[openssl-users] s_server (and maybe s_client) misbehaves with binary data

Jakob Bohm jb-openssl at wisemo.com
Mon Nov 2 15:33:03 UTC 2015


On 02/11/2015 16:13, Richard Moore wrote:
> There have always been special commands making s_client unsuitable for 
> this usage - for example R followed by a newline will renegotiate, and 
> Q will quit. According to the docs these can be disabled by -quiet 
> and -ign_eof though I've never tested that myself.
>
Could you point me to where this (non-obvious) relationship
between options ostensibly doing something else and the
desired effect is documented?  The 1.0.1* man-page of s_server
certainly doesn't say that.
>
> On 2 November 2015 at 13:37, Jakob Bohm <jb-openssl at wisemo.com 
> <mailto:jb-openssl at wisemo.com>> wrote:
>
>     As with most other "apps" in the openssl binary, the s_server
>     and s_client commands are useful for multiple purposes:
>
>     1. As debug tools
>
>     2. As a way to do one-off operations without writing any
>       code.
>
>     3. As back ends for small programs written in scripting
>       languages that cannot really call the OpenSSL library
>       directly.
>
>     This is about the latter two uses of s_server and s_client to
>     set up a one-off or scripted secure pipe between two machines.
>
>     Unfortunately, the current (1.0.2) version of s_server will
>     do special and problematic things when encountering some
>     3-byte sequences (such as "\nq\n") in the data stream.
>
>     It would thus be useful for s_server (and if applicable
>     s_client) to accept the "-binary" option (already provided
>     by the cms/smime commands), to turn off this behavior and
>     provide a clean data pass through to/from the other end.
>     In "-binary" mode, no byte value or sequence of byte value
>     is special, except that explicit use of the "-crlf" option
>     still works.
>


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151102/b677e61b/attachment.html>


More information about the openssl-users mailing list