CTX_set_options(ctx,SSL_OP_ALL|off); 36155714Skris else 36255714Skris SSL_CTX_set_options(ctx,off); 36355714Skris 36455714Skris if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); 36555714Skris if (cipher != NULL) 36659191Skris if(!SSL_CTX_set_cipher_list(ctx,cipher)) { 36759191Skris BIO_printf(bio_err,"error setting cipher list\n"); 36859191Skris ERR_print_errors(bio_err); 36959191Skris goto end; 37059191Skris } 37155714Skris#if 0 37255714Skris else 37355714Skris SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); 37455714Skris#endif 37555714Skris 37655714Skris SSL_CTX_set_verify(ctx,verify,verify_callback); 37755714Skris if (!set_cert_stuff(ctx,cert_file,key_file)) 37855714Skris goto end; 37955714Skris 38055714Skris if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || 38155714Skris (!SSL_CTX_set_default_verify_paths(ctx))) 38255714Skris { 38359191Skris /* BIO_printf(bio_err,"error setting default verify locations\n"); */ 38455714Skris ERR_print_errors(bio_err); 38555714Skris /* goto end; */ 38655714Skris } 38755714Skris 38855714Skris 38959191Skris con=SSL_new(ctx); 39055714Skris/* SSL_set_cipher_list(con,"RC4-MD5"); */ 39155714Skris 39255714Skrisre_start: 39355714Skris 39455714Skris if (init_client(&s,host,port) == 0) 39555714Skris { 39655714Skris BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); 39755714Skris SHUTDOWN(s); 39855714Skris goto end; 39955714Skris } 40055714Skris BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); 40155714Skris 40255714Skris#ifdef FIONBIO 40355714Skris if (c_nbio) 40455714Skris { 40555714Skris unsigned long l=1; 40655714Skris BIO_printf(bio_c_out,"turning on non blocking io\n"); 40755714Skris if (BIO_socket_ioctl(s,FIONBIO,&l) < 0) 40855714Skris { 40955714Skris ERR_print_errors(bio_err); 41055714Skris goto end; 41155714Skris } 41255714Skris } 41355714Skris#endif 41455714Skris if (c_Pause & 0x01) con->debug=1; 41555714Skris sbio=BIO_new_socket(s,BIO_NOCLOSE); 41655714Skris 41755714Skris if (nbio_test) 41855714Skris { 41955714Skris BIO *test; 42055714Skris 42155714Skris test=BIO_new(BIO_f_nbio_test()); 42255714Skris sbio=BIO_push(test,sbio); 42355714Skris } 42455714Skris 42555714Skris if (c_debug) 42655714Skris { 42755714Skris con->debug=1; 42855714Skris BIO_set_callback(sbio,bio_dump_cb); 42955714Skris BIO_set_callback_arg(sbio,bio_c_out); 43055714Skris } 43155714Skris 43255714Skris SSL_set_bio(con,sbio,sbio); 43355714Skris SSL_set_connect_state(con); 43455714Skris 43555714Skris /* ok, lets connect */ 43655714Skris width=SSL_get_fd(con)+1; 43755714Skris 43855714Skris read_tty=1; 43955714Skris write_tty=0; 44055714Skris tty_on=0; 44155714Skris read_ssl=1; 44255714Skris write_ssl=1; 44355714Skris 44455714Skris cbuf_len=0; 44555714Skris cbuf_off=0; 44655714Skris sbuf_len=0; 44755714Skris sbuf_off=0; 44855714Skris 44955714Skris for (;;) 45055714Skris { 45155714Skris FD_ZERO(&readfds); 45255714Skris FD_ZERO(&writefds); 45355714Skris 45455714Skris if (SSL_in_init(con) && !SSL_total_renegotiations(con)) 45555714Skris { 45655714Skris in_init=1; 45755714Skris tty_on=0; 45855714Skris } 45955714Skris else 46055714Skris { 46155714Skris tty_on=1; 46255714Skris if (in_init) 46355714Skris { 46455714Skris in_init=0; 46555714Skris print_stuff(bio_c_out,con,full_log); 46655714Skris if (full_log > 0) full_log--; 46755714Skris 46855714Skris if (reconnect) 46955714Skris { 47055714Skris reconnect--; 47155714Skris BIO_printf(bio_c_out,"drop connection and then reconnect\n"); 47255714Skris SSL_shutdown(con); 47355714Skris SSL_set_connect_state(con); 47455714Skris SHUTDOWN(SSL_get_fd(con)); 47555714Skris goto re_start; 47655714Skris } 47755714Skris } 47855714Skris } 47955714Skris 48055714Skris ssl_pending = read_ssl && SSL_pending(con); 48155714Skris 48255714Skris if (!ssl_pending) 48355714Skris { 48455714Skris#ifndef WINDOWS 48555714Skris if (tty_on) 48655714Skris { 48755714Skris if (read_tty) FD_SET(fileno(stdin),&readfds); 48855714Skris if (write_tty) FD_SET(fileno(stdout),&writefds); 48955714Skris } 49055714Skris if (read_ssl) 49155714Skris FD_SET(SSL_get_fd(con),&readfds); 49255714Skris if (write_ssl) 49355714Skris FD_SET(SSL_get_fd(con),&writefds); 49459191Skris#else 49559191Skris if(!tty_on || !write_tty) { 49659191Skris if (read_ssl) 49759191Skris FD_SET(SSL_get_fd(con),&readfds); 49859191Skris if (write_ssl) 49959191Skris FD_SET(SSL_get_fd(con),&writefds); 50059191Skris } 50159191Skris#endif 50255714Skris/* printf("mode tty(%d %d%d) ssl(%d%d)\n", 50355714Skris tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ 50455714Skris 50555714Skris /* Note: under VMS with SOCKETSHR the second parameter 50655714Skris * is currently of type (int *) whereas under other 50755714Skris * systems it is (void *) if you don't have a cast it 50855714Skris * will choke the compiler: if you do have a cast then 50955714Skris * you can either go for (int *) or (void *). 51055714Skris */ 51159191Skris#ifdef WINDOWS 51259191Skris /* Under Windows we make the assumption that we can 51359191Skris * always write to the tty: therefore if we need to 51459191Skris * write to the tty we just fall through. Otherwise 51559191Skris * we timeout the select every second and see if there 51659191Skris * are any keypresses. Note: this is a hack, in a proper 51759191Skris * Windows application we wouldn't do this. 51859191Skris */ 51959191Skris i=0; 52059191Skris if(!write_tty) { 52159191Skris if(read_tty) { 52259191Skris tv.tv_sec = 1; 52359191Skris tv.tv_usec = 0; 52459191Skris i=select(width,(void *)&readfds,(void *)&writefds, 52559191Skris NULL,&tv); 52659191Skris if(!i && (!_kbhit() || !read_tty) ) continue; 52759191Skris } else i=select(width,(void *)&readfds,(void *)&writefds, 52859191Skris NULL,NULL); 52959191Skris } 53059191Skris#else 53155714Skris i=select(width,(void *)&readfds,(void *)&writefds, 53255714Skris NULL,NULL); 53359191Skris#endif 53455714Skris if ( i < 0) 53555714Skris { 53655714Skris BIO_printf(bio_err,"bad select %d\n", 53755714Skris get_last_socket_error()); 53855714Skris goto shut; 53955714Skris /* goto end; */ 54055714Skris } 54155714Skris } 54255714Skris 54355714Skris if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds)) 54455714Skris { 54555714Skris k=SSL_write(con,&(cbuf[cbuf_off]), 54655714Skris (unsigned int)cbuf_len); 54755714Skris switch (SSL_get_error(con,k)) 54855714Skris { 54955714Skris case SSL_ERROR_NONE: 55055714Skris cbuf_off+=k; 55155714Skris cbuf_len-=k; 55255714Skris if (k <= 0) goto end; 55355714Skris /* we have done a write(con,NULL,0); */ 55455714Skris if (cbuf_len <= 0) 55555714Skris { 55655714Skris read_tty=1; 55755714Skris write_ssl=0; 55855714Skris } 55955714Skris else /* if (cbuf_len > 0) */ 56055714Skris { 56155714Skris read_tty=0; 56255714Skris write_ssl=1; 56355714Skris } 56455714Skris break; 56555714Skris case SSL_ERROR_WANT_WRITE: 56655714Skris BIO_printf(bio_c_out,"write W BLOCK\n"); 56755714Skris write_ssl=1; 56855714Skris read_tty=0; 56955714Skris break; 57055714Skris case SSL_ERROR_WANT_READ: 57155714Skris BIO_printf(bio_c_out,"write R BLOCK\n"); 57255714Skris write_tty=0; 57355714Skris read_ssl=1; 57455714Skris write_ssl=0; 57555714Skris break; 57655714Skris case SSL_ERROR_WANT_X509_LOOKUP: 57755714Skris BIO_printf(bio_c_out,"write X BLOCK\n"); 57855714Skris break; 57955714Skris case SSL_ERROR_ZERO_RETURN: 58055714Skris if (cbuf_len != 0) 58155714Skris { 58255714Skris BIO_printf(bio_c_out,"shutdown\n"); 58355714Skris goto shut; 58455714Skris } 58555714Skris else 58655714Skris { 58755714Skris read_tty=1; 58855714Skris write_ssl=0; 58955714Skris break; 59055714Skris } 59155714Skris 59255714Skris case SSL_ERROR_SYSCALL: 59355714Skris if ((k != 0) || (cbuf_len != 0)) 59455714Skris { 59555714Skris BIO_printf(bio_err,"write:errno=%d\n", 59655714Skris get_last_socket_error()); 59755714Skris goto shut; 59855714Skris } 59955714Skris else 60055714Skris { 60155714Skris read_tty=1; 60255714Skris write_ssl=0; 60355714Skris } 60455714Skris break; 60555714Skris case SSL_ERROR_SSL: 60655714Skris ERR_print_errors(bio_err); 60755714Skris goto shut; 60855714Skris } 60955714Skris } 61059191Skris#ifdef WINDOWS 61159191Skris /* Assume Windows can always write */ 61259191Skris else if (!ssl_pending && write_tty) 61359191Skris#else 61455714Skris else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) 61559191Skris#endif 61655714Skris { 61755714Skris#ifdef CHARSET_EBCDIC 61855714Skris ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len); 61955714Skris#endif 62055714Skris i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); 62155714Skris 62255714Skris if (i <= 0) 62355714Skris { 62455714Skris BIO_printf(bio_c_out,"DONE\n"); 62555714Skris goto shut; 62655714Skris /* goto end; */ 62755714Skris } 62855714Skris 62955714Skris sbuf_len-=i;; 63055714Skris sbuf_off+=i; 63155714Skris if (sbuf_len <= 0) 63255714Skris { 63355714Skris read_ssl=1; 63455714Skris write_tty=0; 63555714Skris } 63655714Skris } 63755714Skris else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds)) 63855714Skris { 63955714Skris#ifdef RENEG 64055714Skris{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } } 64155714Skris#endif 64255714Skris#if 1 64355714Skris k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ ); 64455714Skris#else 64555714Skris/* Demo for pending and peek :-) */ 64655714Skris k=SSL_read(con,sbuf,16); 64755714Skris{ char zbuf[10240]; 64855714Skrisprintf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240)); 64955714Skris} 65055714Skris#endif 65155714Skris 65255714Skris switch (SSL_get_error(con,k)) 65355714Skris { 65455714Skris case SSL_ERROR_NONE: 65555714Skris if (k <= 0) 65655714Skris goto end; 65755714Skris sbuf_off=0; 65855714Skris sbuf_len=k; 65955714Skris 66055714Skris read_ssl=0; 66155714Skris write_tty=1; 66255714Skris break; 66355714Skris case SSL_ERROR_WANT_WRITE: 66455714Skris BIO_printf(bio_c_out,"read W BLOCK\n"); 66555714Skris write_ssl=1; 66655714Skris read_tty=0; 66755714Skris break; 66855714Skris case SSL_ERROR_WANT_READ: 66955714Skris BIO_printf(bio_c_out,"read R BLOCK\n"); 67055714Skris write_tty=0; 67155714Skris read_ssl=1; 67255714Skris if ((read_tty == 0) && (write_ssl == 0)) 67355714Skris write_ssl=1; 67455714Skris break; 67555714Skris case SSL_ERROR_WANT_X509_LOOKUP: 67655714Skris BIO_printf(bio_c_out,"read X BLOCK\n"); 67755714Skris break; 67855714Skris case SSL_ERROR_SYSCALL: 67955714Skris BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error()); 68055714Skris goto shut; 68155714Skris case SSL_ERROR_ZERO_RETURN: 68255714Skris BIO_printf(bio_c_out,"closed\n"); 68355714Skris goto shut; 68455714Skris case SSL_ERROR_SSL: 68555714Skris ERR_print_errors(bio_err); 68655714Skris goto shut; 68755714Skris /* break; */ 68855714Skris } 68955714Skris } 69055714Skris 69159191Skris#ifdef WINDOWS 69259191Skris else if (_kbhit()) 69359191Skris#else 69455714Skris else if (FD_ISSET(fileno(stdin),&readfds)) 69559191Skris#endif 69655714Skris { 69755714Skris if (crlf) 69855714Skris { 69955714Skris int j, lf_num; 70055714Skris 70155714Skris i=read(fileno(stdin),cbuf,BUFSIZZ/2); 70255714Skris lf_num = 0; 70355714Skris /* both loops are skipped when i <= 0 */ 70455714Skris for (j = 0; j < i; j++) 70555714Skris if (cbuf[j] == '\n') 70655714Skris lf_num++; 70755714Skris for (j = i-1; j >= 0; j--) 70855714Skris { 70955714Skris cbuf[j+lf_num] = cbuf[j]; 71055714Skris if (cbuf[j] == '\n') 71155714Skris { 71255714Skris lf_num--; 71355714Skris i++; 71455714Skris cbuf[j+lf_num] = '\r'; 71555714Skris } 71655714Skris } 71755714Skris assert(lf_num == 0); 71855714Skris } 71955714Skris else 72055714Skris i=read(fileno(stdin),cbuf,BUFSIZZ); 72155714Skris 72259191Skris if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) 72355714Skris { 72455714Skris BIO_printf(bio_err,"DONE\n"); 72555714Skris goto shut; 72655714Skris } 72755714Skris 72859191Skris if ((!c_ign_eof) && (cbuf[0] == 'R')) 72955714Skris { 73055714Skris BIO_printf(bio_err,"RENEGOTIATING\n"); 73155714Skris SSL_renegotiate(con); 73255714Skris cbuf_len=0; 73355714Skris } 73455714Skris else 73555714Skris { 73655714Skris cbuf_len=i; 73755714Skris cbuf_off=0; 73855714Skris#ifdef CHARSET_EBCDIC 73955714Skris ebcdic2ascii(cbuf, cbuf, i); 74055714Skris#endif 74155714Skris } 74255714Skris 74355714Skris write_ssl=1; 74455714Skris read_tty=0; 74555714Skris } 74655714Skris } 74755714Skrisshut: 74855714Skris SSL_shutdown(con); 74955714Skris SHUTDOWN(SSL_get_fd(con)); 75055714Skris ret=0; 75155714Skrisend: 75259191Skris if(prexit) print_stuff(bio_c_out,con,1); 75355714Skris if (con != NULL) SSL_free(con); 75455714Skris if (con2 != NULL) SSL_free(con2); 75555714Skris if (ctx != NULL) SSL_CTX_free(ctx); 75655714Skris if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); } 75755714Skris if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); } 75855714Skris if (bio_c_out != NULL) 75955714Skris { 76055714Skris BIO_free(bio_c_out); 76155714Skris bio_c_out=NULL; 76255714Skris } 76355714Skris EXIT(ret); 76455714Skris } 76555714Skris 76655714Skris 76755714Skrisstatic void print_stuff(BIO *bio, SSL *s, int full) 76855714Skris { 76955714Skris X509 *peer=NULL; 77055714Skris char *p; 77155714Skris static char *space=" "; 77255714Skris char buf[BUFSIZ]; 77355714Skris STACK_OF(X509) *sk; 77455714Skris STACK_OF(X509_NAME) *sk2; 77555714Skris SSL_CIPHER *c; 77655714Skris X509_NAME *xn; 77755714Skris int j,i; 77855714Skris 77955714Skris if (full) 78055714Skris { 78155714Skris int got_a_chain = 0; 78255714Skris 78355714Skris sk=SSL_get_peer_cert_chain(s); 78455714Skris if (sk != NULL) 78555714Skris { 78655714Skris got_a_chain = 1; /* we don't have it for SSL2 (yet) */ 78755714Skris 78855714Skris BIO_printf(bio,"---\nCertificate chain\n"); 78955714Skris for (i=0; i<sk_X509_num(sk); i++) 79055714Skris { 79155714Skris X509_NAME_oneline(X509_get_subject_name( 79255714Skris sk_X509_value(sk,i)),buf,BUFSIZ); 79355714Skris BIO_printf(bio,"%2d s:%s\n",i,buf); 79455714Skris X509_NAME_oneline(X509_get_issuer_name( 79555714Skris sk_X509_value(sk,i)),buf,BUFSIZ); 79655714Skris BIO_printf(bio," i:%s\n",buf); 79755714Skris if (c_showcerts) 79855714Skris PEM_write_bio_X509(bio,sk_X509_value(sk,i)); 79955714Skris } 80055714Skris } 80155714Skris 80255714Skris BIO_printf(bio,"---\n"); 80355714Skris peer=SSL_get_peer_certificate(s); 80455714Skris if (peer != NULL) 80555714Skris { 80655714Skris BIO_printf(bio,"Server certificate\n"); 80755714Skris if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ 80855714Skris PEM_write_bio_X509(bio,peer); 80955714Skris X509_NAME_oneline(X509_get_subject_name(peer), 81055714Skris buf,BUFSIZ); 81155714Skris BIO_printf(bio,"subject=%s\n",buf); 81255714Skris X509_NAME_oneline(X509_get_issuer_name(peer), 81355714Skris buf,BUFSIZ); 81455714Skris BIO_printf(bio,"issuer=%s\n",buf); 81555714Skris } 81655714Skris else 81755714Skris BIO_printf(bio,"no peer certificate available\n"); 81855714Skris 81955714Skris sk2=SSL_get_client_CA_list(s); 82055714Skris if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) 82155714Skris { 82255714Skris BIO_printf(bio,"---\nAcceptable client certificate CA names\n"); 82355714Skris for (i=0; i<sk_X509_NAME_num(sk2); i++) 82455714Skris { 82555714Skris xn=sk_X509_NAME_value(sk2,i); 82655714Skris X509_NAME_oneline(xn,buf,sizeof(buf)); 82755714Skris BIO_write(bio,buf,strlen(buf)); 82855714Skris BIO_write(bio,"\n",1); 82955714Skris } 83055714Skris } 83155714Skris else 83255714Skris { 83355714Skris BIO_printf(bio,"---\nNo client certificate CA names sent\n"); 83455714Skris } 83555714Skris p=SSL_get_shared_ciphers(s,buf,BUFSIZ); 83655714Skris if (p != NULL) 83755714Skris { 83855714Skris /* This works only for SSL 2. In later protocol 83955714Skris * versions, the client does not know what other 84055714Skris * ciphers (in addition to the one to be used 84155714Skris * in the current connection) the server supports. */ 84255714Skris 84355714Skris BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n"); 84455714Skris j=i=0; 84555714Skris while (*p) 84655714Skris { 84755714Skris if (*p == ':') 84855714Skris { 84955714Skris BIO_write(bio,space,15-j%25); 85055714Skris i++; 85155714Skris j=0; 85255714Skris BIO_write(bio,((i%3)?" ":"\n"),1); 85355714Skris } 85455714Skris else 85555714Skris { 85655714Skris BIO_write(bio,p,1); 85755714Skris j++; 85855714Skris } 85955714Skris p++; 86055714Skris } 86155714Skris BIO_write(bio,"\n",1); 86255714Skris } 86355714Skris 86455714Skris BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", 86555714Skris BIO_number_read(SSL_get_rbio(s)), 86655714Skris BIO_number_written(SSL_get_wbio(s))); 86755714Skris } 86855714Skris BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, ")); 86955714Skris c=SSL_get_current_cipher(s); 87055714Skris BIO_printf(bio,"%s, Cipher is %s\n", 87155714Skris SSL_CIPHER_get_version(c), 87255714Skris SSL_CIPHER_get_name(c)); 87355714Skris if (peer != NULL) { 87455714Skris EVP_PKEY *pktmp; 87555714Skris pktmp = X509_get_pubkey(peer); 87655714Skris BIO_printf(bio,"Server public key is %d bit\n", 87755714Skris EVP_PKEY_bits(pktmp)); 87855714Skris EVP_PKEY_free(pktmp); 87955714Skris } 88055714Skris SSL_SESSION_print(bio,SSL_get_session(s)); 88155714Skris BIO_printf(bio,"---\n"); 88255714Skris if (peer != NULL) 88355714Skris X509_free(peer); 88455714Skris } 88555714Skris 886