summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/s_client.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/s_client.c')
-rw-r--r--src/usr.bin/openssl/s_client.c412
1 files changed, 206 insertions, 206 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 41f6502325..82a8128243 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.59 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -246,16 +246,16 @@ static struct {
246 int verify; 246 int verify;
247 X509_VERIFY_PARAM *vpm; 247 X509_VERIFY_PARAM *vpm;
248 char *xmpphost; 248 char *xmpphost;
249} s_client_config; 249} cfg;
250 250
251static int 251static int
252s_client_opt_keymatexportlen(char *arg) 252s_client_opt_keymatexportlen(char *arg)
253{ 253{
254 s_client_config.keymatexportlen = strtonum(arg, 1, INT_MAX, 254 cfg.keymatexportlen = strtonum(arg, 1, INT_MAX,
255 &s_client_config.errstr); 255 &cfg.errstr);
256 if (s_client_config.errstr != NULL) { 256 if (cfg.errstr != NULL) {
257 BIO_printf(bio_err, "invalid argument %s: %s\n", 257 BIO_printf(bio_err, "invalid argument %s: %s\n",
258 arg, s_client_config.errstr); 258 arg, cfg.errstr);
259 return (1); 259 return (1);
260 } 260 }
261 return (0); 261 return (0);
@@ -265,11 +265,11 @@ s_client_opt_keymatexportlen(char *arg)
265static int 265static int
266s_client_opt_mtu(char *arg) 266s_client_opt_mtu(char *arg)
267{ 267{
268 s_client_config.socket_mtu = strtonum(arg, 0, LONG_MAX, 268 cfg.socket_mtu = strtonum(arg, 0, LONG_MAX,
269 &s_client_config.errstr); 269 &cfg.errstr);
270 if (s_client_config.errstr != NULL) { 270 if (cfg.errstr != NULL) {
271 BIO_printf(bio_err, "invalid argument %s: %s\n", 271 BIO_printf(bio_err, "invalid argument %s: %s\n",
272 arg, s_client_config.errstr); 272 arg, cfg.errstr);
273 return (1); 273 return (1);
274 } 274 }
275 return (0); 275 return (0);
@@ -282,7 +282,7 @@ s_client_opt_port(char *arg)
282 if (*arg == '\0') 282 if (*arg == '\0')
283 return (1); 283 return (1);
284 284
285 s_client_config.port = arg; 285 cfg.port = arg;
286 return (0); 286 return (0);
287} 287}
288 288
@@ -290,8 +290,8 @@ s_client_opt_port(char *arg)
290static int 290static int
291s_client_opt_protocol_version_dtls(void) 291s_client_opt_protocol_version_dtls(void)
292{ 292{
293 s_client_config.meth = DTLS_client_method(); 293 cfg.meth = DTLS_client_method();
294 s_client_config.socket_type = SOCK_DGRAM; 294 cfg.socket_type = SOCK_DGRAM;
295 return (0); 295 return (0);
296} 296}
297#endif 297#endif
@@ -300,10 +300,10 @@ s_client_opt_protocol_version_dtls(void)
300static int 300static int
301s_client_opt_protocol_version_dtls1(void) 301s_client_opt_protocol_version_dtls1(void)
302{ 302{
303 s_client_config.meth = DTLS_client_method(); 303 cfg.meth = DTLS_client_method();
304 s_client_config.min_version = DTLS1_VERSION; 304 cfg.min_version = DTLS1_VERSION;
305 s_client_config.max_version = DTLS1_VERSION; 305 cfg.max_version = DTLS1_VERSION;
306 s_client_config.socket_type = SOCK_DGRAM; 306 cfg.socket_type = SOCK_DGRAM;
307 return (0); 307 return (0);
308} 308}
309#endif 309#endif
@@ -312,10 +312,10 @@ s_client_opt_protocol_version_dtls1(void)
312static int 312static int
313s_client_opt_protocol_version_dtls1_2(void) 313s_client_opt_protocol_version_dtls1_2(void)
314{ 314{
315 s_client_config.meth = DTLS_client_method(); 315 cfg.meth = DTLS_client_method();
316 s_client_config.min_version = DTLS1_2_VERSION; 316 cfg.min_version = DTLS1_2_VERSION;
317 s_client_config.max_version = DTLS1_2_VERSION; 317 cfg.max_version = DTLS1_2_VERSION;
318 s_client_config.socket_type = SOCK_DGRAM; 318 cfg.socket_type = SOCK_DGRAM;
319 return (0); 319 return (0);
320} 320}
321#endif 321#endif
@@ -323,40 +323,40 @@ s_client_opt_protocol_version_dtls1_2(void)
323static int 323static int
324s_client_opt_protocol_version_tls1(void) 324s_client_opt_protocol_version_tls1(void)
325{ 325{
326 s_client_config.min_version = TLS1_VERSION; 326 cfg.min_version = TLS1_VERSION;
327 s_client_config.max_version = TLS1_VERSION; 327 cfg.max_version = TLS1_VERSION;
328 return (0); 328 return (0);
329} 329}
330 330
331static int 331static int
332s_client_opt_protocol_version_tls1_1(void) 332s_client_opt_protocol_version_tls1_1(void)
333{ 333{
334 s_client_config.min_version = TLS1_1_VERSION; 334 cfg.min_version = TLS1_1_VERSION;
335 s_client_config.max_version = TLS1_1_VERSION; 335 cfg.max_version = TLS1_1_VERSION;
336 return (0); 336 return (0);
337} 337}
338 338
339static int 339static int
340s_client_opt_protocol_version_tls1_2(void) 340s_client_opt_protocol_version_tls1_2(void)
341{ 341{
342 s_client_config.min_version = TLS1_2_VERSION; 342 cfg.min_version = TLS1_2_VERSION;
343 s_client_config.max_version = TLS1_2_VERSION; 343 cfg.max_version = TLS1_2_VERSION;
344 return (0); 344 return (0);
345} 345}
346 346
347static int 347static int
348s_client_opt_protocol_version_tls1_3(void) 348s_client_opt_protocol_version_tls1_3(void)
349{ 349{
350 s_client_config.min_version = TLS1_3_VERSION; 350 cfg.min_version = TLS1_3_VERSION;
351 s_client_config.max_version = TLS1_3_VERSION; 351 cfg.max_version = TLS1_3_VERSION;
352 return (0); 352 return (0);
353} 353}
354 354
355static int 355static int
356s_client_opt_quiet(void) 356s_client_opt_quiet(void)
357{ 357{
358 s_client_config.quiet = 1; 358 cfg.quiet = 1;
359 s_client_config.ign_eof = 1; 359 cfg.ign_eof = 1;
360 return (0); 360 return (0);
361} 361}
362 362
@@ -364,17 +364,17 @@ static int
364s_client_opt_starttls(char *arg) 364s_client_opt_starttls(char *arg)
365{ 365{
366 if (strcmp(arg, "smtp") == 0) 366 if (strcmp(arg, "smtp") == 0)
367 s_client_config.starttls_proto = PROTO_SMTP; 367 cfg.starttls_proto = PROTO_SMTP;
368 else if (strcmp(arg, "lmtp") == 0) 368 else if (strcmp(arg, "lmtp") == 0)
369 s_client_config.starttls_proto = PROTO_LMTP; 369 cfg.starttls_proto = PROTO_LMTP;
370 else if (strcmp(arg, "pop3") == 0) 370 else if (strcmp(arg, "pop3") == 0)
371 s_client_config.starttls_proto = PROTO_POP3; 371 cfg.starttls_proto = PROTO_POP3;
372 else if (strcmp(arg, "imap") == 0) 372 else if (strcmp(arg, "imap") == 0)
373 s_client_config.starttls_proto = PROTO_IMAP; 373 cfg.starttls_proto = PROTO_IMAP;
374 else if (strcmp(arg, "ftp") == 0) 374 else if (strcmp(arg, "ftp") == 0)
375 s_client_config.starttls_proto = PROTO_FTP; 375 cfg.starttls_proto = PROTO_FTP;
376 else if (strcmp(arg, "xmpp") == 0) 376 else if (strcmp(arg, "xmpp") == 0)
377 s_client_config.starttls_proto = PROTO_XMPP; 377 cfg.starttls_proto = PROTO_XMPP;
378 else 378 else
379 return (1); 379 return (1);
380 return (0); 380 return (0);
@@ -383,12 +383,12 @@ s_client_opt_starttls(char *arg)
383static int 383static int
384s_client_opt_verify(char *arg) 384s_client_opt_verify(char *arg)
385{ 385{
386 s_client_config.verify = SSL_VERIFY_PEER; 386 cfg.verify = SSL_VERIFY_PEER;
387 387
388 verify_depth = strtonum(arg, 0, INT_MAX, &s_client_config.errstr); 388 verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
389 if (s_client_config.errstr != NULL) { 389 if (cfg.errstr != NULL) {
390 BIO_printf(bio_err, "invalid argument %s: %s\n", 390 BIO_printf(bio_err, "invalid argument %s: %s\n",
391 arg, s_client_config.errstr); 391 arg, cfg.errstr);
392 return (1); 392 return (1);
393 } 393 }
394 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 394 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
@@ -403,7 +403,7 @@ s_client_opt_verify_param(int argc, char **argv, int *argsused)
403 int badarg = 0; 403 int badarg = 0;
404 404
405 if (!args_verify(&pargs, &pargc, &badarg, bio_err, 405 if (!args_verify(&pargs, &pargc, &badarg, bio_err,
406 &s_client_config.vpm)) { 406 &cfg.vpm)) {
407 BIO_printf(bio_err, "unknown option %s\n", *argv); 407 BIO_printf(bio_err, "unknown option %s\n", *argv);
408 return (1); 408 return (1);
409 } 409 }
@@ -419,14 +419,14 @@ static const struct option s_client_options[] = {
419 .name = "4", 419 .name = "4",
420 .desc = "Use IPv4 only", 420 .desc = "Use IPv4 only",
421 .type = OPTION_VALUE, 421 .type = OPTION_VALUE,
422 .opt.value = &s_client_config.af, 422 .opt.value = &cfg.af,
423 .value = AF_INET, 423 .value = AF_INET,
424 }, 424 },
425 { 425 {
426 .name = "6", 426 .name = "6",
427 .desc = "Use IPv6 only", 427 .desc = "Use IPv6 only",
428 .type = OPTION_VALUE, 428 .type = OPTION_VALUE,
429 .opt.value = &s_client_config.af, 429 .opt.value = &cfg.af,
430 .value = AF_INET6, 430 .value = AF_INET6,
431 }, 431 },
432 { 432 {
@@ -435,67 +435,67 @@ static const struct option s_client_options[] = {
435 .desc = "Set the advertised protocols for ALPN" 435 .desc = "Set the advertised protocols for ALPN"
436 " (comma-separated list)", 436 " (comma-separated list)",
437 .type = OPTION_ARG, 437 .type = OPTION_ARG,
438 .opt.arg = &s_client_config.alpn_in, 438 .opt.arg = &cfg.alpn_in,
439 }, 439 },
440 { 440 {
441 .name = "bugs", 441 .name = "bugs",
442 .desc = "Enable various workarounds for buggy implementations", 442 .desc = "Enable various workarounds for buggy implementations",
443 .type = OPTION_FLAG, 443 .type = OPTION_FLAG,
444 .opt.flag = &s_client_config.bugs, 444 .opt.flag = &cfg.bugs,
445 }, 445 },
446 { 446 {
447 .name = "CAfile", 447 .name = "CAfile",
448 .argname = "file", 448 .argname = "file",
449 .desc = "PEM format file of CA certificates", 449 .desc = "PEM format file of CA certificates",
450 .type = OPTION_ARG, 450 .type = OPTION_ARG,
451 .opt.arg = &s_client_config.CAfile, 451 .opt.arg = &cfg.CAfile,
452 }, 452 },
453 { 453 {
454 .name = "CApath", 454 .name = "CApath",
455 .argname = "directory", 455 .argname = "directory",
456 .desc = "PEM format directory of CA certificates", 456 .desc = "PEM format directory of CA certificates",
457 .type = OPTION_ARG, 457 .type = OPTION_ARG,
458 .opt.arg = &s_client_config.CApath, 458 .opt.arg = &cfg.CApath,
459 }, 459 },
460 { 460 {
461 .name = "cert", 461 .name = "cert",
462 .argname = "file", 462 .argname = "file",
463 .desc = "Certificate file to use, PEM format assumed", 463 .desc = "Certificate file to use, PEM format assumed",
464 .type = OPTION_ARG, 464 .type = OPTION_ARG,
465 .opt.arg = &s_client_config.cert_file, 465 .opt.arg = &cfg.cert_file,
466 }, 466 },
467 { 467 {
468 .name = "certform", 468 .name = "certform",
469 .argname = "fmt", 469 .argname = "fmt",
470 .desc = "Certificate format (PEM or DER) PEM default", 470 .desc = "Certificate format (PEM or DER) PEM default",
471 .type = OPTION_ARG_FORMAT, 471 .type = OPTION_ARG_FORMAT,
472 .opt.value = &s_client_config.cert_format, 472 .opt.value = &cfg.cert_format,
473 }, 473 },
474 { 474 {
475 .name = "cipher", 475 .name = "cipher",
476 .argname = "cipherlist", 476 .argname = "cipherlist",
477 .desc = "Preferred cipher to use (see 'openssl ciphers')", 477 .desc = "Preferred cipher to use (see 'openssl ciphers')",
478 .type = OPTION_ARG, 478 .type = OPTION_ARG,
479 .opt.arg = &s_client_config.cipher, 479 .opt.arg = &cfg.cipher,
480 }, 480 },
481 { 481 {
482 .name = "connect", 482 .name = "connect",
483 .argname = "host:port", 483 .argname = "host:port",
484 .desc = "Who to connect to (default is localhost:4433)", 484 .desc = "Who to connect to (default is localhost:4433)",
485 .type = OPTION_ARG, 485 .type = OPTION_ARG,
486 .opt.arg = &s_client_config.connect, 486 .opt.arg = &cfg.connect,
487 }, 487 },
488 { 488 {
489 .name = "crlf", 489 .name = "crlf",
490 .desc = "Convert LF from terminal into CRLF", 490 .desc = "Convert LF from terminal into CRLF",
491 .type = OPTION_FLAG, 491 .type = OPTION_FLAG,
492 .opt.flag = &s_client_config.crlf, 492 .opt.flag = &cfg.crlf,
493 }, 493 },
494 { 494 {
495 .name = "debug", 495 .name = "debug",
496 .desc = "Print extensive debugging information", 496 .desc = "Print extensive debugging information",
497 .type = OPTION_FLAG, 497 .type = OPTION_FLAG,
498 .opt.flag = &s_client_config.debug, 498 .opt.flag = &cfg.debug,
499 }, 499 },
500#ifndef OPENSSL_NO_DTLS 500#ifndef OPENSSL_NO_DTLS
501 { 501 {
@@ -526,20 +526,20 @@ static const struct option s_client_options[] = {
526 .argname = "list", 526 .argname = "list",
527 .desc = "Specify EC groups (colon-separated list)", 527 .desc = "Specify EC groups (colon-separated list)",
528 .type = OPTION_ARG, 528 .type = OPTION_ARG,
529 .opt.arg = &s_client_config.groups_in, 529 .opt.arg = &cfg.groups_in,
530 }, 530 },
531 { 531 {
532 .name = "host", 532 .name = "host",
533 .argname = "host", 533 .argname = "host",
534 .desc = "Use -connect instead", 534 .desc = "Use -connect instead",
535 .type = OPTION_ARG, 535 .type = OPTION_ARG,
536 .opt.arg = &s_client_config.host, 536 .opt.arg = &cfg.host,
537 }, 537 },
538 { 538 {
539 .name = "ign_eof", 539 .name = "ign_eof",
540 .desc = "Ignore input EOF (default when -quiet)", 540 .desc = "Ignore input EOF (default when -quiet)",
541 .type = OPTION_VALUE, 541 .type = OPTION_VALUE,
542 .opt.value = &s_client_config.ign_eof, 542 .opt.value = &cfg.ign_eof,
543 .value = 1, 543 .value = 1,
544 }, 544 },
545 { 545 {
@@ -547,21 +547,21 @@ static const struct option s_client_options[] = {
547 .argname = "file", 547 .argname = "file",
548 .desc = "Private key file to use, if not, -cert file is used", 548 .desc = "Private key file to use, if not, -cert file is used",
549 .type = OPTION_ARG, 549 .type = OPTION_ARG,
550 .opt.arg = &s_client_config.key_file, 550 .opt.arg = &cfg.key_file,
551 }, 551 },
552 { 552 {
553 .name = "keyform", 553 .name = "keyform",
554 .argname = "fmt", 554 .argname = "fmt",
555 .desc = "Key format (PEM or DER) PEM default", 555 .desc = "Key format (PEM or DER) PEM default",
556 .type = OPTION_ARG_FORMAT, 556 .type = OPTION_ARG_FORMAT,
557 .opt.value = &s_client_config.key_format, 557 .opt.value = &cfg.key_format,
558 }, 558 },
559 { 559 {
560 .name = "keymatexport", 560 .name = "keymatexport",
561 .argname = "label", 561 .argname = "label",
562 .desc = "Export keying material using label", 562 .desc = "Export keying material using label",
563 .type = OPTION_ARG, 563 .type = OPTION_ARG,
564 .opt.arg = &s_client_config.keymatexportlabel, 564 .opt.arg = &cfg.keymatexportlabel,
565 }, 565 },
566 { 566 {
567 .name = "keymatexportlen", 567 .name = "keymatexportlen",
@@ -578,14 +578,14 @@ static const struct option s_client_options[] = {
578 .name = "legacy_server_connect", 578 .name = "legacy_server_connect",
579 .desc = "Allow initial connection to servers that don't support RI", 579 .desc = "Allow initial connection to servers that don't support RI",
580 .type = OPTION_VALUE_OR, 580 .type = OPTION_VALUE_OR,
581 .opt.value = &s_client_config.off, 581 .opt.value = &cfg.off,
582 .value = SSL_OP_LEGACY_SERVER_CONNECT, 582 .value = SSL_OP_LEGACY_SERVER_CONNECT,
583 }, 583 },
584 { 584 {
585 .name = "msg", 585 .name = "msg",
586 .desc = "Show all protocol messages with hex dump", 586 .desc = "Show all protocol messages with hex dump",
587 .type = OPTION_FLAG, 587 .type = OPTION_FLAG,
588 .opt.flag = &s_client_config.msg, 588 .opt.flag = &cfg.msg,
589 }, 589 },
590#ifndef OPENSSL_NO_DTLS 590#ifndef OPENSSL_NO_DTLS
591 { 591 {
@@ -600,115 +600,115 @@ static const struct option s_client_options[] = {
600 .name = "nbio", 600 .name = "nbio",
601 .desc = "Turn on non-blocking I/O", 601 .desc = "Turn on non-blocking I/O",
602 .type = OPTION_FLAG, 602 .type = OPTION_FLAG,
603 .opt.flag = &s_client_config.nbio, 603 .opt.flag = &cfg.nbio,
604 }, 604 },
605 { 605 {
606 .name = "nbio_test", 606 .name = "nbio_test",
607 .desc = "Test non-blocking I/O", 607 .desc = "Test non-blocking I/O",
608 .type = OPTION_FLAG, 608 .type = OPTION_FLAG,
609 .opt.flag = &s_client_config.nbio_test, 609 .opt.flag = &cfg.nbio_test,
610 }, 610 },
611 { 611 {
612 .name = "nextprotoneg", 612 .name = "nextprotoneg",
613 .argname = "protocols", 613 .argname = "protocols",
614 .type = OPTION_ARG, 614 .type = OPTION_ARG,
615 .opt.arg = &s_client_config.npn_in, /* Ignored. */ 615 .opt.arg = &cfg.npn_in, /* Ignored. */
616 }, 616 },
617 { 617 {
618 .name = "no_comp", 618 .name = "no_comp",
619 .type = OPTION_VALUE_OR, 619 .type = OPTION_VALUE_OR,
620 .opt.value = &s_client_config.off, 620 .opt.value = &cfg.off,
621 .value = SSL_OP_NO_COMPRESSION, 621 .value = SSL_OP_NO_COMPRESSION,
622 }, 622 },
623 { 623 {
624 .name = "no_ign_eof", 624 .name = "no_ign_eof",
625 .desc = "Don't ignore input EOF", 625 .desc = "Don't ignore input EOF",
626 .type = OPTION_VALUE, 626 .type = OPTION_VALUE,
627 .opt.value = &s_client_config.ign_eof, 627 .opt.value = &cfg.ign_eof,
628 .value = 0, 628 .value = 0,
629 }, 629 },
630 { 630 {
631 .name = "no_legacy_server_connect", 631 .name = "no_legacy_server_connect",
632 .desc = "Disallow initial connection to servers that don't support RI", 632 .desc = "Disallow initial connection to servers that don't support RI",
633 .type = OPTION_VALUE_OR, 633 .type = OPTION_VALUE_OR,
634 .opt.value = &s_client_config.clr, 634 .opt.value = &cfg.clr,
635 .value = SSL_OP_LEGACY_SERVER_CONNECT, 635 .value = SSL_OP_LEGACY_SERVER_CONNECT,
636 }, 636 },
637 { 637 {
638 .name = "no_servername", 638 .name = "no_servername",
639 .desc = "Do not send a Server Name Indication (SNI) extension", 639 .desc = "Do not send a Server Name Indication (SNI) extension",
640 .type = OPTION_FLAG, 640 .type = OPTION_FLAG,
641 .opt.value = &s_client_config.no_servername, 641 .opt.value = &cfg.no_servername,
642 }, 642 },
643 { 643 {
644 .name = "no_ssl2", 644 .name = "no_ssl2",
645 .type = OPTION_VALUE_OR, 645 .type = OPTION_VALUE_OR,
646 .opt.value = &s_client_config.off, 646 .opt.value = &cfg.off,
647 .value = SSL_OP_NO_SSLv2, 647 .value = SSL_OP_NO_SSLv2,
648 }, 648 },
649 { 649 {
650 .name = "no_ssl3", 650 .name = "no_ssl3",
651 .type = OPTION_VALUE_OR, 651 .type = OPTION_VALUE_OR,
652 .opt.value = &s_client_config.off, 652 .opt.value = &cfg.off,
653 .value = SSL_OP_NO_SSLv3, 653 .value = SSL_OP_NO_SSLv3,
654 }, 654 },
655 { 655 {
656 .name = "no_ticket", 656 .name = "no_ticket",
657 .desc = "Disable use of RFC4507 session ticket support", 657 .desc = "Disable use of RFC4507 session ticket support",
658 .type = OPTION_VALUE_OR, 658 .type = OPTION_VALUE_OR,
659 .opt.value = &s_client_config.off, 659 .opt.value = &cfg.off,
660 .value = SSL_OP_NO_TICKET, 660 .value = SSL_OP_NO_TICKET,
661 }, 661 },
662 { 662 {
663 .name = "no_tls1", 663 .name = "no_tls1",
664 .desc = "Disable the use of TLSv1", 664 .desc = "Disable the use of TLSv1",
665 .type = OPTION_VALUE_OR, 665 .type = OPTION_VALUE_OR,
666 .opt.value = &s_client_config.off, 666 .opt.value = &cfg.off,
667 .value = SSL_OP_NO_TLSv1, 667 .value = SSL_OP_NO_TLSv1,
668 }, 668 },
669 { 669 {
670 .name = "no_tls1_1", 670 .name = "no_tls1_1",
671 .desc = "Disable the use of TLSv1.1", 671 .desc = "Disable the use of TLSv1.1",
672 .type = OPTION_VALUE_OR, 672 .type = OPTION_VALUE_OR,
673 .opt.value = &s_client_config.off, 673 .opt.value = &cfg.off,
674 .value = SSL_OP_NO_TLSv1_1, 674 .value = SSL_OP_NO_TLSv1_1,
675 }, 675 },
676 { 676 {
677 .name = "no_tls1_2", 677 .name = "no_tls1_2",
678 .desc = "Disable the use of TLSv1.2", 678 .desc = "Disable the use of TLSv1.2",
679 .type = OPTION_VALUE_OR, 679 .type = OPTION_VALUE_OR,
680 .opt.value = &s_client_config.off, 680 .opt.value = &cfg.off,
681 .value = SSL_OP_NO_TLSv1_2, 681 .value = SSL_OP_NO_TLSv1_2,
682 }, 682 },
683 { 683 {
684 .name = "no_tls1_3", 684 .name = "no_tls1_3",
685 .desc = "Disable the use of TLSv1.3", 685 .desc = "Disable the use of TLSv1.3",
686 .type = OPTION_VALUE_OR, 686 .type = OPTION_VALUE_OR,
687 .opt.value = &s_client_config.off, 687 .opt.value = &cfg.off,
688 .value = SSL_OP_NO_TLSv1_3, 688 .value = SSL_OP_NO_TLSv1_3,
689 }, 689 },
690 { 690 {
691 .name = "noservername", 691 .name = "noservername",
692 .type = OPTION_FLAG, 692 .type = OPTION_FLAG,
693 .opt.value = &s_client_config.no_servername, 693 .opt.value = &cfg.no_servername,
694 }, 694 },
695 { 695 {
696 .name = "pass", 696 .name = "pass",
697 .argname = "arg", 697 .argname = "arg",
698 .desc = "Private key file pass phrase source", 698 .desc = "Private key file pass phrase source",
699 .type = OPTION_ARG, 699 .type = OPTION_ARG,
700 .opt.arg = &s_client_config.passarg, 700 .opt.arg = &cfg.passarg,
701 }, 701 },
702 { 702 {
703 .name = "pause", 703 .name = "pause",
704 .desc = "Pause 1 second between each read and write call", 704 .desc = "Pause 1 second between each read and write call",
705 .type = OPTION_FLAG, 705 .type = OPTION_FLAG,
706 .opt.flag = &s_client_config.pause, 706 .opt.flag = &cfg.pause,
707 }, 707 },
708 { 708 {
709 .name = "peekaboo", 709 .name = "peekaboo",
710 .type = OPTION_FLAG, 710 .type = OPTION_FLAG,
711 .opt.flag = &s_client_config.peekaboo, 711 .opt.flag = &cfg.peekaboo,
712 }, 712 },
713 { 713 {
714 .name = "port", 714 .name = "port",
@@ -721,14 +721,14 @@ static const struct option s_client_options[] = {
721 .name = "prexit", 721 .name = "prexit",
722 .desc = "Print session information when the program exits", 722 .desc = "Print session information when the program exits",
723 .type = OPTION_FLAG, 723 .type = OPTION_FLAG,
724 .opt.flag = &s_client_config.prexit, 724 .opt.flag = &cfg.prexit,
725 }, 725 },
726 { 726 {
727 .name = "proxy", 727 .name = "proxy",
728 .argname = "host:port", 728 .argname = "host:port",
729 .desc = "Connect to http proxy", 729 .desc = "Connect to http proxy",
730 .type = OPTION_ARG, 730 .type = OPTION_ARG,
731 .opt.arg = &s_client_config.proxy, 731 .opt.arg = &cfg.proxy,
732 }, 732 },
733 { 733 {
734 .name = "quiet", 734 .name = "quiet",
@@ -740,7 +740,7 @@ static const struct option s_client_options[] = {
740 .name = "reconnect", 740 .name = "reconnect",
741 .desc = "Drop and re-make the connection with the same Session-ID", 741 .desc = "Drop and re-make the connection with the same Session-ID",
742 .type = OPTION_VALUE, 742 .type = OPTION_VALUE,
743 .opt.value = &s_client_config.reconnect, 743 .opt.value = &cfg.reconnect,
744 .value = 5, 744 .value = 5,
745 }, 745 },
746 { 746 {
@@ -748,13 +748,13 @@ static const struct option s_client_options[] = {
748 .argname = "name", 748 .argname = "name",
749 .desc = "Set TLS extension servername in ClientHello (SNI)", 749 .desc = "Set TLS extension servername in ClientHello (SNI)",
750 .type = OPTION_ARG, 750 .type = OPTION_ARG,
751 .opt.arg = &s_client_config.servername, 751 .opt.arg = &cfg.servername,
752 }, 752 },
753 { 753 {
754 .name = "serverpref", 754 .name = "serverpref",
755 .desc = "Use server's cipher preferences", 755 .desc = "Use server's cipher preferences",
756 .type = OPTION_VALUE_OR, 756 .type = OPTION_VALUE_OR,
757 .opt.value = &s_client_config.off, 757 .opt.value = &cfg.off,
758 .value = SSL_OP_CIPHER_SERVER_PREFERENCE, 758 .value = SSL_OP_CIPHER_SERVER_PREFERENCE,
759 }, 759 },
760 { 760 {
@@ -762,20 +762,20 @@ static const struct option s_client_options[] = {
762 .argname = "file", 762 .argname = "file",
763 .desc = "File to read TLS session from", 763 .desc = "File to read TLS session from",
764 .type = OPTION_ARG, 764 .type = OPTION_ARG,
765 .opt.arg = &s_client_config.sess_in, 765 .opt.arg = &cfg.sess_in,
766 }, 766 },
767 { 767 {
768 .name = "sess_out", 768 .name = "sess_out",
769 .argname = "file", 769 .argname = "file",
770 .desc = "File to write TLS session to", 770 .desc = "File to write TLS session to",
771 .type = OPTION_ARG, 771 .type = OPTION_ARG,
772 .opt.arg = &s_client_config.sess_out, 772 .opt.arg = &cfg.sess_out,
773 }, 773 },
774 { 774 {
775 .name = "showcerts", 775 .name = "showcerts",
776 .desc = "Show all server certificates in the chain", 776 .desc = "Show all server certificates in the chain",
777 .type = OPTION_FLAG, 777 .type = OPTION_FLAG,
778 .opt.flag = &s_client_config.showcerts, 778 .opt.flag = &cfg.showcerts,
779 }, 779 },
780 { 780 {
781 .name = "starttls", 781 .name = "starttls",
@@ -789,20 +789,20 @@ static const struct option s_client_options[] = {
789 .name = "state", 789 .name = "state",
790 .desc = "Print the TLS session states", 790 .desc = "Print the TLS session states",
791 .type = OPTION_FLAG, 791 .type = OPTION_FLAG,
792 .opt.flag = &s_client_config.state, 792 .opt.flag = &cfg.state,
793 }, 793 },
794 { 794 {
795 .name = "status", 795 .name = "status",
796 .desc = "Send a certificate status request to the server (OCSP)", 796 .desc = "Send a certificate status request to the server (OCSP)",
797 .type = OPTION_FLAG, 797 .type = OPTION_FLAG,
798 .opt.flag = &s_client_config.status_req, 798 .opt.flag = &cfg.status_req,
799 }, 799 },
800#ifndef OPENSSL_NO_DTLS 800#ifndef OPENSSL_NO_DTLS
801 { 801 {
802 .name = "timeout", 802 .name = "timeout",
803 .desc = "Enable send/receive timeout on DTLS connections", 803 .desc = "Enable send/receive timeout on DTLS connections",
804 .type = OPTION_FLAG, 804 .type = OPTION_FLAG,
805 .opt.flag = &s_client_config.enable_timeouts, 805 .opt.flag = &cfg.enable_timeouts,
806 }, 806 },
807#endif 807#endif
808 { 808 {
@@ -833,7 +833,7 @@ static const struct option s_client_options[] = {
833 .name = "tlsextdebug", 833 .name = "tlsextdebug",
834 .desc = "Hex dump of all TLS extensions received", 834 .desc = "Hex dump of all TLS extensions received",
835 .type = OPTION_FLAG, 835 .type = OPTION_FLAG,
836 .opt.flag = &s_client_config.tlsextdebug, 836 .opt.flag = &cfg.tlsextdebug,
837 }, 837 },
838#ifndef OPENSSL_NO_SRTP 838#ifndef OPENSSL_NO_SRTP
839 { 839 {
@@ -841,7 +841,7 @@ static const struct option s_client_options[] = {
841 .argname = "profiles", 841 .argname = "profiles",
842 .desc = "Offer SRTP key management with a colon-separated profiles", 842 .desc = "Offer SRTP key management with a colon-separated profiles",
843 .type = OPTION_ARG, 843 .type = OPTION_ARG,
844 .opt.arg = &s_client_config.srtp_profiles, 844 .opt.arg = &cfg.srtp_profiles,
845 }, 845 },
846#endif 846#endif
847 { 847 {
@@ -862,7 +862,7 @@ static const struct option s_client_options[] = {
862 .argname = "host", 862 .argname = "host",
863 .desc = "Connect to this virtual host on the xmpp server", 863 .desc = "Connect to this virtual host on the xmpp server",
864 .type = OPTION_ARG, 864 .type = OPTION_ARG,
865 .opt.arg = &s_client_config.xmpphost, 865 .opt.arg = &cfg.xmpphost,
866 }, 866 },
867 { 867 {
868 .name = NULL, 868 .name = NULL,
@@ -928,17 +928,17 @@ s_client_main(int argc, char **argv)
928 exit(1); 928 exit(1);
929 } 929 }
930 930
931 memset(&s_client_config, 0, sizeof(s_client_config)); 931 memset(&cfg, 0, sizeof(cfg));
932 s_client_config.af = AF_UNSPEC; 932 cfg.af = AF_UNSPEC;
933 s_client_config.cert_format = FORMAT_PEM; 933 cfg.cert_format = FORMAT_PEM;
934 s_client_config.host = SSL_HOST_NAME; 934 cfg.host = SSL_HOST_NAME;
935 s_client_config.key_format = FORMAT_PEM; 935 cfg.key_format = FORMAT_PEM;
936 s_client_config.keymatexportlen = 20; 936 cfg.keymatexportlen = 20;
937 s_client_config.meth = TLS_client_method(); 937 cfg.meth = TLS_client_method();
938 s_client_config.port = PORT_STR; 938 cfg.port = PORT_STR;
939 s_client_config.socket_type = SOCK_STREAM; 939 cfg.socket_type = SOCK_STREAM;
940 s_client_config.starttls_proto = PROTO_OFF; 940 cfg.starttls_proto = PROTO_OFF;
941 s_client_config.verify = SSL_VERIFY_NONE; 941 cfg.verify = SSL_VERIFY_NONE;
942 942
943 if (((cbuf = malloc(BUFSIZZ)) == NULL) || 943 if (((cbuf = malloc(BUFSIZZ)) == NULL) ||
944 ((sbuf = malloc(BUFSIZZ)) == NULL) || 944 ((sbuf = malloc(BUFSIZZ)) == NULL) ||
@@ -953,45 +953,45 @@ s_client_main(int argc, char **argv)
953 badop = 1; 953 badop = 1;
954 goto bad; 954 goto bad;
955 } 955 }
956 if (s_client_config.proxy != NULL) { 956 if (cfg.proxy != NULL) {
957 if (!extract_host_port(s_client_config.proxy, 957 if (!extract_host_port(cfg.proxy,
958 &s_client_config.host, NULL, &s_client_config.port)) 958 &cfg.host, NULL, &cfg.port))
959 goto bad; 959 goto bad;
960 if (s_client_config.connect == NULL) 960 if (cfg.connect == NULL)
961 s_client_config.connect = SSL_HOST_NAME; 961 cfg.connect = SSL_HOST_NAME;
962 } else if (s_client_config.connect != NULL) { 962 } else if (cfg.connect != NULL) {
963 if (!extract_host_port(s_client_config.connect, 963 if (!extract_host_port(cfg.connect,
964 &s_client_config.host, NULL, &s_client_config.port)) 964 &cfg.host, NULL, &cfg.port))
965 goto bad; 965 goto bad;
966 } 966 }
967 if (badop) { 967 if (badop) {
968 bad: 968 bad:
969 if (s_client_config.errstr == NULL) 969 if (cfg.errstr == NULL)
970 sc_usage(); 970 sc_usage();
971 goto end; 971 goto end;
972 } 972 }
973 973
974 if (!app_passwd(bio_err, s_client_config.passarg, NULL, &pass, NULL)) { 974 if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) {
975 BIO_printf(bio_err, "Error getting password\n"); 975 BIO_printf(bio_err, "Error getting password\n");
976 goto end; 976 goto end;
977 } 977 }
978 if (s_client_config.key_file == NULL) 978 if (cfg.key_file == NULL)
979 s_client_config.key_file = s_client_config.cert_file; 979 cfg.key_file = cfg.cert_file;
980 980
981 981
982 if (s_client_config.key_file) { 982 if (cfg.key_file) {
983 983
984 key = load_key(bio_err, s_client_config.key_file, 984 key = load_key(bio_err, cfg.key_file,
985 s_client_config.key_format, 0, pass, 985 cfg.key_format, 0, pass,
986 "client certificate private key file"); 986 "client certificate private key file");
987 if (!key) { 987 if (!key) {
988 ERR_print_errors(bio_err); 988 ERR_print_errors(bio_err);
989 goto end; 989 goto end;
990 } 990 }
991 } 991 }
992 if (s_client_config.cert_file) { 992 if (cfg.cert_file) {
993 cert = load_cert(bio_err, s_client_config.cert_file, 993 cert = load_cert(bio_err, cfg.cert_file,
994 s_client_config.cert_format, 994 cfg.cert_format,
995 NULL, "client certificate file"); 995 NULL, "client certificate file");
996 996
997 if (!cert) { 997 if (!cert) {
@@ -999,8 +999,8 @@ s_client_main(int argc, char **argv)
999 goto end; 999 goto end;
1000 } 1000 }
1001 } 1001 }
1002 if (s_client_config.quiet && !s_client_config.debug && 1002 if (cfg.quiet && !cfg.debug &&
1003 !s_client_config.msg) { 1003 !cfg.msg) {
1004 if ((bio_c_out = BIO_new(BIO_s_null())) == NULL) 1004 if ((bio_c_out = BIO_new(BIO_s_null())) == NULL)
1005 goto end; 1005 goto end;
1006 } else { 1006 } else {
@@ -1008,7 +1008,7 @@ s_client_main(int argc, char **argv)
1008 goto end; 1008 goto end;
1009 } 1009 }
1010 1010
1011 ctx = SSL_CTX_new(s_client_config.meth); 1011 ctx = SSL_CTX_new(cfg.meth);
1012 if (ctx == NULL) { 1012 if (ctx == NULL) {
1013 ERR_print_errors(bio_err); 1013 ERR_print_errors(bio_err);
1014 goto end; 1014 goto end;
@@ -1016,31 +1016,31 @@ s_client_main(int argc, char **argv)
1016 1016
1017 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); 1017 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
1018 1018
1019 if (s_client_config.vpm) 1019 if (cfg.vpm)
1020 SSL_CTX_set1_param(ctx, s_client_config.vpm); 1020 SSL_CTX_set1_param(ctx, cfg.vpm);
1021 1021
1022 if (!SSL_CTX_set_min_proto_version(ctx, s_client_config.min_version)) 1022 if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version))
1023 goto end; 1023 goto end;
1024 if (!SSL_CTX_set_max_proto_version(ctx, s_client_config.max_version)) 1024 if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version))
1025 goto end; 1025 goto end;
1026 1026
1027#ifndef OPENSSL_NO_SRTP 1027#ifndef OPENSSL_NO_SRTP
1028 if (s_client_config.srtp_profiles != NULL) 1028 if (cfg.srtp_profiles != NULL)
1029 SSL_CTX_set_tlsext_use_srtp(ctx, s_client_config.srtp_profiles); 1029 SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles);
1030#endif 1030#endif
1031 if (s_client_config.bugs) 1031 if (cfg.bugs)
1032 SSL_CTX_set_options(ctx, SSL_OP_ALL | s_client_config.off); 1032 SSL_CTX_set_options(ctx, SSL_OP_ALL | cfg.off);
1033 else 1033 else
1034 SSL_CTX_set_options(ctx, s_client_config.off); 1034 SSL_CTX_set_options(ctx, cfg.off);
1035 1035
1036 if (s_client_config.clr) 1036 if (cfg.clr)
1037 SSL_CTX_clear_options(ctx, s_client_config.clr); 1037 SSL_CTX_clear_options(ctx, cfg.clr);
1038 1038
1039 if (s_client_config.alpn_in) { 1039 if (cfg.alpn_in) {
1040 unsigned short alpn_len; 1040 unsigned short alpn_len;
1041 unsigned char *alpn; 1041 unsigned char *alpn;
1042 1042
1043 alpn = next_protos_parse(&alpn_len, s_client_config.alpn_in); 1043 alpn = next_protos_parse(&alpn_len, cfg.alpn_in);
1044 if (alpn == NULL) { 1044 if (alpn == NULL) {
1045 BIO_printf(bio_err, "Error parsing -alpn argument\n"); 1045 BIO_printf(bio_err, "Error parsing -alpn argument\n");
1046 goto end; 1046 goto end;
@@ -1048,42 +1048,42 @@ s_client_main(int argc, char **argv)
1048 SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); 1048 SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
1049 free(alpn); 1049 free(alpn);
1050 } 1050 }
1051 if (s_client_config.groups_in != NULL) { 1051 if (cfg.groups_in != NULL) {
1052 if (SSL_CTX_set1_groups_list(ctx, s_client_config.groups_in) != 1) { 1052 if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) {
1053 BIO_printf(bio_err, "Failed to set groups '%s'\n", 1053 BIO_printf(bio_err, "Failed to set groups '%s'\n",
1054 s_client_config.groups_in); 1054 cfg.groups_in);
1055 goto end; 1055 goto end;
1056 } 1056 }
1057 } 1057 }
1058 1058
1059 if (s_client_config.state) 1059 if (cfg.state)
1060 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 1060 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1061 if (s_client_config.cipher != NULL) 1061 if (cfg.cipher != NULL)
1062 if (!SSL_CTX_set_cipher_list(ctx, s_client_config.cipher)) { 1062 if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) {
1063 BIO_printf(bio_err, "error setting cipher list\n"); 1063 BIO_printf(bio_err, "error setting cipher list\n");
1064 ERR_print_errors(bio_err); 1064 ERR_print_errors(bio_err);
1065 goto end; 1065 goto end;
1066 } 1066 }
1067 1067
1068 SSL_CTX_set_verify(ctx, s_client_config.verify, verify_callback); 1068 SSL_CTX_set_verify(ctx, cfg.verify, verify_callback);
1069 if (!set_cert_key_stuff(ctx, cert, key)) 1069 if (!set_cert_key_stuff(ctx, cert, key))
1070 goto end; 1070 goto end;
1071 1071
1072 if ((s_client_config.CAfile || s_client_config.CApath) 1072 if ((cfg.CAfile || cfg.CApath)
1073 && !SSL_CTX_load_verify_locations(ctx, s_client_config.CAfile, 1073 && !SSL_CTX_load_verify_locations(ctx, cfg.CAfile,
1074 s_client_config.CApath)) 1074 cfg.CApath))
1075 ERR_print_errors(bio_err); 1075 ERR_print_errors(bio_err);
1076 1076
1077 if (!SSL_CTX_set_default_verify_paths(ctx)) 1077 if (!SSL_CTX_set_default_verify_paths(ctx))
1078 ERR_print_errors(bio_err); 1078 ERR_print_errors(bio_err);
1079 1079
1080 con = SSL_new(ctx); 1080 con = SSL_new(ctx);
1081 if (s_client_config.sess_in) { 1081 if (cfg.sess_in) {
1082 SSL_SESSION *sess; 1082 SSL_SESSION *sess;
1083 BIO *stmp = BIO_new_file(s_client_config.sess_in, "r"); 1083 BIO *stmp = BIO_new_file(cfg.sess_in, "r");
1084 if (!stmp) { 1084 if (!stmp) {
1085 BIO_printf(bio_err, "Can't open session file %s\n", 1085 BIO_printf(bio_err, "Can't open session file %s\n",
1086 s_client_config.sess_in); 1086 cfg.sess_in);
1087 ERR_print_errors(bio_err); 1087 ERR_print_errors(bio_err);
1088 goto end; 1088 goto end;
1089 } 1089 }
@@ -1091,7 +1091,7 @@ s_client_main(int argc, char **argv)
1091 BIO_free(stmp); 1091 BIO_free(stmp);
1092 if (!sess) { 1092 if (!sess) {
1093 BIO_printf(bio_err, "Can't open session file %s\n", 1093 BIO_printf(bio_err, "Can't open session file %s\n",
1094 s_client_config.sess_in); 1094 cfg.sess_in);
1095 ERR_print_errors(bio_err); 1095 ERR_print_errors(bio_err);
1096 goto end; 1096 goto end;
1097 } 1097 }
@@ -1100,15 +1100,15 @@ s_client_main(int argc, char **argv)
1100 } 1100 }
1101 1101
1102 /* Attempt to opportunistically use the host name for SNI. */ 1102 /* Attempt to opportunistically use the host name for SNI. */
1103 servername = s_client_config.servername; 1103 servername = cfg.servername;
1104 if (servername == NULL) 1104 if (servername == NULL)
1105 servername = s_client_config.host; 1105 servername = cfg.host;
1106 1106
1107 if (!s_client_config.no_servername && servername != NULL && 1107 if (!cfg.no_servername && servername != NULL &&
1108 !SSL_set_tlsext_host_name(con, servername)) { 1108 !SSL_set_tlsext_host_name(con, servername)) {
1109 long ssl_err = ERR_peek_error(); 1109 long ssl_err = ERR_peek_error();
1110 1110
1111 if (s_client_config.servername != NULL || 1111 if (cfg.servername != NULL ||
1112 ERR_GET_LIB(ssl_err) != ERR_LIB_SSL || 1112 ERR_GET_LIB(ssl_err) != ERR_LIB_SSL ||
1113 ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) { 1113 ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) {
1114 BIO_printf(bio_err, 1114 BIO_printf(bio_err,
@@ -1119,7 +1119,7 @@ s_client_main(int argc, char **argv)
1119 servername = NULL; 1119 servername = NULL;
1120 ERR_clear_error(); 1120 ERR_clear_error();
1121 } 1121 }
1122 if (!s_client_config.no_servername && servername != NULL) { 1122 if (!cfg.no_servername && servername != NULL) {
1123 tlsextcbp.biodebug = bio_err; 1123 tlsextcbp.biodebug = bio_err;
1124 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1124 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1125 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1125 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
@@ -1127,22 +1127,22 @@ s_client_main(int argc, char **argv)
1127 1127
1128 re_start: 1128 re_start:
1129 1129
1130 if (init_client(&s, s_client_config.host, s_client_config.port, 1130 if (init_client(&s, cfg.host, cfg.port,
1131 s_client_config.socket_type, s_client_config.af) == 0) { 1131 cfg.socket_type, cfg.af) == 0) {
1132 BIO_printf(bio_err, "connect:errno=%d\n", errno); 1132 BIO_printf(bio_err, "connect:errno=%d\n", errno);
1133 goto end; 1133 goto end;
1134 } 1134 }
1135 BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); 1135 BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
1136 1136
1137 if (s_client_config.nbio) { 1137 if (cfg.nbio) {
1138 if (!s_client_config.quiet) 1138 if (!cfg.quiet)
1139 BIO_printf(bio_c_out, "turning on non blocking io\n"); 1139 BIO_printf(bio_c_out, "turning on non blocking io\n");
1140 if (!BIO_socket_nbio(s, 1)) { 1140 if (!BIO_socket_nbio(s, 1)) {
1141 ERR_print_errors(bio_err); 1141 ERR_print_errors(bio_err);
1142 goto end; 1142 goto end;
1143 } 1143 }
1144 } 1144 }
1145 if (s_client_config.pause & 0x01) 1145 if (cfg.pause & 0x01)
1146 SSL_set_debug(con, 1); 1146 SSL_set_debug(con, 1);
1147 1147
1148 if (SSL_is_dtls(con)) { 1148 if (SSL_is_dtls(con)) {
@@ -1157,7 +1157,7 @@ s_client_main(int argc, char **argv)
1157 } 1157 }
1158 (void) BIO_ctrl_set_connected(sbio, 1, &peer); 1158 (void) BIO_ctrl_set_connected(sbio, 1, &peer);
1159 1159
1160 if (s_client_config.enable_timeouts) { 1160 if (cfg.enable_timeouts) {
1161 timeout.tv_sec = 0; 1161 timeout.tv_sec = 0;
1162 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 1162 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1163 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, 1163 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0,
@@ -1168,35 +1168,35 @@ s_client_main(int argc, char **argv)
1168 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, 1168 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0,
1169 &timeout); 1169 &timeout);
1170 } 1170 }
1171 if (s_client_config.socket_mtu > 28) { 1171 if (cfg.socket_mtu > 28) {
1172 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 1172 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1173 SSL_set_mtu(con, s_client_config.socket_mtu - 28); 1173 SSL_set_mtu(con, cfg.socket_mtu - 28);
1174 } else 1174 } else
1175 /* want to do MTU discovery */ 1175 /* want to do MTU discovery */
1176 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 1176 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1177 } else 1177 } else
1178 sbio = BIO_new_socket(s, BIO_NOCLOSE); 1178 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1179 1179
1180 if (s_client_config.nbio_test) { 1180 if (cfg.nbio_test) {
1181 BIO *test; 1181 BIO *test;
1182 1182
1183 test = BIO_new(BIO_f_nbio_test()); 1183 test = BIO_new(BIO_f_nbio_test());
1184 sbio = BIO_push(test, sbio); 1184 sbio = BIO_push(test, sbio);
1185 } 1185 }
1186 if (s_client_config.debug) { 1186 if (cfg.debug) {
1187 SSL_set_debug(con, 1); 1187 SSL_set_debug(con, 1);
1188 BIO_set_callback(sbio, bio_dump_callback); 1188 BIO_set_callback(sbio, bio_dump_callback);
1189 BIO_set_callback_arg(sbio, (char *) bio_c_out); 1189 BIO_set_callback_arg(sbio, (char *) bio_c_out);
1190 } 1190 }
1191 if (s_client_config.msg) { 1191 if (cfg.msg) {
1192 SSL_set_msg_callback(con, msg_cb); 1192 SSL_set_msg_callback(con, msg_cb);
1193 SSL_set_msg_callback_arg(con, bio_c_out); 1193 SSL_set_msg_callback_arg(con, bio_c_out);
1194 } 1194 }
1195 if (s_client_config.tlsextdebug) { 1195 if (cfg.tlsextdebug) {
1196 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1196 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1197 SSL_set_tlsext_debug_arg(con, bio_c_out); 1197 SSL_set_tlsext_debug_arg(con, bio_c_out);
1198 } 1198 }
1199 if (s_client_config.status_req) { 1199 if (cfg.status_req) {
1200 SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); 1200 SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
1201 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); 1201 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
1202 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); 1202 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
@@ -1225,8 +1225,8 @@ s_client_main(int argc, char **argv)
1225 * push a buffering BIO into the chain that is removed again later on 1225 * push a buffering BIO into the chain that is removed again later on
1226 * to not disturb the rest of the s_client operation. 1226 * to not disturb the rest of the s_client operation.
1227 */ 1227 */
1228 if (s_client_config.starttls_proto == PROTO_SMTP || 1228 if (cfg.starttls_proto == PROTO_SMTP ||
1229 s_client_config.starttls_proto == PROTO_LMTP) { 1229 cfg.starttls_proto == PROTO_LMTP) {
1230 int foundit = 0; 1230 int foundit = 0;
1231 BIO *fbio = BIO_new(BIO_f_buffer()); 1231 BIO *fbio = BIO_new(BIO_f_buffer());
1232 BIO_push(fbio, sbio); 1232 BIO_push(fbio, sbio);
@@ -1237,7 +1237,7 @@ s_client_main(int argc, char **argv)
1237 while (mbuf_len > 3 && mbuf[3] == '-'); 1237 while (mbuf_len > 3 && mbuf[3] == '-');
1238 /* STARTTLS command requires EHLO... */ 1238 /* STARTTLS command requires EHLO... */
1239 BIO_printf(fbio, "%cHLO openssl.client.net\r\n", 1239 BIO_printf(fbio, "%cHLO openssl.client.net\r\n",
1240 s_client_config.starttls_proto == PROTO_SMTP ? 'E' : 'L'); 1240 cfg.starttls_proto == PROTO_SMTP ? 'E' : 'L');
1241 (void) BIO_flush(fbio); 1241 (void) BIO_flush(fbio);
1242 /* wait for multi-line response to end EHLO SMTP response */ 1242 /* wait for multi-line response to end EHLO SMTP response */
1243 do { 1243 do {
@@ -1255,7 +1255,7 @@ s_client_main(int argc, char **argv)
1255 " try anyway...\n"); 1255 " try anyway...\n");
1256 BIO_printf(sbio, "STARTTLS\r\n"); 1256 BIO_printf(sbio, "STARTTLS\r\n");
1257 BIO_read(sbio, sbuf, BUFSIZZ); 1257 BIO_read(sbio, sbuf, BUFSIZZ);
1258 } else if (s_client_config.starttls_proto == PROTO_POP3) { 1258 } else if (cfg.starttls_proto == PROTO_POP3) {
1259 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); 1259 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
1260 if (mbuf_len == -1) { 1260 if (mbuf_len == -1) {
1261 BIO_printf(bio_err, "BIO_read failed\n"); 1261 BIO_printf(bio_err, "BIO_read failed\n");
@@ -1263,7 +1263,7 @@ s_client_main(int argc, char **argv)
1263 } 1263 }
1264 BIO_printf(sbio, "STLS\r\n"); 1264 BIO_printf(sbio, "STLS\r\n");
1265 BIO_read(sbio, sbuf, BUFSIZZ); 1265 BIO_read(sbio, sbuf, BUFSIZZ);
1266 } else if (s_client_config.starttls_proto == PROTO_IMAP) { 1266 } else if (cfg.starttls_proto == PROTO_IMAP) {
1267 int foundit = 0; 1267 int foundit = 0;
1268 BIO *fbio = BIO_new(BIO_f_buffer()); 1268 BIO *fbio = BIO_new(BIO_f_buffer());
1269 BIO_push(fbio, sbio); 1269 BIO_push(fbio, sbio);
@@ -1287,7 +1287,7 @@ s_client_main(int argc, char **argv)
1287 " try anyway...\n"); 1287 " try anyway...\n");
1288 BIO_printf(sbio, ". STARTTLS\r\n"); 1288 BIO_printf(sbio, ". STARTTLS\r\n");
1289 BIO_read(sbio, sbuf, BUFSIZZ); 1289 BIO_read(sbio, sbuf, BUFSIZZ);
1290 } else if (s_client_config.starttls_proto == PROTO_FTP) { 1290 } else if (cfg.starttls_proto == PROTO_FTP) {
1291 BIO *fbio = BIO_new(BIO_f_buffer()); 1291 BIO *fbio = BIO_new(BIO_f_buffer());
1292 BIO_push(fbio, sbio); 1292 BIO_push(fbio, sbio);
1293 /* wait for multi-line response to end from FTP */ 1293 /* wait for multi-line response to end from FTP */
@@ -1300,13 +1300,13 @@ s_client_main(int argc, char **argv)
1300 BIO_free(fbio); 1300 BIO_free(fbio);
1301 BIO_printf(sbio, "AUTH TLS\r\n"); 1301 BIO_printf(sbio, "AUTH TLS\r\n");
1302 BIO_read(sbio, sbuf, BUFSIZZ); 1302 BIO_read(sbio, sbuf, BUFSIZZ);
1303 } else if (s_client_config.starttls_proto == PROTO_XMPP) { 1303 } else if (cfg.starttls_proto == PROTO_XMPP) {
1304 int seen = 0; 1304 int seen = 0;
1305 BIO_printf(sbio, "<stream:stream " 1305 BIO_printf(sbio, "<stream:stream "
1306 "xmlns:stream='http://etherx.jabber.org/streams' " 1306 "xmlns:stream='http://etherx.jabber.org/streams' "
1307 "xmlns='jabber:client' to='%s' version='1.0'>", 1307 "xmlns='jabber:client' to='%s' version='1.0'>",
1308 s_client_config.xmpphost ? 1308 cfg.xmpphost ?
1309 s_client_config.xmpphost : s_client_config.host); 1309 cfg.xmpphost : cfg.host);
1310 seen = BIO_read(sbio, mbuf, BUFSIZZ); 1310 seen = BIO_read(sbio, mbuf, BUFSIZZ);
1311 1311
1312 if (seen <= 0) 1312 if (seen <= 0)
@@ -1329,9 +1329,9 @@ s_client_main(int argc, char **argv)
1329 if (!strstr(sbuf, "<proceed")) 1329 if (!strstr(sbuf, "<proceed"))
1330 goto shut; 1330 goto shut;
1331 mbuf[0] = 0; 1331 mbuf[0] = 0;
1332 } else if (s_client_config.proxy != NULL) { 1332 } else if (cfg.proxy != NULL) {
1333 BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n", 1333 BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n",
1334 s_client_config.connect); 1334 cfg.connect);
1335 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); 1335 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
1336 if (mbuf_len == -1) { 1336 if (mbuf_len == -1) {
1337 BIO_printf(bio_err, "BIO_read failed\n"); 1337 BIO_printf(bio_err, "BIO_read failed\n");
@@ -1353,9 +1353,9 @@ s_client_main(int argc, char **argv)
1353 tty_on = 1; 1353 tty_on = 1;
1354 if (in_init) { 1354 if (in_init) {
1355 in_init = 0; 1355 in_init = 0;
1356 if (s_client_config.sess_out) { 1356 if (cfg.sess_out) {
1357 BIO *stmp = BIO_new_file( 1357 BIO *stmp = BIO_new_file(
1358 s_client_config.sess_out, "w"); 1358 cfg.sess_out, "w");
1359 if (stmp) { 1359 if (stmp) {
1360 PEM_write_bio_SSL_SESSION(stmp, 1360 PEM_write_bio_SSL_SESSION(stmp,
1361 SSL_get_session(con)); 1361 SSL_get_session(con));
@@ -1363,19 +1363,19 @@ s_client_main(int argc, char **argv)
1363 } else 1363 } else
1364 BIO_printf(bio_err, 1364 BIO_printf(bio_err,
1365 "Error writing session file %s\n", 1365 "Error writing session file %s\n",
1366 s_client_config.sess_out); 1366 cfg.sess_out);
1367 } 1367 }
1368 print_stuff(bio_c_out, con, full_log); 1368 print_stuff(bio_c_out, con, full_log);
1369 if (full_log > 0) 1369 if (full_log > 0)
1370 full_log--; 1370 full_log--;
1371 1371
1372 if (s_client_config.starttls_proto) { 1372 if (cfg.starttls_proto) {
1373 BIO_write(bio_err, mbuf, mbuf_len); 1373 BIO_write(bio_err, mbuf, mbuf_len);
1374 /* We don't need to know any more */ 1374 /* We don't need to know any more */
1375 s_client_config.starttls_proto = PROTO_OFF; 1375 cfg.starttls_proto = PROTO_OFF;
1376 } 1376 }
1377 if (s_client_config.reconnect) { 1377 if (cfg.reconnect) {
1378 s_client_config.reconnect--; 1378 cfg.reconnect--;
1379 BIO_printf(bio_c_out, 1379 BIO_printf(bio_c_out,
1380 "drop connection and then reconnect\n"); 1380 "drop connection and then reconnect\n");
1381 SSL_shutdown(con); 1381 SSL_shutdown(con);
@@ -1516,7 +1516,7 @@ s_client_main(int argc, char **argv)
1516 } 1516 }
1517 } 1517 }
1518#endif 1518#endif
1519 if (s_client_config.peekaboo) { 1519 if (cfg.peekaboo) {
1520 k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ ); 1520 k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ );
1521 pending = SSL_pending(con); 1521 pending = SSL_pending(con);
1522 if (SSL_get_error(con, p) == SSL_ERROR_NONE) { 1522 if (SSL_get_error(con, p) == SSL_ERROR_NONE) {
@@ -1535,7 +1535,7 @@ s_client_main(int argc, char **argv)
1535 goto end; 1535 goto end;
1536 sbuf_off = 0; 1536 sbuf_off = 0;
1537 sbuf_len = k; 1537 sbuf_len = k;
1538 if (s_client_config.peekaboo) { 1538 if (cfg.peekaboo) {
1539 if (p != pending) { 1539 if (p != pending) {
1540 ret = -1; 1540 ret = -1;
1541 BIO_printf(bio_err, 1541 BIO_printf(bio_err,
@@ -1594,7 +1594,7 @@ s_client_main(int argc, char **argv)
1594 BIO_printf(bio_err, "poll error"); 1594 BIO_printf(bio_err, "poll error");
1595 goto shut; 1595 goto shut;
1596 } 1596 }
1597 if (s_client_config.crlf) { 1597 if (cfg.crlf) {
1598 int j, lf_num; 1598 int j, lf_num;
1599 1599
1600 i = read(fileno(stdin), cbuf, BUFSIZZ / 2); 1600 i = read(fileno(stdin), cbuf, BUFSIZZ / 2);
@@ -1615,13 +1615,13 @@ s_client_main(int argc, char **argv)
1615 } else 1615 } else
1616 i = read(fileno(stdin), cbuf, BUFSIZZ); 1616 i = read(fileno(stdin), cbuf, BUFSIZZ);
1617 1617
1618 if ((!s_client_config.ign_eof) && 1618 if ((!cfg.ign_eof) &&
1619 ((i <= 0) || (cbuf[0] == 'Q'))) { 1619 ((i <= 0) || (cbuf[0] == 'Q'))) {
1620 BIO_printf(bio_err, "DONE\n"); 1620 BIO_printf(bio_err, "DONE\n");
1621 ret = 0; 1621 ret = 0;
1622 goto shut; 1622 goto shut;
1623 } 1623 }
1624 if ((!s_client_config.ign_eof) && (cbuf[0] == 'R')) { 1624 if ((!cfg.ign_eof) && (cbuf[0] == 'R')) {
1625 BIO_printf(bio_err, "RENEGOTIATING\n"); 1625 BIO_printf(bio_err, "RENEGOTIATING\n");
1626 SSL_renegotiate(con); 1626 SSL_renegotiate(con);
1627 cbuf_len = 0; 1627 cbuf_len = 0;
@@ -1644,7 +1644,7 @@ s_client_main(int argc, char **argv)
1644 close(SSL_get_fd(con)); 1644 close(SSL_get_fd(con));
1645 end: 1645 end:
1646 if (con != NULL) { 1646 if (con != NULL) {
1647 if (s_client_config.prexit != 0) 1647 if (cfg.prexit != 0)
1648 print_stuff(bio_c_out, con, 1); 1648 print_stuff(bio_c_out, con, 1);
1649 SSL_free(con); 1649 SSL_free(con);
1650 } 1650 }
@@ -1652,7 +1652,7 @@ s_client_main(int argc, char **argv)
1652 X509_free(cert); 1652 X509_free(cert);
1653 EVP_PKEY_free(key); 1653 EVP_PKEY_free(key);
1654 free(pass); 1654 free(pass);
1655 X509_VERIFY_PARAM_free(s_client_config.vpm); 1655 X509_VERIFY_PARAM_free(cfg.vpm);
1656 freezero(cbuf, BUFSIZZ); 1656 freezero(cbuf, BUFSIZZ);
1657 freezero(sbuf, BUFSIZZ); 1657 freezero(sbuf, BUFSIZZ);
1658 freezero(pbuf, BUFSIZZ); 1658 freezero(pbuf, BUFSIZZ);
@@ -1692,7 +1692,7 @@ print_stuff(BIO *bio, SSL *s, int full)
1692 X509_NAME_oneline(X509_get_issuer_name( 1692 X509_NAME_oneline(X509_get_issuer_name(
1693 sk_X509_value(sk, i)), buf, sizeof buf); 1693 sk_X509_value(sk, i)), buf, sizeof buf);
1694 BIO_printf(bio, " i:%s\n", buf); 1694 BIO_printf(bio, " i:%s\n", buf);
1695 if (s_client_config.showcerts) 1695 if (cfg.showcerts)
1696 PEM_write_bio_X509(bio, 1696 PEM_write_bio_X509(bio,
1697 sk_X509_value(sk, i)); 1697 sk_X509_value(sk, i));
1698 } 1698 }
@@ -1701,7 +1701,7 @@ print_stuff(BIO *bio, SSL *s, int full)
1701 peer = SSL_get_peer_certificate(s); 1701 peer = SSL_get_peer_certificate(s);
1702 if (peer != NULL) { 1702 if (peer != NULL) {
1703 BIO_printf(bio, "Server certificate\n"); 1703 BIO_printf(bio, "Server certificate\n");
1704 if (!(s_client_config.showcerts && got_a_chain)) { 1704 if (!(cfg.showcerts && got_a_chain)) {
1705 /* Redundant if we showed the whole chain */ 1705 /* Redundant if we showed the whole chain */
1706 PEM_write_bio_X509(bio, peer); 1706 PEM_write_bio_X509(bio, peer);
1707 } 1707 }
@@ -1820,23 +1820,23 @@ print_stuff(BIO *bio, SSL *s, int full)
1820#endif 1820#endif
1821 1821
1822 SSL_SESSION_print(bio, SSL_get_session(s)); 1822 SSL_SESSION_print(bio, SSL_get_session(s));
1823 if (s_client_config.keymatexportlabel != NULL) { 1823 if (cfg.keymatexportlabel != NULL) {
1824 BIO_printf(bio, "Keying material exporter:\n"); 1824 BIO_printf(bio, "Keying material exporter:\n");
1825 BIO_printf(bio, " Label: '%s'\n", 1825 BIO_printf(bio, " Label: '%s'\n",
1826 s_client_config.keymatexportlabel); 1826 cfg.keymatexportlabel);
1827 BIO_printf(bio, " Length: %i bytes\n", 1827 BIO_printf(bio, " Length: %i bytes\n",
1828 s_client_config.keymatexportlen); 1828 cfg.keymatexportlen);
1829 exportedkeymat = malloc(s_client_config.keymatexportlen); 1829 exportedkeymat = malloc(cfg.keymatexportlen);
1830 if (exportedkeymat != NULL) { 1830 if (exportedkeymat != NULL) {
1831 if (!SSL_export_keying_material(s, exportedkeymat, 1831 if (!SSL_export_keying_material(s, exportedkeymat,
1832 s_client_config.keymatexportlen, 1832 cfg.keymatexportlen,
1833 s_client_config.keymatexportlabel, 1833 cfg.keymatexportlabel,
1834 strlen(s_client_config.keymatexportlabel), 1834 strlen(cfg.keymatexportlabel),
1835 NULL, 0, 0)) { 1835 NULL, 0, 0)) {
1836 BIO_printf(bio, " Error\n"); 1836 BIO_printf(bio, " Error\n");
1837 } else { 1837 } else {
1838 BIO_printf(bio, " Keying material: "); 1838 BIO_printf(bio, " Keying material: ");
1839 for (i = 0; i < s_client_config.keymatexportlen; i++) 1839 for (i = 0; i < cfg.keymatexportlen; i++)
1840 BIO_printf(bio, "%02X", 1840 BIO_printf(bio, "%02X",
1841 exportedkeymat[i]); 1841 exportedkeymat[i]);
1842 BIO_printf(bio, "\n"); 1842 BIO_printf(bio, "\n");
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 19:47:46 +0000