1 files changed, 29 insertions, 10 deletions
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
index 6f14837895..136dc38d09 100644
--- a/src/regress/lib/libssl/interop/client.c
+++ b/src/regress/lib/libssl/interop/client.c
@@ -1,6 +1,6 @@
-/*      $OpenBSD: client.c,v 1.6 2019/02/11 12:22:44 bluhm Exp $        */
+/*      $OpenBSD: client.c,v 1.7 2019/02/21 23:06:33 bluhm Exp $        */
 /*
- * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
+ * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -34,8 +34,8 @@ void __dead usage(void);
 void __dead
 usage(void)
 {
-        fprintf(stderr,
+        fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
-            "usage: client [-sv] [-C CA] [-c crt -k key] host port");
+            "[-l cipers] host port\n");
        exit(2);
 }
@@ -47,12 +47,13 @@ main(int argc, char *argv[])
        SSL *ssl;
        BIO *bio;
        SSL_SESSION *session = NULL;
-        int ch, error, sessionreuse = 0, verify = 0;
+        int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
        char buf[256];
-        char *ca = NULL, *crt = NULL, *key = NULL;
+        char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
-        char *host_port, *host, *port;
+        char *host_port, *host = "127.0.0.1", *port = "0";
-        while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) {
+        while ((ch = getopt(argc, argv, "C:c:k:Ll:sv")) != -1) {
                switch (ch) {
                case 'C':
                        ca = optarg;
@@ -63,6 +64,12 @@ main(int argc, char *argv[])
                case 'k':
                        key = optarg;
                        break;
+                case 'L':
+                        listciphers = 1;
+                        break;
+                case 'l':
+                        ciphers = optarg;
+                        break;
                case 's':
                        /* multiple reueses are possible */
                        sessionreuse++;
@@ -79,7 +86,7 @@ main(int argc, char *argv[])
        if (argc == 2) {
                host = argv[0];
                port = argv[1];
-        } else {
+        } else if (!listciphers) {
                usage();
        }
        if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
@@ -130,6 +137,19 @@ main(int argc, char *argv[])
                SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
        }
+        if (ciphers) {
+                if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
+                        err_ssl(1, "SSL_CTX_set_cipher_list");
+        }
+        if (listciphers) {
+                ssl = SSL_new(ctx);
+                if (ssl == NULL)
+                        err_ssl(1, "SSL_new");
+                print_ciphers(SSL_get_ciphers(ssl));
+                return 0;
+        }
        do {
                /* setup bio for socket operations */
                bio = BIO_new_connect(host_port);
@@ -148,7 +168,6 @@ main(int argc, char *argv[])
                ssl = SSL_new(ctx);
                if (ssl == NULL)
                        err_ssl(1, "SSL_new");
-                print_ciphers(SSL_get_ciphers(ssl));
                SSL_set_bio(ssl, bio, bio);
                /* resuse session if possible */
                if (session != NULL) {

diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index 6f14837895..136dc38d09 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c
@@ -1,6 +1,6 @@
1	/* $OpenBSD: client.c,v 1.6 2019/02/11 12:22:44 bluhm Exp $ */	1	/* $OpenBSD: client.c,v 1.7 2019/02/21 23:06:33 bluhm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>	3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4	*	4	*
5	* Permission to use, copy, modify, and distribute this software for any	5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above	6	* purpose with or without fee is hereby granted, provided that the above
@@ -34,8 +34,8 @@ void __dead usage(void);
34	void __dead	34	void __dead
35	usage(void)	35	usage(void)
36	{	36	{
37	fprintf(stderr,	37	fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
38	"usage: client [-sv] [-C CA] [-c crt -k key] host port");	38	"[-l cipers] host port\n");
39	exit(2);	39	exit(2);
40	}	40	}
41		41
@@ -47,12 +47,13 @@ main(int argc, char *argv[])
47	SSL *ssl;	47	SSL *ssl;
48	BIO *bio;	48	BIO *bio;
49	SSL_SESSION *session = NULL;	49	SSL_SESSION *session = NULL;
50	int ch, error, sessionreuse = 0, verify = 0;	50	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
51	char buf[256];	51	char buf[256];
52	char ca = NULL, crt = NULL, *key = NULL;	52	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;
53	char host_port, host, *port;	53	char host_port, host = "127.0.0.1", *port = "0";
54		54
55	while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) {	55
		56	while ((ch = getopt(argc, argv, "C:c:k:Ll:sv")) != -1) {
56	switch (ch) {	57	switch (ch) {
57	case 'C':	58	case 'C':
58	ca = optarg;	59	ca = optarg;
@@ -63,6 +64,12 @@ main(int argc, char *argv[])
63	case 'k':	64	case 'k':
64	key = optarg;	65	key = optarg;
65	break;	66	break;
		67	case 'L':
		68	listciphers = 1;
		69	break;
		70	case 'l':
		71	ciphers = optarg;
		72	break;
66	case 's':	73	case 's':
67	/* multiple reueses are possible */	74	/* multiple reueses are possible */
68	sessionreuse++;	75	sessionreuse++;
@@ -79,7 +86,7 @@ main(int argc, char *argv[])
79	if (argc == 2) {	86	if (argc == 2) {
80	host = argv[0];	87	host = argv[0];
81	port = argv[1];	88	port = argv[1];
82	} else {	89	} else if (!listciphers) {
83	usage();	90	usage();
84	}	91	}
85	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",	92	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
@@ -130,6 +137,19 @@ main(int argc, char *argv[])
130	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);	137	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
131	}	138	}
132		139
		140	if (ciphers) {
		141	if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
		142	err_ssl(1, "SSL_CTX_set_cipher_list");
		143	}
		144
		145	if (listciphers) {
		146	ssl = SSL_new(ctx);
		147	if (ssl == NULL)
		148	err_ssl(1, "SSL_new");
		149	print_ciphers(SSL_get_ciphers(ssl));
		150	return 0;
		151	}
		152
133	do {	153	do {
134	/* setup bio for socket operations */	154	/* setup bio for socket operations */
135	bio = BIO_new_connect(host_port);	155	bio = BIO_new_connect(host_port);
@@ -148,7 +168,6 @@ main(int argc, char *argv[])
148	ssl = SSL_new(ctx);	168	ssl = SSL_new(ctx);
149	if (ssl == NULL)	169	if (ssl == NULL)
150	err_ssl(1, "SSL_new");	170	err_ssl(1, "SSL_new");
151	print_ciphers(SSL_get_ciphers(ssl));
152	SSL_set_bio(ssl, bio, bio);	171	SSL_set_bio(ssl, bio, bio);
153	/* resuse session if possible */	172	/* resuse session if possible */
154	if (session != NULL) {	173	if (session != NULL) {