Add an "-xmpphost" option to s_client
* Many XMPP servers are configured with multiple domains (virtual hosts)
* In order to establish successfully the TLS connection you have to specify
which virtual host you are trying to connect.
* Test this, for example with ::
* Fail:
openssl s_client -connect talk.google.com:5222 -starttls xmpp
* Works:
openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
diff --git a/apps/s_client.c b/apps/s_client.c
index 9c7f45f..3089a97 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -350,6 +350,7 @@
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
BIO_printf(bio_err," are supported.\n");
+ BIO_printf(bio_err," -xmpphost host - When used with \"-starttls xmpp\" specifies the virtual host.\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif
@@ -595,6 +596,7 @@
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
+ char *xmpphost = NULL;
char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
@@ -726,6 +728,11 @@
if (!extract_host_port(*(++argv),&host,NULL,&port))
goto bad;
}
+ else if (strcmp(*argv,"-xmpphost") == 0)
+ {
+ if (--argc < 1) goto bad;
+ xmpphost= *(++argv);
+ }
else if (strcmp(*argv,"-verify") == 0)
{
verify=SSL_VERIFY_PEER;
@@ -1670,7 +1677,7 @@
int seen = 0;
BIO_printf(sbio,"<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' "
- "xmlns='jabber:client' to='%s' version='1.0'>", host);
+ "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost? xmpphost:host);
seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0;
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") &&
