[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Mon Jun 19 12:26:40 UTC 2017

The branch master has been updated
       via  729ef85611d2490da8f10ea546279c961e6de4a6 (commit)
      from  edcdf38bd09f77160f0ec3e5bdd9d9525daf6f25 (commit)

- Log -----------------------------------------------------------------
commit 729ef85611d2490da8f10ea546279c961e6de4a6
Author: Cory Benfield <lukasaoz at gmail.com>
Date:   Sat Jun 4 20:46:38 2016 -0700

    s_client accepts host/port as positional argument.
    This allows the user to provide the target host and optional port to
    openssl s_client as an optional positional argument, rather than as the
    argument to the -connect flag. This rationalises the user experience of
    s_client: given that the only logical purpose of s_client is to connect
    to a host, it is difficult to understand why there is an (effectively
    mandatory) command option to pass to make that happen.
    This patch forbids providing *both* -connect and the positional
    argument, because it would likely be too difficult to reconcile.
    Otherwise, using the positional argument behaves exactly the same as
    using -connect does.
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1171)


Summary of changes:
 apps/s_client.c       | 20 +++++++++++++++++---
 doc/man1/s_client.pod | 16 +++++++++++++---
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index ad0eaec..1d11f09 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1421,8 +1421,22 @@ int s_client_main(int argc, char **argv)
     argc = opt_num_rest();
-    if (argc != 0)
+    if (argc == 1) {
+        /* If there's a positional argument, it's the equivalent of
+         * OPT_CONNECT.
+         * Don't allow -connect and a separate argument.
+         */
+        if (connectstr != NULL) {
+            BIO_printf(bio_err,
+                       "%s: must not provide both -connect option and target parameter\n",
+                       prog);
+            goto opthelp;
+        }
+        connect_type = use_inet;
+        connectstr = *opt_rest();
+    } else if (argc != 0) {
         goto opthelp;
+    }
     if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
@@ -1434,7 +1448,7 @@ int s_client_main(int argc, char **argv)
         int res;
         char *tmp_host = host, *tmp_port = port;
         if (connectstr == NULL) {
-            BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog);
+            BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog);
             goto opthelp;
         res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST);
@@ -1459,7 +1473,7 @@ int s_client_main(int argc, char **argv)
         if (!res) {
-                       "%s: -connect argument malformed or ambiguous\n",
+                       "%s: -connect argument or target parameter malformed or ambiguous\n",
             goto end;
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 57fa920..94356da 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -113,6 +113,7 @@ B<openssl> B<s_client>
 [B<-keylogfile file>]
 [B<-early_data file>]
@@ -135,8 +136,10 @@ Print out a usage message.
 =item B<-connect host:port>
-This specifies the host and optional port to connect to. If not specified
-then an attempt is made to connect to the local host on port 4433.
+This specifies the host and optional port to connect to. It is possible to
+select the host and port using the optional target positional argument instead.
+If neither this nor the target positonal argument are specified then an attempt
+is made to connect to the local host on port 4433.
 =item B<-proxy host:port>
@@ -592,6 +595,13 @@ Reads the contents of the specified file and attempts to send it as early data
 to the server. This will only work with resumed sessions that support early
 data and when the server accepts the early data.
+=item B<[target]>
+Rather than providing B<-connect>, the target hostname and optional port may
+be provided as a single positional argument after all options. If neither this
+nor B<-connect> are provided, falls back to attempting to connect to localhost
+on port 4433.
@@ -658,7 +668,7 @@ information whenever a session is renegotiated.
 L<SSL_CONF_cmd(3)>, L<sess_id(1)>, L<s_server(1)>, L<ciphers(1)>,
 L<SSL_CTX_set_max_send_fragment(3)>, L<SSL_CTX_set_split_send_fragment(3)>
 =head1 HISTORY

More information about the openssl-commits mailing list