1 /* Copyright (c) 2014, Google Inc.
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
15 #include <openssl/base.h>
17 // TODO(davidben): bssl client does not work on Windows.
18 #if !defined(OPENSSL_WINDOWS)
25 #include <sys/types.h>
26 #include <sys/socket.h>
28 #if !defined(OPENSSL_WINDOWS)
29 #include <arpa/inet.h>
32 #include <netinet/in.h>
33 #include <sys/select.h>
38 typedef int socklen_t;
41 #include <openssl/err.h>
42 #include <openssl/ssl.h>
47 static const struct argument kArguments[] = {
50 "The hostname and port of the server to connect to, e.g. foo.com:443",
54 "An OpenSSL-style cipher suite string that configures the offered ciphers",
61 // Connect sets |*out_sock| to be a socket connected to the destination given
62 // in |hostname_and_port|, which should be of the form "www.example.com:123".
63 // It returns true on success and false otherwise.
64 static bool Connect(int *out_sock, const std::string &hostname_and_port) {
65 const size_t colon_offset = hostname_and_port.find_last_of(':');
66 std::string hostname, port;
68 if (colon_offset == std::string::npos) {
69 hostname = hostname_and_port;
72 hostname = hostname_and_port.substr(0, colon_offset);
73 port = hostname_and_port.substr(colon_offset + 1);
76 struct addrinfo hint, *result;
77 memset(&hint, 0, sizeof(hint));
78 hint.ai_family = AF_UNSPEC;
79 hint.ai_socktype = SOCK_STREAM;
81 int ret = getaddrinfo(hostname.c_str(), port.c_str(), &hint, &result);
83 fprintf(stderr, "getaddrinfo returned: %s\n", gai_strerror(ret));
91 socket(result->ai_family, result->ai_socktype, result->ai_protocol);
97 switch (result->ai_family) {
99 struct sockaddr_in *sin =
100 reinterpret_cast<struct sockaddr_in *>(result->ai_addr);
101 fprintf(stderr, "Connecting to %s:%d\n",
102 inet_ntop(result->ai_family, &sin->sin_addr, buf, sizeof(buf)),
103 ntohs(sin->sin_port));
107 struct sockaddr_in6 *sin6 =
108 reinterpret_cast<struct sockaddr_in6 *>(result->ai_addr);
109 fprintf(stderr, "Connecting to [%s]:%d\n",
110 inet_ntop(result->ai_family, &sin6->sin6_addr, buf, sizeof(buf)),
111 ntohs(sin6->sin6_port));
116 if (connect(*out_sock, result->ai_addr, result->ai_addrlen) != 0) {
123 freeaddrinfo(result);
127 static void PrintConnectionInfo(const SSL *ssl) {
128 const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
130 fprintf(stderr, " Version: %s\n", SSL_get_version(ssl));
131 fprintf(stderr, " Cipher: %s\n", SSL_CIPHER_get_name(cipher));
132 fprintf(stderr, " Secure renegotiation: %s\n",
133 SSL_get_secure_renegotiation_support(ssl) ? "yes" : "no");
136 static bool SocketSetNonBlocking(int sock, bool is_non_blocking) {
139 #if defined(OPENSSL_WINDOWS)
140 u_long arg = is_non_blocking;
141 ok = 0 == ioctlsocket(sock, FIOBIO, &arg);
143 int flags = fcntl(sock, F_GETFL, 0);
147 if (is_non_blocking) {
150 flags &= ~O_NONBLOCK;
152 ok = 0 == fcntl(sock, F_SETFL, flags);
155 fprintf(stderr, "Failed to set socket non-blocking.\n");
160 // PrintErrorCallback is a callback function from OpenSSL's
161 // |ERR_print_errors_cb| that writes errors to a given |FILE*|.
162 static int PrintErrorCallback(const char *str, size_t len, void *ctx) {
163 fwrite(str, len, 1, reinterpret_cast<FILE*>(ctx));
167 bool TransferData(SSL *ssl, int sock) {
168 bool stdin_open = true;
173 if (!SocketSetNonBlocking(sock, true)) {
179 FD_SET(0, &read_fds);
181 FD_SET(sock, &read_fds);
183 int ret = select(sock + 1, &read_fds, NULL, NULL, NULL);
189 if (FD_ISSET(0, &read_fds)) {
194 n = read(0, buffer, sizeof(buffer));
195 } while (n == -1 && errno == EINTR);
198 FD_CLR(0, &read_fds);
200 shutdown(sock, SHUT_WR);
203 perror("read from stdin");
207 if (!SocketSetNonBlocking(sock, false)) {
210 int ssl_ret = SSL_write(ssl, buffer, n);
211 if (!SocketSetNonBlocking(sock, true)) {
216 int ssl_err = SSL_get_error(ssl, ssl_ret);
217 fprintf(stderr, "Error while writing: %d\n", ssl_err);
218 ERR_print_errors_cb(PrintErrorCallback, stderr);
220 } else if (ssl_ret != n) {
221 fprintf(stderr, "Short write from SSL_write.\n");
226 if (FD_ISSET(sock, &read_fds)) {
228 int ssl_ret = SSL_read(ssl, buffer, sizeof(buffer));
231 int ssl_err = SSL_get_error(ssl, ssl_ret);
232 if (ssl_err == SSL_ERROR_WANT_READ) {
235 fprintf(stderr, "Error while reading: %d\n", ssl_err);
236 ERR_print_errors_cb(PrintErrorCallback, stderr);
238 } else if (ssl_ret == 0) {
244 n = write(1, buffer, ssl_ret);
245 } while (n == -1 && errno == EINTR);
248 fprintf(stderr, "Short write to stderr.\n");
255 bool Client(const std::vector<std::string> &args) {
256 std::map<std::string, std::string> args_map;
258 if (!ParseKeyValueArguments(&args_map, args, kArguments)) {
259 PrintUsage(kArguments);
263 SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method());
265 const char *keylog_file = getenv("SSLKEYLOGFILE");
267 BIO *keylog_bio = BIO_new_file(keylog_file, "a");
269 ERR_print_errors_cb(PrintErrorCallback, stderr);
272 SSL_CTX_set_keylog_bio(ctx, keylog_bio);
275 if (args_map.count("-cipher") != 0) {
276 SSL_CTX_set_cipher_list(ctx, args_map["-cipher"].c_str());
280 if (!Connect(&sock, args_map["-connect"])) {
284 BIO *bio = BIO_new_socket(sock, BIO_CLOSE);
285 SSL *ssl = SSL_new(ctx);
286 SSL_set_bio(ssl, bio, bio);
288 int ret = SSL_connect(ssl);
290 int ssl_err = SSL_get_error(ssl, ret);
291 fprintf(stderr, "Error while connecting: %d\n", ssl_err);
292 ERR_print_errors_cb(PrintErrorCallback, stderr);
296 fprintf(stderr, "Connected.\n");
297 PrintConnectionInfo(ssl);
299 bool ok = TransferData(ssl, sock);
306 #endif // !OPENSSL_WINDOWS