[openssl-users] s_server (and maybe s_client) misbehaves with binary data

Mon Nov 2 15:36:29 UTC 2015

On 2 November 2015 at 15:33, Jakob Bohm <jb-openssl at wisemo.com> wrote:

> On 02/11/2015 16:13, Richard Moore wrote:
>
> There have always been special commands making s_client unsuitable for
> this usage - for example R followed by a newline will renegotiate, and Q
> will quit. According to the docs these can be disabled by -quiet
> and -ign_eof though I've never tested that myself.
>
> Could you point me to where this (non-obvious) relationship
> between options ostensibly doing something else and the
> desired effect is documented?  The 1.0.1* man-page of s_server
> certainly doesn't say that.
>
>
It's documented in the s_client man page, but I don't see it in s_server
(though the commands are listed and it has a few more than s_client).
Perhaps there is no way to disable them on s_server - I'd have to check the
code.

Cheers

Rich.

>
> On 2 November 2015 at 13:37, Jakob Bohm <jb-openssl at wisemo.com> wrote:
>
>> As with most other "apps" in the openssl binary, the s_server
>> and s_client commands are useful for multiple purposes:
>>
>> 1. As debug tools
>>
>> 2. As a way to do one-off operations without writing any
>>   code.
>>
>> 3. As back ends for small programs written in scripting
>>   languages that cannot really call the OpenSSL library
>>   directly.
>>
>> This is about the latter two uses of s_server and s_client to
>> set up a one-off or scripted secure pipe between two machines.
>>
>> Unfortunately, the current (1.0.2) version of s_server will
>> do special and problematic things when encountering some
>> 3-byte sequences (such as "\nq\n") in the data stream.
>>
>> It would thus be useful for s_server (and if applicable
>> s_client) to accept the "-binary" option (already provided
>> by the cms/smime commands), to turn off this behavior and
>> provide a clean data pass through to/from the other end.
>> In "-binary" mode, no byte value or sequence of byte value
>> is special, except that explicit use of the "-crlf" option
>> still works.
>>
>>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151102/88a2e974/attachment-0001.html>