[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Sat Apr 25 20:01:52 UTC 2015
The branch master has been updated
via d8c25de595019e2948ed2a25847b695b41cdea3c (commit)
from 6ba8a5b77af5792bf0755388bc0ce4003af7cf86 (commit)
- Log -----------------------------------------------------------------
commit d8c25de595019e2948ed2a25847b695b41cdea3c
Author: Rich Salz <rsalz at openssl.org>
Date: Sat Apr 25 16:01:21 2015 -0400
RT2451: Add telnet to s_client -starttls
Also add -xmpphost and -smtphost flags.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 45 insertions(+), 5 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index d3fc397..13191a0 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -468,7 +468,7 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_UNIX, OPT_VERIFY,
+ OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_UNIX, OPT_XMPPHOST, OPT_VERIFY,
OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO,
@@ -484,7 +484,7 @@ typedef enum OPTION_choice {
OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_KRB5SVC,
OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_JPAKE,
- OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
+ OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,
OPT_V_ENUM,
OPT_X_ENUM,
OPT_S_ENUM,
@@ -533,6 +533,7 @@ OPTIONS s_client_options[] = {
{"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
{"starttls", OPT_STARTTLS, 's',
"Use the STARTTLS command before starting TLS"},
+ {"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
@@ -569,6 +570,7 @@ OPTIONS s_client_options[] = {
"Tolerate other than the known g N values."},
{"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"},
#endif
+ {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
#ifndef OPENSSL_NO_TLSEXT
{"servername", OPT_SERVERNAME, 's',
"Set TLS extension servername in ClientHello"},
@@ -617,6 +619,7 @@ typedef enum PROTOCOL_choice {
PROTO_POP3,
PROTO_IMAP,
PROTO_FTP,
+ PROTO_TELNET,
PROTO_XMPP
} PROTOCOL_CHOICE;
@@ -626,6 +629,7 @@ static OPT_PAIR services[] = {
{"imap", PROTO_IMAP},
{"ftp", PROTO_FTP},
{"xmpp", PROTO_XMPP},
+ {"telnet", PROTO_TELNET},
{NULL}
};
@@ -650,8 +654,9 @@ int s_client_main(int argc, char **argv)
NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p;
- char *jpake_secret = NULL;
+ char *jpake_secret = NULL, *xmpphost;
const char *unix_path = NULL;
+ const char *ehlo = "mail.example.com";
struct sockaddr peer;
struct timeval timeout, *timeoutp;
fd_set readfds, writefds;
@@ -754,6 +759,12 @@ int s_client_main(int argc, char **argv)
case OPT_UNIX:
unix_path = opt_arg();
break;
+ case OPT_XMPPHOST:
+ xmpphost = opt_arg();
+ break;
+ case OPT_SMTPHOST:
+ ehlo = opt_arg();
+ break;
case OPT_VERIFY:
verify = SSL_VERIFY_PEER;
verify_depth = atoi(opt_arg());
@@ -1482,7 +1493,7 @@ int s_client_main(int argc, char **argv)
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
}
while (mbuf_len > 3 && mbuf[3] == '-');
- BIO_printf(fbio, "EHLO openssl.client.net\r\n");
+ BIO_printf(fbio, "EHLO %s\r\n", ehlo);
(void)BIO_flush(fbio);
/* wait for multi-line response to end EHLO SMTP response */
do {
@@ -1562,7 +1573,7 @@ int s_client_main(int argc, char **argv)
BIO_printf(sbio, "<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' "
"xmlns='jabber:client' to='%s' version='1.0'>",
- host);
+ xmpphost ? xmpphost : host);
seen = BIO_read(sbio, mbuf, BUFSIZZ);
mbuf[seen] = 0;
while (!strstr
@@ -1586,6 +1597,35 @@ int s_client_main(int argc, char **argv)
mbuf[0] = 0;
}
break;
+ case PROTO_TELNET:
+ {
+ static const unsigned char tls_do[] = {
+ /* IAC DO START_TLS */
+ 255, 253, 46
+ };
+ static const unsigned char tls_will[] = {
+ /* IAC WILL START_TLS */
+ 255, 251, 46
+ };
+ static const unsigned char tls_follows[] = {
+ /* IAC SB START_TLS FOLLOWS IAC SE */
+ 255, 250, 46, 1, 255, 240
+ };
+ int bytes;
+
+ /* Telnet server should demand we issue START_TLS */
+ bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (bytes != 3 || memcmp(mbuf, tls_do, 3) != 0)
+ goto shut;
+ /* Agree to issue START_TLS and send the FOLLOWS sub-command */
+ BIO_write(sbio, tls_will, 3);
+ BIO_write(sbio, tls_follows, 6);
+ (void)BIO_flush(sbio);
+ /* Telnet server also sent the FOLLOWS sub-command */
+ bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0)
+ goto shut;
+ }
}
for (;;) {
More information about the openssl-commits
mailing list