diff --git a/CHANGES b/CHANGES index fe22a4546..44c81913a 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,14 @@ Changes between 0.9.2b and 0.9.3 + *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and + SSL2_SERVER_VERSION (not used at all) macros, which are now the + same as SSL2_VERSION anyway. + [Bodo Moeller] + + *) New "-showcerts" option for s_client. + [Bodo Moeller] + *) Still more PKCS#12 integration. Add pkcs12 application to openssl application. Various cleanups and fixes. [Steve Henson] diff --git a/apps/s_client.c b/apps/s_client.c index a75e8ae31..07938abb7 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -90,6 +90,7 @@ static int c_nbio=0; #endif static int c_Pause=0; static int c_debug=0; +static int c_showcerts=0; #ifndef NOPROTO static void sc_usage(void); @@ -118,6 +119,7 @@ static void sc_usage() BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err," -state - print the 'ssl' states\n"); @@ -171,6 +173,7 @@ char **argv; c_Pause=0; c_quiet=0; c_debug=0; + c_showcerts=0; if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); @@ -227,6 +230,8 @@ char **argv; c_Pause=1; else if (strcmp(*argv,"-debug") == 0) c_debug=1; + else if (strcmp(*argv,"-showcerts") == 0) + c_showcerts=1; else if (strcmp(*argv,"-nbio_test") == 0) nbio_test=1; else if (strcmp(*argv,"-state") == 0) @@ -675,6 +680,8 @@ int full; X509_NAME_oneline(X509_get_issuer_name((X509 *) sk_value(sk,i)),buf,BUFSIZ); BIO_printf(bio," i:%s\n",buf); + if (c_showcerts) + PEM_write_bio_X509(bio,(X509 *) sk_value(sk,i)); } } @@ -683,7 +690,8 @@ int full; if (peer != NULL) { BIO_printf(bio,"Server certificate\n"); - PEM_write_bio_X509(bio,peer); + if (!c_showcerts) /* Redundant if we showed the whole chain */ + PEM_write_bio_X509(bio,peer); X509_NAME_oneline(X509_get_subject_name(peer), buf,BUFSIZ); BIO_printf(bio,"subject=%s\n",buf); diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 33112eeb3..d5457b032 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -485,7 +485,7 @@ SSL *s; p=buf; /* header */ d=p+9; /* data section */ *(p++)=SSL2_MT_CLIENT_HELLO; /* type */ - s2n(SSL2_CLIENT_VERSION,p); /* version */ + s2n(SSL2_VERSION,p); /* version */ n=j=0; n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d); diff --git a/ssl/ssl.h b/ssl/ssl.h index f0b143abd..06ca4aaa2 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -477,10 +477,9 @@ struct ssl_ctx_st struct ssl_st { - /* procol version - * 2 for SSLv2 - * 3 for SSLv3 - * -3 for SSLv3 but accept SSLv2 */ + /* protocol version + * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION) + */ int version; int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ diff --git a/ssl/ssl2.h b/ssl/ssl2.h index 3dc94e520..95e8231df 100644 --- a/ssl/ssl2.h +++ b/ssl/ssl2.h @@ -67,8 +67,8 @@ extern "C" { #define SSL2_VERSION 0x0002 #define SSL2_VERSION_MAJOR 0x00 #define SSL2_VERSION_MINOR 0x02 -#define SSL2_CLIENT_VERSION 0x0002 -#define SSL2_SERVER_VERSION 0x0002 +/* #define SSL2_CLIENT_VERSION 0x0002 */ +/* #define SSL2_SERVER_VERSION 0x0002 */ /* Protocol Message Codes */ #define SSL2_MT_ERROR 0 diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index d731634c7..341dc63ea 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -150,7 +150,7 @@ int session; if (session) { - if (s->version == SSL2_CLIENT_VERSION) + if (s->version == SSL2_VERSION) { ss->ssl_version=SSL2_VERSION; ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;