[openssl-dev] [openssl.org #4607] improve quietness for s_client ... also documentation for s_client + s_server

Tue, 05 Jul 2016 12:00:49 -0700 

Hi --

Attached are four simple patches.
They make the apps more usable.
They should be pretty much self-explanatory.
Let me know if you have questions.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4607
Please log in as guest with password guest if prompted


>From 07ff5a786d6d06774688404c2dedf86097d449d4 Mon Sep 17 00:00:00 2001
From: John Denker <j...@av8n.com>
Date: Tue, 5 Jul 2016 08:49:10 -0700
Subject: [PATCH 1/4] make s_client more quiet when -quiet is specified

---
 apps/s_client.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index e79cf7e..0391581 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2331,7 +2331,7 @@ int s_client_main(int argc, char **argv)
                 if (c_brief)
                     BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n");
                 else
-                    BIO_printf(bio_err, "read:errno=%d\n", ret);
+                    if (ret || !c_quiet) BIO_printf(bio_err, "read:errno=%d\n", ret);
                 goto shut;
             case SSL_ERROR_ZERO_RETURN:
                 BIO_printf(bio_c_out, "closed\n");
@@ -2377,7 +2377,7 @@ int s_client_main(int argc, char **argv)
                 at_eof = 1;
 
             if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q' && cmdletters))) {
-                BIO_printf(bio_err, "DONE\n");
+                if (!c_quiet) BIO_printf(bio_err, "DONE.\n");
                 ret = 0;
                 goto shut;
             }
-- 
2.7.4


>From e6d642aba8281fb57afd637a87b8dd982f27e988 Mon Sep 17 00:00:00 2001
From: John Denker <j...@av8n.com>
Date: Tue, 5 Jul 2016 08:50:58 -0700
Subject: [PATCH 2/4] when a write to stdout has failed, sending a message to
 stdout is pointless, so let's send it to stderr instead; also let's send a
 more informative message

---
 apps/s_client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 0391581..504e729 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2269,7 +2269,9 @@ int s_client_main(int argc, char **argv)
             i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len);
 
             if (i <= 0) {
-                BIO_printf(bio_c_out, "DONE\n");
+                /* typical failure is broken pipe */
+                BIO_printf(bio_err, "s_client.c: write to stdout failed (%d): %s\n",
+                        i, strerror(errno));
                 ret = 0;
                 goto shut;
                 /* goto end; */
-- 
2.7.4


>From 59272ed9b51263a165866637ff993382ad8d2bfc Mon Sep 17 00:00:00 2001
From: John Denker <j...@av8n.com>
Date: Tue, 5 Jul 2016 09:09:37 -0700
Subject: [PATCH 3/4] document the -verify_quiet option to s_client

---
 apps/s_client.c       |  6 ++++--
 doc/apps/s_client.pod | 10 ++++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 504e729..b0ad2a0 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -611,7 +611,8 @@ OPTIONS s_client_options[] = {
     {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"},
     {"state", OPT_STATE, '-', "Print the ssl states"},
     {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
-    {"quiet", OPT_QUIET, '-', "No s_client output"},
+    {"quiet", OPT_QUIET, '-',
+      "Do not print session and certificate info.  See also -verify_quiet"},
     {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
     {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
     {"starttls", OPT_STARTTLS, 's',
@@ -635,7 +636,8 @@ OPTIONS s_client_options[] = {
     {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
     {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
      "Close connection on verification error"},
-    {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"},
+    {"verify_quiet", OPT_VERIFY_QUIET, '-',
+      "Restrict verify output to errors.  See also -quiet"},
     {"brief", OPT_BRIEF, '-',
      "Restrict output to brief summary of connection parameters"},
     {"prexit", OPT_PREXIT, '-',
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 77668ea..205d057 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -63,6 +63,7 @@ B<openssl> B<s_client>
 [B<-ign_eof>]
 [B<-no_ign_eof>]
 [B<-quiet>]
+[B<-verify_quiet>]
 [B<-ssl3>]
 [B<-tls1>]
 [B<-tls1_1>]
@@ -298,8 +299,13 @@ input.
 
 =item B<-quiet>
 
-inhibit printing of session and certificate information.  This implicitly
-turns on B<-ign_eof> as well.
+inhibit printing (on stdout) of session and certificate information.  This
+implicitly turns on B<-ign_eof> as well.  See also B<-verify_quiet>.
+
+=item B<-verify_quiet>
+
+inhibit printing (on stderr) of information from low-level verify routines.
+See also B<-quiet>.
 
 =item B<-no_ign_eof>
 
-- 
2.7.4


>From 07852c4e65e99bdb501992c39a0a5f5f21549362 Mon Sep 17 00:00:00 2001
From: John Denker <j...@av8n.com>
Date: Tue, 5 Jul 2016 10:31:01 -0700
Subject: [PATCH 4/4] document the -verify_quiet option to s_server

---
 apps/s_server.c       | 5 +++--
 doc/apps/s_server.pod | 9 ++++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 45c128d..fb28f95 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -774,7 +774,8 @@ OPTIONS s_server_options[] = {
     {"no-CApath", OPT_NOCAPATH, '-',
      "Do not load certificates from the default certificates directory"},
     {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
-    {"quiet", OPT_QUIET, '-', "No server output"},
+    {"quiet", OPT_QUIET, '-',
+      "Do not print session and certificate info.  See also -verify_quiet"},
     {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
      "Disable caching and tickets if ephemeral (EC)DH is used"},
     {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
@@ -816,7 +817,7 @@ OPTIONS s_server_options[] = {
     {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
      "Close connection on verification error"},
     {"verify_quiet", OPT_VERIFY_QUIET, '-',
-     "No verify output except verify errors"},
+     "No verify output except verify errors.  See also -quiet"},
     {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
     {"chainCAfile", OPT_CHAINCAFILE, '<',
      "CA file for certificate chain (PEM format)"},
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 8e0ff78..72f5eea 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -67,6 +67,7 @@ B<openssl> B<s_server>
 [B<-cipher cipherlist>]
 [B<-serverpref>]
 [B<-quiet>]
+[B<-verify_quiet>]
 [B<-ssl3>]
 [B<-tls1>]
 [B<-dtls>]
@@ -282,7 +283,13 @@ This option translated a line feed from the terminal into CR+LF.
 
 =item B<-quiet>
 
-Inhibit printing of session and certificate information.
+Inhibit printing (on stdout) of session and certificate information.
+See also B<-verify_quiet>.
+
+=item B<-verify_quiet>
+
+inhibit printing (on stderr) of information from low-level verify routines.
+See also B<-quiet>.
 
 =item B<-psk_hint hint>
 
-- 
2.7.4


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to