diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-27 14:07:12 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-11-13 13:44:22 +0000 |
| commit | de94222dbade870a0437fd625c4a41ee5229d2f2 (patch) | |
| tree | 57bde612c0a63f2eebbe053055d5cefb2c130d9f /ssl | |
| parent | 55f7fb8848b6e4bec291724a479e1580d6f407d6 (diff) | |
Add SSL_CONF support to ssltest.
Add command line support for SSL_CONF: server side arguments are
prefixed by -s_ (e.g. -s_no_ssl3) and client side with -c_.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssltest.c | 100 |
1 files changed, 98 insertions, 2 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 1f6d3f3349..de47343085 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -996,6 +996,10 @@ int main(int argc, char *argv[]) #endif int no_protocol = 0; + SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL; + STACK_OF(OPENSSL_STRING) *conf_args = NULL; + const char *arg = NULL, *argn = NULL; + verbose = 0; debug = 0; cipher = 0; @@ -1021,6 +1025,31 @@ int main(int argc, char *argv[]) bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT); + s_cctx = SSL_CONF_CTX_new(); + c_cctx = SSL_CONF_CTX_new(); + + if (!s_cctx || !c_cctx) + { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CONF_CTX_set_flags(s_cctx, + SSL_CONF_FLAG_CMDLINE|SSL_CONF_FLAG_SERVER); + if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) + { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CONF_CTX_set_flags(c_cctx, + SSL_CONF_FLAG_CMDLINE|SSL_CONF_FLAG_CLIENT); + if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) + { + ERR_print_errors(bio_err); + goto end; + } + argc--; argv++; @@ -1276,8 +1305,40 @@ int main(int argc, char *argv[]) } else { - fprintf(stderr,"unknown option %s\n",*argv); - badop=1; + int rv; + arg = argv[0]; + argn = argv[1]; + /* Try to process command using SSL_CONF */ + rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv); + /* If not processed try server */ + if (rv == 0) + rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv); + /* Recognised: store it for later use */ + if (rv > 0) + { + if (rv == 1) + argn = NULL; + if (!conf_args) + { + conf_args = sk_OPENSSL_STRING_new_null(); + if (!conf_args) + goto end; + } + if (!sk_OPENSSL_STRING_push(conf_args, arg)) + goto end; + if (!sk_OPENSSL_STRING_push(conf_args, argn)) + goto end; + continue; + } + if (rv == -3) + BIO_printf(bio_err, "Missing argument for %s\n", + arg); + else if (rv < 0) + BIO_printf(bio_err, "Error with command %s\n", + arg); + else if (rv == 0) + BIO_printf(bio_err,"unknown option %s\n", arg); + badop = 1; break; } argc--; @@ -1442,6 +1503,35 @@ bad: SSL_CTX_set_cipher_list(s_ctx,cipher); } + /* Process SSL_CONF arguments */ + SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx); + SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx); + + for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) + { + int rv; + arg = sk_OPENSSL_STRING_value(conf_args, i); + argn = sk_OPENSSL_STRING_value(conf_args, i + 1); + rv = SSL_CONF_cmd(c_cctx, arg, argn); + /* If not recognised use server context */ + if (rv == -2) + rv = SSL_CONF_cmd(s_cctx, arg, argn); + if (rv <= 0) + { + BIO_printf(bio_err, "Error processing %s %s\n", + arg, argn ? argn : ""); + ERR_print_errors(bio_err); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx)) + { + BIO_puts(bio_err, "Error finishing context\n"); + ERR_print_errors(bio_err); + goto end; + } + #ifndef OPENSSL_NO_DH if (!no_dhe) { @@ -1762,6 +1852,12 @@ end: if (s_ctx != NULL) SSL_CTX_free(s_ctx); if (c_ctx != NULL) SSL_CTX_free(c_ctx); + if (s_cctx) + SSL_CONF_CTX_free(s_cctx); + if (c_cctx) + SSL_CONF_CTX_free(c_cctx); + sk_OPENSSL_STRING_free(conf_args); + if (bio_stdout != NULL) BIO_free(bio_stdout); #ifndef OPENSSL_NO_RSA |