Merge Nokia copyright notice into standard

This is done with the kind permission of Nokia.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/o

Merge Nokia copyright notice into standard

This is done with the kind permission of Nokia.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3722)

show more ...

s_client accepts host/port as positional argument.

This allows the user to provide the target host and optional port to
openssl s_client as an optional positional argument, rather than a

s_client accepts host/port as positional argument.

This allows the user to provide the target host and optional port to
openssl s_client as an optional positional argument, rather than as the
argument to the -connect flag. This rationalises the user experience of
s_client: given that the only logical purpose of s_client is to connect
to a host, it is difficult to understand why there is an (effectively
mandatory) command option to pass to make that happen.

This patch forbids providing *both* -connect and the positional
argument, because it would likely be too difficult to reconcile.
Otherwise, using the positional argument behaves exactly the same as
using -connect does.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1171)

show more ...

Forbid to specify -nextprotoneg if -tls1_3 is enabled

This applies both to s_client and s_server app.

Reaction to Issue #3665.

Signed-off-by: Paul Yang <paulyang.inf@gmail.

Forbid to specify -nextprotoneg if -tls1_3 is enabled

This applies both to s_client and s_server app.

Reaction to Issue #3665.

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3697)

show more ...

Make SNI behavior more clear in s_client doc & help

Update s_client -help and pod file.

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Andy Polyakov <appro@

Make SNI behavior more clear in s_client doc & help

Update s_client -help and pod file.

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3654)

show more ...

Clean up a bundle of codingstyle stuff in apps directory

Mostly braces and NULL pointer check and also copyright year bump

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Clean up a bundle of codingstyle stuff in apps directory

Mostly braces and NULL pointer check and also copyright year bump

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3657)

show more ...

Fix possible memory over-read in apps/s_client.c

a buffer returned from BIO_gets is not checked for it's length before
reading its contents.

Reviewed-by: Ben Kaduk <kaduk@mit.ed

Fix possible memory over-read in apps/s_client.c

a buffer returned from BIO_gets is not checked for it's length before
reading its contents.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3630)

show more ...

Added mysql as starttls protocol.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3456)

Add checks on return code when applying some settings.
Remove hardcoded bound checkings.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

Add checks on return code when applying some settings.
Remove hardcoded bound checkings.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3141)

show more ...

Output prog name within error message

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Output prog name within error message

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3141)

show more ...

Add a 'max_send_frag' option to configure maximum size of send fragments

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richar

Add a 'max_send_frag' option to configure maximum size of send fragments

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3141)

show more ...

Fix s_client when no-dtls

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3344)

Remove (broken) diagnostic print

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3336)

Ensure s_client sends an SNI extension by default

Enforcement of an SNI extension in the initial ClientHello is becoming
increasingly common (e.g. see GitHub issue #2580). This commit ch

Ensure s_client sends an SNI extension by default

Enforcement of an SNI extension in the initial ClientHello is becoming
increasingly common (e.g. see GitHub issue #2580). This commit changes
s_client so that it adds SNI be default, unless explicitly told not to via
the new "-noservername" option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2614)

show more ...

Switch command-line utils to new nameopt API.

The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO

Switch command-line utils to new nameopt API.

The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)

show more ...

Add a -sctp option to s_client

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)

Print CA names in s_server, add -requestCAfile to s_client

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)

Add requestCAfile option

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)

apps/*.c: switch to platform-neutral format modifiers in BIO_print calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3083)

Fix s_client early data indicator

s_client was always saying that early_data was rejected even when it was
accepted. This was because it was using the wrong test to detect the end
of

Fix s_client early data indicator

s_client was always saying that early_data was rejected even when it was
accepted. This was because it was using the wrong test to detect the end
of the handshake. It was using SSL_in_init() which only tells you whether
it is currently processing/sending/expecting handshake messages. It should
use SSL_is_init_finished() which tells you that no handshake messages are
being processed/sent/expected AND we have completed the handshake. In the
early data case we are not processing/sending handshake messages and we
are expecting early data (not a handshake message) - but the handshake has
not yet completed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3090)

show more ...

Fix a -Wsign-compare warning

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2940)

apps/s_client.c: harden ldap_ExtendedResponse_parse.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Rename SSL_write_early() to SSL_write_early_data()

This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsal

Rename SSL_write_early() to SSL_write_early_data()

This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)

show more ...

Updates to s_server and s_client for the latest early_data API changes

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)

Tighten sanity checks when calling early data functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)

Get s_client to report on whether early data was accepted or not

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)