New option "-showcerts" for s_client

Slight cleanup in ssl/

CHANGES

diff --git a/CHANGES b/CHANGES
index fe22a45..44c8191 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,14 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+
   *) Still more PKCS#12 integration. Add pkcs12 application to openssl
      application. Various cleanups and fixes.
      [Steve Henson]

apps/s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index a75e8ae..07938ab 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -90,6 +90,7 @@
 #endif
 static int c_Pause=0;
 static int c_debug=0;
+static int c_showcerts=0;
 
 #ifndef NOPROTO
 static void sc_usage(void);
@@ -118,6 +119,7 @@
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -171,6 +173,7 @@
 	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
+	c_showcerts=0;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -227,6 +230,8 @@
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
+		else if	(strcmp(*argv,"-showcerts") == 0)
+			c_showcerts=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
@@ -675,6 +680,8 @@
 				X509_NAME_oneline(X509_get_issuer_name((X509 *)
 					sk_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"   i:%s\n",buf);
+				if (c_showcerts)
+					PEM_write_bio_X509(bio,(X509 *) sk_value(sk,i));
 				}
 			}
 
@@ -683,7 +690,8 @@
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
-			PEM_write_bio_X509(bio,peer);
+			if (!c_showcerts) /* Redundant if we showed the whole chain */
+				PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"subject=%s\n",buf);

ssl/s2_clnt.c

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 33112ee..d5457b0 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -485,7 +485,7 @@
 		p=buf;					/* header */
 		d=p+9;					/* data section */
 		*(p++)=SSL2_MT_CLIENT_HELLO;		/* type */
-		s2n(SSL2_CLIENT_VERSION,p);		/* version */
+		s2n(SSL2_VERSION,p);			/* version */
 		n=j=0;
 
 		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);

ssl/ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index f0b143a..06ca4aa 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -477,10 +477,9 @@
 
 struct ssl_st
 	{
-	/* procol version
-	 * 2 for SSLv2
-	 * 3 for SSLv3
-	 * -3 for SSLv3 but accept SSLv2 */
+	/* protocol version
+	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
+	 */
 	int version;
 	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
 

ssl/ssl2.h

diff --git a/ssl/ssl2.h b/ssl/ssl2.h
index 3dc94e5..95e8231 100644
--- a/ssl/ssl2.h
+++ b/ssl/ssl2.h
@@ -67,8 +67,8 @@
 #define SSL2_VERSION		0x0002
 #define SSL2_VERSION_MAJOR	0x00
 #define SSL2_VERSION_MINOR	0x02
-#define SSL2_CLIENT_VERSION	0x0002
-#define SSL2_SERVER_VERSION	0x0002
+/* #define SSL2_CLIENT_VERSION	0x0002 */
+/* #define SSL2_SERVER_VERSION	0x0002 */
 
 /* Protocol Message Codes */
 #define SSL2_MT_ERROR			0

ssl/ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index d731634..341dc63 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -150,7 +150,7 @@
 
 	if (session)
 		{
-		if (s->version == SSL2_CLIENT_VERSION)
+		if (s->version == SSL2_VERSION)
 			{
 			ss->ssl_version=SSL2_VERSION;
 			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;