diff options
-rwxr-xr-x | openssl-connect | 18 | ||||
-rwxr-xr-x | openssl-listen | 21 |
2 files changed, 30 insertions, 9 deletions
diff --git a/openssl-connect b/openssl-connect index fa9b09a..4a977f7 100755 --- a/openssl-connect +++ b/openssl-connect @@ -2,11 +2,23 @@ # Connects to a SSL host for a list of ciphers # Author: Peter Wu <lekensteyn@gmail.com> -host=${1:-localhost} -portbase=${2:-4430} +host=localhost +portbase=4430 PSK=12345678 PSK=0102030405060708091011121314151617181920 +# assume that openssl options always start with - +if [[ $1 != -* ]]; then + host=$1; shift +fi +if [[ $1 != -* ]]; then + portbase=$1; shift + if ! [[ $portbase -gt 0 ]] || ! [[ $portbase -le 65535 ]]; then + echo "Port must be between 1 and 65535" >&2 + exit 1 + fi +fi + s_client_client_random() { awk ' # match Master-Key from SSL Session dump @@ -101,7 +113,7 @@ while read cipher; do openssl s_client -connect "$host:$port" -ign_eof -cipher "$cipher" \ -no_comp \ "${opts[@]}" \ - -msg 2>&1 | s_client_client_random + -msg "$@" 2>&1 | s_client_client_random done # vim: set et sw=4 ts=4: diff --git a/openssl-listen b/openssl-listen index 65cf714..3919c40 100755 --- a/openssl-listen +++ b/openssl-listen @@ -13,12 +13,20 @@ ecc_pub=secp384r1-rsa.crt PSK=12345678 PSK=0102030405060708091011121314151617181920 -pkdir=$1 -portbase=${2:-4430} +pkdir=$1; shift +portbase=4430 +# assume that openssl options always start with - +if [[ $1 != -* ]]; then + portbase=$1; shift + if ! [[ $portbase -gt 0 ]] || ! [[ $portbase -le 65535 ]]; then + echo "Port must be between 1 and 65535" >&2 + exit 1 + fi +fi if [ -z "$pkdir" ]; then cat <<EOF -Usage: $0 path-to-certsdir [port base]" +Usage: $0 path-to-certsdir [port base] [s_server options]" openssl s_client will listen on three ports, starting at 'port base' (default 4430) EOF @@ -73,7 +81,8 @@ gen_pk() { start_server() { local keyfile crtfile port auth ca_key= ca_crt= opts=() - auth=$1 + auth=$1; shift + # remaining arguments should be passed to s_server case $auth in RSA) @@ -113,7 +122,7 @@ start_server() { openssl s_server -accept $port \ "${opts[@]}" \ - -cert "$pkdir$crtfile" -key "$pkdir$keyfile" -www & + -cert "$pkdir$crtfile" -key "$pkdir$keyfile" -www "$@" & pids+=($!) } @@ -126,7 +135,7 @@ cleanup() { trap cleanup EXIT for auth in RSA ECDSA ECDH DSS; do - start_server $auth + start_server $auth "$@" done wait |