From 3ca28c9e81fae36b0b44dc39beecd2b5a7561975 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20Kotal?= Date: Thu, 1 Jun 2023 19:55:54 +0200 Subject: allow to disable http Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/21108) --- apps/cmp.c | 66 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) (limited to 'apps/cmp.c') diff --git a/apps/cmp.c b/apps/cmp.c index fa2f49585f..72acabcb6f 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -68,7 +68,7 @@ typedef enum { } cmp_cmd_t; /* message transfer */ -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) static char *opt_server = NULL; static char *opt_proxy = NULL; static char *opt_no_proxy = NULL; @@ -141,7 +141,7 @@ static int opt_keyform = FORMAT_UNDEF; static char *opt_otherpass = NULL; static char *opt_engine = NULL; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) /* TLS connection */ static int opt_tls_used = 0; static char *opt_tls_cert = NULL; @@ -164,7 +164,7 @@ static char *opt_rspout = NULL; static int opt_use_mock_srv = 0; /* mock server */ -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) static char *opt_port = NULL; static int opt_max_msgs = 0; #endif @@ -213,7 +213,7 @@ typedef enum OPTION_choice { OPT_OLDCERT, OPT_REVREASON, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) OPT_SERVER, OPT_PROXY, OPT_NO_PROXY, #endif OPT_RECIPIENT, OPT_PATH, @@ -236,7 +236,7 @@ typedef enum OPTION_choice { OPT_PROV_ENUM, OPT_R_ENUM, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY, OPT_TLS_KEYPASS, OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST, @@ -246,7 +246,7 @@ typedef enum OPTION_choice { OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT, OPT_USE_MOCK_SRV, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) OPT_PORT, OPT_MAX_MSGS, #endif OPT_SRV_REF, OPT_SRV_SECRET, @@ -346,9 +346,9 @@ const OPTIONS cmp_options[] = { "0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"}, OPT_SECTION("Message transfer"), -#ifdef OPENSSL_NO_SOCK +#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP) {OPT_MORE_STR, 0, 0, - "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"}, + "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock/no-http build"}, #else {"server", OPT_SERVER, 's', "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."}, @@ -441,9 +441,9 @@ const OPTIONS cmp_options[] = { OPT_R_OPTIONS, OPT_SECTION("TLS connection"), -#ifdef OPENSSL_NO_SOCK +#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP) {OPT_MORE_STR, 0, 0, - "NOTE: -tls_used and all other TLS options not supported due to no-sock build"}, + "NOTE: -tls_used and all other TLS options not supported due to no-sock/no-http build"}, #else {"tls_used", OPT_TLS_USED, '-', "Enable using TLS (also when other TLS options are not set)"}, @@ -482,9 +482,9 @@ const OPTIONS cmp_options[] = { "Use internal mock server at API level, bypassing socket-based HTTP"}, OPT_SECTION("Mock server"), -#ifdef OPENSSL_NO_SOCK +#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP) {OPT_MORE_STR, 0, 0, - "NOTE: -port and -max_msgs not supported due to no-sock build"}, + "NOTE: -port and -max_msgs not supported due to no-sock/no-http build"}, #else {"port", OPT_PORT, 's', "Act as HTTP-based mock server listening on given port"}, @@ -571,7 +571,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {&opt_oldcert}, {(char **)&opt_revreason}, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) {&opt_server}, {&opt_proxy}, {&opt_no_proxy}, #endif {&opt_recipient}, {&opt_path}, {(char **)&opt_keep_alive}, @@ -593,7 +593,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {&opt_engine}, #endif -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) {(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key}, {&opt_tls_keypass}, {&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host}, @@ -604,7 +604,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {&opt_reqout}, {&opt_rspin}, {&opt_rspout}, {(char **)&opt_use_mock_srv}, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) {&opt_port}, {(char **)&opt_max_msgs}, #endif {&opt_srv_ref}, {&opt_srv_secret}, @@ -807,7 +807,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, CMP_warn("too few -rspin filename arguments; resorting to using mock server"); res = OSSL_CMP_CTX_server_perform(ctx, actual_req); } else { -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL) { CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments"); goto err; @@ -816,7 +816,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, CMP_warn("too few -rspin filename arguments; resorting to contacting server"); res = OSSL_CMP_MSG_http_perform(ctx, actual_req); #else - CMP_err("-server not supported on no-sock build; missing -use_mock_srv option or too few -rspin filename arguments"); + CMP_err("-server not supported on no-sock/no-http build; missing -use_mock_srv option or too few -rspin filename arguments"); #endif } rspin_in_use = 0; @@ -1232,7 +1232,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) return 1; } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) /* * set up ssl_ctx for the OSSL_CMP_CTX based on options from config file/CLI. * Returns pointer on success, NULL on error @@ -1854,7 +1854,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { int ret = 0; char *host = NULL, *port = NULL, *path = NULL, *used_path = opt_path; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) int portnum, use_ssl; static char server_port[32] = { '\0' }; const char *proxy_host = NULL; @@ -1863,7 +1863,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) char proxy_buf[200] = ""; if (!opt_use_mock_srv && opt_rspin == NULL) { /* note: -port is not given */ -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL) { CMP_err("missing -server or -use_mock_srv or -rspin option"); goto err; @@ -1873,7 +1873,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) goto err; #endif } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL) { if (opt_proxy != NULL) CMP_warn("ignoring -proxy option since -server is not given"); @@ -1967,7 +1967,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) || opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv) (void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp); -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_tls_used) { APP_HTTP_TLS_INFO *info; @@ -2404,7 +2404,7 @@ static int get_opts(int argc, char **argv) if (!set_verbosity(opt_int_arg())) goto opthelp; break; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) case OPT_SERVER: opt_server = opt_str(); break; @@ -2434,7 +2434,7 @@ static int get_opts(int argc, char **argv) case OPT_TOTAL_TIMEOUT: opt_total_timeout = opt_int_arg(); break; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) case OPT_TLS_USED: opt_tls_used = 1; break; @@ -2650,7 +2650,7 @@ static int get_opts(int argc, char **argv) opt_use_mock_srv = 1; break; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) case OPT_PORT: opt_port = opt_str(); break; @@ -2739,7 +2739,7 @@ static int get_opts(int argc, char **argv) return 1; } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) { BIO *acbio; @@ -2827,7 +2827,7 @@ static void print_status(void) OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN); const char *from = "", *server = ""; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server != NULL) { from = " from "; server = opt_server; @@ -3006,7 +3006,7 @@ int cmp_main(int argc, char **argv) goto err; } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_tls_cert == NULL && opt_tls_key == NULL && opt_tls_keypass == NULL && opt_tls_extra == NULL && opt_tls_trusted == NULL && opt_tls_host == NULL) { @@ -3040,7 +3040,7 @@ int cmp_main(int argc, char **argv) #endif if (opt_use_mock_srv -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) || opt_port != NULL #endif ) { @@ -3057,7 +3057,7 @@ int cmp_main(int argc, char **argv) OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity); } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_tls_used && (opt_use_mock_srv || opt_server == NULL)) { CMP_warn("ignoring -tls_used option since -use_mock_srv is given or -server is not given"); opt_tls_used = 0; @@ -3145,7 +3145,7 @@ int cmp_main(int argc, char **argv) cleanse(opt_keypass); cleanse(opt_newkeypass); cleanse(opt_otherpass); -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) cleanse(opt_tls_keypass); #endif cleanse(opt_secret); @@ -3156,7 +3156,7 @@ int cmp_main(int argc, char **argv) OSSL_CMP_CTX_print_errors(cmp_ctx); if (cmp_ctx != NULL) { -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx); (void)OSSL_CMP_CTX_set_http_cb_arg(cmp_ctx, NULL); @@ -3165,7 +3165,7 @@ int cmp_main(int argc, char **argv) X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); /* cannot free info already here, as it may be used indirectly by: */ OSSL_CMP_CTX_free(cmp_ctx); -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (info != NULL) { OPENSSL_free((char *)info->server); OPENSSL_free((char *)info->port); -- cgit v1.2.3