summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/openssl.112
-rw-r--r--src/usr.bin/openssl/s_client.c23
2 files changed, 28 insertions, 7 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 8d49bf7b36..ea6f9fcbb0 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: openssl.1,v 1.18 2015/08/02 12:43:44 jmc Exp $ 1.\" $OpenBSD: openssl.1,v 1.19 2015/08/11 05:01:03 landry Exp $
2.\" ==================================================================== 2.\" ====================================================================
3.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4.\" 4.\"
@@ -112,7 +112,7 @@
112.\" 112.\"
113.\" OPENSSL 113.\" OPENSSL
114.\" 114.\"
115.Dd $Mdocdate: August 2 2015 $ 115.Dd $Mdocdate: August 11 2015 $
116.Dt OPENSSL 1 116.Dt OPENSSL 1
117.Os 117.Os
118.Sh NAME 118.Sh NAME
@@ -6487,6 +6487,7 @@ which it can be seen agrees with the recovered value above.
6487.Op Fl tlsextdebug 6487.Op Fl tlsextdebug
6488.Op Fl verify Ar depth 6488.Op Fl verify Ar depth
6489.Op Fl x509_strict 6489.Op Fl x509_strict
6490.Op Fl xmpphost Ar host
6490.Ek 6491.Ek
6491.nr nS 0 6492.nr nS 0
6492.Pp 6493.Pp
@@ -6675,6 +6676,13 @@ Currently the verify operation continues after errors so all the problems
6675with a certificate chain can be seen. 6676with a certificate chain can be seen.
6676As a side effect the connection will never fail due to a server 6677As a side effect the connection will never fail due to a server
6677certificate verify failure. 6678certificate verify failure.
6679.It Fl xmpphost Ar hostname
6680This option, when used with
6681.Fl starttls Ar xmpp ,
6682specifies the host for the "to" attribute of the stream element.
6683If this option is not specified then the host specified with
6684.Fl connect
6685will be used.
6678.El 6686.El
6679.Sh S_CLIENT CONNECTED COMMANDS 6687.Sh S_CLIENT CONNECTED COMMANDS
6680If a connection is established with an SSL server, any data received 6688If a connection is established with an SSL server, any data received
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 14e1a4bab9..aa803e8baa 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.14 2015/07/17 16:07:44 doug Exp $ */ 1/* $OpenBSD: s_client.c,v 1.15 2015/08/11 05:01:03 landry Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -237,6 +237,7 @@ sc_usage(void)
237 BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n"); 237 BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n");
238 BIO_printf(bio_err, " only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); 238 BIO_printf(bio_err, " only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
239 BIO_printf(bio_err, " are supported.\n"); 239 BIO_printf(bio_err, " are supported.\n");
240 BIO_printf(bio_err, " -xmpphost host - connect to this virtual host on the xmpp server\n");
240#ifndef OPENSSL_NO_ENGINE 241#ifndef OPENSSL_NO_ENGINE
241 BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n"); 242 BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n");
242#endif 243#endif
@@ -334,6 +335,7 @@ s_client_main(int argc, char **argv)
334 char *port = PORT_STR; 335 char *port = PORT_STR;
335 int full_log = 1; 336 int full_log = 1;
336 char *host = SSL_HOST_NAME; 337 char *host = SSL_HOST_NAME;
338 char *xmpphost = NULL;
337 char *proxy = NULL, *connect = NULL; 339 char *proxy = NULL, *connect = NULL;
338 char *cert_file = NULL, *key_file = NULL; 340 char *cert_file = NULL, *key_file = NULL;
339 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; 341 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
@@ -414,6 +416,10 @@ s_client_main(int argc, char **argv)
414 if (--argc < 1) 416 if (--argc < 1)
415 goto bad; 417 goto bad;
416 proxy = *(++argv); 418 proxy = *(++argv);
419 } else if (strcmp(*argv,"-xmpphost") == 0) {
420 if (--argc < 1)
421 goto bad;
422 xmpphost= *(++argv);
417 } else if (strcmp(*argv, "-verify") == 0) { 423 } else if (strcmp(*argv, "-verify") == 0) {
418 verify = SSL_VERIFY_PEER; 424 verify = SSL_VERIFY_PEER;
419 if (--argc < 1) 425 if (--argc < 1)
@@ -982,13 +988,20 @@ re_start:
982 int seen = 0; 988 int seen = 0;
983 BIO_printf(sbio, "<stream:stream " 989 BIO_printf(sbio, "<stream:stream "
984 "xmlns:stream='http://etherx.jabber.org/streams' " 990 "xmlns:stream='http://etherx.jabber.org/streams' "
985 "xmlns='jabber:client' to='%s' version='1.0'>", host); 991 "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost ? xmpphost : host);
986 seen = BIO_read(sbio, mbuf, BUFSIZZ); 992 seen = BIO_read(sbio, mbuf, BUFSIZZ);
993
994 if (seen <= 0)
995 goto shut;
996
987 mbuf[seen] = 0; 997 mbuf[seen] = 0;
988 while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) { 998 while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") &&
989 if (strstr(mbuf, "/stream:features>")) 999 !strstr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"")) {
990 goto shut;
991 seen = BIO_read(sbio, mbuf, BUFSIZZ); 1000 seen = BIO_read(sbio, mbuf, BUFSIZZ);
1001
1002 if (seen <= 0)
1003 goto shut;
1004
992 mbuf[seen] = 0; 1005 mbuf[seen] = 0;
993 } 1006 }
994 BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); 1007 BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-12 18:01:22 +0000