diff options
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/ciphers.c | 14 | ||||
| -rw-r--r-- | apps/cms.c | 15 | ||||
| -rw-r--r-- | apps/crl.c | 16 | ||||
| -rw-r--r-- | apps/dgst.c | 2 | ||||
| -rw-r--r-- | apps/dhparam.c | 6 | ||||
| -rw-r--r-- | apps/dsa.c | 24 | ||||
| -rw-r--r-- | apps/dsaparam.c | 6 | ||||
| -rw-r--r-- | apps/ec.c | 6 | ||||
| -rw-r--r-- | apps/enc.c | 12 | ||||
| -rw-r--r-- | apps/gendsa.c | 2 | ||||
| -rw-r--r-- | apps/genpkey.c | 1 | ||||
| -rw-r--r-- | apps/passwd.c | 4 | ||||
| -rw-r--r-- | apps/pkcs12.c | 2 | ||||
| -rw-r--r-- | apps/req.c | 2 | ||||
| -rw-r--r-- | apps/rsa.c | 18 | ||||
| -rw-r--r-- | apps/s_client.c | 130 | ||||
| -rw-r--r-- | apps/s_server.c | 127 | ||||
| -rw-r--r-- | apps/s_time.c | 6 | ||||
| -rw-r--r-- | apps/speed.c | 16 | ||||
| -rw-r--r-- | apps/ts.c | 2 | ||||
| -rw-r--r-- | apps/verify.c | 2 | ||||
| -rw-r--r-- | apps/x509.c | 28 |
22 files changed, 222 insertions, 219 deletions
diff --git a/apps/ciphers.c b/apps/ciphers.c index b1b3bddd76..a2ccf2842d 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -64,12 +64,8 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, -#ifndef OPENSSL_NO_SSL_TRACE OPT_STDNAME, -#endif -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_TLS1, OPT_V, OPT_UPPER_V, OPT_S } OPTION_CHOICE; @@ -79,13 +75,13 @@ OPTIONS ciphers_options[] = { {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, {"V", OPT_UPPER_V, '-', "Even more verbose"}, {"s", OPT_S, '-', "Only supported ciphers"}, + {"tls1", OPT_TLS1, '-', "TLS1 mode"}, #ifndef OPENSSL_NO_SSL_TRACE {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, #endif #ifndef OPENSSL_NO_SSL3 {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, #endif - {"tls1", OPT_TLS1, '-', "TLS1 mode"}, {NULL} }; @@ -125,16 +121,16 @@ int ciphers_main(int argc, char **argv) case OPT_S: use_supported = 1; break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_STDNAME: +#ifndef OPENSSL_NO_SSL_TRACE stdname = verbose = 1; - break; #endif -#ifndef OPENSSL_NO_SSL3 + break; case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; case OPT_TLS1: meth = TLSv1_client_method(); break; diff --git a/apps/cms.c b/apps/cms.c index 7ccca5be96..e40686b5d4 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -208,6 +208,8 @@ OPTIONS cms_options[] = { {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, {"receipt_request_from", OPT_RR_FROM, 's'}, {"receipt_request_to", OPT_RR_TO, 's'}, + {"", OPT_CIPHER, '-', "Any supported cipher"}, + OPT_V_OPTIONS, # ifndef OPENSSL_NO_AES {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, @@ -219,9 +221,7 @@ OPTIONS cms_options[] = { # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, - OPT_V_OPTIONS, - {NULL}, + {NULL} }; int cms_main(int argc, char **argv) @@ -588,11 +588,11 @@ int cms_main(int argc, char **argv) goto end; vpmtouched++; break; -# ifndef OPENSSL_NO_DES case OPT_3DES_WRAP: +# ifndef OPENSSL_NO_DES wrap_cipher = EVP_des_ede3_wrap(); - break; # endif + break; # ifndef OPENSSL_NO_AES case OPT_AES128_WRAP: wrap_cipher = EVP_aes_128_wrap(); @@ -603,6 +603,11 @@ int cms_main(int argc, char **argv) case OPT_AES256_WRAP: wrap_cipher = EVP_aes_256_wrap(); break; +# else + case OPT_AES128_WRAP: + case OPT_AES192_WRAP: + case OPT_AES256_WRAP: + break; # endif } } diff --git a/apps/crl.c b/apps/crl.c index 17391e24c0..c897335fb7 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -95,11 +95,11 @@ OPTIONS crl_options[] = { {"verify", OPT_VERIFY, '-'}, {"text", OPT_TEXT, '-', "Print out a text format version"}, {"hash", OPT_HASH, '-', "Print hash value"}, + {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, + {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"}, #endif - {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, - {"", OPT_MD, '-', "Any supported digest"}, {NULL} }; @@ -117,11 +117,11 @@ int crl_main(int argc, char **argv) char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; char *CAfile = NULL, *CApath = NULL, *prog; OPTION_CHOICE o; - int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = - 0, text = 0; + int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; - int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = - 0, i, do_ver = 0; + int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0; + int text = 0, do_ver = 0; + int i; #ifndef OPENSSL_NO_MD5 int hash_old = 0; #endif @@ -170,11 +170,11 @@ int crl_main(int argc, char **argv) CAfile = opt_arg(); do_ver = 1; break; -#ifndef OPENSSL_NO_MD5 case OPT_HASH_OLD: +#ifndef OPENSSL_NO_MD5 hash_old = ++num; - break; #endif + break; case OPT_VERIFY: do_ver = 1; break; diff --git a/apps/dgst.c b/apps/dgst.c index 308555c46d..e6142caaff 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -111,11 +111,11 @@ OPTIONS dgst_options[] = { {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"}, {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"}, + {"", OPT_DIGEST, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, {"engine_impl", OPT_ENGINE_IMPL, '-'}, #endif - {"", OPT_DIGEST, '-', "Any supported digest"}, {NULL} }; diff --git a/apps/dhparam.c b/apps/dhparam.c index 931bf10226..2e5ce2c6d3 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -153,13 +153,13 @@ OPTIONS dhparam_options[] = { {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif # ifndef OPENSSL_NO_DSA {"dsaparam", OPT_DSAPARAM, '-', "Read or generate DSA parameters, convert to DH"}, # endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, +# endif {NULL} }; diff --git a/apps/dsa.c b/apps/dsa.c index f02f29399a..f61e151f88 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -82,14 +82,8 @@ OPTIONS dsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"}, {"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, - {"pvk-strong", OPT_PVK_STRONG, '-'}, - {"pvk-weak", OPT_PVK_WEAK, '-'}, - {"pvk-none", OPT_PVK_NONE, '-'}, {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key in text"}, {"modulus", OPT_MODULUS, '-', "Print the DSA public value"}, @@ -98,6 +92,14 @@ OPTIONS dsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifndef OPENSSL_NO_RC4 + {"pvk-strong", OPT_PVK_STRONG, '-'}, + {"pvk-weak", OPT_PVK_WEAK, '-'}, + {"pvk-none", OPT_PVK_NONE, '-'}, +# endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, +# endif {NULL} }; @@ -118,11 +120,6 @@ int dsa_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: -#ifdef OPENSSL_NO_RC4 - case OPT_PVK_STRONG: - case OPT_PVK_WEAK: - case OPT_PVK_NONE: -#endif opthelp: ret = 0; BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); @@ -166,6 +163,11 @@ int dsa_main(int argc, char **argv) case OPT_PVK_NONE: pvk_encr = 0; break; +#else + case OPT_PVK_STRONG: + case OPT_PVK_WEAK: + case OPT_PVK_NONE: + break; #endif case OPT_NOOUT: noout = 1; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index ffd81ff7e5..27170a22a2 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -103,12 +103,12 @@ OPTIONS dsaparam_options[] = { {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, {"rand", OPT_RAND, 's', "Files to use for random number input"}, {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif # ifdef GENCB_TEST {"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"}, # endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, +# endif {NULL} }; @@ -92,9 +92,6 @@ OPTIONS ec_options[] = { {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, {"out", OPT_OUT, '>', "Output file"}, {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key"}, {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"}, @@ -106,6 +103,9 @@ OPTIONS ec_options[] = { "Specifies the way the ec parameters are encoded"}, {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +# endif {NULL} }; diff --git a/apps/enc.c b/apps/enc.c index d045d15965..628142a9f4 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -92,9 +92,6 @@ OPTIONS enc_options[] = { {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pass", OPT_PASS, 's', "Passphrase source"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif {"e", OPT_E, '-', "Encrypt"}, {"d", OPT_D, '-', "Decrypt"}, {"p", OPT_P, '-', "Print the iv/key"}, @@ -107,9 +104,6 @@ OPTIONS enc_options[] = { {"A", OPT_UPPER_A, '-'}, {"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"}, {"base64", OPT_A, '-', "Base64 output as a single line"}, -#ifdef ZLIB - {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, -#endif {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, {"k", OPT_K, 's', "Passphrase"}, {"kfile", OPT_KFILE, '<', "Fead passphrase from file"}, @@ -120,6 +114,12 @@ OPTIONS enc_options[] = { {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, {"none", OPT_NONE, '-', "Don't encrypt"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +#ifdef ZLIB + {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, +#endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif {NULL} }; diff --git a/apps/gendsa.c b/apps/gendsa.c index a832ec3ded..01bbcebf0e 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -84,10 +84,10 @@ OPTIONS gendsa_options[] = { {"passout", OPT_PASSOUT, 's'}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, + {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, {NULL} }; diff --git a/apps/genpkey.c b/apps/genpkey.c index b9843cfef7..7c8d551827 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -89,6 +89,7 @@ OPTIONS genpkey_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + /* This is deliberately last. */ {OPT_HELP_STR, 1, 1, "Order of options may be important! See the documentation.\n"}, {NULL} diff --git a/apps/passwd.c b/apps/passwd.c index f34ef9f534..2e376290d0 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -101,6 +101,8 @@ OPTIONS passwd_options[] = { {"quiet", OPT_QUIET, '-', "No warnings"}, {"table", OPT_TABLE, '-', "Format output as table"}, {"reverse", OPT_REVERSE, '-', "Switch table columns"}, + {"salt", OPT_SALT, 's', "Use provided salt"}, + {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, # ifndef NO_MD5CRYPT_1 {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, {"1", OPT_1, '-', "MD5-based password algorithm"}, @@ -108,8 +110,6 @@ OPTIONS passwd_options[] = { # ifndef OPENSSL_NO_DES {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, # endif - {"salt", OPT_SALT, 's', "Use provided salt"}, - {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, {NULL} }; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 82131e8527..9ab7f69160 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -149,10 +149,10 @@ OPTIONS pkcs12_options[] = { {"password", OPT_PASSWORD, 's', "Set import/export password source"}, {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"}, + {"", OPT_CIPHER, '-', "Any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, {NULL} }; diff --git a/apps/req.c b/apps/req.c index 3bae59ec8b..00d7c4a135 100644 --- a/apps/req.c +++ b/apps/req.c @@ -176,11 +176,11 @@ OPTIONS req_options[] = { "Cert extension section (override value in config file)"}, {"reqexts", OPT_REQEXTS, 's', "Request extension section (override value in config file)"}, + {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"keygen_engine", OPT_KEYGEN_ENGINE, 's'}, #endif - {"", OPT_MD, '-', "Any supported digest"}, {NULL} }; diff --git a/apps/rsa.c b/apps/rsa.c index 87cb70254e..51581aed28 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -138,14 +138,16 @@ OPTIONS rsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"}, {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"}, - {"pvk-strong", OPT_PVK_STRONG, '-'}, - {"pvk-weak", OPT_PVK_WEAK, '-'}, - {"pvk-none", OPT_PVK_NONE, '-'}, {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key in text"}, {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, {"check", OPT_CHECK, '-', "Verify key consistency"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifdef OPENSSL_NO_RC4 + {"pvk-strong", OPT_PVK_STRONG, '-'}, + {"pvk-weak", OPT_PVK_WEAK, '-'}, + {"pvk-none", OPT_PVK_NONE, '-'}, +# endif # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif @@ -170,11 +172,6 @@ int rsa_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: -#ifdef OPENSSL_NO_RC4 - case OPT_PVK_STRONG: - case OPT_PVK_WEAK: - case OPT_PVK_NONE: -#endif opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; @@ -227,6 +224,11 @@ int rsa_main(int argc, char **argv) case OPT_PVK_NONE: pvk_encr = 0; break; +#else + case OPT_PVK_STRONG: + case OPT_PVK_WEAK: + case OPT_PVK_NONE: + break; #endif case OPT_NOOUT: noout = 1; diff --git a/apps/s_client.c b/apps/s_client.c index 009e5fe895..22aa27080d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -509,17 +509,9 @@ OPTIONS s_client_options[] = { {"quiet", OPT_QUIET, '-', "No s_client output"}, {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"}, -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, -#endif {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, - {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-'}, - {"timeout", OPT_TIMEOUT, '-'}, - {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, {"starttls", OPT_STARTTLS, 's', "Use the STARTTLS command before starting TLS"}, {"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""}, @@ -534,6 +526,48 @@ OPTIONS s_client_options[] = { {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', "Export len bytes of keying material (default 20)"}, {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, + {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, + {"CRL", OPT_CRL, '<'}, + {"crl_download", OPT_CRL_DOWNLOAD, '-'}, + {"CRLform", OPT_CRLFORM, 'F'}, + {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, + {"verify_quiet", OPT_VERIFY_QUIET, '-'}, + {"brief", OPT_BRIEF, '-'}, + {"prexit", OPT_PREXIT, '-'}, + {"security_debug", OPT_SECURITY_DEBUG, '-'}, + {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, + {"cert_chain", OPT_CERT_CHAIN, '<'}, + {"chainCApath", OPT_CHAINCAPATH, '/'}, + {"verifyCApath", OPT_VERIFYCAPATH, '/'}, + {"build_chain", OPT_BUILD_CHAIN, '-'}, + {"chainCAfile", OPT_CHAINCAFILE, '<'}, + {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, + {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, + {"servername", OPT_SERVERNAME, 's', + "Set TLS extension servername in ClientHello"}, + {"tlsextdebug", OPT_TLSEXTDEBUG, '-', + "Hex dump of all TLS extensions received"}, + {"status", OPT_STATUS, '-', "Request certificate status from server"}, + {"serverinfo", OPT_SERVERINFO, 's', + "types Send empty ClientHello extensions (comma-separated numbers)"}, + {"alpn", OPT_ALPN, 's', + "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, + OPT_S_OPTIONS, + OPT_V_OPTIONS, + OPT_X_OPTIONS, +#ifndef OPENSSL_NO_SSL3 + {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {"dtls", OPT_DTLS, '-'}, + {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, + {"dtls1_2", OPT_DTLS1_2, '-'}, + {"timeout", OPT_TIMEOUT, '-'}, + {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, +#endif +#ifndef OPENSSL_NO_SSL_TRACE + {"trace", OPT_TRACE, '-'}, +#endif #ifdef WATT32 {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"}, #endif @@ -556,44 +590,14 @@ OPTIONS s_client_options[] = { "Tolerate other than the known g N values."}, {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"}, #endif - {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, - {"servername", OPT_SERVERNAME, 's', - "Set TLS extension servername in ClientHello"}, - {"tlsextdebug", OPT_TLSEXTDEBUG, '-', - "Hex dump of all TLS extensions received"}, - {"status", OPT_STATUS, '-', "Request certificate status from server"}, - {"serverinfo", OPT_SERVERINFO, 's', - "types Send empty ClientHello extensions (comma-separated numbers)"}, - {"alpn", OPT_ALPN, 's', - "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, #ifndef OPENSSL_NO_NEXTPROTONEG {"nextprotoneg", OPT_NEXTPROTONEG, 's', "Enable NPN extension, considering named protocols supported (comma-separated list)"}, #endif - {"CRL", OPT_CRL, '<'}, - {"crl_download", OPT_CRL_DOWNLOAD, '-'}, - {"CRLform", OPT_CRLFORM, 'F'}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, - {"verify_quiet", OPT_VERIFY_QUIET, '-'}, - {"brief", OPT_BRIEF, '-'}, - {"prexit", OPT_PREXIT, '-'}, - {"trace", OPT_TRACE, '-'}, - {"security_debug", OPT_SECURITY_DEBUG, '-'}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, - {"cert_chain", OPT_CERT_CHAIN, '<'}, - {"chainCApath", OPT_CHAINCAPATH, '/'}, - {"verifyCApath", OPT_VERIFYCAPATH, '/'}, - {"build_chain", OPT_BUILD_CHAIN, '-'}, - {"chainCAfile", OPT_CHAINCAFILE, '<'}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, - {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'}, #endif - OPT_S_OPTIONS, - OPT_V_OPTIONS, - OPT_X_OPTIONS, {NULL} }; @@ -706,29 +710,6 @@ int s_client_main(int argc, char **argv) prog = opt_init(argc, argv, s_client_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { -#ifndef WATT32 - case OPT_WDEBUG: -#endif -#ifdef OPENSSL_NO_JPAKE - case OPT_JPAKE: -#endif -#ifdef OPENSSL_NO_SSL_TRACE - case OPT_TRACE: -#endif -#ifdef OPENSSL_NO_PSK - case OPT_PSK_IDENTITY: - case OPT_PSK: -#endif -#ifdef OPENSSL_NO_SSL3 - case OPT_SSL3: -#endif -#ifdef OPENSSL_NO_DTLS1 - case OPT_DTLS: - case OPT_DTLS1: - case OPT_DTLS1_2: - case OPT_TIMEOUT: - case OPT_MTU: -#endif case OPT_EOF: case OPT_ERR: opthelp: @@ -866,22 +847,22 @@ int s_client_main(int argc, char **argv) case OPT_STATUS: c_status_req = 1; break; -#ifdef WATT32 case OPT_WDEBUG: +#ifdef WATT32 dbug_init(); - break; #endif + break; case OPT_MSG: c_msg = 1; break; case OPT_MSGFILE: bio_c_msg = BIO_new_file(opt_arg(), "w"); break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_TRACE: +#ifndef OPENSSL_NO_SSL_TRACE c_msg = 2; - break; #endif + break; case OPT_SECURITY_DEBUG: sdebug = 1; break; @@ -908,6 +889,9 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key); goto end; } +#else + case OPT_PSK_IDENTITY: + case OPT_PSK: break; #endif #ifndef OPENSSL_NO_SRP @@ -941,11 +925,11 @@ int s_client_main(int argc, char **argv) case OPT_SRP_MOREGROUPS: break; #endif -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; case OPT_TLS1_2: meth = TLSv1_2_client_method(); break; @@ -974,6 +958,13 @@ int s_client_main(int argc, char **argv) case OPT_MTU: socket_mtu = atol(opt_arg()); break; +#else + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + break; #endif case OPT_FALLBACKSCSV: fallback_scsv = 1; @@ -1038,13 +1029,12 @@ int s_client_main(int argc, char **argv) goto end; case OPT_SERVERNAME: servername = opt_arg(); - /* meth=TLSv1_client_method(); */ break; -#ifndef OPENSSL_NO_JPAKE case OPT_JPAKE: +#ifndef OPENSSL_NO_JPAKE jpake_secret = opt_arg(); - break; #endif + break; case OPT_USE_SRTP: srtp_profiles = opt_arg(); break; diff --git a/apps/s_server.c b/apps/s_server.c index 189019d1b2..6bd0257a7a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -806,9 +806,7 @@ typedef enum OPTION_choice { OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE, OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, @@ -821,7 +819,6 @@ typedef enum OPTION_choice { OPTIONS s_server_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"port", OPT_PORT, 'p'}, {"accept", OPT_PORT, 'p', "TCP/IP port to accept on (default is " PORT_STR ")"}, @@ -851,9 +848,6 @@ OPTIONS s_server_options[] = { {"dkeyform", OPT_DKEYFORM, 'F', "Second key format (PEM, DER or ENGINE) PEM default"}, {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"}, -#ifdef FIONBIO - {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, -#endif {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"}, {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, {"debug", OPT_DEBUG, '-', "Print more output"}, @@ -865,47 +859,13 @@ OPTIONS s_server_options[] = { {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, {"quiet", OPT_QUIET, '-', "No server output"}, {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"}, -#ifndef OPENSSL_NO_PSK - {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, -# ifndef OPENSSL_NO_JPAKE - {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, -# endif -#endif -#ifndef OPENSSL_NO_SRP - {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, - {"srpuserseed", OPT_SRPUSERSEED, 's', - "A seed string for a default user salt"}, -#endif -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, -#endif {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, -#ifndef OPENSSL_NO_DTLS1 - {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, - {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, - {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, - {"chain", OPT_CHAIN, '-', "Read a certificate chain"}, -#endif -#ifndef OPENSSL_NO_DH - {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, -#endif -#ifndef OPENSSL_NO_EC - {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"}, -#endif {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', "Disable caching and tickets if ephemeral (EC)DH is used"}, {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, - {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"}, - {"id_prefix", OPT_ID_PREFIX, 's', - "Generate SSL/TLS session IDs prefixed by arg"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, {"servername", OPT_SERVERNAME, 's', "Servername for HostName TLS extension"}, {"servername_fatal", OPT_SERVERNAME_FATAL, '-', @@ -916,14 +876,11 @@ OPTIONS s_server_options[] = { "-Private Key file to use for servername if not in -cert2"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, -#ifndef OPENSSL_NO_NEXTPROTONEG - {"nextprotoneg", OPT_NEXTPROTONEG, 's', - "Set the advertised protocols for the NPN extension (comma-separated list)"}, -#endif - {"use_srtp", OPT_SRTP_PROFILES, '<', - "Offer SRTP key management with a colon-separated profile list"}, - {"alpn", OPT_ALPN, 's', - "Set the advertised protocols for the ALPN extension (comma-separated list)"}, + {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"}, + {"id_prefix", OPT_ID_PREFIX, 's', + "Generate SSL/TLS session IDs prefixed by arg"}, + {"rand", OPT_RAND, 's',< |