[openssl-users] s_server (and maybe s_client) misbehaves with binary data
Richard Moore
richmoore44 at gmail.com
Mon Nov 2 15:13:15 UTC 2015
There have always been special commands making s_client unsuitable for this
usage - for example R followed by a newline will renegotiate, and Q will
quit. According to the docs these can be disabled by -quiet and -ign_eof
though I've never tested that myself.
Cheers
Rich.
On 2 November 2015 at 13:37, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> As with most other "apps" in the openssl binary, the s_server
> and s_client commands are useful for multiple purposes:
>
> 1. As debug tools
>
> 2. As a way to do one-off operations without writing any
> code.
>
> 3. As back ends for small programs written in scripting
> languages that cannot really call the OpenSSL library
> directly.
>
> This is about the latter two uses of s_server and s_client to
> set up a one-off or scripted secure pipe between two machines.
>
> Unfortunately, the current (1.0.2) version of s_server will
> do special and problematic things when encountering some
> 3-byte sequences (such as "\nq\n") in the data stream.
>
> It would thus be useful for s_server (and if applicable
> s_client) to accept the "-binary" option (already provided
> by the cms/smime commands), to turn off this behavior and
> provide a clean data pass through to/from the other end.
> In "-binary" mode, no byte value or sequence of byte value
> is special, except that explicit use of the "-crlf" option
> still works.
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151102/9f953899/attachment.html>
More information about the openssl-users
mailing list