From 5561419a6033f8ccad9399d5386d6941c0aa44ae Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 12 May 2015 10:35:51 +0100
Subject: Remove Kerberos support from apps

Remove Kerberos related options from the apps to prepare for the
subsequent commits which will remove libcrypto and libssl support for
Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 apps/s_server.c | 54 ++----------------------------------------------------
 1 file changed, 2 insertions(+), 52 deletions(-)

(limited to 'apps/s_server.c')

diff --git a/apps/s_server.c b/apps/s_server.c
index ba281e0950..c54caa6fe2 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -228,8 +228,7 @@ static int s_server_verify = SSL_VERIFY_NONE;
 static int s_server_session_id_context = 1; /* anything will do */
 static const char *s_cert_file = TEST_CERT, *s_key_file =
     NULL, *s_chain_file = NULL;
-static const char *krb5svc = NULL;
-static const char *krb5tab = NULL;
+
 #ifndef OPENSSL_NO_TLSEXT
 static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
 #endif
@@ -833,8 +832,7 @@ typedef enum OPTION_choice {
     OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
     OPT_S_ENUM,
     OPT_V_ENUM,
-    OPT_X_ENUM,
-    OPT_KRB5SVC, OPT_KRBTAB
+    OPT_X_ENUM
 } OPTION_CHOICE;
 
 OPTIONS s_server_options[] = {
@@ -892,8 +890,6 @@ OPTIONS s_server_options[] = {
     {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
 # endif
 #endif
-    {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
-    {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"},
 #ifndef OPENSSL_NO_SRP
     {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
     {"srpuserseed", OPT_SRPUSERSEED, 's',
@@ -1410,12 +1406,6 @@ int s_server_main(int argc, char *argv[])
         case OPT_JPAKE:
             goto opthelp;
 #endif
-        case OPT_KRB5SVC:
-            krb5svc = opt_arg();
-            break;
-        case OPT_KRBTAB:
-            krb5tab = opt_arg();
-            break;
         case OPT_SRTP_PROFILES:
             srtp_profiles = opt_arg();
             break;
@@ -1988,9 +1978,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
     unsigned long l;
     SSL *con = NULL;
     BIO *sbio;
-#ifndef OPENSSL_NO_KRB5
-    KSSL_CTX *kctx;
-#endif
     struct timeval timeout;
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
     struct timeval tv;
@@ -2022,15 +2009,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
             SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
         }
 #endif
-#ifndef OPENSSL_NO_KRB5
-        if ((kctx = kssl_ctx_new()) != NULL) {
-            SSL_set0_kssl_ctx(con, kctx);
-            kssl_ctx_setstring(kctx, KSSL_SERVICE,
-                               krb5svc ? krb5svc : KRB5SVC);
-            if (krb5tab)
-                kssl_ctx_setstring(kctx, KSSL_KEYTAB, krb5tab);
-        }
-#endif                          /* OPENSSL_NO_KRB5 */
         if (context
                 && !SSL_set_session_id_context(con,
                         context, strlen((char *)context))) {
@@ -2400,9 +2378,6 @@ static int init_ssl_connection(SSL *con)
     X509 *peer;
     long verify_error;
     char buf[BUFSIZ];
-#ifndef OPENSSL_NO_KRB5
-    char *client_princ;
-#endif
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
     const unsigned char *next_proto_neg;
     unsigned next_proto_neg_len;
@@ -2503,13 +2478,6 @@ static int init_ssl_connection(SSL *con)
     if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
         TLS1_FLAGS_TLS_PADDING_BUG)
         BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
-    client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
-    if (client_princ != NULL) {
-        BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
-                   client_princ);
-    }
-#endif                          /* OPENSSL_NO_KRB5 */
     BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
                SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
     if (keymatexportlabel != NULL) {
@@ -2558,9 +2526,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
     SSL *con;
     const SSL_CIPHER *c;
     BIO *io, *ssl_bio, *sbio;
-#ifndef OPENSSL_NO_KRB5
-    KSSL_CTX *kctx;
-#endif
 #ifdef RENEG
     int total_bytes = 0;
 #endif
@@ -2594,12 +2559,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
         SSL_set_tlsext_debug_arg(con, bio_s_out);
     }
 #endif
-#ifndef OPENSSL_NO_KRB5
-    if ((kctx = kssl_ctx_new()) != NULL) {
-        kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
-        kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
-    }
-#endif                          /* OPENSSL_NO_KRB5 */
     if (context && !SSL_set_session_id_context(con, context,
                         strlen((char *)context)))
         goto err;
@@ -2927,9 +2886,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
     int ret = 1;
     SSL *con;
     BIO *io, *ssl_bio, *sbio;
-#ifndef OPENSSL_NO_KRB5
-    KSSL_CTX *kctx;
-#endif
 
     buf = app_malloc(bufsize, "server rev buffer");
     io = BIO_new(BIO_f_buffer());
@@ -2949,12 +2905,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
         SSL_set_tlsext_debug_arg(con, bio_s_out);
     }
 #endif
-#ifndef OPENSSL_NO_KRB5
-    if ((kctx = kssl_ctx_new()) != NULL) {
-        kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
-        kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
-    }
-#endif                          /* OPENSSL_NO_KRB5 */
     if (context && !SSL_set_session_id_context(con, context,
                         strlen((char *)context))) {
         ERR_print_errors(bio_err);
-- 
cgit v1.2.3