From 6c965e26b1a93da63948edae6b68564be1ded507 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 6 Mar 2023 14:32:06 +0000 Subject: Rename struct ${app}_config to plain cfg All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing --- src/usr.bin/openssl/s_client.c | 412 ++++++++++++++++++++--------------------- 1 file changed, 206 insertions(+), 206 deletions(-) (limited to 'src/usr.bin/openssl/s_client.c') diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 41f6502325..82a8128243 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.59 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -246,16 +246,16 @@ static struct { int verify; X509_VERIFY_PARAM *vpm; char *xmpphost; -} s_client_config; +} cfg; static int s_client_opt_keymatexportlen(char *arg) { - s_client_config.keymatexportlen = strtonum(arg, 1, INT_MAX, - &s_client_config.errstr); - if (s_client_config.errstr != NULL) { + cfg.keymatexportlen = strtonum(arg, 1, INT_MAX, + &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_client_config.errstr); + arg, cfg.errstr); return (1); } return (0); @@ -265,11 +265,11 @@ s_client_opt_keymatexportlen(char *arg) static int s_client_opt_mtu(char *arg) { - s_client_config.socket_mtu = strtonum(arg, 0, LONG_MAX, - &s_client_config.errstr); - if (s_client_config.errstr != NULL) { + cfg.socket_mtu = strtonum(arg, 0, LONG_MAX, + &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_client_config.errstr); + arg, cfg.errstr); return (1); } return (0); @@ -282,7 +282,7 @@ s_client_opt_port(char *arg) if (*arg == '\0') return (1); - s_client_config.port = arg; + cfg.port = arg; return (0); } @@ -290,8 +290,8 @@ s_client_opt_port(char *arg) static int s_client_opt_protocol_version_dtls(void) { - s_client_config.meth = DTLS_client_method(); - s_client_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_client_method(); + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -300,10 +300,10 @@ s_client_opt_protocol_version_dtls(void) static int s_client_opt_protocol_version_dtls1(void) { - s_client_config.meth = DTLS_client_method(); - s_client_config.min_version = DTLS1_VERSION; - s_client_config.max_version = DTLS1_VERSION; - s_client_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_client_method(); + cfg.min_version = DTLS1_VERSION; + cfg.max_version = DTLS1_VERSION; + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -312,10 +312,10 @@ s_client_opt_protocol_version_dtls1(void) static int s_client_opt_protocol_version_dtls1_2(void) { - s_client_config.meth = DTLS_client_method(); - s_client_config.min_version = DTLS1_2_VERSION; - s_client_config.max_version = DTLS1_2_VERSION; - s_client_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_client_method(); + cfg.min_version = DTLS1_2_VERSION; + cfg.max_version = DTLS1_2_VERSION; + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -323,40 +323,40 @@ s_client_opt_protocol_version_dtls1_2(void) static int s_client_opt_protocol_version_tls1(void) { - s_client_config.min_version = TLS1_VERSION; - s_client_config.max_version = TLS1_VERSION; + cfg.min_version = TLS1_VERSION; + cfg.max_version = TLS1_VERSION; return (0); } static int s_client_opt_protocol_version_tls1_1(void) { - s_client_config.min_version = TLS1_1_VERSION; - s_client_config.max_version = TLS1_1_VERSION; + cfg.min_version = TLS1_1_VERSION; + cfg.max_version = TLS1_1_VERSION; return (0); } static int s_client_opt_protocol_version_tls1_2(void) { - s_client_config.min_version = TLS1_2_VERSION; - s_client_config.max_version = TLS1_2_VERSION; + cfg.min_version = TLS1_2_VERSION; + cfg.max_version = TLS1_2_VERSION; return (0); } static int s_client_opt_protocol_version_tls1_3(void) { - s_client_config.min_version = TLS1_3_VERSION; - s_client_config.max_version = TLS1_3_VERSION; + cfg.min_version = TLS1_3_VERSION; + cfg.max_version = TLS1_3_VERSION; return (0); } static int s_client_opt_quiet(void) { - s_client_config.quiet = 1; - s_client_config.ign_eof = 1; + cfg.quiet = 1; + cfg.ign_eof = 1; return (0); } @@ -364,17 +364,17 @@ static int s_client_opt_starttls(char *arg) { if (strcmp(arg, "smtp") == 0) - s_client_config.starttls_proto = PROTO_SMTP; + cfg.starttls_proto = PROTO_SMTP; else if (strcmp(arg, "lmtp") == 0) - s_client_config.starttls_proto = PROTO_LMTP; + cfg.starttls_proto = PROTO_LMTP; else if (strcmp(arg, "pop3") == 0) - s_client_config.starttls_proto = PROTO_POP3; + cfg.starttls_proto = PROTO_POP3; else if (strcmp(arg, "imap") == 0) - s_client_config.starttls_proto = PROTO_IMAP; + cfg.starttls_proto = PROTO_IMAP; else if (strcmp(arg, "ftp") == 0) - s_client_config.starttls_proto = PROTO_FTP; + cfg.starttls_proto = PROTO_FTP; else if (strcmp(arg, "xmpp") == 0) - s_client_config.starttls_proto = PROTO_XMPP; + cfg.starttls_proto = PROTO_XMPP; else return (1); return (0); @@ -383,12 +383,12 @@ s_client_opt_starttls(char *arg) static int s_client_opt_verify(char *arg) { - s_client_config.verify = SSL_VERIFY_PEER; + cfg.verify = SSL_VERIFY_PEER; - verify_depth = strtonum(arg, 0, INT_MAX, &s_client_config.errstr); - if (s_client_config.errstr != NULL) { + verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_client_config.errstr); + arg, cfg.errstr); return (1); } BIO_printf(bio_err, "verify depth is %d\n", verify_depth); @@ -403,7 +403,7 @@ s_client_opt_verify_param(int argc, char **argv, int *argsused) int badarg = 0; if (!args_verify(&pargs, &pargc, &badarg, bio_err, - &s_client_config.vpm)) { + &cfg.vpm)) { BIO_printf(bio_err, "unknown option %s\n", *argv); return (1); } @@ -419,14 +419,14 @@ static const struct option s_client_options[] = { .name = "4", .desc = "Use IPv4 only", .type = OPTION_VALUE, - .opt.value = &s_client_config.af, + .opt.value = &cfg.af, .value = AF_INET, }, { .name = "6", .desc = "Use IPv6 only", .type = OPTION_VALUE, - .opt.value = &s_client_config.af, + .opt.value = &cfg.af, .value = AF_INET6, }, { @@ -435,67 +435,67 @@ static const struct option s_client_options[] = { .desc = "Set the advertised protocols for ALPN" " (comma-separated list)", .type = OPTION_ARG, - .opt.arg = &s_client_config.alpn_in, + .opt.arg = &cfg.alpn_in, }, { .name = "bugs", .desc = "Enable various workarounds for buggy implementations", .type = OPTION_FLAG, - .opt.flag = &s_client_config.bugs, + .opt.flag = &cfg.bugs, }, { .name = "CAfile", .argname = "file", .desc = "PEM format file of CA certificates", .type = OPTION_ARG, - .opt.arg = &s_client_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "directory", .desc = "PEM format directory of CA certificates", .type = OPTION_ARG, - .opt.arg = &s_client_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "cert", .argname = "file", .desc = "Certificate file to use, PEM format assumed", .type = OPTION_ARG, - .opt.arg = &s_client_config.cert_file, + .opt.arg = &cfg.cert_file, }, { .name = "certform", .argname = "fmt", .desc = "Certificate format (PEM or DER) PEM default", .type = OPTION_ARG_FORMAT, - .opt.value = &s_client_config.cert_format, + .opt.value = &cfg.cert_format, }, { .name = "cipher", .argname = "cipherlist", .desc = "Preferred cipher to use (see 'openssl ciphers')", .type = OPTION_ARG, - .opt.arg = &s_client_config.cipher, + .opt.arg = &cfg.cipher, }, { .name = "connect", .argname = "host:port", .desc = "Who to connect to (default is localhost:4433)", .type = OPTION_ARG, - .opt.arg = &s_client_config.connect, + .opt.arg = &cfg.connect, }, { .name = "crlf", .desc = "Convert LF from terminal into CRLF", .type = OPTION_FLAG, - .opt.flag = &s_client_config.crlf, + .opt.flag = &cfg.crlf, }, { .name = "debug", .desc = "Print extensive debugging information", .type = OPTION_FLAG, - .opt.flag = &s_client_config.debug, + .opt.flag = &cfg.debug, }, #ifndef OPENSSL_NO_DTLS { @@ -526,20 +526,20 @@ static const struct option s_client_options[] = { .argname = "list", .desc = "Specify EC groups (colon-separated list)", .type = OPTION_ARG, - .opt.arg = &s_client_config.groups_in, + .opt.arg = &cfg.groups_in, }, { .name = "host", .argname = "host", .desc = "Use -connect instead", .type = OPTION_ARG, - .opt.arg = &s_client_config.host, + .opt.arg = &cfg.host, }, { .name = "ign_eof", .desc = "Ignore input EOF (default when -quiet)", .type = OPTION_VALUE, - .opt.value = &s_client_config.ign_eof, + .opt.value = &cfg.ign_eof, .value = 1, }, { @@ -547,21 +547,21 @@ static const struct option s_client_options[] = { .argname = "file", .desc = "Private key file to use, if not, -cert file is used", .type = OPTION_ARG, - .opt.arg = &s_client_config.key_file, + .opt.arg = &cfg.key_file, }, { .name = "keyform", .argname = "fmt", .desc = "Key format (PEM or DER) PEM default", .type = OPTION_ARG_FORMAT, - .opt.value = &s_client_config.key_format, + .opt.value = &cfg.key_format, }, { .name = "keymatexport", .argname = "label", .desc = "Export keying material using label", .type = OPTION_ARG, - .opt.arg = &s_client_config.keymatexportlabel, + .opt.arg = &cfg.keymatexportlabel, }, { .name = "keymatexportlen", @@ -578,14 +578,14 @@ static const struct option s_client_options[] = { .name = "legacy_server_connect", .desc = "Allow initial connection to servers that don't support RI", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_LEGACY_SERVER_CONNECT, }, { .name = "msg", .desc = "Show all protocol messages with hex dump", .type = OPTION_FLAG, - .opt.flag = &s_client_config.msg, + .opt.flag = &cfg.msg, }, #ifndef OPENSSL_NO_DTLS { @@ -600,115 +600,115 @@ static const struct option s_client_options[] = { .name = "nbio", .desc = "Turn on non-blocking I/O", .type = OPTION_FLAG, - .opt.flag = &s_client_config.nbio, + .opt.flag = &cfg.nbio, }, { .name = "nbio_test", .desc = "Test non-blocking I/O", .type = OPTION_FLAG, - .opt.flag = &s_client_config.nbio_test, + .opt.flag = &cfg.nbio_test, }, { .name = "nextprotoneg", .argname = "protocols", .type = OPTION_ARG, - .opt.arg = &s_client_config.npn_in, /* Ignored. */ + .opt.arg = &cfg.npn_in, /* Ignored. */ }, { .name = "no_comp", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_COMPRESSION, }, { .name = "no_ign_eof", .desc = "Don't ignore input EOF", .type = OPTION_VALUE, - .opt.value = &s_client_config.ign_eof, + .opt.value = &cfg.ign_eof, .value = 0, }, { .name = "no_legacy_server_connect", .desc = "Disallow initial connection to servers that don't support RI", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.clr, + .opt.value = &cfg.clr, .value = SSL_OP_LEGACY_SERVER_CONNECT, }, { .name = "no_servername", .desc = "Do not send a Server Name Indication (SNI) extension", .type = OPTION_FLAG, - .opt.value = &s_client_config.no_servername, + .opt.value = &cfg.no_servername, }, { .name = "no_ssl2", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_SSLv2, }, { .name = "no_ssl3", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_SSLv3, }, { .name = "no_ticket", .desc = "Disable use of RFC4507 session ticket support", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TICKET, }, { .name = "no_tls1", .desc = "Disable the use of TLSv1", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1, }, { .name = "no_tls1_1", .desc = "Disable the use of TLSv1.1", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_1, }, { .name = "no_tls1_2", .desc = "Disable the use of TLSv1.2", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_2, }, { .name = "no_tls1_3", .desc = "Disable the use of TLSv1.3", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_3, }, { .name = "noservername", .type = OPTION_FLAG, - .opt.value = &s_client_config.no_servername, + .opt.value = &cfg.no_servername, }, { .name = "pass", .argname = "arg", .desc = "Private key file pass phrase source", .type = OPTION_ARG, - .opt.arg = &s_client_config.passarg, + .opt.arg = &cfg.passarg, }, { .name = "pause", .desc = "Pause 1 second between each read and write call", .type = OPTION_FLAG, - .opt.flag = &s_client_config.pause, + .opt.flag = &cfg.pause, }, { .name = "peekaboo", .type = OPTION_FLAG, - .opt.flag = &s_client_config.peekaboo, + .opt.flag = &cfg.peekaboo, }, { .name = "port", @@ -721,14 +721,14 @@ static const struct option s_client_options[] = { .name = "prexit", .desc = "Print session information when the program exits", .type = OPTION_FLAG, - .opt.flag = &s_client_config.prexit, + .opt.flag = &cfg.prexit, }, { .name = "proxy", .argname = "host:port", .desc = "Connect to http proxy", .type = OPTION_ARG, - .opt.arg = &s_client_config.proxy, + .opt.arg = &cfg.proxy, }, { .name = "quiet", @@ -740,7 +740,7 @@ static const struct option s_client_options[] = { .name = "reconnect", .desc = "Drop and re-make the connection with the same Session-ID", .type = OPTION_VALUE, - .opt.value = &s_client_config.reconnect, + .opt.value = &cfg.reconnect, .value = 5, }, { @@ -748,13 +748,13 @@ static const struct option s_client_options[] = { .argname = "name", .desc = "Set TLS extension servername in ClientHello (SNI)", .type = OPTION_ARG, - .opt.arg = &s_client_config.servername, + .opt.arg = &cfg.servername, }, { .name = "serverpref", .desc = "Use server's cipher preferences", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_CIPHER_SERVER_PREFERENCE, }, { @@ -762,20 +762,20 @@ static const struct option s_client_options[] = { .argname = "file", .desc = "File to read TLS session from", .type = OPTION_ARG, - .opt.arg = &s_client_config.sess_in, + .opt.arg = &cfg.sess_in, }, { .name = "sess_out", .argname = "file", .desc = "File to write TLS session to", .type = OPTION_ARG, - .opt.arg = &s_client_config.sess_out, + .opt.arg = &cfg.sess_out, }, { .name = "showcerts", .desc = "Show all server certificates in the chain", .type = OPTION_FLAG, - .opt.flag = &s_client_config.showcerts, + .opt.flag = &cfg.showcerts, }, { .name = "starttls", @@ -789,20 +789,20 @@ static const struct option s_client_options[] = { .name = "state", .desc = "Print the TLS session states", .type = OPTION_FLAG, - .opt.flag = &s_client_config.state, + .opt.flag = &cfg.state, }, { .name = "status", .desc = "Send a certificate status request to the server (OCSP)", .type = OPTION_FLAG, - .opt.flag = &s_client_config.status_req, + .opt.flag = &cfg.status_req, }, #ifndef OPENSSL_NO_DTLS { .name = "timeout", .desc = "Enable send/receive timeout on DTLS connections", .type = OPTION_FLAG, - .opt.flag = &s_client_config.enable_timeouts, + .opt.flag = &cfg.enable_timeouts, }, #endif { @@ -833,7 +833,7 @@ static const struct option s_client_options[] = { .name = "tlsextdebug", .desc = "Hex dump of all TLS extensions received", .type = OPTION_FLAG, - .opt.flag = &s_client_config.tlsextdebug, + .opt.flag = &cfg.tlsextdebug, }, #ifndef OPENSSL_NO_SRTP { @@ -841,7 +841,7 @@ static const struct option s_client_options[] = { .argname = "profiles", .desc = "Offer SRTP key management with a colon-separated profiles", .type = OPTION_ARG, - .opt.arg = &s_client_config.srtp_profiles, + .opt.arg = &cfg.srtp_profiles, }, #endif { @@ -862,7 +862,7 @@ static const struct option s_client_options[] = { .argname = "host", .desc = "Connect to this virtual host on the xmpp server", .type = OPTION_ARG, - .opt.arg = &s_client_config.xmpphost, + .opt.arg = &cfg.xmpphost, }, { .name = NULL, @@ -928,17 +928,17 @@ s_client_main(int argc, char **argv) exit(1); } - memset(&s_client_config, 0, sizeof(s_client_config)); - s_client_config.af = AF_UNSPEC; - s_client_config.cert_format = FORMAT_PEM; - s_client_config.host = SSL_HOST_NAME; - s_client_config.key_format = FORMAT_PEM; - s_client_config.keymatexportlen = 20; - s_client_config.meth = TLS_client_method(); - s_client_config.port = PORT_STR; - s_client_config.socket_type = SOCK_STREAM; - s_client_config.starttls_proto = PROTO_OFF; - s_client_config.verify = SSL_VERIFY_NONE; + memset(&cfg, 0, sizeof(cfg)); + cfg.af = AF_UNSPEC; + cfg.cert_format = FORMAT_PEM; + cfg.host = SSL_HOST_NAME; + cfg.key_format = FORMAT_PEM; + cfg.keymatexportlen = 20; + cfg.meth = TLS_client_method(); + cfg.port = PORT_STR; + cfg.socket_type = SOCK_STREAM; + cfg.starttls_proto = PROTO_OFF; + cfg.verify = SSL_VERIFY_NONE; if (((cbuf = malloc(BUFSIZZ)) == NULL) || ((sbuf = malloc(BUFSIZZ)) == NULL) || @@ -953,45 +953,45 @@ s_client_main(int argc, char **argv) badop = 1; goto bad; } - if (s_client_config.proxy != NULL) { - if (!extract_host_port(s_client_config.proxy, - &s_client_config.host, NULL, &s_client_config.port)) + if (cfg.proxy != NULL) { + if (!extract_host_port(cfg.proxy, + &cfg.host, NULL, &cfg.port)) goto bad; - if (s_client_config.connect == NULL) - s_client_config.connect = SSL_HOST_NAME; - } else if (s_client_config.connect != NULL) { - if (!extract_host_port(s_client_config.connect, - &s_client_config.host, NULL, &s_client_config.port)) + if (cfg.connect == NULL) + cfg.connect = SSL_HOST_NAME; + } else if (cfg.connect != NULL) { + if (!extract_host_port(cfg.connect, + &cfg.host, NULL, &cfg.port)) goto bad; } if (badop) { bad: - if (s_client_config.errstr == NULL) + if (cfg.errstr == NULL) sc_usage(); goto end; } - if (!app_passwd(bio_err, s_client_config.passarg, NULL, &pass, NULL)) { + if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (s_client_config.key_file == NULL) - s_client_config.key_file = s_client_config.cert_file; + if (cfg.key_file == NULL) + cfg.key_file = cfg.cert_file; - if (s_client_config.key_file) { + if (cfg.key_file) { - key = load_key(bio_err, s_client_config.key_file, - s_client_config.key_format, 0, pass, + key = load_key(bio_err, cfg.key_file, + cfg.key_format, 0, pass, "client certificate private key file"); if (!key) { ERR_print_errors(bio_err); goto end; } } - if (s_client_config.cert_file) { - cert = load_cert(bio_err, s_client_config.cert_file, - s_client_config.cert_format, + if (cfg.cert_file) { + cert = load_cert(bio_err, cfg.cert_file, + cfg.cert_format, NULL, "client certificate file"); if (!cert) { @@ -999,8 +999,8 @@ s_client_main(int argc, char **argv) goto end; } } - if (s_client_config.quiet && !s_client_config.debug && - !s_client_config.msg) { + if (cfg.quiet && !cfg.debug && + !cfg.msg) { if ((bio_c_out = BIO_new(BIO_s_null())) == NULL) goto end; } else { @@ -1008,7 +1008,7 @@ s_client_main(int argc, char **argv) goto end; } - ctx = SSL_CTX_new(s_client_config.meth); + ctx = SSL_CTX_new(cfg.meth); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; @@ -1016,31 +1016,31 @@ s_client_main(int argc, char **argv) SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); - if (s_client_config.vpm) - SSL_CTX_set1_param(ctx, s_client_config.vpm); + if (cfg.vpm) + SSL_CTX_set1_param(ctx, cfg.vpm); - if (!SSL_CTX_set_min_proto_version(ctx, s_client_config.min_version)) + if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version)) goto end; - if (!SSL_CTX_set_max_proto_version(ctx, s_client_config.max_version)) + if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version)) goto end; #ifndef OPENSSL_NO_SRTP - if (s_client_config.srtp_profiles != NULL) - SSL_CTX_set_tlsext_use_srtp(ctx, s_client_config.srtp_profiles); + if (cfg.srtp_profiles != NULL) + SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles); #endif - if (s_client_config.bugs) - SSL_CTX_set_options(ctx, SSL_OP_ALL | s_client_config.off); + if (cfg.bugs) + SSL_CTX_set_options(ctx, SSL_OP_ALL | cfg.off); else - SSL_CTX_set_options(ctx, s_client_config.off); + SSL_CTX_set_options(ctx, cfg.off); - if (s_client_config.clr) - SSL_CTX_clear_options(ctx, s_client_config.clr); + if (cfg.clr) + SSL_CTX_clear_options(ctx, cfg.clr); - if (s_client_config.alpn_in) { + if (cfg.alpn_in) { unsigned short alpn_len; unsigned char *alpn; - alpn = next_protos_parse(&alpn_len, s_client_config.alpn_in); + alpn = next_protos_parse(&alpn_len, cfg.alpn_in); if (alpn == NULL) { BIO_printf(bio_err, "Error parsing -alpn argument\n"); goto end; @@ -1048,42 +1048,42 @@ s_client_main(int argc, char **argv) SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); free(alpn); } - if (s_client_config.groups_in != NULL) { - if (SSL_CTX_set1_groups_list(ctx, s_client_config.groups_in) != 1) { + if (cfg.groups_in != NULL) { + if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) { BIO_printf(bio_err, "Failed to set groups '%s'\n", - s_client_config.groups_in); + cfg.groups_in); goto end; } } - if (s_client_config.state) + if (cfg.state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); - if (s_client_config.cipher != NULL) - if (!SSL_CTX_set_cipher_list(ctx, s_client_config.cipher)) { + if (cfg.cipher != NULL) + if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) { BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; } - SSL_CTX_set_verify(ctx, s_client_config.verify, verify_callback); + SSL_CTX_set_verify(ctx, cfg.verify, verify_callback); if (!set_cert_key_stuff(ctx, cert, key)) goto end; - if ((s_client_config.CAfile || s_client_config.CApath) - && !SSL_CTX_load_verify_locations(ctx, s_client_config.CAfile, - s_client_config.CApath)) + if ((cfg.CAfile || cfg.CApath) + && !SSL_CTX_load_verify_locations(ctx, cfg.CAfile, + cfg.CApath)) ERR_print_errors(bio_err); if (!SSL_CTX_set_default_verify_paths(ctx)) ERR_print_errors(bio_err); con = SSL_new(ctx); - if (s_client_config.sess_in) { + if (cfg.sess_in) { SSL_SESSION *sess; - BIO *stmp = BIO_new_file(s_client_config.sess_in, "r"); + BIO *stmp = BIO_new_file(cfg.sess_in, "r"); if (!stmp) { BIO_printf(bio_err, "Can't open session file %s\n", - s_client_config.sess_in); + cfg.sess_in); ERR_print_errors(bio_err); goto end; } @@ -1091,7 +1091,7 @@ s_client_main(int argc, char **argv) BIO_free(stmp); if (!sess) { BIO_printf(bio_err, "Can't open session file %s\n", - s_client_config.sess_in); + cfg.sess_in); ERR_print_errors(bio_err); goto end; } @@ -1100,15 +1100,15 @@ s_client_main(int argc, char **argv) } /* Attempt to opportunistically use the host name for SNI. */ - servername = s_client_config.servername; + servername = cfg.servername; if (servername == NULL) - servername = s_client_config.host; + servername = cfg.host; - if (!s_client_config.no_servername && servername != NULL && + if (!cfg.no_servername && servername != NULL && !SSL_set_tlsext_host_name(con, servername)) { long ssl_err = ERR_peek_error(); - if (s_client_config.servername != NULL || + if (cfg.servername != NULL || ERR_GET_LIB(ssl_err) != ERR_LIB_SSL || ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) { BIO_printf(bio_err, @@ -1119,7 +1119,7 @@ s_client_main(int argc, char **argv) servername = NULL; ERR_clear_error(); } - if (!s_client_config.no_servername && servername != NULL) { + if (!cfg.no_servername && servername != NULL) { tlsextcbp.biodebug = bio_err; SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); @@ -1127,22 +1127,22 @@ s_client_main(int argc, char **argv) re_start: - if (init_client(&s, s_client_config.host, s_client_config.port, - s_client_config.socket_type, s_client_config.af) == 0) { + if (init_client(&s, cfg.host, cfg.port, + cfg.socket_type, cfg.af) == 0) { BIO_printf(bio_err, "connect:errno=%d\n", errno); goto end; } BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); - if (s_client_config.nbio) { - if (!s_client_config.quiet) + if (cfg.nbio) { + if (!cfg.quiet) BIO_printf(bio_c_out, "turning on non blocking io\n"); if (!BIO_socket_nbio(s, 1)) { ERR_print_errors(bio_err); goto end; } } - if (s_client_config.pause & 0x01) + if (cfg.pause & 0x01) SSL_set_debug(con, 1); if (SSL_is_dtls(con)) { @@ -1157,7 +1157,7 @@ s_client_main(int argc, char **argv) } (void) BIO_ctrl_set_connected(sbio, 1, &peer); - if (s_client_config.enable_timeouts) { + if (cfg.enable_timeouts) { timeout.tv_sec = 0; timeout.tv_usec = DGRAM_RCV_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, @@ -1168,35 +1168,35 @@ s_client_main(int argc, char **argv) BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); } - if (s_client_config.socket_mtu > 28) { + if (cfg.socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(con, s_client_config.socket_mtu - 28); + SSL_set_mtu(con, cfg.socket_mtu - 28); } else /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); } else sbio = BIO_new_socket(s, BIO_NOCLOSE); - if (s_client_config.nbio_test) { + if (cfg.nbio_test) { BIO *test; test = BIO_new(BIO_f_nbio_test()); sbio = BIO_push(test, sbio); } - if (s_client_config.debug) { + if (cfg.debug) { SSL_set_debug(con, 1); BIO_set_callback(sbio, bio_dump_callback); BIO_set_callback_arg(sbio, (char *) bio_c_out); } - if (s_client_config.msg) { + if (cfg.msg) { SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_c_out); } - if (s_client_config.tlsextdebug) { + if (cfg.tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); } - if (s_client_config.status_req) { + if (cfg.status_req) { SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); @@ -1225,8 +1225,8 @@ s_client_main(int argc, char **argv) * push a buffering BIO into the chain that is removed again later on * to not disturb the rest of the s_client operation. */ - if (s_client_config.starttls_proto == PROTO_SMTP || - s_client_config.starttls_proto == PROTO_LMTP) { + if (cfg.starttls_proto == PROTO_SMTP || + cfg.starttls_proto == PROTO_LMTP) { int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); @@ -1237,7 +1237,7 @@ s_client_main(int argc, char **argv) while (mbuf_len > 3 && mbuf[3] == '-'); /* STARTTLS command requires EHLO... */ BIO_printf(fbio, "%cHLO openssl.client.net\r\n", - s_client_config.starttls_proto == PROTO_SMTP ? 'E' : 'L'); + cfg.starttls_proto == PROTO_SMTP ? 'E' : 'L'); (void) BIO_flush(fbio); /* wait for multi-line response to end EHLO SMTP response */ do { @@ -1255,7 +1255,7 @@ s_client_main(int argc, char **argv) " try anyway...\n"); BIO_printf(sbio, "STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } else if (s_client_config.starttls_proto == PROTO_POP3) { + } else if (cfg.starttls_proto == PROTO_POP3) { mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); if (mbuf_len == -1) { BIO_printf(bio_err, "BIO_read failed\n"); @@ -1263,7 +1263,7 @@ s_client_main(int argc, char **argv) } BIO_printf(sbio, "STLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } else if (s_client_config.starttls_proto == PROTO_IMAP) { + } else if (cfg.starttls_proto == PROTO_IMAP) { int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); @@ -1287,7 +1287,7 @@ s_client_main(int argc, char **argv) " try anyway...\n"); BIO_printf(sbio, ". STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } else if (s_client_config.starttls_proto == PROTO_FTP) { + } else if (cfg.starttls_proto == PROTO_FTP) { BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); /* wait for multi-line response to end from FTP */ @@ -1300,13 +1300,13 @@ s_client_main(int argc, char **argv) BIO_free(fbio); BIO_printf(sbio, "AUTH TLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } else if (s_client_config.starttls_proto == PROTO_XMPP) { + } else if (cfg.starttls_proto == PROTO_XMPP) { int seen = 0; BIO_printf(sbio, "", - s_client_config.xmpphost ? - s_client_config.xmpphost : s_client_config.host); + cfg.xmpphost ? + cfg.xmpphost : cfg.host); seen = BIO_read(sbio, mbuf, BUFSIZZ); if (seen <= 0) @@ -1329,9 +1329,9 @@ s_client_main(int argc, char **argv) if (!strstr(sbuf, " 0) full_log--; - if (s_client_config.starttls_proto) { + if (cfg.starttls_proto) { BIO_write(bio_err, mbuf, mbuf_len); /* We don't need to know any more */ - s_client_config.starttls_proto = PROTO_OFF; + cfg.starttls_proto = PROTO_OFF; } - if (s_client_config.reconnect) { - s_client_config.reconnect--; + if (cfg.reconnect) { + cfg.reconnect--; BIO_printf(bio_c_out, "drop connection and then reconnect\n"); SSL_shutdown(con); @@ -1516,7 +1516,7 @@ s_client_main(int argc, char **argv) } } #endif - if (s_client_config.peekaboo) { + if (cfg.peekaboo) { k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ ); pending = SSL_pending(con); if (SSL_get_error(con, p) == SSL_ERROR_NONE) { @@ -1535,7 +1535,7 @@ s_client_main(int argc, char **argv) goto end; sbuf_off = 0; sbuf_len = k; - if (s_client_config.peekaboo) { + if (cfg.peekaboo) { if (p != pending) { ret = -1; BIO_printf(bio_err, @@ -1594,7 +1594,7 @@ s_client_main(int argc, char **argv) BIO_printf(bio_err, "poll error"); goto shut; } - if (s_client_config.crlf) { + if (cfg.crlf) { int j, lf_num; i = read(fileno(stdin), cbuf, BUFSIZZ / 2); @@ -1615,13 +1615,13 @@ s_client_main(int argc, char **argv) } else i = read(fileno(stdin), cbuf, BUFSIZZ); - if ((!s_client_config.ign_eof) && + if ((!cfg.ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { BIO_printf(bio_err, "DONE\n"); ret = 0; goto shut; } - if ((!s_client_config.ign_eof) && (cbuf[0] == 'R')) { + if ((!cfg.ign_eof) && (cbuf[0] == 'R')) { BIO_printf(bio_err, "RENEGOTIATING\n"); SSL_renegotiate(con); cbuf_len = 0; @@ -1644,7 +1644,7 @@ s_client_main(int argc, char **argv) close(SSL_get_fd(con)); end: if (con != NULL) { - if (s_client_config.prexit != 0) + if (cfg.prexit != 0) print_stuff(bio_c_out, con, 1); SSL_free(con); } @@ -1652,7 +1652,7 @@ s_client_main(int argc, char **argv) X509_free(cert); EVP_PKEY_free(key); free(pass); - X509_VERIFY_PARAM_free(s_client_config.vpm); + X509_VERIFY_PARAM_free(cfg.vpm); freezero(cbuf, BUFSIZZ); freezero(sbuf, BUFSIZZ); freezero(pbuf, BUFSIZZ); @@ -1692,7 +1692,7 @@ print_stuff(BIO *bio, SSL *s, int full) X509_NAME_oneline(X509_get_issuer_name( sk_X509_value(sk, i)), buf, sizeof buf); BIO_printf(bio, " i:%s\n", buf); - if (s_client_config.showcerts) + if (cfg.showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); } @@ -1701,7 +1701,7 @@ print_stuff(BIO *bio, SSL *s, int full) peer = SSL_get_peer_certificate(s); if (peer != NULL) { BIO_printf(bio, "Server certificate\n"); - if (!(s_client_config.showcerts && got_a_chain)) { + if (!(cfg.showcerts && got_a_chain)) { /* Redundant if we showed the whole chain */ PEM_write_bio_X509(bio, peer); } @@ -1820,23 +1820,23 @@ print_stuff(BIO *bio, SSL *s, int full) #endif SSL_SESSION_print(bio, SSL_get_session(s)); - if (s_client_config.keymatexportlabel != NULL) { + if (cfg.keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", - s_client_config.keymatexportlabel); + cfg.keymatexportlabel); BIO_printf(bio, " Length: %i bytes\n", - s_client_config.keymatexportlen); - exportedkeymat = malloc(s_client_config.keymatexportlen); + cfg.keymatexportlen); + exportedkeymat = malloc(cfg.keymatexportlen); if (exportedkeymat != NULL) { if (!SSL_export_keying_material(s, exportedkeymat, - s_client_config.keymatexportlen, - s_client_config.keymatexportlabel, - strlen(s_client_config.keymatexportlabel), + cfg.keymatexportlen, + cfg.keymatexportlabel, + strlen(cfg.keymatexportlabel), NULL, 0, 0)) { BIO_printf(bio, " Error\n"); } else { BIO_printf(bio, " Keying material: "); - for (i = 0; i < s_client_config.keymatexportlen; i++) + for (i = 0; i < cfg.keymatexportlen; i++) BIO_printf(bio, "%02X", exportedkeymat[i]); BIO_printf(bio, "\n"); -- cgit v1.2.3-55-g6feb