diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-29 14:16:41 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-29 14:16:41 +0000 |
commit | 15387e4ce063d8133e35de4f647c539e06917113 (patch) | |
tree | a516305392032d18409cc789109f0850f93a60ad /apps/s_cb.c | |
parent | 49ef33fa3463d6b6001009024c9aed09f814cb7c (diff) |
Delegate command line handling for many common options in s_client/s_server to
the SSL_CONF APIs.
This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.
(backport from HEAD)
Diffstat (limited to 'apps/s_cb.c')
-rw-r--r-- | apps/s_cb.c | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index 2ac7656f06..45d4aab333 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1498,3 +1498,86 @@ int args_excert(char ***pargs, int *pargc, return 1; } +int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, + int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr) + { + char *arg = **pargs, *argn = (*pargs)[1]; + int rv; + + /* Attempt to run SSL configuration command */ + rv = SSL_CONF_cmd_argv(cctx, pargc, pargs); + /* If parameter not recognised just return */ + if (rv == 0) + return 0; + /* see if missing argument error */ + if (rv == -3) + { + BIO_printf(err, "%s needs an argument\n", arg); + *badarg = 1; + goto end; + } + /* Check for some other error */ + if (rv < 0) + { + BIO_printf(err, "Error with command: \"%s %s\"\n", + arg, argn ? argn : ""); + *badarg = 1; + goto end; + } + /* Store command and argument */ + /* If only one argument processed store value as NULL */ + if (rv == 1) + argn = NULL; + if (!*pstr) + *pstr = sk_OPENSSL_STRING_new_null(); + if (!*pstr || !sk_OPENSSL_STRING_push(*pstr, arg) || + !sk_OPENSSL_STRING_push(*pstr, argn)) + { + BIO_puts(err, "Memory allocation failure\n"); + goto end; + } + + end: + if (*badarg) + ERR_print_errors(err); + + return 1; + } + +int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, + STACK_OF(OPENSSL_STRING) *str, int no_ecdhe) + { + int i; + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + for (i = 0; i < sk_OPENSSL_STRING_num(str); i+= 2) + { + const char *param = sk_OPENSSL_STRING_value(str, i); + const char *value = sk_OPENSSL_STRING_value(str, i + 1); + /* If no_ecdhe or named curve already specified don't need + * a default. + */ + if (!no_ecdhe && !strcmp(param, "-named_curve")) + no_ecdhe = 1; + if (SSL_CONF_cmd(cctx, param, value) <= 0) + { + BIO_printf(err, "Error with command: \"%s %s\"\n", + param, value ? value : ""); + ERR_print_errors(err); + return 0; + } + } + /* This is a special case to keep existing s_server functionality: + * if we don't have any curve specified *and* we haven't disabled + * ECDHE then use P-256. + */ + if (!no_ecdhe) + { + if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0) + { + BIO_puts(err, "Error setting EC curve\n"); + ERR_print_errors(err); + return 0; + } + } + return 1; + } |