diff options
author | Ben Laurie <ben@openssl.org> | 2011-11-15 23:02:16 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2011-11-15 23:02:16 +0000 |
commit | 060a38a2c06145df02d04af20e31bacf30f192e2 (patch) | |
tree | c6af6dd58887d79dfec6ed5cec8973244a28df64 /apps | |
parent | 58402976b4ebbcdac63e2b2f3afe8b5fe261cf5d (diff) |
Add DTLS-SRTP.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_client.c | 19 | ||||
-rw-r--r-- | apps/s_server.c | 22 |
2 files changed, 39 insertions, 2 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 5f251a4247..94e03c9c00 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -359,6 +359,7 @@ static void sc_usage(void) # endif #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); } #ifndef OPENSSL_NO_TLSEXT @@ -487,6 +488,7 @@ static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg) } #endif + char *srtp_profiles = NULL; # ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ @@ -935,7 +937,12 @@ int MAIN(int argc, char **argv) jpake_secret = *++argv; } #endif - else + else if (strcmp(*argv,"-use_srtp") == 0) + { + if (--argc < 1) goto bad; + srtp_profiles = *(++argv); + } + else { BIO_printf(bio_err,"unknown option %s\n",*argv); badop=1; @@ -1105,6 +1112,8 @@ bad: BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } + if (srtp_profiles != NULL) + SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); #endif if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL|off); @@ -2027,6 +2036,14 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif + { + SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s); + + if(srtp_profile) + BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n", + srtp_profile->name); + } + SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) diff --git a/apps/s_server.c b/apps/s_server.c index 19f4fb25e2..14cffa6fa9 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -305,6 +305,7 @@ static long socket_mtu; static int cert_chain = 0; #endif + #ifndef OPENSSL_NO_PSK static char *psk_identity="Client_identity"; char *psk_key=NULL; /* by default PSK is not used */ @@ -540,6 +541,7 @@ static void sv_usage(void) # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); # endif + BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); #endif } @@ -901,6 +903,7 @@ int MAIN(int, char **); #ifndef OPENSSL_NO_JPAKE static char *jpake_secret = NULL; #endif +static char *srtp_profiles = NULL; int MAIN(int argc, char *argv[]) { @@ -1307,6 +1310,11 @@ int MAIN(int argc, char *argv[]) jpake_secret = *(++argv); } #endif + else if (strcmp(*argv,"-use_srtp") == 0) + { + if (--argc < 1) goto bad; + srtp_profiles = *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -1522,6 +1530,9 @@ bad: else SSL_CTX_sess_set_cache_size(ctx,128); + if (srtp_profiles != NULL) + SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); + #if 0 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); #endif @@ -2361,10 +2372,19 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "\n"); } #endif + { + SRTP_PROTECTION_PROFILE *srtp_profile + = SSL_get_selected_srtp_profile(con); + + if(srtp_profile) + BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", + srtp_profile->name); + } if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) - BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); + BIO_printf(bio_s_out, + "Peer has incorrect TLSv1 block padding\n"); #ifndef OPENSSL_NO_KRB5 client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); if (client_princ != NULL) |