diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-03-20 15:49:14 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-09-18 13:46:02 +0100 |
| commit | acec5a6244b6e54b805a5f7512efc72e18cc693a (patch) | |
| tree | 458d6b2bb9b943545fd35762f063da7ce62eac45 /apps | |
| parent | 68039af3e7fbbdef1f8a801c9fe5399015c0e58d (diff) | |
Provisional DTLS 1.2 support.
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.
Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
(cherry picked from commit c3b344e36a088283731b4f65a70e85b100f55686)
Conflicts:
apps/s_server.c
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/s_apps.h | 2 | ||||
| -rw-r--r-- | apps/s_client.c | 7 | ||||
| -rw-r--r-- | apps/s_server.c | 20 | ||||
| -rw-r--r-- | apps/s_socket.c | 4 |
4 files changed, 22 insertions, 11 deletions
diff --git a/apps/s_apps.h b/apps/s_apps.h index be985280c9..ce5a763da8 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -148,7 +148,7 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" -int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int naccept); +int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif diff --git a/apps/s_client.c b/apps/s_client.c index 25bb3d6b86..bec6dbfb4e 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -917,6 +917,11 @@ static char *jpake_secret = NULL; meth=DTLSv1_client_method(); socket_type=SOCK_DGRAM; } + else if (strcmp(*argv,"-dtls1_2") == 0) + { + meth=DTLSv1_2_client_method(); + socket_type=SOCK_DGRAM; + } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts=1; else if (strcmp(*argv,"-mtu") == 0) @@ -1445,7 +1450,7 @@ re_start: #endif if (c_Pause & 0x01) SSL_set_debug(con, 1); - if ( SSL_version(con) == DTLS1_VERSION) + if (socket_type == SOCK_DGRAM) { sbio=BIO_new_dgram(s,BIO_NOCLOSE); diff --git a/apps/s_server.c b/apps/s_server.c index 47b6ecd632..94500689bd 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -204,9 +204,9 @@ typedef unsigned int u_int; #ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif -static int sv_body(char *hostname, int s, unsigned char *context); -static int www_body(char *hostname, int s, unsigned char *context); -static int rev_body(char *hostname, int s, unsigned char *context); +static int sv_body(char *hostname, int s, int stype, unsigned char *context); +static int www_body(char *hostname, int s, int stype, unsigned char *context); +static int rev_body(char *hostname, int s, int stype, unsigned char *context); static void close_accept_socket(void ); static void sv_usage(void); static int init_ssl_connection(SSL *s); @@ -540,6 +540,7 @@ static void sv_usage(void) BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n"); BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); + BIO_printf(bio_err," -dtls1_2 - Just talk DTLSv1.2\n"); BIO_printf(bio_err," -timeout - Enable timeouts\n"); BIO_printf(bio_err," -mtu - Set link layer MTU\n"); BIO_printf(bio_err," -chain - Read a certificate chain\n"); @@ -1373,6 +1374,11 @@ int MAIN(int argc, char *argv[]) meth=DTLSv1_server_method(); socket_type = SOCK_DGRAM; } + else if (strcmp(*argv,"-dtls1_2") == 0) + { + meth=DTLSv1_2_server_method(); + socket_type = SOCK_DGRAM; + } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts = 1; else if (strcmp(*argv,"-mtu") == 0) @@ -2076,7 +2082,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } -static int sv_body(char *hostname, int s, unsigned char *context) +static int sv_body(char *hostname, int s, int stype, unsigned char *context) { char *buf=NULL; fd_set readfds; @@ -2146,7 +2152,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) #endif #endif - if (SSL_version(con) == DTLS1_VERSION) + if (stype == SOCK_DGRAM) { sbio=BIO_new_dgram(s,BIO_NOCLOSE); @@ -2692,7 +2698,7 @@ static int load_CA(SSL_CTX *ctx, char *file) } #endif -static int www_body(char *hostname, int s, unsigned char *context) +static int www_body(char *hostname, int s, int stype, unsigned char *context) { char *buf=NULL; int ret=1; @@ -3102,7 +3108,7 @@ err: return(ret); } -static int rev_body(char *hostname, int s, unsigned char *context) +static int rev_body(char *hostname, int s, int stype, unsigned char *context) { char *buf=NULL; int i; diff --git a/apps/s_socket.c b/apps/s_socket.c index a80f380ad0..e0de63c8f1 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -284,7 +284,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) return(1); } -int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int naccept) +int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept) { int sock; char *name = NULL; @@ -310,7 +310,7 @@ int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, uns } else sock = accept_socket; - i=(*cb)(name,sock, context); + i=(*cb)(name,sock, type, context); if (name != NULL) OPENSSL_free(name); if (type==SOCK_STREAM) SHUTDOWN2(sock); |