Add support for experimental code, not compiled in by default and

with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.

4 files changed, 20 insertions, 2 deletions

diff --git a/apps/apps.c b/apps/apps.c
index f6b3ac5667..a88674342b 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -130,7 +130,9 @@
 #include <openssl/rsa.h>
 #endif
 #include <openssl/bn.h>
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
 #include <openssl/jpake.h>
+#endif
 
 #define NON_MAIN
 #include "apps.h"
@@ -2336,6 +2338,8 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx)
 		BIO_free(out);
 	}
 
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+
 static JPAKE_CTX *jpake_init(const char *us, const char *them,
 							 const char *secret)
 	{
@@ -2547,3 +2551,5 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
 	BIO_pop(bconn);
 	BIO_free(bconn);
 	}
+
+#endif
diff --git a/apps/apps.h b/apps/apps.h
index b867cbead3..33947612a9 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -338,8 +338,10 @@ X509_NAME *parse_name(char *str, long chtype, int multirdn);
 int args_verify(char ***pargs, int *pargc,
 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
 void policies_print(BIO *out, X509_STORE_CTX *ctx);
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
 void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
+#endif
 
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
diff --git a/apps/s_client.c b/apps/s_client.c
index a00532138c..9686b0a190 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -338,7 +338,9 @@ int MAIN(int argc, char **argv)
 	int peerlen = sizeof(peer);
 	int enable_timeouts = 0 ;
 	long mtu = 0;
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
 	char *jpake_secret = NULL;
+#endif
 
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_client_method();
@@ -583,11 +585,13 @@ int MAIN(int argc, char **argv)
 			/* meth=TLSv1_client_method(); */
 			}
 #endif
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
 		else if (strcmp(*argv,"-jpake") == 0)
 			{
 			if (--argc < 1) goto bad;
 			jpake_secret = *++argv;
 			}
+#endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -893,9 +897,10 @@ SSL_set_tlsext_status_ids(con, ids);
 #endif
 		}
 #endif
-
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
 	if (jpake_secret)
 		jpake_client_auth(bio_c_out, sbio, jpake_secret);
+#endif
 
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_connect_state(con);
diff --git a/apps/s_server.c b/apps/s_server.c
index ead4d90e15..870f464f1b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -742,7 +742,9 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 #endif
 int MAIN(int, char **);
 
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
 static char *jpake_secret = NULL;
+#endif
 
 int MAIN(int argc, char *argv[])
 	{
@@ -1074,11 +1076,13 @@ int MAIN(int argc, char *argv[])
 			}
 			
 #endif
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
 		else if (strcmp(*argv,"-jpake") == 0)
 			{
 			if (--argc < 1) goto bad;
 			jpake_secret = *(++argv);
 			}
+#endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -1680,9 +1684,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		test=BIO_new(BIO_f_nbio_test());
 		sbio=BIO_push(test,sbio);
 		}
-
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
 	if(jpake_secret)
 		jpake_server_auth(bio_s_out, sbio, jpake_secret);
+#endif
 
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_accept_state(con);