[openssl-users] s_server (and maybe s_client) misbehaves with binary data

Richard Moore richmoore44 at gmail.com
Mon Nov 2 15:42:56 UTC 2015 

On 2 November 2015 at 15:36, Richard Moore <richmoore44 at gmail.com> wrote:

>
>
> On 2 November 2015 at 15:33, Jakob Bohm <jb-openssl at wisemo.com> wrote:
>
>> On 02/11/2015 16:13, Richard Moore wrote:
>>
>> There have always been special commands making s_client unsuitable for
>> this usage - for example R followed by a newline will renegotiate, and Q
>> will quit. According to the docs these can be disabled by -quiet
>> and -ign_eof though I've never tested that myself.
>>
>> Could you point me to where this (non-obvious) relationship
>> between options ostensibly doing something else and the
>> desired effect is documented?  The 1.0.1* man-page of s_server
>> certainly doesn't say that.
>>
>>
> ​It's documented in the s_client man page, but I don't see it in s_server
> (though the commands are listed and it has a few more than s_client).
> Perhaps there is no way to disable them on s_server - I'd have to check the
> code.
>
>
​I've checked the code and -quiet disables them for s_server too.

Rich.
​



> Cheers
>
> Rich.​
>
>
>
>>
>> On 2 November 2015 at 13:37, Jakob Bohm <jb-openssl at wisemo.com> wrote:
>>
>>> As with most other "apps" in the openssl binary, the s_server
>>> and s_client commands are useful for multiple purposes:
>>>
>>> 1. As debug tools
>>>
>>> 2. As a way to do one-off operations without writing any
>>>   code.
>>>
>>> 3. As back ends for small programs written in scripting
>>>   languages that cannot really call the OpenSSL library
>>>   directly.
>>>
>>> This is about the latter two uses of s_server and s_client to
>>> set up a one-off or scripted secure pipe between two machines.
>>>
>>> Unfortunately, the current (1.0.2) version of s_server will
>>> do special and problematic things when encountering some
>>> 3-byte sequences (such as "\nq\n") in the data stream.
>>>
>>> It would thus be useful for s_server (and if applicable
>>> s_client) to accept the "-binary" option (already provided
>>> by the cms/smime commands), to turn off this behavior and
>>> provide a clean data pass through to/from the other end.
>>> In "-binary" mode, no byte value or sequence of byte value
>>> is special, except that explicit use of the "-crlf" option
>>> still works.
>>>
>>>
>>
>> Enjoy
>>
>> Jakob
>> --
>> Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
>> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
>> This public discussion message is non-binding and may contain errors.
>> WiseMo - Remote Service Management for PCs, Phones and Embedded
>>
>>
>> _______________________________________________
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151102/4b40fd84/attachment.html>

More information about the openssl-users mailing list