Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / cf0ce676d6aad0ec19f3a661f6903ea36bacdf91 / . / tool / client.cc
blob: e1d9a26bbebf136fe85fea1e097d32838bca6f1b [file] [log] [blame]
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <openssl/base.h>
16
David Benjamind28f59c2015-11-17 22:32:50 -0500[diff] [blame]17#include <stdio.h>
18
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]19#if !defined(OPENSSL_WINDOWS)
20#include <sys/select.h>
21#else
David Benjamin7c7ab212017-01-10 15:20:19 -0500[diff] [blame]22OPENSSL_MSVC_PRAGMA(warning(push, 3))
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]23#include <winsock2.h>
David Benjamin7c7ab212017-01-10 15:20:19 -0500[diff] [blame]24OPENSSL_MSVC_PRAGMA(warning(pop))
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]25#endif
26
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]27#include <openssl/err.h>
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]28#include <openssl/pem.h>
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]29#include <openssl/ssl.h>
30
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]31#include "../crypto/internal.h"
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]32#include "internal.h"
Dave Tapuskab8a824d2014-12-10 19:09:52 -0500[diff] [blame]33#include "transport_common.h"
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]34
35
36static const struct argument kArguments[] = {
37 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]38 "-connect", kRequiredArgument,
39 "The hostname and port of the server to connect to, e.g. foo.com:443",
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]40 },
41 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]42 "-cipher", kOptionalArgument,
43 "An OpenSSL-style cipher suite string that configures the offered "
44 "ciphers",
Adam Langley5f51c252014-10-28 15:45:39 -0700[diff] [blame]45 },
46 {
Piotr Sikorad0757062017-04-14 02:59:34 -0700[diff] [blame]47 "-curves", kOptionalArgument,
48 "An OpenSSL-style ECDH curves list that configures the offered curves",
49 },
50 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]51 "-max-version", kOptionalArgument,
52 "The maximum acceptable protocol version",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]53 },
54 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]55 "-min-version", kOptionalArgument,
56 "The minimum acceptable protocol version",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]57 },
58 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]59 "-server-name", kOptionalArgument, "The server name to advertise",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]60 },
61 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]62 "-select-next-proto", kOptionalArgument,
63 "An NPN protocol to select if the server supports NPN",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]64 },
65 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]66 "-alpn-protos", kOptionalArgument,
67 "A comma-separated list of ALPN protocols to advertise",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]68 },
69 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]70 "-fallback-scsv", kBooleanArgument, "Enable FALLBACK_SCSV",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]71 },
72 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]73 "-ocsp-stapling", kBooleanArgument,
74 "Advertise support for OCSP stabling",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]75 },
76 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]77 "-signed-certificate-timestamps", kBooleanArgument,
78 "Advertise support for signed certificate timestamps",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]79 },
80 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]81 "-channel-id-key", kOptionalArgument,
82 "The key to use for signing a channel ID",
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]83 },
84 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]85 "-false-start", kBooleanArgument, "Enable False Start",
David Benjamin621f95a2015-08-28 15:08:34 -0400[diff] [blame]86 },
David Benjamin1043ac02015-06-04 15:26:04 -0400[diff] [blame]87 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]88 "-session-in", kOptionalArgument,
89 "A file containing a session to resume.",
David Benjamin86e412d2015-12-02 19:34:58 -0500[diff] [blame]90 },
91 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]92 "-session-out", kOptionalArgument,
93 "A file to write the negotiated session to.",
Adam Langley403c52a2016-07-07 14:52:02 -0700[diff] [blame]94 },
95 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]96 "-key", kOptionalArgument,
David Benjamincb3af3e2017-04-09 09:52:47 -0400[diff] [blame]97 "PEM-encoded file containing the private key.",
98 },
99 {
100 "-cert", kOptionalArgument,
101 "PEM-encoded file containing the leaf certificate and optional "
102 "certificate chain. This is taken from the -key argument if this "
103 "argument is not provided.",
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]104 },
105 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]106 "-starttls", kOptionalArgument,
107 "A STARTTLS mini-protocol to run before the TLS handshake. Supported"
108 " values: 'smtp'",
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]109 },
110 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]111 "-grease", kBooleanArgument, "Enable GREASE",
112 },
113 {
114 "-test-resumption", kBooleanArgument,
115 "Connect to the server twice. The first connection is closed once a "
116 "session is established. The second connection offers it.",
117 },
118 {
119 "-root-certs", kOptionalArgument,
120 "A filename containing one of more PEM root certificates. Implies that "
121 "verification is required.",
Adam Langleye5dfb522017-02-03 10:31:00 -0800[diff] [blame]122 },
123 {
Steven Valdeze831a812017-03-09 14:56:07 -0500[diff] [blame]124 "-early-data", kOptionalArgument, "Allow early data",
Steven Valdez2d850622017-01-11 11:34:52 -0500[diff] [blame]125 },
126 {
Steven Valdezdbe01582017-07-14 10:39:28 -0400[diff] [blame]127 "-tls13-variant", kOptionalArgument,
128 "Enable the specified experimental TLS 1.3 variant",
Steven Valdez520e1222017-06-13 12:45:25 -0400[diff] [blame]129 },
130 {
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]131 "-ed25519", kBooleanArgument, "Advertise Ed25519 support",
132 },
133 {
David Benjaminee7aa022017-07-07 16:47:59 -0400[diff] [blame]134 "-http-tunnel", kOptionalArgument,
135 "An HTTP proxy server to tunnel the TCP connection through",
136 },
137 {
David Benjamin6df76672017-08-16 13:02:24 -0400[diff] [blame]138 "-renegotiate-freely", kBooleanArgument,
139 "Allow renegotiations from the peer.",
140 },
141 {
David Benjaminf60bcfb2017-08-18 15:23:44 -0400[diff] [blame]142 "-debug", kBooleanArgument,
143 "Print debug information about the handshake",
144 },
145 {
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]146 "", kOptionalArgument, "",
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]147 },
148};
149
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]150static bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) {
151 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]152 if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
153 return nullptr;
154 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]155 bssl::UniquePtr<EVP_PKEY> pkey(PEM_read_bio_PrivateKey(bio.get(), nullptr,
156 nullptr, nullptr));
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]157 return pkey;
158}
159
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]160static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen,
161 const uint8_t* in, unsigned inlen, void* arg) {
162 *out = reinterpret_cast<uint8_t *>(arg);
163 *outlen = strlen(reinterpret_cast<const char *>(arg));
164 return SSL_TLSEXT_ERR_OK;
165}
166
David Benjamind28f59c2015-11-17 22:32:50 -0500[diff] [blame]167static FILE *g_keylog_file = nullptr;
168
169static void KeyLogCallback(const SSL *ssl, const char *line) {
170 fprintf(g_keylog_file, "%s\n", line);
171 fflush(g_keylog_file);
172}
173
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]174static bssl::UniquePtr<BIO> session_out;
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]175static bssl::UniquePtr<SSL_SESSION> resume_session;
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]176
177static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) {
178 if (session_out) {
179 if (!PEM_write_bio_SSL_SESSION(session_out.get(), session) ||
180 BIO_flush(session_out.get()) <= 0) {
181 fprintf(stderr, "Error while saving session:\n");
182 ERR_print_errors_cb(PrintErrorCallback, stderr);
183 return 0;
184 }
185 }
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]186 resume_session = bssl::UniquePtr<SSL_SESSION>(session);
187 return 1;
188}
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]189
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]190static bool WaitForSession(SSL *ssl, int sock) {
191 fd_set read_fds;
192 FD_ZERO(&read_fds);
193
194 if (!SocketSetNonBlocking(sock, true)) {
195 return false;
196 }
197
198 while (!resume_session) {
199 FD_SET(sock, &read_fds);
200 int ret = select(sock + 1, &read_fds, NULL, NULL, NULL);
201 if (ret <= 0) {
202 perror("select");
203 return false;
204 }
205
206 uint8_t buffer[512];
207 int ssl_ret = SSL_read(ssl, buffer, sizeof(buffer));
208
209 if (ssl_ret <= 0) {
210 int ssl_err = SSL_get_error(ssl, ssl_ret);
211 if (ssl_err == SSL_ERROR_WANT_READ) {
212 continue;
213 }
214 fprintf(stderr, "Error while reading: %d\n", ssl_err);
215 ERR_print_errors_cb(PrintErrorCallback, stderr);
216 return false;
217 }
218 }
219
220 return true;
221}
222
223static bool DoConnection(SSL_CTX *ctx,
224 std::map<std::string, std::string> args_map,
225 bool (*cb)(SSL *ssl, int sock)) {
226 int sock = -1;
David Benjaminee7aa022017-07-07 16:47:59 -0400[diff] [blame]227 if (args_map.count("-http-tunnel") != 0) {
228 if (!Connect(&sock, args_map["-http-tunnel"]) ||
229 !DoHTTPTunnel(sock, args_map["-connect"])) {
230 return false;
231 }
232 } else if (!Connect(&sock, args_map["-connect"])) {
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]233 return false;
234 }
235
236 if (args_map.count("-starttls") != 0) {
237 const std::string& starttls = args_map["-starttls"];
238 if (starttls == "smtp") {
239 if (!DoSMTPStartTLS(sock)) {
240 return false;
241 }
242 } else {
243 fprintf(stderr, "Unknown value for -starttls: %s\n", starttls.c_str());
244 return false;
245 }
246 }
247
248 bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_CLOSE));
249 bssl::UniquePtr<SSL> ssl(SSL_new(ctx));
250
251 if (args_map.count("-server-name") != 0) {
252 SSL_set_tlsext_host_name(ssl.get(), args_map["-server-name"].c_str());
253 }
254
255 if (args_map.count("-session-in") != 0) {
256 bssl::UniquePtr<BIO> in(BIO_new_file(args_map["-session-in"].c_str(),
257 "rb"));
258 if (!in) {
259 fprintf(stderr, "Error reading session\n");
260 ERR_print_errors_cb(PrintErrorCallback, stderr);
261 return false;
262 }
263 bssl::UniquePtr<SSL_SESSION> session(PEM_read_bio_SSL_SESSION(in.get(),
264 nullptr, nullptr, nullptr));
265 if (!session) {
266 fprintf(stderr, "Error reading session\n");
267 ERR_print_errors_cb(PrintErrorCallback, stderr);
268 return false;
269 }
270 SSL_set_session(ssl.get(), session.get());
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]271 }
272
David Benjamin6df76672017-08-16 13:02:24 -0400[diff] [blame]273 if (args_map.count("-renegotiate-freely") != 0) {
274 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely);
275 }
276
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]277 if (resume_session) {
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]278 SSL_set_session(ssl.get(), resume_session.get());
279 }
280
281 SSL_set_bio(ssl.get(), bio.get(), bio.get());
282 bio.release();
283
284 int ret = SSL_connect(ssl.get());
285 if (ret != 1) {
286 int ssl_err = SSL_get_error(ssl.get(), ret);
287 fprintf(stderr, "Error while connecting: %d\n", ssl_err);
288 ERR_print_errors_cb(PrintErrorCallback, stderr);
289 return false;
290 }
291
Steven Valdeze831a812017-03-09 14:56:07 -0500[diff] [blame]292 if (args_map.count("-early-data") != 0 && SSL_in_early_data(ssl.get())) {
293 int ed_size = args_map["-early-data"].size();
294 int ssl_ret = SSL_write(ssl.get(), args_map["-early-data"].data(), ed_size);
295 if (ssl_ret <= 0) {
296 int ssl_err = SSL_get_error(ssl.get(), ssl_ret);
297 fprintf(stderr, "Error while writing: %d\n", ssl_err);
298 ERR_print_errors_cb(PrintErrorCallback, stderr);
299 return false;
300 } else if (ssl_ret != ed_size) {
301 fprintf(stderr, "Short write from SSL_write.\n");
302 return false;
303 }
304 }
305
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]306 fprintf(stderr, "Connected.\n");
Peter Wu5663b632017-09-15 15:09:03 +0100[diff] [blame]307 bssl::UniquePtr<BIO> bio_stderr(BIO_new_fp(stderr, BIO_NOCLOSE));
308 PrintConnectionInfo(bio_stderr.get(), ssl.get());
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]309
310 return cb(ssl.get(), sock);
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]311}
312
David Benjamin590b6772017-08-08 20:09:17 -0400[diff] [blame]313static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) {
314 if (in == "draft") {
315 *out = tls13_default;
316 return true;
317 }
318 if (in == "experiment") {
319 *out = tls13_experiment;
320 return true;
321 }
Steven Valdez16821262017-09-08 17:03:42 -0400[diff] [blame]322 if (in == "experiment2") {
323 *out = tls13_experiment2;
324 return true;
325 }
Steven Valdezc7d4d212017-09-11 13:53:08 -0400[diff] [blame]326 if (in == "experiment3") {
327 *out = tls13_experiment3;
328 return true;
329 }
David Benjamin590b6772017-08-08 20:09:17 -0400[diff] [blame]330 if (in == "record-type") {
331 *out = tls13_record_type_experiment;
332 return true;
333 }
334 if (in == "no-session-id") {
335 *out = tls13_no_session_id_experiment;
336 return true;
337 }
338 return false;
339}
340
David Benjaminf60bcfb2017-08-18 15:23:44 -0400[diff] [blame]341static void InfoCallback(const SSL *ssl, int type, int value) {
342 switch (type) {
343 case SSL_CB_HANDSHAKE_START:
344 fprintf(stderr, "Handshake started.\n");
345 break;
346 case SSL_CB_HANDSHAKE_DONE:
347 fprintf(stderr, "Handshake done.\n");
348 break;
349 case SSL_CB_CONNECT_LOOP:
350 fprintf(stderr, "Handshake progress: %s\n", SSL_state_string_long(ssl));
351 break;
352 }
353}
354
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]355bool Client(const std::vector<std::string> &args) {
Brian Smith33970e62015-01-27 22:32:08 -0800[diff] [blame]356 if (!InitSocketLibrary()) {
357 return false;
358 }
359
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]360 std::map<std::string, std::string> args_map;
361
362 if (!ParseKeyValueArguments(&args_map, args, kArguments)) {
363 PrintUsage(kArguments);
364 return false;
365 }
366
David Benjamin65b87ce2017-08-17 13:11:23 -0400[diff] [blame]367 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]368
David Benjamin859ec3c2014-09-02 16:29:36 -0400[diff] [blame]369 const char *keylog_file = getenv("SSLKEYLOGFILE");
370 if (keylog_file) {
David Benjamind28f59c2015-11-17 22:32:50 -0500[diff] [blame]371 g_keylog_file = fopen(keylog_file, "a");
372 if (g_keylog_file == nullptr) {
373 perror("fopen");
David Benjamin859ec3c2014-09-02 16:29:36 -0400[diff] [blame]374 return false;
375 }
David Benjamind28f59c2015-11-17 22:32:50 -0500[diff] [blame]376 SSL_CTX_set_keylog_callback(ctx.get(), KeyLogCallback);
David Benjamin859ec3c2014-09-02 16:29:36 -0400[diff] [blame]377 }
378
Dave Tapuskab8a824d2014-12-10 19:09:52 -0500[diff] [blame]379 if (args_map.count("-cipher") != 0 &&
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]380 !SSL_CTX_set_strict_cipher_list(ctx.get(), args_map["-cipher"].c_str())) {
Dave Tapuskab8a824d2014-12-10 19:09:52 -0500[diff] [blame]381 fprintf(stderr, "Failed setting cipher list\n");
382 return false;
Adam Langley5f51c252014-10-28 15:45:39 -0700[diff] [blame]383 }
384
Piotr Sikorad0757062017-04-14 02:59:34 -0700[diff] [blame]385 if (args_map.count("-curves") != 0 &&
386 !SSL_CTX_set1_curves_list(ctx.get(), args_map["-curves"].c_str())) {
387 fprintf(stderr, "Failed setting curves list\n");
388 return false;
389 }
390
Adam Langley040bc492017-02-09 15:30:52 -0800[diff] [blame]391 uint16_t max_version = TLS1_3_VERSION;
392 if (args_map.count("-max-version") != 0 &&
393 !VersionFromString(&max_version, args_map["-max-version"])) {
394 fprintf(stderr, "Unknown protocol version: '%s'\n",
395 args_map["-max-version"].c_str());
396 return false;
397 }
398
399 if (!SSL_CTX_set_max_proto_version(ctx.get(), max_version)) {
400 return false;
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]401 }
402
403 if (args_map.count("-min-version") != 0) {
404 uint16_t version;
405 if (!VersionFromString(&version, args_map["-min-version"])) {
406 fprintf(stderr, "Unknown protocol version: '%s'\n",
407 args_map["-min-version"].c_str());
408 return false;
409 }
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]410 if (!SSL_CTX_set_min_proto_version(ctx.get(), version)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]411 return false;
412 }
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]413 }
414
415 if (args_map.count("-select-next-proto") != 0) {
416 const std::string &proto = args_map["-select-next-proto"];
417 if (proto.size() > 255) {
418 fprintf(stderr, "Bad NPN protocol: '%s'\n", proto.c_str());
419 return false;
420 }
421 // |SSL_CTX_set_next_proto_select_cb| is not const-correct.
422 SSL_CTX_set_next_proto_select_cb(ctx.get(), NextProtoSelectCallback,
423 const_cast<char *>(proto.c_str()));
424 }
425
426 if (args_map.count("-alpn-protos") != 0) {
427 const std::string &alpn_protos = args_map["-alpn-protos"];
428 std::vector<uint8_t> wire;
429 size_t i = 0;
430 while (i <= alpn_protos.size()) {
431 size_t j = alpn_protos.find(',', i);
432 if (j == std::string::npos) {
433 j = alpn_protos.size();
434 }
435 size_t len = j - i;
436 if (len > 255) {
437 fprintf(stderr, "Invalid ALPN protocols: '%s'\n", alpn_protos.c_str());
438 return false;
439 }
440 wire.push_back(static_cast<uint8_t>(len));
441 wire.resize(wire.size() + len);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]442 OPENSSL_memcpy(wire.data() + wire.size() - len, alpn_protos.data() + i,
443 len);
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]444 i = j + 1;
445 }
446 if (SSL_CTX_set_alpn_protos(ctx.get(), wire.data(), wire.size()) != 0) {
447 return false;
448 }
449 }
450
451 if (args_map.count("-fallback-scsv") != 0) {
452 SSL_CTX_set_mode(ctx.get(), SSL_MODE_SEND_FALLBACK_SCSV);
453 }
454
455 if (args_map.count("-ocsp-stapling") != 0) {
456 SSL_CTX_enable_ocsp_stapling(ctx.get());
457 }
458
459 if (args_map.count("-signed-certificate-timestamps") != 0) {
460 SSL_CTX_enable_signed_cert_timestamps(ctx.get());
461 }
462
463 if (args_map.count("-channel-id-key") != 0) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]464 bssl::UniquePtr<EVP_PKEY> pkey =
465 LoadPrivateKey(args_map["-channel-id-key"]);
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]466 if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx.get(), pkey.get())) {
467 return false;
468 }
David Benjamin05709232015-03-23 19:01:33 -0400[diff] [blame]469 }
470
David Benjamin1043ac02015-06-04 15:26:04 -0400[diff] [blame]471 if (args_map.count("-false-start") != 0) {
472 SSL_CTX_set_mode(ctx.get(), SSL_MODE_ENABLE_FALSE_START);
473 }
474
David Benjamin86e412d2015-12-02 19:34:58 -0500[diff] [blame]475 if (args_map.count("-key") != 0) {
476 const std::string &key = args_map["-key"];
David Benjamincb3af3e2017-04-09 09:52:47 -0400[diff] [blame]477 if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(),
478 SSL_FILETYPE_PEM)) {
David Benjamin86e412d2015-12-02 19:34:58 -0500[diff] [blame]479 fprintf(stderr, "Failed to load private key: %s\n", key.c_str());
480 return false;
481 }
David Benjamincb3af3e2017-04-09 09:52:47 -0400[diff] [blame]482 const std::string &cert =
483 args_map.count("-cert") != 0 ? args_map["-cert"] : key;
484 if (!SSL_CTX_use_certificate_chain_file(ctx.get(), cert.c_str())) {
485 fprintf(stderr, "Failed to load cert chain: %s\n", cert.c_str());
David Benjamin86e412d2015-12-02 19:34:58 -0500[diff] [blame]486 return false;
487 }
488 }
489
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]490 SSL_CTX_set_session_cache_mode(ctx.get(), SSL_SESS_CACHE_CLIENT);
491 SSL_CTX_sess_set_new_cb(ctx.get(), NewSessionCallback);
492
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]493 if (args_map.count("-session-out") != 0) {
494 session_out.reset(BIO_new_file(args_map["-session-out"].c_str(), "wb"));
495 if (!session_out) {
David Benjamin70728842016-09-06 18:18:52 -0400[diff] [blame]496 fprintf(stderr, "Error while opening %s:\n",
497 args_map["-session-out"].c_str());
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]498 ERR_print_errors_cb(PrintErrorCallback, stderr);
499 return false;
500 }
Steven Valdez7b689f62016-08-02 15:59:26 -0400[diff] [blame]501 }
502
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]503 if (args_map.count("-grease") != 0) {
504 SSL_CTX_set_grease_enabled(ctx.get(), 1);
505 }
506
Adam Langleye5dfb522017-02-03 10:31:00 -0800[diff] [blame]507 if (args_map.count("-root-certs") != 0) {
508 if (!SSL_CTX_load_verify_locations(
509 ctx.get(), args_map["-root-certs"].c_str(), nullptr)) {
510 fprintf(stderr, "Failed to load root certificates.\n");
511 ERR_print_errors_cb(PrintErrorCallback, stderr);
512 return false;
513 }
514 SSL_CTX_set_verify(ctx.get(), SSL_VERIFY_PEER, nullptr);
515 }
516
Steven Valdez2d850622017-01-11 11:34:52 -0500[diff] [blame]517 if (args_map.count("-early-data") != 0) {
518 SSL_CTX_set_early_data_enabled(ctx.get(), 1);
519 }
520
Steven Valdez520e1222017-06-13 12:45:25 -0400[diff] [blame]521 if (args_map.count("-tls13-variant") != 0) {
David Benjamin590b6772017-08-08 20:09:17 -0400[diff] [blame]522 tls13_variant_t variant;
523 if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) {
524 fprintf(stderr, "Unknown TLS 1.3 variant: %s\n",
525 args_map["-tls13-variant"].c_str());
526 return false;
527 }
528 SSL_CTX_set_tls13_variant(ctx.get(), variant);
Steven Valdez520e1222017-06-13 12:45:25 -0400[diff] [blame]529 }
530
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]531 if (args_map.count("-ed25519") != 0) {
532 SSL_CTX_set_ed25519_enabled(ctx.get(), 1);
533 }
534
David Benjaminf60bcfb2017-08-18 15:23:44 -0400[diff] [blame]535 if (args_map.count("-debug") != 0) {
536 SSL_CTX_set_info_callback(ctx.get(), InfoCallback);
537 }
538
David Benjamin712f3722017-04-05 14:52:09 -0400[diff] [blame]539 if (args_map.count("-test-resumption") != 0) {
540 if (args_map.count("-session-in") != 0) {
541 fprintf(stderr,
542 "Flags -session-in and -test-resumption are incompatible.\n");
543 return false;
544 }
545
546 if (!DoConnection(ctx.get(), args_map, &WaitForSession)) {
547 return false;
548 }
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]549 }
550
Steven Valdez87c0bb22016-12-07 10:31:16 -0500[diff] [blame]551 return DoConnection(ctx.get(), args_map, &TransferData);
Adam Langleyaacec172014-06-20 12:00:00 -0700[diff] [blame]552}