summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/s_client.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove the legacy interactive mode from openssl(1).joshua2022-11-111-6/+4
| | | | | | | | This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x. ok tb@ jsing@
* Use X509_*get0_pubkey() wherever possible to simplify and clean uptb2022-02-031-3/+3
| | | | | | the code. Also add error checking where possible. ok jsing
* Attempt to opportunistically use the host name for SNI in s_client.jsing2021-12-261-10/+34
| | | | ok beck@ inoguchi@ tb@
* Garbage collect another unused variable.jca2021-10-251-4/+1
| | | | Spotted by egcc and probably clang 13. ok tb@
* Garbage collect an unused variable.tb2021-10-221-4/+2
|
* Read ahead is now enforced for DTLS - remove workarounds.jsing2021-03-171-7/+1
| | | | ok inoguchi@ tb@
* Add DTLSv1.2 support to openssl(1) s_client/s_server.jsing2021-03-171-12/+49
| | | | ok inoguchi@ tb@
* Free peekaboo pbuf at end of s_client_main()tb2020-10-141-1/+2
| | | | | | | Otherwise each run of the s_client leaks 16k of memory. This hurts in interactive mode. ok inoguchi jsing
* Clean up s_client.cinoguchi2020-07-101-26/+27
| | | | | | | - Remove space between '*' and pointer variable. - Add function prototype. - Move callback function to bottom. - Move typedef struct to up.
* Change variable bio_c_out from global to localinoguchi2020-07-101-15/+11
| | | | ok tb@
* Wrap long lines and put space in front of label in s_client.cinoguchi2020-07-091-46/+80
|
* Remove c_ prefix from s_client_config memberinoguchi2020-07-091-33/+33
|
* Convert openssl(1) s_client option handlinginoguchi2020-07-091-450/+770
| | | | suggestions and ok beck@ jsing@ tb@
* In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY bytb2020-05-231-1/+4
| | | | | | | default. To avoid hanging on a blocking read, we need to clear the SSL_MODE_AUTO_RETRY flag in the s_client and the s_server. ok beck inoguchi jsing
* sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"deraadt2020-05-221-3/+4
| | | | | | (gurn) copies getsockname() retrieves a truncated result and 14 bytes of stack garbage get copied onwards. ok tb
* s_client: fix use of possibly uninitialized valuesinoguchi2020-04-261-2/+2
| | | | | | | | | | Set initial value to variable 'p' and 'pending'. Reported and fix requested from leonklingele by GitHub pull request. https://github.com/libressl-portable/portable/issues/577 https://github.com/libressl-portable/openbsd/pull/114 ok bcook@ jsing@ tb@
* Add -groups option to openssl(1) s_server.jsing2020-04-191-2/+2
| | | | | | | | | | This allows supported EC groups to be configured, which will also control which TLSv1.3 key shares we'll accept. While here, deprecate the rather useless -named_curve option, which is effectively the same as -groups with a single group. Also stop setting a single default group of P-256 via SSL_CTX_set_tmp_ecdh() - use the library defaults instead. ok beck@ inoguchi@
* Add -tls1_3 and -notls1_3 options to openssl(1) s_client.jsing2020-02-161-17/+29
| | | | | | | | | Also stop using version pinned methods, instead setting the min and max protocol versions. Requested by inoguchi@ ok inoguchi@ tb@
* Make -peekaboo mode also use SSL_pending after peeking, to ensurebeck2020-01-231-2/+9
| | | | | | SSL_pending implementation is correct. annoying jsing@
* Simplify the peekaboo code.jsing2020-01-221-35/+6
| | | | ok beck@
* Add -peekaboo option to s_client, to test SSL_peekbeck2020-01-221-4/+66
| | | | | | peeks data before reading, compares to subsequent read. ok jsing@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-3/+3
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* didn't found -> didn't find.tb2018-11-141-2/+2
| | | | From Edgar Pettijohn III
* typo in output string; from edgar pettijohnjmc2018-02-111-2/+2
|
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-071-4/+4
|
* Remove guards around *_free() calls since these functions handle NULL.jsing2018-02-071-11/+6
|
* Remove NPN support - the -nextprotoneg options now become no-ops.jsing2017-08-121-57/+4
| | | | ok bcook@ beck@ doug@
* use freezero() instead of 4-line conditional explicit_bzero + freederaadt2017-04-181-13/+4
|
* Add a -groups option to openssl s_client, which allows supported EC curvesjsing2017-01-241-7/+17
| | | | | | to be specified as a colon separated list. ok beck@
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-201-2/+2
|
* Display details of the server ephemeral key, based on OpenSSL.jsing2016-12-301-1/+4
| | | | ok doug@
* Fix a bug loading the default certificate path locations.bcook2016-06-211-9/+7
| | | | | | | | | The files would only be loaded if the CAfile or CApath locations were succesfully loaded first. Original patch from OpenSSL: https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190 ok beck@
* Undo previous, pledge("dns") was already present. The problem was in s_server.jca2015-12-011-2/+2
|
* pledge dns so openssl can use dns.. noticed and fix by todd@beck2015-12-011-2/+2
| | | | ok jcs@ deraadt@ theo@
* In pledge(), put "dns" right after "inet".jca2015-11-211-2/+2
|
* Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.jca2015-11-211-2/+2
| | | | From todd@
* Exit if a pledge call fails in non-interactive mode.doug2015-10-171-2/+4
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-171-2/+2
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Initial support for pledges in openssl(1) commands.doug2015-10-101-1/+6
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* these do not use ioctl.hderaadt2015-10-061-2/+1
|
* Remove engine command and parameters from openssl(1).bcook2015-09-111-46/+3
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-4/+4
|
* Fix shadowed verify_error in s_server by removing the unused global.bcook2015-09-101-2/+1
| | | | | | 's_time -verify 1' will now actually verify the peer certificate. ok beck@
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-221-3/+1
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* Improve openssl s_client -starttls xmpp support.landry2015-08-111-5/+18
| | | | | | | | | From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest - add a -xmpphost option to specify the xmpp virtual host - fix an infinite loop when the vhost isnt what the server expects - fix communication with openfire & prosody servers with tweaks & ok bcook@ doug@ manpage bits jmc@
* Remove SSLv3 support from openssl(1) s_client.doug2015-07-171-4/+1
| | | | ok miod@ bcook@ beck@
* Move verify externs into the header file.jsing2015-04-141-5/+1
|
* Add the possibility to use the openssl s_client tool with an httpbluhm2015-01-131-4/+24
| | | | | | proxy. Implement the -proxy feature in the same hackish way as -starttls. OK jsing@
* unifdef OPENSSL_NO_NEXTPROTONEGjsing2014-12-141-17/+1
|
* Add ALPN support to openssl(1).jsing2014-12-101-2/+30
| | | | Based on OpenSSL.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-18 15:17:47 +0000