Re: problem in s_client -- comments on fix?
On Sun, Oct 14, 2001 at 06:19:30PM +0200, Lutz Jaenicke wrote: [...] * If you have any patch to submit that will improve the behaviour of s_client you are most welcome to post it to this list :-) OK, here you go, someone please apply this: diff -Naur apps/s_client.c apps/s_client.c --- apps/s_client.c Tue Oct 16 09:22:49 2001 +++ apps/s_client.c Tue Oct 16 09:22:01 2001 @@ -881,5 +881,7 @@ BIO_printf(bio,---\n); if (peer != NULL) X509_free(peer); +/* do this or debugging output gets mixed with http response */ + BIO_flush(bio); } Adam __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problem in s_client -- comments on fix?
On Tue, Oct 16, 2001 at 02:30:03PM +0100, Adam Back wrote: On Sun, Oct 14, 2001 at 06:19:30PM +0200, Lutz Jaenicke wrote: [...] * If you have any patch to submit that will improve the behaviour of s_client you are most welcome to post it to this list :-) OK, here you go, someone please apply this: diff -Naur apps/s_client.c apps/s_client.c --- apps/s_client.c Tue Oct 16 09:22:49 2001 +++ apps/s_client.c Tue Oct 16 09:22:01 2001 @@ -881,5 +881,7 @@ BIO_printf(bio,---\n); if (peer != NULL) X509_free(peer); +/* do this or debugging output gets mixed with http response */ + BIO_flush(bio); } Applied. Thanks, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
problem in s_client -- comments on fix?
I mentioned this to Ulf a while back when I found it. I tried parsing the output of s_client with some perl code I was writing, and I found that the connection information (cipher selection, certificate chain if you ask for it with -showcerts) gets mixed up with the HTTP response. I tracked it down to buffering problems -- some output is going via the BIO interface and other output is going direct to stdout (I think). The result is kind of random display of the connection information mixed in with the HTTP response. I temporarily patched it by putting a BIO_flush(bio) at the end of the print_stuff function in s_client.c. I also put immediately preceding that : BIO_printf(bio,---end---\n); /* use \n---end---\n as separator */ otherwise I couldn't easily recognise the boundary between HTTP response and content. Opinions on the correct thing to do? It seems that it might be better to put connection information on stderr where it can be unambigously separated. The downside of that is that there are cert verification error messages that get sent to stderr which would then get mixed with the connection information. Thoughts? Adam __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problem in s_client -- comments on fix?
On Sun, Oct 14, 2001 at 04:01:23PM +0100, Adam Back wrote: I tried parsing the output of s_client with some perl code I was writing, and I found that the connection information (cipher selection, certificate chain if you ask for it with -showcerts) gets mixed up with the HTTP response. What do you want to achieve? OpenSSL s_client is a test and demo program. If you want to seperate normal I/O and the connection information, the correct solution would be to use a seperate channel for the information. I didn't have a look into stunnel for quite some time. Maybe it is better suited to your needs, as it is intended for application and not for testing? Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problem in s_client -- comments on fix?
Don't worry about the application -- it was a thow-away proof of concept thing, already forgotten. You're probably right there are otherways to do it. I did consider stunnel briefly but there was some reason s_client fit better into the existing perl glue code I had. Either way though s_client's behavior is wrong, because even visually you can't _find_ the connection info mixed in with the HTTP response; my post was just to follow up having found the bug to fix the problem. The note about the application was just background of how I found it. For s_client's main purpose (command line manual testing), perhaps just the BIO_flush(bio) is all that's needed. Adam On Sun, Oct 14, 2001 at 05:33:49PM +0200, Lutz Jaenicke wrote: What do you want to achieve? OpenSSL s_client is a test and demo program. If you want to seperate normal I/O and the connection information, the correct solution would be to use a seperate channel for the information. I didn't have a look into stunnel for quite some time. Maybe it is better suited to your needs, as it is intended for application and not for testing? __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problem in s_client -- comments on fix?
On Sun, Oct 14, 2001 at 04:43:30PM +0100, Adam Back wrote: Either way though s_client's behavior is wrong, because even visually you can't _find_ the connection info mixed in with the HTTP response; my post was just to follow up having found the bug to fix the problem. The note about the application was just background of how I found it. For s_client's main purpose (command line manual testing), perhaps just the BIO_flush(bio) is all that's needed. Then please allow another statement: * I personally find s_client to be more or less unreadable :-( * OpenSSL 0.9.7 should be coming out in the very near future and I would not expect anything to change on this before 0.9.7 (and I am not aware of any statements to put work into an s_client cleanup anyway). * If you have any patch to submit that will improve the behaviour of s_client you are most welcome to post it to this list :-) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]