diff options
Diffstat (limited to 'src/regress/lib/libssl/interop/client.c')
| -rw-r--r-- | src/regress/lib/libssl/interop/client.c | 146 |
1 files changed, 86 insertions, 60 deletions
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index c312d7ae8a..0b5827c447 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: client.c,v 1.4 2018/11/09 06:30:41 bluhm Exp $ */ | 1 | /* $OpenBSD: client.c,v 1.5 2018/11/10 08:33:45 bluhm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> | 3 | * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> |
| 4 | * | 4 | * |
| @@ -35,7 +35,7 @@ void __dead | |||
| 35 | usage(void) | 35 | usage(void) |
| 36 | { | 36 | { |
| 37 | fprintf(stderr, | 37 | fprintf(stderr, |
| 38 | "usage: client [-c] [-C CA] [-c crt -k key] host port"); | 38 | "usage: client [-sv] [-C CA] [-c crt -k key] host port"); |
| 39 | exit(2); | 39 | exit(2); |
| 40 | } | 40 | } |
| 41 | 41 | ||
| @@ -46,13 +46,13 @@ main(int argc, char *argv[]) | |||
| 46 | SSL_CTX *ctx; | 46 | SSL_CTX *ctx; |
| 47 | SSL *ssl; | 47 | SSL *ssl; |
| 48 | BIO *bio; | 48 | BIO *bio; |
| 49 | SSL_SESSION *session; | 49 | SSL_SESSION *session = NULL; |
| 50 | int error, verify = 0; | 50 | int error, sessionreuse = 0, verify = 0; |
| 51 | char buf[256], ch; | 51 | char buf[256], ch; |
| 52 | char *ca = NULL, *crt = NULL, *key = NULL; | 52 | char *ca = NULL, *crt = NULL, *key = NULL; |
| 53 | char *host_port, *host, *port; | 53 | char *host_port, *host, *port; |
| 54 | 54 | ||
| 55 | while ((ch = getopt(argc, argv, "C:c:k:v")) != -1) { | 55 | while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) { |
| 56 | switch (ch) { | 56 | switch (ch) { |
| 57 | case 'C': | 57 | case 'C': |
| 58 | ca = optarg; | 58 | ca = optarg; |
| @@ -63,6 +63,10 @@ main(int argc, char *argv[]) | |||
| 63 | case 'k': | 63 | case 'k': |
| 64 | key = optarg; | 64 | key = optarg; |
| 65 | break; | 65 | break; |
| 66 | case 's': | ||
| 67 | /* multiple reueses are possible */ | ||
| 68 | sessionreuse++; | ||
| 69 | break; | ||
| 66 | case 'v': | 70 | case 'v': |
| 67 | verify = 1; | 71 | verify = 1; |
| 68 | break; | 72 | break; |
| @@ -122,63 +126,85 @@ main(int argc, char *argv[]) | |||
| 122 | SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, | 126 | SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, |
| 123 | verify_callback); | 127 | verify_callback); |
| 124 | 128 | ||
| 125 | /* setup ssl and bio for socket operations */ | 129 | if (sessionreuse) { |
| 126 | ssl = SSL_new(ctx); | 130 | SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT); |
| 127 | if (ssl == NULL) | ||
| 128 | err_ssl(1, "SSL_new"); | ||
| 129 | bio = BIO_new_connect(host_port); | ||
| 130 | if (bio == NULL) | ||
| 131 | err_ssl(1, "BIO_new_connect"); | ||
| 132 | print_ciphers(SSL_get_ciphers(ssl)); | ||
| 133 | |||
| 134 | /* connect */ | ||
| 135 | if (BIO_do_connect(bio) <= 0) | ||
| 136 | err_ssl(1, "BIO_do_connect"); | ||
| 137 | printf("connect "); | ||
| 138 | print_sockname(bio); | ||
| 139 | printf("connect "); | ||
| 140 | print_peername(bio); | ||
| 141 | |||
| 142 | /* do ssl client handshake */ | ||
| 143 | SSL_set_bio(ssl, bio, bio); | ||
| 144 | if ((error = SSL_connect(ssl)) <= 0) | ||
| 145 | err_ssl(1, "SSL_connect %d", error); | ||
| 146 | |||
| 147 | /* print session statistics */ | ||
| 148 | session = SSL_get_session(ssl); | ||
| 149 | if (session == NULL) | ||
| 150 | err_ssl(1, "SSL_get_session"); | ||
| 151 | if (SSL_SESSION_print_fp(stdout, session) <= 0) | ||
| 152 | err_ssl(1, "SSL_SESSION_print_fp"); | ||
| 153 | |||
| 154 | /* read server greeting and write client hello over TLS connection */ | ||
| 155 | if ((error = SSL_read(ssl, buf, 9)) <= 0) | ||
| 156 | err_ssl(1, "SSL_read %d", error); | ||
| 157 | if (error != 9) | ||
| 158 | errx(1, "read not 9 bytes greeting: %d", error); | ||
| 159 | buf[9] = '\0'; | ||
| 160 | printf("<<< %s", buf); | ||
| 161 | if (fflush(stdout) != 0) | ||
| 162 | err(1, "fflush stdout"); | ||
| 163 | strlcpy(buf, "hello\n", sizeof(buf)); | ||
| 164 | printf(">>> %s", buf); | ||
| 165 | if (fflush(stdout) != 0) | ||
| 166 | err(1, "fflush stdout"); | ||
| 167 | if ((error = SSL_write(ssl, buf, 6)) <= 0) | ||
| 168 | err_ssl(1, "SSL_write %d", error); | ||
| 169 | if (error != 6) | ||
| 170 | errx(1, "write not 6 bytes hello: %d", error); | ||
| 171 | |||
| 172 | /* shutdown connection */ | ||
| 173 | if ((error = SSL_shutdown(ssl)) < 0) | ||
| 174 | err_ssl(1, "SSL_shutdown unidirectional %d", error); | ||
| 175 | if (error <= 0) { | ||
| 176 | if ((error = SSL_shutdown(ssl)) <= 0) | ||
| 177 | err_ssl(1, "SSL_shutdown bidirectional %d", error); | ||
| 178 | } | 131 | } |
| 179 | 132 | ||
| 180 | /* cleanup and free resources */ | 133 | do { |
| 181 | SSL_free(ssl); | 134 | /* setup bio for socket operations */ |
| 135 | bio = BIO_new_connect(host_port); | ||
| 136 | if (bio == NULL) | ||
| 137 | err_ssl(1, "BIO_new_connect"); | ||
| 138 | |||
| 139 | /* connect */ | ||
| 140 | if (BIO_do_connect(bio) <= 0) | ||
| 141 | err_ssl(1, "BIO_do_connect"); | ||
| 142 | printf("connect "); | ||
| 143 | print_sockname(bio); | ||
| 144 | printf("connect "); | ||
| 145 | print_peername(bio); | ||
| 146 | |||
| 147 | /* do ssl client handshake */ | ||
| 148 | ssl = SSL_new(ctx); | ||
| 149 | if (ssl == NULL) | ||
| 150 | err_ssl(1, "SSL_new"); | ||
| 151 | print_ciphers(SSL_get_ciphers(ssl)); | ||
| 152 | SSL_set_bio(ssl, bio, bio); | ||
| 153 | /* resuse session if possible */ | ||
| 154 | if (session != NULL) { | ||
| 155 | if (SSL_set_session(ssl, session) <= 0) | ||
| 156 | err_ssl(1, "SSL_set_session"); | ||
| 157 | } | ||
| 158 | if ((error = SSL_connect(ssl)) <= 0) | ||
| 159 | err_ssl(1, "SSL_connect %d", error); | ||
| 160 | printf("session %d: %s\n", sessionreuse, | ||
| 161 | SSL_session_reused(ssl) ? "reuse" : "new"); | ||
| 162 | if (fflush(stdout) != 0) | ||
| 163 | err(1, "fflush stdout"); | ||
| 164 | |||
| 165 | /* print session statistics */ | ||
| 166 | if (sessionreuse) { | ||
| 167 | session = SSL_get1_session(ssl); | ||
| 168 | if (session == NULL) | ||
| 169 | err_ssl(1, "SSL1_get_session"); | ||
| 170 | } else { | ||
| 171 | session = SSL_get_session(ssl); | ||
| 172 | if (session == NULL) | ||
| 173 | err_ssl(1, "SSL_get_session"); | ||
| 174 | } | ||
| 175 | if (SSL_SESSION_print_fp(stdout, session) <= 0) | ||
| 176 | err_ssl(1, "SSL_SESSION_print_fp"); | ||
| 177 | |||
| 178 | /* read server greeting and write client hello over TLS */ | ||
| 179 | if ((error = SSL_read(ssl, buf, 9)) <= 0) | ||
| 180 | err_ssl(1, "SSL_read %d", error); | ||
| 181 | if (error != 9) | ||
| 182 | errx(1, "read not 9 bytes greeting: %d", error); | ||
| 183 | buf[9] = '\0'; | ||
| 184 | printf("<<< %s", buf); | ||
| 185 | if (fflush(stdout) != 0) | ||
| 186 | err(1, "fflush stdout"); | ||
| 187 | strlcpy(buf, "hello\n", sizeof(buf)); | ||
| 188 | printf(">>> %s", buf); | ||
| 189 | if (fflush(stdout) != 0) | ||
| 190 | err(1, "fflush stdout"); | ||
| 191 | if ((error = SSL_write(ssl, buf, 6)) <= 0) | ||
| 192 | err_ssl(1, "SSL_write %d", error); | ||
| 193 | if (error != 6) | ||
| 194 | errx(1, "write not 6 bytes hello: %d", error); | ||
| 195 | |||
| 196 | /* shutdown connection */ | ||
| 197 | if ((error = SSL_shutdown(ssl)) < 0) | ||
| 198 | err_ssl(1, "SSL_shutdown unidirectional %d", error); | ||
| 199 | if (error <= 0) { | ||
| 200 | if ((error = SSL_shutdown(ssl)) <= 0) | ||
| 201 | err_ssl(1, "SSL_shutdown bidirectional %d", | ||
| 202 | error); | ||
| 203 | } | ||
| 204 | |||
| 205 | SSL_free(ssl); | ||
| 206 | } while (sessionreuse--); | ||
| 207 | |||
| 182 | SSL_CTX_free(ctx); | 208 | SSL_CTX_free(ctx); |
| 183 | 209 | ||
| 184 | printf("success\n"); | 210 | printf("success\n"); |