From 798b5a620746f042dce4a019c73e2d9c82598d22 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Mon, 30 Sep 2013 23:08:27 +0200 Subject: openssl-{connect,listen}: Add PSK support Wireshark already supports these suites, yay :) --- openssl-connect | 8 +++++--- openssl-listen | 7 ++++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/openssl-connect b/openssl-connect index 7b7c4b7..9faab3f 100755 --- a/openssl-connect +++ b/openssl-connect @@ -4,6 +4,7 @@ host=${1:-localhost} portbase=${2:-4430} +PSK=12345678 s_client_client_random() { awk ' @@ -77,6 +78,7 @@ awk '# Look for something like ECDHE-RSA-AES256-SHA } }' | while read cipher; do + opts=() case $cipher in *-ECDSA-*) port=$((portbase+1)) ;; @@ -85,9 +87,8 @@ while read cipher; do *-DSS-*) port=$((portbase+3)) ;; PSK-*) - echo "Skipping unsupported PSK" >&2 - continue - ;; + opts+=(-psk "$PSK") + port=$portbase ;; *-RSA-*|*) # assume RSA (includes name like RC4-SHA) port=$portbase ;; esac @@ -98,6 +99,7 @@ while read cipher; do printf "GET / HTTP/1.0\r\n\r\n" | openssl s_client -connect "$host:$port" -ign_eof -cipher "$cipher" \ -no_comp \ + "${opts[@]}" \ -msg 2>&1 | s_client_client_random done diff --git a/openssl-listen b/openssl-listen index e45e3dd..dd37e44 100755 --- a/openssl-listen +++ b/openssl-listen @@ -10,6 +10,7 @@ ecd_prv=secp384r1-dsa.pem ecd_pub=secp384r1-dsa.crt ecc_prv=secp384r1-rsa.pem ecc_pub=secp384r1-rsa.crt +PSK=12345678 pkdir=$1 portbase=${2:-4430} @@ -29,8 +30,6 @@ if ! mkdir -p "$pkdir"; then exit 1 fi -set -u - pids=() gen_pk() { @@ -72,7 +71,7 @@ gen_pk() { } start_server() { - local keyfile crtfile port auth ca_key= ca_crt= + local keyfile crtfile port auth ca_key= ca_crt= opts=() auth=$1 case $auth in @@ -80,6 +79,7 @@ start_server() { crtfile=$rsa_pub keyfile=$rsa_prv port=$portbase + opts+=(-psk "$PSK") ;; ECDSA) crtfile=$ecd_pub @@ -111,6 +111,7 @@ start_server() { fi openssl s_server -accept $port \ + "${opts[@]}" \ -cert "$pkdir$crtfile" -key "$pkdir$keyfile" -www & pids+=($!) } -- cgit v1.2.1