From 2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5 Mon Sep 17 00:00:00 2001 From: landry <> Date: Tue, 11 Aug 2015 05:01:03 +0000 Subject: Improve openssl s_client -starttls xmpp support. From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest - add a -xmpphost option to specify the xmpp virtual host - fix an infinite loop when the vhost isnt what the server expects - fix communication with openfire & prosody servers with tweaks & ok bcook@ doug@ manpage bits jmc@ --- src/usr.bin/openssl/openssl.1 | 12 ++++++++++-- src/usr.bin/openssl/s_client.c | 23 ++++++++++++++++++----- 2 files changed, 28 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 8d49bf7b36..ea6f9fcbb0 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.18 2015/08/02 12:43:44 jmc Exp $ +.\" $OpenBSD: openssl.1,v 1.19 2015/08/11 05:01:03 landry Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -112,7 +112,7 @@ .\" .\" OPENSSL .\" -.Dd $Mdocdate: August 2 2015 $ +.Dd $Mdocdate: August 11 2015 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -6487,6 +6487,7 @@ which it can be seen agrees with the recovered value above. .Op Fl tlsextdebug .Op Fl verify Ar depth .Op Fl x509_strict +.Op Fl xmpphost Ar host .Ek .nr nS 0 .Pp @@ -6675,6 +6676,13 @@ Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure. +.It Fl xmpphost Ar hostname +This option, when used with +.Fl starttls Ar xmpp , +specifies the host for the "to" attribute of the stream element. +If this option is not specified then the host specified with +.Fl connect +will be used. .El .Sh S_CLIENT CONNECTED COMMANDS If a connection is established with an SSL server, any data received diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 14e1a4bab9..aa803e8baa 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.14 2015/07/17 16:07:44 doug Exp $ */ +/* $OpenBSD: s_client.c,v 1.15 2015/08/11 05:01:03 landry Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -237,6 +237,7 @@ sc_usage(void) BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err, " only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); BIO_printf(bio_err, " are supported.\n"); + BIO_printf(bio_err, " -xmpphost host - connect to this virtual host on the xmpp server\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n"); #endif @@ -334,6 +335,7 @@ s_client_main(int argc, char **argv) char *port = PORT_STR; int full_log = 1; char *host = SSL_HOST_NAME; + char *xmpphost = NULL; char *proxy = NULL, *connect = NULL; char *cert_file = NULL, *key_file = NULL; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; @@ -414,6 +416,10 @@ s_client_main(int argc, char **argv) if (--argc < 1) goto bad; proxy = *(++argv); + } else if (strcmp(*argv,"-xmpphost") == 0) { + if (--argc < 1) + goto bad; + xmpphost= *(++argv); } else if (strcmp(*argv, "-verify") == 0) { verify = SSL_VERIFY_PEER; if (--argc < 1) @@ -982,13 +988,20 @@ re_start: int seen = 0; BIO_printf(sbio, "", host); + "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost ? xmpphost : host); seen = BIO_read(sbio, mbuf, BUFSIZZ); + + if (seen <= 0) + goto shut; + mbuf[seen] = 0; - while (!strstr(mbuf, "")) - goto shut; + while (!strstr(mbuf, ""); -- cgit v1.2.3-55-g6feb