summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/s_client.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* s_client: fix use of possibly uninitialized valuesinoguchi2020-04-261-2/+2
| | | | | | | | | | Set initial value to variable 'p' and 'pending'. Reported and fix requested from leonklingele by GitHub pull request. https://github.com/libressl-portable/portable/issues/577 https://github.com/libressl-portable/openbsd/pull/114 ok bcook@ jsing@ tb@
* Add -groups option to openssl(1) s_server.jsing2020-04-191-2/+2
| | | | | | | | | | This allows supported EC groups to be configured, which will also control which TLSv1.3 key shares we'll accept. While here, deprecate the rather useless -named_curve option, which is effectively the same as -groups with a single group. Also stop setting a single default group of P-256 via SSL_CTX_set_tmp_ecdh() - use the library defaults instead. ok beck@ inoguchi@
* Add -tls1_3 and -notls1_3 options to openssl(1) s_client.jsing2020-02-161-17/+29
| | | | | | | | | Also stop using version pinned methods, instead setting the min and max protocol versions. Requested by inoguchi@ ok inoguchi@ tb@
* Make -peekaboo mode also use SSL_pending after peeking, to ensurebeck2020-01-231-2/+9
| | | | | | SSL_pending implementation is correct. annoying jsing@
* Simplify the peekaboo code.jsing2020-01-221-35/+6
| | | | ok beck@
* Add -peekaboo option to s_client, to test SSL_peekbeck2020-01-221-4/+66
| | | | | | peeks data before reading, compares to subsequent read. ok jsing@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-3/+3
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* didn't found -> didn't find.tb2018-11-141-2/+2
| | | | From Edgar Pettijohn III
* typo in output string; from edgar pettijohnjmc2018-02-111-2/+2
|
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-071-4/+4
|
* Remove guards around *_free() calls since these functions handle NULL.jsing2018-02-071-11/+6
|
* Remove NPN support - the -nextprotoneg options now become no-ops.jsing2017-08-121-57/+4
| | | | ok bcook@ beck@ doug@
* use freezero() instead of 4-line conditional explicit_bzero + freederaadt2017-04-181-13/+4
|
* Add a -groups option to openssl s_client, which allows supported EC curvesjsing2017-01-241-7/+17
| | | | | | to be specified as a colon separated list. ok beck@
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-201-2/+2
|
* Display details of the server ephemeral key, based on OpenSSL.jsing2016-12-301-1/+4
| | | | ok doug@
* Fix a bug loading the default certificate path locations.bcook2016-06-211-9/+7
| | | | | | | | | The files would only be loaded if the CAfile or CApath locations were succesfully loaded first. Original patch from OpenSSL: https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190 ok beck@
* Undo previous, pledge("dns") was already present. The problem was in s_server.jca2015-12-011-2/+2
|
* pledge dns so openssl can use dns.. noticed and fix by todd@beck2015-12-011-2/+2
| | | | ok jcs@ deraadt@ theo@
* In pledge(), put "dns" right after "inet".jca2015-11-211-2/+2
|
* Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.jca2015-11-211-2/+2
| | | | From todd@
* Exit if a pledge call fails in non-interactive mode.doug2015-10-171-2/+4
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-171-2/+2
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Initial support for pledges in openssl(1) commands.doug2015-10-101-1/+6
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* these do not use ioctl.hderaadt2015-10-061-2/+1
|
* Remove engine command and parameters from openssl(1).bcook2015-09-111-46/+3
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-4/+4
|
* Fix shadowed verify_error in s_server by removing the unused global.bcook2015-09-101-2/+1
| | | | | | 's_time -verify 1' will now actually verify the peer certificate. ok beck@
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-221-3/+1
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* Improve openssl s_client -starttls xmpp support.landry2015-08-111-5/+18
| | | | | | | | | From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest - add a -xmpphost option to specify the xmpp virtual host - fix an infinite loop when the vhost isnt what the server expects - fix communication with openfire & prosody servers with tweaks & ok bcook@ doug@ manpage bits jmc@
* Remove SSLv3 support from openssl(1) s_client.doug2015-07-171-4/+1
| | | | ok miod@ bcook@ beck@
* Move verify externs into the header file.jsing2015-04-141-5/+1
|
* Add the possibility to use the openssl s_client tool with an httpbluhm2015-01-131-4/+24
| | | | | | proxy. Implement the -proxy feature in the same hackish way as -starttls. OK jsing@
* unifdef OPENSSL_NO_NEXTPROTONEGjsing2014-12-141-17/+1
|
* Add ALPN support to openssl(1).jsing2014-12-101-2/+30
| | | | Based on OpenSSL.
* convert select() to poll(). This is one of the most complicatedderaadt2014-12-021-26/+41
| | | | | | conversions in the tree, because the original code is very rotten and fragile. Please test and report any failures. Assistance from millert, bcook, and jsing.
* Nuke more obvious #include duplications.krw2014-11-181-2/+1
| | | | ok deraadt@ millert@ tedu@
* More OPENSSL_NO_TLSEXT clean up.jsing2014-11-071-5/+5
|
* TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,jsing2014-11-061-25/+1
| | | | which was already done for libssl some time back.
* None of these need <openssl/rand.h>jsing2014-10-221-2/+1
|
* s_client: don't call shutdown on a non-existent socket descriptor.bcook2014-10-201-3/+1
| | | | | from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> ok beck@, deraadt@
* Use O_NONBLOCK over FIONBIO.bcook2014-10-131-4/+4
| | | | | | | | | Prefer this because it is the POSIX standard and has consistent behavior across platforms. Use BIO_socket_nbio consistently across the tree. from Jonas 'Sortie' Termansen, ok deraadt@
* Enable -Wshadow in openssl(1) and fix a few shadow warnings.doug2014-09-011-3/+1
| | | | ok jsing@
* Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notjsing2014-08-261-0/+1507
a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 12:12:47 +0000