From bf48836c7c0f43fd4cabde2721537f0914cfb0f4 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sun, 5 Sep 2010 17:14:01 +0000 Subject: Fixes to NPN from Adam Langley. --- apps/apps.c | 6 +++--- apps/apps.h | 2 +- apps/s_client.c | 16 ++++++++-------- apps/s_server.c | 18 +++++++++--------- 4 files changed, 21 insertions(+), 21 deletions(-) (limited to 'apps') diff --git a/apps/apps.c b/apps/apps.c index 5bd19c5d01..3344d533b2 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -3032,7 +3032,7 @@ int raw_write_stdout(const void *buf,int siz) { return write(fileno(stdout),buf,siz); } #endif -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) /* next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. * outlen: (output) set to the length of the resulting buffer on success. @@ -3047,7 +3047,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) size_t i, start = 0; len = strlen(in); - if (len > 65535) + if (len >= 65535) return NULL; out = OPENSSL_malloc(strlen(in) + 1); @@ -3073,4 +3073,4 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) *outlen = len + 1; return out; } -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NPN */ +#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ diff --git a/apps/apps.h b/apps/apps.h index bc4d6eea0c..8bd36436db 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -365,6 +365,6 @@ int raw_write_stdout(const void *,int); double app_tminterval (int stop,int usertime); #endif -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG unsigned char *next_protos_parse(unsigned short *outlen, const char *in); #endif diff --git a/apps/s_client.c b/apps/s_client.c index 11da205246..8cd5a38a09 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -343,7 +343,7 @@ static void sc_usage(void) BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); # endif #endif @@ -371,7 +371,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) return SSL_TLSEXT_ERR_OK; } -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { unsigned char *data; @@ -403,7 +403,7 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); return SSL_TLSEXT_ERR_OK; } -# endif /* ndef OPENSSL_NO_NPN */ +# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ #endif enum @@ -467,7 +467,7 @@ int MAIN(int argc, char **argv) char *servername = NULL; tlsextctx tlsextcbp = {NULL,0}; -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; # endif #endif @@ -701,7 +701,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-no_ticket") == 0) { off|=SSL_OP_NO_TICKET; } -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-nextprotoneg") == 0) { if (--argc < 1) goto bad; @@ -814,7 +814,7 @@ bad: OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) next_proto.status = -1; if (next_proto_neg_in) { @@ -950,7 +950,7 @@ bad: */ if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.data) SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); #endif @@ -1815,7 +1815,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) expansion ? SSL_COMP_get_name(expansion) : "NONE"); #endif -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.status != -1) { const unsigned char *proto; unsigned int proto_len; diff --git a/apps/s_server.c b/apps/s_server.c index 29c737c251..f1fbbcaf1f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -496,12 +496,12 @@ static void sv_usage(void) BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); -# ifndef OPENSSL_NO_NPN BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); -# endif BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +# ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); +# endif #endif } @@ -837,7 +837,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); goto done; } -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG /* This is the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { unsigned char *data; @@ -901,7 +901,7 @@ int MAIN(int argc, char *argv[]) #endif #ifndef OPENSSL_NO_TLSEXT tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; tlsextnextprotoctx next_proto; # endif @@ -1237,7 +1237,7 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_key_file2= *(++argv); } -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-nextprotoneg") == 0) { if (--argc < 1) goto bad; @@ -1348,7 +1348,7 @@ bad: goto end; } } -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG if (next_proto_neg_in) { unsigned short len; @@ -1548,7 +1548,7 @@ bad: SSL_CTX_set1_param(ctx2, vpm); } -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG if (next_proto.data) SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); # endif @@ -2245,7 +2245,7 @@ static int init_ssl_connection(SSL *con) X509 *peer; long verify_error; MS_STATIC char buf[BUFSIZ]; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) const unsigned char *next_proto_neg; unsigned next_proto_neg_len; #endif @@ -2288,7 +2288,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); if (next_proto_neg) { -- cgit v1.2.3