Add an "-xmpphost" option to s_client
* Many XMPP servers are configured with multiple domains (virtual hosts) * In order to establish successfully the TLS connection you have to specify which virtual host you are trying to connect. * Test this, for example with :: * Fail: openssl s_client -connect talk.google.com:5222 -starttls xmpp * Works: openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
This commit is contained in:
parent
50f307a98f
commit
b98af49d97
2 changed files with 16 additions and 1 deletions
|
@ -350,6 +350,7 @@ static void sc_usage(void)
|
|||
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
|
||||
BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
|
||||
BIO_printf(bio_err," are supported.\n");
|
||||
BIO_printf(bio_err," -xmpphost host - When used with \"-starttls xmpp\" specifies the virtual host.\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
|
||||
#endif
|
||||
|
@ -595,6 +596,7 @@ int MAIN(int argc, char **argv)
|
|||
short port=PORT;
|
||||
int full_log=1;
|
||||
char *host=SSL_HOST_NAME;
|
||||
char *xmpphost = NULL;
|
||||
char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
|
||||
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
|
||||
char *passarg = NULL, *pass = NULL;
|
||||
|
@ -726,6 +728,11 @@ static char *jpake_secret = NULL;
|
|||
if (!extract_host_port(*(++argv),&host,NULL,&port))
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-xmpphost") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
xmpphost= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
{
|
||||
verify=SSL_VERIFY_PEER;
|
||||
|
@ -1670,7 +1677,7 @@ SSL_set_tlsext_status_ids(con, ids);
|
|||
int seen = 0;
|
||||
BIO_printf(sbio,"<stream:stream "
|
||||
"xmlns:stream='http://etherx.jabber.org/streams' "
|
||||
"xmlns='jabber:client' to='%s' version='1.0'>", host);
|
||||
"xmlns='jabber:client' to='%s' version='1.0'>", xmpphost? xmpphost:host);
|
||||
seen = BIO_read(sbio,mbuf,BUFSIZZ);
|
||||
mbuf[seen] = 0;
|
||||
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") &&
|
||||
|
|
|
@ -37,6 +37,7 @@ B<openssl> B<s_client>
|
|||
[B<-bugs>]
|
||||
[B<-cipher cipherlist>]
|
||||
[B<-starttls protocol>]
|
||||
[B<-xmpphost hostname>]
|
||||
[B<-engine id>]
|
||||
[B<-tlsextdebug>]
|
||||
[B<-no_ticket>]
|
||||
|
@ -225,6 +226,13 @@ send the protocol-specific message(s) to switch to TLS for communication.
|
|||
B<protocol> is a keyword for the intended protocol. Currently, the only
|
||||
supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
|
||||
|
||||
=item B<-xmpphost hostname>
|
||||
|
||||
This option, when used with "-starttls xmpp", specifies the host for the
|
||||
"to" attribute of the stream element.
|
||||
If this option is not specified, then the host specified with "-connect"
|
||||
will be used.
|
||||
|
||||
=item B<-tlsextdebug>
|
||||
|
||||
print out a hex dump of any TLS extensions received from the server.
|
||||
|
|
Loading…
Reference in a new issue