summaryrefslogtreecommitdiffstats
path: root/apps/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'apps/s_server.c')
-rw-r--r--apps/s_server.c5668
1 files changed, 2771 insertions, 2897 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 16dafca287..baa2455e07 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,7 +63,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -110,7 +110,7 @@
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
+ * ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
/* ====================================================================
@@ -140,10 +140,12 @@
* OTHERWISE.
*/
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
#endif
#include <assert.h>
@@ -154,20 +156,22 @@
#include <openssl/e_os2.h>
#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
+# define APPS_WIN16
#endif
/* conflicts with winsock2 stuff on netware */
#if !defined(OPENSSL_SYS_NETWARE)
-#include <sys/types.h>
+# include <sys/types.h>
#endif
-/* With IPv6, it looks like Digital has mixed up the proper order of
- recursive header file inclusion, resulting in the compiler complaining
- that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
- is needed to have fileno() declared correctly... So let's define u_int */
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly... So let's define u_int
+ */
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
+# define __U_INT
typedef unsigned int u_int;
#endif
@@ -182,24 +186,24 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include <openssl/ocsp.h>
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_SRP
-#include <openssl/srp.h>
+# include <openssl/srp.h>
#endif
#include "s_apps.h"
#include "timeouts.h"
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
+# undef FIONBIO
#endif
#if defined(OPENSSL_SYS_BEOS_R5)
-#include <fcntl.h>
+# include <fcntl.h>
#endif
#ifndef OPENSSL_NO_RSA
@@ -208,12 +212,12 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
static int sv_body(char *hostname, int s, int stype, unsigned char *context);
static int www_body(char *hostname, int s, int stype, unsigned char *context);
static int rev_body(char *hostname, int s, int stype, unsigned char *context);
-static void close_accept_socket(void );
+static void close_accept_socket(void);
static void sv_usage(void);
static int init_ssl_connection(SSL *s);
-static void print_stats(BIO *bp,SSL_CTX *ctx);
+static void print_stats(BIO *bp, SSL_CTX *ctx);
static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len);
+ unsigned int *id_len);
static void init_session_cache_ctx(SSL_CTX *sctx);
static void free_sessions(void);
#ifndef OPENSSL_NO_DH
@@ -226,88 +230,90 @@ static void s_server_init(void);
#endif
#ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[]={
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
- };
-static unsigned char dh512_g[]={
- 0x02,
- };
+static unsigned char dh512_p[] = {
+ 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
+ 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+ 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
+ 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+ 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
+ 0x47, 0x74, 0xE8, 0x33,
+};
+
+static unsigned char dh512_g[] = {
+ 0x02,
+};
static DH *get_dh512(void)
- {
- DH *dh=NULL;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return(NULL);
- return(dh);
- }
+{
+ DH *dh = NULL;
+
+ if ((dh = DH_new()) == NULL)
+ return (NULL);
+ dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL))
+ return (NULL);
+ return (dh);
+}
#endif
-
/* static int load_CA(SSL_CTX *ctx, char *file);*/
#undef BUFSIZZ
-#define BUFSIZZ 16*1024
-static int bufsize=BUFSIZZ;
-static int accept_socket= -1;
+#define BUFSIZZ 16*1024
+static int bufsize = BUFSIZZ;
+static int accept_socket = -1;
-#define TEST_CERT "server.pem"
+#define TEST_CERT "server.pem"
#ifndef OPENSSL_NO_TLSEXT
-#define TEST_CERT2 "server2.pem"
+# define TEST_CERT2 "server2.pem"
#endif
#undef PROG
-#define PROG s_server_main
+#define PROG s_server_main
extern int verify_depth, verify_return_error, verify_quiet;
-static int s_server_verify=SSL_VERIFY_NONE;
+static int s_server_verify = SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */
-static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL;
+static const char *s_cert_file = TEST_CERT, *s_key_file =
+ NULL, *s_chain_file = NULL;
#ifndef OPENSSL_NO_TLSEXT
-static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
+static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
#endif
-static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL;
+static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
#ifdef FIONBIO
-static int s_nbio=0;
+static int s_nbio = 0;
#endif
-static int s_nbio_test=0;
-int s_crlf=0;
-static SSL_CTX *ctx=NULL;
+static int s_nbio_test = 0;
+int s_crlf = 0;
+static SSL_CTX *ctx = NULL;
#ifndef OPENSSL_NO_TLSEXT
-static SSL_CTX *ctx2=NULL;
+static SSL_CTX *ctx2 = NULL;
#endif
-static int www=0;
+static int www = 0;
-static BIO *bio_s_out=NULL;
+static BIO *bio_s_out = NULL;
static BIO *bio_s_msg = NULL;
-static int s_debug=0;
+static int s_debug = 0;
#ifndef OPENSSL_NO_TLSEXT
-static int s_tlsextdebug=0;
-static int s_tlsextstatus=0;
+static int s_tlsextdebug = 0;
+static int s_tlsextstatus = 0;
static int cert_status_cb(SSL *s, void *arg);
#endif
static int no_resume_ephemeral = 0;
-static int s_msg=0;
-static int s_quiet=0;
-static int s_ign_eof=0;
-static int s_brief=0;
+static int s_msg = 0;
+static int s_quiet = 0;
+static int s_ign_eof = 0;
+static int s_brief = 0;
-static char *keymatexportlabel=NULL;
-static int keymatexportlen=20;
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
-static int hack=0;
+static int hack = 0;
#ifndef OPENSSL_NO_ENGINE
-static char *engine_id=NULL;
+static char *engine_id = NULL;
#endif
-static const char *session_id_prefix=NULL;
+static const char *session_id_prefix = NULL;
static int enable_timeouts = 0;
static long socket_mtu;
@@ -322,282 +328,335 @@ static const char *s_serverinfo_file = NULL;
#endif
#ifndef OPENSSL_NO_PSK
-static char *psk_identity="Client_identity";
-char *psk_key=NULL; /* by default PSK is not used */
+static char *psk_identity = "Client_identity";
+char *psk_key = NULL; /* by default PSK is not used */
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
- unsigned char *psk, unsigned int max_psk_len)
- {
- unsigned int psk_len = 0;
- int ret;
- BIGNUM *bn = NULL;
-
- if (s_debug)
- BIO_printf(bio_s_out,"psk_server_cb\n");
- if (!identity)
- {
- BIO_printf(bio_err,"Error: client did not send PSK identity\n");
- goto out_err;
- }
- if (s_debug)
- BIO_printf(bio_s_out,"identity_len=%d identity=%s\n",
- identity ? (int)strlen(identity) : 0, identity);
-
- /* here we could lookup the given identity e.g. from a database */
- if (strcmp(identity, psk_identity) != 0)
- {
- BIO_printf(bio_s_out, "PSK error: client identity not found"
- " (got '%s' expected '%s')\n", identity,
- psk_identity);
- goto out_err;
- }
- if (s_debug)
- BIO_printf(bio_s_out, "PSK client identity found\n");
-
- /* convert the PSK key to binary */
- ret = BN_hex2bn(&bn, psk_key);
- if (!ret)
- {
- BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
- if (bn)
- BN_free(bn);
- return 0;
- }
- if (BN_num_bytes(bn) > (int)max_psk_len)
- {
- BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
- max_psk_len, BN_num_bytes(bn));
- BN_free(bn);
- return 0;
- }
-
- ret = BN_bn2bin(bn, psk);
- BN_free(bn);
-
- if (ret < 0)
- goto out_err;
- psk_len = (unsigned int)ret;
-
- if (s_debug)
- BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
- return psk_len;
+ unsigned char *psk,
+ unsigned int max_psk_len)
+{
+ unsigned int psk_len = 0;
+ int ret;
+ BIGNUM *bn = NULL;
+
+ if (s_debug)
+ BIO_printf(bio_s_out, "psk_server_cb\n");
+ if (!identity) {
+ BIO_printf(bio_err, "Error: client did not send PSK identity\n");
+ goto out_err;
+ }
+ if (s_debug)
+ BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
+ identity ? (int)strlen(identity) : 0, identity);
+
+ /* here we could lookup the given identity e.g. from a database */
+ if (strcmp(identity, psk_identity) != 0) {
+ BIO_printf(bio_s_out, "PSK error: client identity not found"
+ " (got '%s' expected '%s')\n", identity, psk_identity);
+ goto out_err;
+ }
+ if (s_debug)
+ BIO_printf(bio_s_out, "PSK client identity found\n");
+
+ /* convert the PSK key to binary */
+ ret = BN_hex2bn(&bn, psk_key);
+ if (!ret) {
+ BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
+ psk_key);
+ if (bn)
+ BN_free(bn);
+ return 0;
+ }
+ if (BN_num_bytes(bn) > (int)max_psk_len) {
+ BIO_printf(bio_err,
+ "psk buffer of callback is too small (%d) for key (%d)\n",
+ max_psk_len, BN_num_bytes(bn));
+ BN_free(bn);
+ return 0;
+ }
+
+ ret = BN_bn2bin(bn, psk);
+ BN_free(bn);
+
+ if (ret < 0)
+ goto out_err;
+ psk_len = (unsigned int)ret;
+
+ if (s_debug)
+ BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
+ return psk_len;
out_err:
- if (s_debug)
- BIO_printf(bio_err, "Error in PSK server callback\n");
- return 0;
- }
+ if (s_debug)
+ BIO_printf(bio_err, "Error in PSK server callback\n");
+ return 0;
+}
#endif
#ifndef OPENSSL_NO_SRP
/* This is a context that we pass to callbacks */
-typedef struct srpsrvparm_st
- {
- char *login;
- SRP_VBASE *vb;
- SRP_user_pwd *user;
- } srpsrvparm;
-
-/* This callback pretends to require some asynchronous logic in order to obtain
- a verifier. When the callback is called for a new connection we return
- with a negative value. This will provoke the accept etc to return with
- an LOOKUP_X509. The main logic of the reinvokes the suspended call
- (which would normally occur after a worker has finished) and we
- set the user parameters.
-*/
+typedef struct srpsrvparm_st {
+ char *login;
+ SRP_VBASE *vb;
+ SRP_user_pwd *user;
+} srpsrvparm;
+
+/*
+ * This callback pretends to require some asynchronous logic in order to
+ * obtain a verifier. When the callback is called for a new connection we
+ * return with a negative value. This will provoke the accept etc to return
+ * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
+ * (which would normally occur after a worker has finished) and we set the
+ * user parameters.
+ */
static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
- {
- srpsrvparm *p = (srpsrvparm *)arg;
- if (p->login == NULL && p->user == NULL )
- {
- p->login = SSL_get_srp_username(s);
- BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
- return (-1) ;
- }
-
- if (p->user == NULL)
- {
- BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
- return SSL3_AL_FATAL;
- }
- if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
- p->user->info) < 0)
- {
- *ad = SSL_AD_INTERNAL_ERROR;
- return SSL3_AL_FATAL;
- }
- BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info);
- /* need to check whether there are memory leaks */
- p->user = NULL;
- p->login = NULL;
- return SSL_ERROR_NONE;
- }
+{
+ srpsrvparm *p = (srpsrvparm *) arg;
+ if (p->login == NULL && p->user == NULL) {
+ p->login = SSL_get_srp_username(s);
+ BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
+ return (-1);
+ }
+
+ if (p->user == NULL) {
+ BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
+ return SSL3_AL_FATAL;
+ }
+ if (SSL_set_srp_server_param
+ (s, p->user->N, p->user->g, p->user->s, p->user->v,
+ p->user->info) < 0) {
+ *ad = SSL_AD_INTERNAL_ERROR;
+ return SSL3_AL_FATAL;
+ }
+ BIO_printf(bio_err,
+ "SRP parameters set: username = \"%s\" info=\"%s\" \n",
+ p->login, p->user->info);
+ /* need to check whether there are memory leaks */
+ p->user = NULL;
+ p->login = NULL;
+ return SSL_ERROR_NONE;
+}
#endif
#ifdef MONOLITH
static void s_server_init(void)
- {
- accept_socket=-1;
- s_server_verify=SSL_VERIFY_NONE;
- s_dcert_file=NULL;
- s_dkey_file=NULL;
- s_dchain_file=NULL;
- s_cert_file=TEST_CERT;
- s_key_file=NULL;
- s_chain_file=NULL;
-#ifndef OPENSSL_NO_TLSEXT
- s_cert_file2=TEST_CERT2;
- s_key_file2=NULL;
- ctx2=NULL;
-#endif
-#ifdef FIONBIO
- s_nbio=0;
-#endif
- s_nbio_test=0;
- ctx=NULL;
- www=0;
-
- bio_s_out=NULL;
- s_debug=0;
- s_msg=0;
- s_quiet=0;
- s_brief=0;
- hack=0;
-#ifndef OPENSSL_NO_ENGINE
- engine_id=NULL;
-#endif
- }
+{
+ accept_socket = -1;
+ s_server_verify = SSL_VERIFY_NONE;
+ s_dcert_file = NULL;
+ s_dkey_file = NULL;
+ s_dchain_file = NULL;
+ s_cert_file = TEST_CERT;
+ s_key_file = NULL;
+ s_chain_file = NULL;
+# ifndef OPENSSL_NO_TLSEXT
+ s_cert_file2 = TEST_CERT2;
+ s_key_file2 = NULL;
+ ctx2 = NULL;
+# endif
+# ifdef FIONBIO
+ s_nbio = 0;
+# endif
+ s_nbio_test = 0;
+ ctx = NULL;
+ www = 0;
+
+ bio_s_out = NULL;
+ s_debug = 0;
+ s_msg = 0;
+ s_quiet = 0;
+ s_brief = 0;
+ hack = 0;
+# ifndef OPENSSL_NO_ENGINE
+ engine_id = NULL;
+# endif
+}
#endif
static void sv_usage(void)
- {
- BIO_printf(bio_err,"usage: s_server [args ...]\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
- BIO_printf(bio_err," -verify_host host - check peer certificate matches \"host\"\n");
- BIO_printf(bio_err," -verify_email email - check peer certificate matches \"email\"\n");
- BIO_printf(bio_err," -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n");
- BIO_printf(bio_err," -context arg - set session ID context\n");
- BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
- BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
- BIO_printf(bio_err," -verify_return_error - return verification errors\n");
- BIO_printf(bio_err," -cert arg - certificate file to use\n");
- BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
+{
+ BIO_printf(bio_err, "usage: s_server [args ...]\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err,
+ " -accept arg - port to accept on (default is %d)\n", PORT);
+ BIO_printf(bio_err,
+ " -verify_host host - check peer certificate matches \"host\"\n");
+ BIO_printf(bio_err,
+ " -verify_email email - check peer certificate matches \"email\"\n");
+ BIO_printf(bio_err,
+ " -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n");
+ BIO_printf(bio_err, " -context arg - set session ID context\n");
+ BIO_printf(bio_err,
+ " -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err,
+ " -Verify arg - turn on peer certificate verification, must have a cert.\n");
+ BIO_printf(bio_err,
+ " -verify_return_error - return verification errors\n");
+ BIO_printf(bio_err, " -cert arg - certificate file to use\n");
+ BIO_printf(bio_err, " (default is %s)\n", TEST_CERT);
#ifndef OPENSSL_NO_TLSEXT
- BIO_printf(bio_err," -serverinfo arg - PEM serverinfo file for certificate\n");
- BIO_printf(bio_err," -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n");
- BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
-#endif
- BIO_printf(bio_err," -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n");
- BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
- " The CRL(s) are appended to the certificate file\n");
- BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
- " or any other CRL in the CA chain. CRL(s) are appened to the\n" \
- " the certificate file.\n");
- BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
- BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
- BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
- BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
- BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
- BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
- BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");
- BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
- BIO_printf(bio_err," or a default set of parameters is used\n");
+ BIO_printf(bio_err,
+ " -serverinfo arg - PEM serverinfo file for certificate\n");
+ BIO_printf(bio_err,
+ " -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n");
+ BIO_printf(bio_err,
+ " -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
+#endif
+ BIO_printf(bio_err,
+ " -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n");
+ BIO_printf(bio_err,
+ " -crl_check - check the peer certificate has not been revoked by its CA.\n"
+ " The CRL(s) are appended to the certificate file\n");
+ BIO_printf(bio_err,
+ " -crl_check_all - check the peer certificate has not been revoked by its CA\n"
+ " or any other CRL in the CA chain. CRL(s) are appened to the\n"
+ " the certificate file.\n");
+ BIO_printf(bio_err,
+ " -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err,
+ " -key arg - Private Key file to use, in cert file if\n");
+ BIO_printf(bio_err, " not specified (default is %s)\n",
+ TEST_CERT);
+ BIO_printf(bio_err,
+ " -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err,
+ " -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err,
+ " -dcert arg - second certificate file to use (usually for DSA)\n");
+ BIO_printf(bio_err,
+ " -dcertform x - second certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err,
+ " -dkey arg - second private key file to use (usually for DSA)\n");
+ BIO_printf(bio_err,
+ " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err,
+ " -dpass arg - second private key file pass phrase source\n");
+ BIO_printf(bio_err,
+ " -dhparam arg - DH parameter file to use, in cert file if not specified\n");
+ BIO_printf(bio_err,
+ " or a default set of parameters is used\n");
#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
- " Use \"openssl ecparam -list_curves\" for all names\n" \
- " (default is nistp256).\n");
+ BIO_printf(bio_err,
+ " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
+ " Use \"openssl ecparam -list_curves\" for all names\n"
+ " (default is nistp256).\n");
#endif
#ifdef FIONBIO
- BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
-#endif
- BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
- BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
- BIO_printf(bio_err," -debug - Print more output\n");
- BIO_printf(bio_err," -msg - Show protocol messages\n");
- BIO_printf(bio_err," -state - Print the SSL states\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
- BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
- BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
- BIO_printf(bio_err," -quiet - No server output\n");
- BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
+ BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n");
+#endif
+ BIO_printf(bio_err,
+ " -nbio_test - test with the non-blocking test bio\n");
+ BIO_printf(bio_err,
+ " -crlf - convert LF from terminal into CRLF\n");
+ BIO_printf(bio_err, " -debug - Print more output\n");
+ BIO_printf(bio_err, " -msg - Show protocol messages\n");
+ BIO_printf(bio_err, " -state - Print the SSL states\n");
+ BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err,
+ " -nocert - Don't use any certificates (Anon-DH)\n");
+ BIO_printf(bio_err,
+ " -cipher arg - play with 'openssl ciphers' to see what goes here\n");
+ BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
+ BIO_printf(bio_err, " -quiet - No server output\n");
+ BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
#ifndef OPENSSL_NO_PSK
- BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
- BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
+ BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
+ BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
# ifndef OPENSSL_NO_JPAKE
- BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
+ BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
# endif
#endif
#ifndef OPENSSL_NO_SRP
- BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n");
- BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
+ BIO_printf(bio_err, " -srpvfile file - The verifier file for SRP\n");
+ BIO_printf(bio_err,
+ " -srpuserseed string - A seed string for a default user salt.\n");
#endif
- BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
+ BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
#ifndef OPENSSL_NO_SSL3_METHOD
- BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
-#endif
- BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
- BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
- BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
- BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
- BIO_printf(bio_err," -dtls1_2 - Just talk DTLSv1.2\n");
- BIO_printf(bio_err," -timeout - Enable timeouts\n");
- BIO_printf(bio_err," -mtu - Set link layer MTU\n");
- BIO_printf(bio_err," -chain - Read a certificate chain\n");
- BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
- BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
- BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
- BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n");
- BIO_printf(bio_err," -no_tls1_2 - Just disable TLSv1.2\n");
+ BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
+#endif
+ BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
+ BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n");
+ BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n");
+ BIO_printf(bio_err, " -dtls1 - Just talk DTLSv1\n");
+ BIO_printf(bio_err, " -dtls1_2 - Just talk DTLSv1.2\n");
+ BIO_printf(bio_err, " -timeout - Enable timeouts\n");
+ BIO_printf(bio_err, " -mtu - Set link layer MTU\n");
+ BIO_printf(bio_err, " -chain - Read a certificate chain\n");
+ BIO_printf(bio_err, " -no_ssl2 - Just disable SSLv2\n");
+ BIO_printf(bio_err, " -no_ssl3 - Just disable SSLv3\n");
+ BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n");
+ BIO_printf(bio_err, " -no_tls1_1 - Just disable TLSv1.1\n");
+ BIO_printf(bio_err, " -no_tls1_2 - Just disable TLSv1.2\n");
#ifndef OPENSSL_NO_DH
- BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
+ BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n");
#endif
#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
-#endif
- BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
- BIO_printf(bio_err," -hack - workaround for early Netscape code\n");
- BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
- BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
- BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
- BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
+ BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n");
+#endif
+ BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n");
+ BIO_printf(bio_err,
+ " -hack - workaround for early Netscape code\n");
+ BIO_printf(bio_err,
+ " -www - Respond to a 'GET /' with a status page\n");
+ BIO_printf(bio_err,
+ " -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err,
+ " -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err,
+ " with the assumption it contains a complete HTTP response.\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+ BIO_printf(bio_err,
+ " -engine id - Initialise and use the specified engine\n");
#endif
- BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
#ifndef OPENSSL_NO_TLSEXT
- BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
- BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
- BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n");
- BIO_printf(bio_err," (default is %s)\n",TEST_CERT2);
- BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n");
- BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
- BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
- BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
- BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+ BIO_printf(bio_err,
+ " -servername host - servername for HostName TLS extension\n");
+ BIO_printf(bio_err,
+ " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
+ BIO_printf(bio_err,
+ " -cert2 arg - certificate file to use for servername\n");
+ BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2);
+ BIO_printf(bio_err,
+ " -key2 arg - Private Key file to use for servername, in cert file if\n");
+ BIO_printf(bio_err, " not specified (default is %s)\n",
+ TEST_CERT2);
+ BIO_printf(bio_err,
+ " -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err,
+ " -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err,
+ " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
- BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
+ BIO_printf(bio_err,
+ " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
# endif
# ifndef OPENSSL_NO_SRTP
- BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+ BIO_printf(bio_err,
+ " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
# endif
- BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
-#endif
- BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
- BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
- BIO_printf(bio_err," -status - respond to certificate status requests\n");
- BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n");
- BIO_printf(bio_err," -status_timeout n - status request responder timeout\n");
- BIO_printf(bio_err," -status_url URL - status request fallback URL\n");
- }
+ BIO_printf(bio_err,
+ " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
+#endif
+ BIO_printf(bio_err,
+ " -keymatexport label - Export keying material using label\n");
+ BIO_printf(bio_err,
+ " -keymatexportlen len - Export len bytes of keying material (default 20)\n");
+ BIO_printf(bio_err,
+ " -status - respond to certificate status requests\n");
+ BIO_printf(bio_err,
+ " -status_verbose - enable status request verbose printout\n");
+ BIO_printf(bio_err,
+ " -status_timeout n - status request responder timeout\n");
+ BIO_printf(bio_err, " -status_url URL - status request fallback URL\n");
+}
-static int local_argc=0;
+static int local_argc = 0;
static char **local_argv;
#ifdef CHARSET_EBCDIC
@@ -609,144 +668,147 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
static int ebcdic_puts(BIO *bp, const char *str);
-#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
-static BIO_METHOD methods_ebcdic=
- {
- BIO_TYPE_EBCDIC_FILTER,
- "EBCDIC/ASCII filter",
- ebcdic_write,
- ebcdic_read,
- ebcdic_puts,
- ebcdic_gets,
- ebcdic_ctrl,
- ebcdic_new,
- ebcdic_free,
- };
-
-typedef struct
-{
- size_t alloced;
- char buff[1];
+# define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
+static BIO_METHOD methods_ebcdic = {
+ BIO_TYPE_EBCDIC_FILTER,
+ "EBCDIC/ASCII filter",
+ ebcdic_write,
+ ebcdic_read,
+ ebcdic_puts,
+ ebcdic_gets,
+ ebcdic_ctrl,
+ ebcdic_new,
+ ebcdic_free,
+};
+
+typedef struct {
+ size_t alloced;
+ char buff[1];
} EBCDIC_OUTBUFF;
BIO_METHOD *BIO_f_ebcdic_filter()
{
- return(&methods_ebcdic);
+ return (&methods_ebcdic);
}
static int ebcdic_new(BIO *bi)
{
- EBCDIC_OUTBUFF *wbuf;
+ EBCDIC_OUTBUFF *wbuf;
- wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
- wbuf->alloced = 1024;
- wbuf->buff[0] = '\0';
+ wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+ wbuf->alloced = 1024;
+ wbuf->buff[0] = '\0';
- bi->ptr=(char *)wbuf;
- bi->init=1;
- bi->flags=0;
- return(1);
+ bi->ptr = (char *)wbuf;
+ bi->init = 1;
+ bi->flags = 0;
+ return (1);
}
static int ebcdic_free(BIO *a)
{
- if (a == NULL) return(0);
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a-