summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/s_client.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove some gloriously outdated commentstb2025-01-021-5/+1
| | | | | | | /*#define SSL_HOST_NAME "www.netscape.com" */ /*#define SSL_HOST_NAME "193.118.187.102" */ and /*#define TEST_CERT "client.pem" *//* no default cert. */
* Merge s_apps.h into apps.htb2025-01-021-3/+1
| | | | discussed with jsing
* openssl(1) doesn't need 5 .h files: merge timeouts.h into apps.htb2025-01-021-2/+1
| | | | | | This is an extra header for two stupid constants... discussed with jsing
* Garbage collect the last users of SSL_set_debug(3)tb2023-12-291-2/+1
| | | | | | | | This undocumented, incomplete public function has never done anything useful. It will be removed from libssl. Removing it from openssl(1) clears the way for this. ok jsing
* s_client: pause hasn't worked in ages. Just ignore ittb2023-12-291-8/+3
| | | | ok jsing
* Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitonsbeck2023-07-031-1/+9
| | | | | | | | While I'm here, change the no_ssl2 and no_ssl3 options to use OPTION_DISCARD as well instead of continuing to set a no-op option flag. ok jsing@ tb@
* Remove the tls1.0 and 1.1 related options from the openssl(1) toolkitbeck2023-07-031-66/+4
| | | | ok tb@
* Rename struct ${app}_config to plain cfgtb2023-03-061-206/+206
| | | | | | | | | All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
* Remove the legacy interactive mode from openssl(1).joshua2022-11-111-6/+4
| | | | | | | | This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x. ok tb@ jsing@
* Use X509_*get0_pubkey() wherever possible to simplify and clean uptb2022-02-031-3/+3
| | | | | | the code. Also add error checking where possible. ok jsing
* Attempt to opportunistically use the host name for SNI in s_client.jsing2021-12-261-10/+34
| | | | ok beck@ inoguchi@ tb@
* Garbage collect another unused variable.jca2021-10-251-4/+1
| | | | Spotted by egcc and probably clang 13. ok tb@
* Garbage collect an unused variable.tb2021-10-221-4/+2
|
* Read ahead is now enforced for DTLS - remove workarounds.jsing2021-03-171-7/+1
| | | | ok inoguchi@ tb@
* Add DTLSv1.2 support to openssl(1) s_client/s_server.jsing2021-03-171-12/+49
| | | | ok inoguchi@ tb@
* Free peekaboo pbuf at end of s_client_main()tb2020-10-141-1/+2
| | | | | | | Otherwise each run of the s_client leaks 16k of memory. This hurts in interactive mode. ok inoguchi jsing
* Clean up s_client.cinoguchi2020-07-101-26/+27
| | | | | | | - Remove space between '*' and pointer variable. - Add function prototype. - Move callback function to bottom. - Move typedef struct to up.
* Change variable bio_c_out from global to localinoguchi2020-07-101-15/+11
| | | | ok tb@
* Wrap long lines and put space in front of label in s_client.cinoguchi2020-07-091-46/+80
|
* Remove c_ prefix from s_client_config memberinoguchi2020-07-091-33/+33
|
* Convert openssl(1) s_client option handlinginoguchi2020-07-091-450/+770
| | | | suggestions and ok beck@ jsing@ tb@
* In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY bytb2020-05-231-1/+4
| | | | | | | default. To avoid hanging on a blocking read, we need to clear the SSL_MODE_AUTO_RETRY flag in the s_client and the s_server. ok beck inoguchi jsing
* sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"deraadt2020-05-221-3/+4
| | | | | | (gurn) copies getsockname() retrieves a truncated result and 14 bytes of stack garbage get copied onwards. ok tb
* s_client: fix use of possibly uninitialized valuesinoguchi2020-04-261-2/+2
| | | | | | | | | | Set initial value to variable 'p' and 'pending'. Reported and fix requested from leonklingele by GitHub pull request. https://github.com/libressl-portable/portable/issues/577 https://github.com/libressl-portable/openbsd/pull/114 ok bcook@ jsing@ tb@
* Add -groups option to openssl(1) s_server.jsing2020-04-191-2/+2
| | | | | | | | | | This allows supported EC groups to be configured, which will also control which TLSv1.3 key shares we'll accept. While here, deprecate the rather useless -named_curve option, which is effectively the same as -groups with a single group. Also stop setting a single default group of P-256 via SSL_CTX_set_tmp_ecdh() - use the library defaults instead. ok beck@ inoguchi@
* Add -tls1_3 and -notls1_3 options to openssl(1) s_client.jsing2020-02-161-17/+29
| | | | | | | | | Also stop using version pinned methods, instead setting the min and max protocol versions. Requested by inoguchi@ ok inoguchi@ tb@
* Make -peekaboo mode also use SSL_pending after peeking, to ensurebeck2020-01-231-2/+9
| | | | | | SSL_pending implementation is correct. annoying jsing@
* Simplify the peekaboo code.jsing2020-01-221-35/+6
| | | | ok beck@
* Add -peekaboo option to s_client, to test SSL_peekbeck2020-01-221-4/+66
| | | | | | peeks data before reading, compares to subsequent read. ok jsing@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-3/+3
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* didn't found -> didn't find.tb2018-11-141-2/+2
| | | | From Edgar Pettijohn III
* typo in output string; from edgar pettijohnjmc2018-02-111-2/+2
|
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-071-4/+4
|
* Remove guards around *_free() calls since these functions handle NULL.jsing2018-02-071-11/+6
|
* Remove NPN support - the -nextprotoneg options now become no-ops.jsing2017-08-121-57/+4
| | | | ok bcook@ beck@ doug@
* use freezero() instead of 4-line conditional explicit_bzero + freederaadt2017-04-181-13/+4
|
* Add a -groups option to openssl s_client, which allows supported EC curvesjsing2017-01-241-7/+17
| | | | | | to be specified as a colon separated list. ok beck@
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-201-2/+2
|
* Display details of the server ephemeral key, based on OpenSSL.jsing2016-12-301-1/+4
| | | | ok doug@
* Fix a bug loading the default certificate path locations.bcook2016-06-211-9/+7
| | | | | | | | | The files would only be loaded if the CAfile or CApath locations were succesfully loaded first. Original patch from OpenSSL: https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190 ok beck@
* Undo previous, pledge("dns") was already present. The problem was in s_server.jca2015-12-011-2/+2
|
* pledge dns so openssl can use dns.. noticed and fix by todd@beck2015-12-011-2/+2
| | | | ok jcs@ deraadt@ theo@
* In pledge(), put "dns" right after "inet".jca2015-11-211-2/+2
|
* Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.jca2015-11-211-2/+2
| | | | From todd@
* Exit if a pledge call fails in non-interactive mode.doug2015-10-171-2/+4
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-171-2/+2
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Initial support for pledges in openssl(1) commands.doug2015-10-101-1/+6
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* these do not use ioctl.hderaadt2015-10-061-2/+1
|
* Remove engine command and parameters from openssl(1).bcook2015-09-111-46/+3
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-4/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 00:20:12 +0000