diff options
author | Rich Salz <rsalz@akamai.com> | 2015-05-15 13:50:38 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-06-02 12:40:24 -0400 |
commit | 9c3bcfa027cb32421ed20ab77553860b922b82fc (patch) | |
tree | 5bc2b7a055c4abbc75431212948d0693d922f3ab /apps/s_server.c | |
parent | 366e2a60b2fcc727b061f1459343245476ad6c3b (diff) |
Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:
- Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd
entries appear at the end; by convention "engine" is last. This
ensures that at run-time, the flag will never be recognized/allowed.
The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
disable it; leave the "case OPT_xxx:" and "break" statements outside
the ifdef/ifndef. See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
for example.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 127 |
1 files changed, 68 insertions, 59 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 189019d1b2..6bd0257a7a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -806,9 +806,7 @@ typedef enum OPTION_choice { OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE, OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, @@ -821,7 +819,6 @@ typedef enum OPTION_choice { OPTIONS s_server_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"port", OPT_PORT, 'p'}, {"accept", OPT_PORT, 'p', "TCP/IP port to accept on (default is " PORT_STR ")"}, @@ -851,9 +848,6 @@ OPTIONS s_server_options[] = { {"dkeyform", OPT_DKEYFORM, 'F', "Second key format (PEM, DER or ENGINE) PEM default"}, {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"}, -#ifdef FIONBIO - {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, -#endif {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"}, {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, {"debug", OPT_DEBUG, '-', "Print more output"}, @@ -865,47 +859,13 @@ OPTIONS s_server_options[] = { {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, {"quiet", OPT_QUIET, '-', "No server output"}, {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"}, -#ifndef OPENSSL_NO_PSK - {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, -# ifndef OPENSSL_NO_JPAKE - {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, -# endif -#endif -#ifndef OPENSSL_NO_SRP - {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, - {"srpuserseed", OPT_SRPUSERSEED, 's', - "A seed string for a default user salt"}, -#endif -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, -#endif {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, -#ifndef OPENSSL_NO_DTLS1 - {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, - {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, - {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, - {"chain", OPT_CHAIN, '-', "Read a certificate chain"}, -#endif -#ifndef OPENSSL_NO_DH - {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, -#endif -#ifndef OPENSSL_NO_EC - {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"}, -#endif {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', "Disable caching and tickets if ephemeral (EC)DH is used"}, {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, - {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"}, - {"id_prefix", OPT_ID_PREFIX, 's', - "Generate SSL/TLS session IDs prefixed by arg"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, {"servername", OPT_SERVERNAME, 's', "Servername for HostName TLS extension"}, {"servername_fatal", OPT_SERVERNAME_FATAL, '-', @@ -916,14 +876,11 @@ OPTIONS s_server_options[] = { "-Private Key file to use for servername if not in -cert2"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, -#ifndef OPENSSL_NO_NEXTPROTONEG - {"nextprotoneg", OPT_NEXTPROTONEG, 's', - "Set the advertised protocols for the NPN extension (comma-separated list)"}, -#endif - {"use_srtp", OPT_SRTP_PROFILES, '<', - "Offer SRTP key management with a colon-separated profile list"}, - {"alpn", OPT_ALPN, 's', - "Set the advertised protocols for the ALPN extension (comma-separated list)"}, + {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"}, + {"id_prefix", OPT_ID_PREFIX, 's', + "Generate SSL/TLS session IDs prefixed by arg"}, + {"rand", OPT_RAND, 's', + "Load the file(s) into the random number generator"}, {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', @@ -953,12 +910,54 @@ OPTIONS s_server_options[] = { {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, {"brief", OPT_BRIEF, '-'}, {"rev", OPT_REV, '-'}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's'}, -#endif OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, +#ifdef FIONBIO + {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, +#endif +#ifndef OPENSSL_NO_PSK + {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, + {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, +# ifndef OPENSSL_NO_JPAKE + {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, +# endif +#endif +#ifndef OPENSSL_NO_SRP + {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, + {"srpuserseed", OPT_SRPUSERSEED, 's', + "A seed string for a default user salt"}, +#endif +#ifndef OPENSSL_NO_SSL3 + {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {"dtls", OPT_DTLS, '-'}, + {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, + {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, + {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, + {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, + {"chain", OPT_CHAIN, '-', "Read a certificate chain"}, +#endif +#ifndef OPENSSL_NO_DH + {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, +#endif +#ifndef OPENSSL_NO_EC + {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"}, +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG + {"nextprotoneg", OPT_NEXTPROTONEG, 's', + "Set the advertised protocols for the NPN extension (comma-separated list)"}, +#endif +#ifndef OPENSSL_NO_SRTP + {"use_srtp", OPT_SRTP_PROFILES, '<', + "Offer SRTP key management with a colon-separated profile list"}, + {"alpn", OPT_ALPN, 's', + "Set the advertised protocols for the ALPN extension (comma-separated list)"}, +#endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's'}, +#endif {NULL} }; @@ -1246,13 +1245,11 @@ int s_server_main(int argc, char *argv[]) case OPT_MSGFILE: bio_s_msg = BIO_new_file(opt_arg(), "w"); break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_TRACE: +#ifndef OPENSSL_NO_SSL_TRACE s_msg = 2; - break; #else - case OPT_TRACE: - goto opthelp; + break; #endif case OPT_SECURITY_DEBUG: sdebug = 1; @@ -1296,6 +1293,10 @@ int s_server_main(int argc, char *argv[]) goto end; } break; +#else + case OPT_PSK_HINT: + case OPT_PSK: + break; #endif #ifndef OPENSSL_NO_SRP case OPT_SRPVFILE: @@ -1323,11 +1324,11 @@ int s_server_main(int argc, char *argv[]) case OPT_HTTP: www = 3; break; -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_server_method(); - break; #endif + break; case OPT_TLS1_2: meth = TLSv1_2_server_method(); break; @@ -1359,6 +1360,14 @@ int s_server_main(int argc, char *argv[]) case OPT_CHAIN: cert_chain = 1; break; +#else + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + case OPT_CHAIN: + break; #endif case OPT_ID_PREFIX: session_id_prefix = opt_arg(); @@ -1381,11 +1390,11 @@ int s_server_main(int argc, char *argv[]) case OPT_KEY2: s_key_file2 = opt_arg(); break; -#ifndef OPENSSL_NO_NEXTPROTONEG case OPT_NEXTPROTONEG: +# ifndef OPENSSL_NO_NEXTPROTONEG next_proto_neg_in = opt_arg(); - break; #endif + break; case OPT_ALPN: alpn_in = opt_arg(); break; |