From b98af49d971e1dfe91c3aa52c31546e5d3eda2ee Mon Sep 17 00:00:00 2001 From: Carlos Alberto Lopez Perez Date: Mon, 6 Aug 2012 02:24:51 +0200 Subject: [PATCH] Add an "-xmpphost" option to s_client * Many XMPP servers are configured with multiple domains (virtual hosts) * In order to establish successfully the TLS connection you have to specify which virtual host you are trying to connect. * Test this, for example with :: * Fail: openssl s_client -connect talk.google.com:5222 -starttls xmpp * Works: openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com --- apps/s_client.c | 9 ++++++++- doc/apps/s_client.pod | 8 ++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/apps/s_client.c b/apps/s_client.c index 9c7f45f33c..3089a97176 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -350,6 +350,7 @@ static void sc_usage(void) BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); BIO_printf(bio_err," are supported.\n"); + BIO_printf(bio_err," -xmpphost host - When used with \"-starttls xmpp\" specifies the virtual host.\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); #endif @@ -595,6 +596,7 @@ int MAIN(int argc, char **argv) short port=PORT; int full_log=1; char *host=SSL_HOST_NAME; + char *xmpphost = NULL; char *cert_file=NULL,*key_file=NULL,*chain_file=NULL; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; @@ -726,6 +728,11 @@ static char *jpake_secret = NULL; if (!extract_host_port(*(++argv),&host,NULL,&port)) goto bad; } + else if (strcmp(*argv,"-xmpphost") == 0) + { + if (--argc < 1) goto bad; + xmpphost= *(++argv); + } else if (strcmp(*argv,"-verify") == 0) { verify=SSL_VERIFY_PEER; @@ -1670,7 +1677,7 @@ SSL_set_tlsext_status_ids(con, ids); int seen = 0; BIO_printf(sbio,"", host); + "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost? xmpphost:host); seen = BIO_read(sbio,mbuf,BUFSIZZ); mbuf[seen] = 0; while (!strstr(mbuf, " B [B<-bugs>] [B<-cipher cipherlist>] [B<-starttls protocol>] +[B<-xmpphost hostname>] [B<-engine id>] [B<-tlsextdebug>] [B<-no_ticket>] @@ -225,6 +226,13 @@ send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp". +=item B<-xmpphost hostname> + +This option, when used with "-starttls xmpp", specifies the host for the +"to" attribute of the stream element. +If this option is not specified, then the host specified with "-connect" +will be used. + =item B<-tlsextdebug> print out a hex dump of any TLS extensions received from the server.