Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest - add a -xmpphost option to specify the xmpp virtual host - fix an infinite loop when the vhost isnt what the server expects - fix communication with openfire & prosody servers with tweaks & ok bcook@ doug@ manpage bits jmc@
author: landry <> 2015-08-11 05:01:03 +0000
committer: landry <> 2015-08-11 05:01:03 +0000
commit: 2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5 (patch)
tree: 266b4b3457383ba096f14212a40b0a44be6be92d /src
parent: f8b563fb5ba1524c821d37308f4e6abfc866bc3f (diff)
download: openbsd-2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5.tar.gz
openbsd-2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5.tar.bz2
openbsd-2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5.zip
2 files changed, 28 insertions, 7 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 8d49bf7b36..ea6f9fcbb0 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.18 2015/08/02 12:43:44 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.19 2015/08/11 05:01:03 landry Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: August 2 2015 $
+.Dd $Mdocdate: August 11 2015 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -6487,6 +6487,7 @@ which it can be seen agrees with the recovered value above.
 .Op Fl tlsextdebug
 .Op Fl verify Ar depth
 .Op Fl x509_strict
+.Op Fl xmpphost Ar host
 .Ek
 .nr nS 0
 .Pp
@@ -6675,6 +6676,13 @@ Currently the verify operation continues after errors so all the problems
 with a certificate chain can be seen.
 As a side effect the connection will never fail due to a server
 certificate verify failure.
+.It Fl xmpphost Ar hostname
+This option, when used with
+.Fl starttls Ar xmpp ,
+specifies the host for the "to" attribute of the stream element.
+If this option is not specified then the host specified with
+.Fl connect
+will be used.
 .El
 .Sh S_CLIENT CONNECTED COMMANDS
 If a connection is established with an SSL server, any data received
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 14e1a4bab9..aa803e8baa 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.14 2015/07/17 16:07:44 doug Exp $ */
+/* $OpenBSD: s_client.c,v 1.15 2015/08/11 05:01:03 landry Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -237,6 +237,7 @@ sc_usage(void)
        BIO_printf(bio_err, "                 'prot' defines which one to assume.  Currently,\n");
        BIO_printf(bio_err, "                 only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
        BIO_printf(bio_err, "                 are supported.\n");
+        BIO_printf(bio_err, " -xmpphost host - connect to this virtual host on the xmpp server\n");
 #ifndef OPENSSL_NO_ENGINE
        BIO_printf(bio_err, " -engine id    - Initialise and use the specified engine\n");
 #endif
@@ -334,6 +335,7 @@ s_client_main(int argc, char **argv)
        char *port = PORT_STR;
        int full_log = 1;
        char *host = SSL_HOST_NAME;
+        char *xmpphost = NULL;
        char *proxy = NULL, *connect = NULL;
        char *cert_file = NULL, *key_file = NULL;
        int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
@@ -414,6 +416,10 @@ s_client_main(int argc, char **argv)
                        if (--argc < 1)
                                goto bad;
                        proxy = *(++argv);
+                } else if (strcmp(*argv,"-xmpphost") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        xmpphost= *(++argv);
                } else if (strcmp(*argv, "-verify") == 0) {
                        verify = SSL_VERIFY_PEER;
                        if (--argc < 1)
@@ -982,13 +988,20 @@ re_start:
                int seen = 0;
                BIO_printf(sbio, "<stream:stream "
                    "xmlns:stream='http://etherx.jabber.org/streams' "
-                    "xmlns='jabber:client' to='%s' version='1.0'>", host);
+                    "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost ? xmpphost : host);
                seen = BIO_read(sbio, mbuf, BUFSIZZ);
+                if (seen <= 0)
+                        goto shut;
                mbuf[seen] = 0;
-                while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) {
+                while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") &&
-                        if (strstr(mbuf, "/stream:features>"))
+                       !strstr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"")) {
-                                goto shut;
                        seen = BIO_read(sbio, mbuf, BUFSIZZ);
+                        if (seen <= 0)
+                                goto shut;
                        mbuf[seen] = 0;
                }
                BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
author	landry <>	2015-08-11 05:01:03 +0000
committer	landry <>	2015-08-11 05:01:03 +0000
commit	2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5 (patch)
tree	266b4b3457383ba096f14212a40b0a44be6be92d /src
parent	f8b563fb5ba1524c821d37308f4e6abfc866bc3f (diff)
download	openbsd-2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5.tar.gz openbsd-2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5.tar.bz2 openbsd-2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5.zip