diff options
| author | jsing <> | 2017-01-24 09:07:40 +0000 |
|---|---|---|
| committer | jsing <> | 2017-01-24 09:07:40 +0000 |
| commit | 59b247e1a81a1ee05ffa2eb18c4dc555e82c90a7 (patch) | |
| tree | d2782f6125ff72f6b7ba3626887bcc05b278e06f | |
| parent | aea70f86fe76f5ba242da58f97c43ef50034a02e (diff) | |
| download | openbsd-59b247e1a81a1ee05ffa2eb18c4dc555e82c90a7.tar.gz openbsd-59b247e1a81a1ee05ffa2eb18c4dc555e82c90a7.tar.bz2 openbsd-59b247e1a81a1ee05ffa2eb18c4dc555e82c90a7.zip | |
Add a -groups option to openssl s_client, which allows supported EC curves
to be specified as a colon separated list.
ok beck@
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/s_client.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index f335da66e0..4a0a832c12 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_client.c,v 1.30 2017/01/20 08:57:12 deraadt Exp $ */ | 1 | /* $OpenBSD: s_client.c,v 1.31 2017/01/24 09:07:40 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -245,6 +245,7 @@ sc_usage(void) | |||
| 245 | BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); | 245 | BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
| 246 | BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); | 246 | BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); |
| 247 | BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); | 247 | BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); |
| 248 | BIO_printf(bio_err, " -groups arg - specify EC curve groups (colon-separated list)\n"); | ||
| 248 | #ifndef OPENSSL_NO_SRTP | 249 | #ifndef OPENSSL_NO_SRTP |
| 249 | BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); | 250 | BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
| 250 | #endif | 251 | #endif |
| @@ -357,6 +358,7 @@ s_client_main(int argc, char **argv) | |||
| 357 | {NULL, 0}; | 358 | {NULL, 0}; |
| 358 | const char *next_proto_neg_in = NULL; | 359 | const char *next_proto_neg_in = NULL; |
| 359 | const char *alpn_in = NULL; | 360 | const char *alpn_in = NULL; |
| 361 | const char *groups_in = NULL; | ||
| 360 | char *sess_in = NULL; | 362 | char *sess_in = NULL; |
| 361 | char *sess_out = NULL; | 363 | char *sess_out = NULL; |
| 362 | struct sockaddr peer; | 364 | struct sockaddr peer; |
| @@ -527,19 +529,20 @@ s_client_main(int argc, char **argv) | |||
| 527 | off |= SSL_OP_NO_SSLv2; | 529 | off |= SSL_OP_NO_SSLv2; |
| 528 | else if (strcmp(*argv, "-no_comp") == 0) { | 530 | else if (strcmp(*argv, "-no_comp") == 0) { |
| 529 | off |= SSL_OP_NO_COMPRESSION; | 531 | off |= SSL_OP_NO_COMPRESSION; |
| 530 | } | 532 | } else if (strcmp(*argv, "-no_ticket") == 0) { |
| 531 | else if (strcmp(*argv, "-no_ticket") == 0) { | ||
| 532 | off |= SSL_OP_NO_TICKET; | 533 | off |= SSL_OP_NO_TICKET; |
| 533 | } | 534 | } else if (strcmp(*argv, "-nextprotoneg") == 0) { |
| 534 | else if (strcmp(*argv, "-nextprotoneg") == 0) { | ||
| 535 | if (--argc < 1) | 535 | if (--argc < 1) |
| 536 | goto bad; | 536 | goto bad; |
| 537 | next_proto_neg_in = *(++argv); | 537 | next_proto_neg_in = *(++argv); |
| 538 | } | 538 | } else if (strcmp(*argv, "-alpn") == 0) { |
| 539 | else if (strcmp(*argv, "-alpn") == 0) { | ||
| 540 | if (--argc < 1) | 539 | if (--argc < 1) |
| 541 | goto bad; | 540 | goto bad; |
| 542 | alpn_in = *(++argv); | 541 | alpn_in = *(++argv); |
| 542 | } else if (strcmp(*argv, "-groups") == 0) { | ||
| 543 | if (--argc < 1) | ||
| 544 | goto bad; | ||
| 545 | groups_in = *(++argv); | ||
| 543 | } else if (strcmp(*argv, "-serverpref") == 0) | 546 | } else if (strcmp(*argv, "-serverpref") == 0) |
| 544 | off |= SSL_OP_CIPHER_SERVER_PREFERENCE; | 547 | off |= SSL_OP_CIPHER_SERVER_PREFERENCE; |
| 545 | else if (strcmp(*argv, "-legacy_renegotiation") == 0) | 548 | else if (strcmp(*argv, "-legacy_renegotiation") == 0) |
| @@ -714,6 +717,13 @@ bad: | |||
| 714 | SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); | 717 | SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); |
| 715 | free(alpn); | 718 | free(alpn); |
| 716 | } | 719 | } |
| 720 | if (groups_in != NULL) { | ||
| 721 | if (SSL_CTX_set1_groups_list(ctx, groups_in) != 1) { | ||
| 722 | BIO_printf(bio_err, "Failed to set groups '%s'\n", | ||
| 723 | groups_in); | ||
| 724 | goto end; | ||
| 725 | } | ||
| 726 | } | ||
| 717 | 727 | ||
| 718 | if (state) | 728 | if (state) |
| 719 | SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); | 729 | SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); |