2 files changed, 30 insertions, 9 deletions

diff --git a/openssl-connect b/openssl-connect
index fa9b09a..4a977f7 100755
--- a/openssl-connect
+++ b/openssl-connect
@@ -2,11 +2,23 @@
 # Connects to a SSL host for a list of ciphers
 # Author: Peter Wu <lekensteyn@gmail.com>
 
-host=${1:-localhost}
-portbase=${2:-4430}
+host=localhost
+portbase=4430
 PSK=12345678
 PSK=0102030405060708091011121314151617181920
 
+# assume that openssl options always start with -
+if [[ $1 != -* ]]; then
+    host=$1; shift
+fi
+if [[ $1 != -* ]]; then
+    portbase=$1; shift
+    if ! [[ $portbase -gt 0 ]] || ! [[ $portbase -le 65535 ]]; then
+        echo "Port must be between 1 and 65535" >&2
+        exit 1
+    fi
+fi
+
 s_client_client_random() {
     awk '
     # match Master-Key from SSL Session dump
@@ -101,7 +113,7 @@ while read cipher; do
     openssl s_client -connect "$host:$port" -ign_eof -cipher "$cipher" \
         -no_comp \
         "${opts[@]}" \
-        -msg 2>&1 | s_client_client_random
+        -msg "$@" 2>&1 | s_client_client_random
 done
 
 # vim: set et sw=4 ts=4:
diff --git a/openssl-listen b/openssl-listen
index 65cf714..3919c40 100755
--- a/openssl-listen
+++ b/openssl-listen
@@ -13,12 +13,20 @@ ecc_pub=secp384r1-rsa.crt
 PSK=12345678
 PSK=0102030405060708091011121314151617181920
 
-pkdir=$1
-portbase=${2:-4430}
+pkdir=$1; shift
+portbase=4430
+# assume that openssl options always start with -
+if [[ $1 != -* ]]; then
+    portbase=$1; shift
+    if ! [[ $portbase -gt 0 ]] || ! [[ $portbase -le 65535 ]]; then
+        echo "Port must be between 1 and 65535" >&2
+        exit 1
+    fi
+fi
 
 if [ -z "$pkdir" ]; then
     cat <<EOF
-Usage: $0 path-to-certsdir [port base]"
+Usage: $0 path-to-certsdir [port base] [s_server options]"
 openssl s_client will listen on three ports,
 starting at 'port base' (default 4430)
 EOF
@@ -73,7 +81,8 @@ gen_pk() {
 
 start_server() {
     local keyfile crtfile port auth ca_key= ca_crt= opts=()
-    auth=$1
+    auth=$1; shift
+    # remaining arguments should be passed to s_server
 
     case $auth in
     RSA)
@@ -113,7 +122,7 @@ start_server() {
 
     openssl s_server -accept $port \
         "${opts[@]}" \
-        -cert "$pkdir$crtfile" -key "$pkdir$keyfile" -www &
+        -cert "$pkdir$crtfile" -key "$pkdir$keyfile" -www "$@" &
     pids+=($!)
 }
 
@@ -126,7 +135,7 @@ cleanup() {
 trap cleanup EXIT
 
 for auth in RSA ECDSA ECDH DSS; do
-    start_server $auth
+    start_server $auth "$@"
 done
 
 wait