BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
/* lookup PSK identity and PSK key based on the given identity hint here */
- ret = BIO_snprintf(identity, max_identity_len, psk_identity);
+ ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
if (ret < 0 || (unsigned int)ret > max_identity_len)
goto out_err;
if (c_debug)
#ifndef OPENSSL_NO_PSK
BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
-# ifdef OPENSSL_EXPERIMENTAL_JPAKE
+# ifndef OPENSSL_NO_JPAKE
BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
# endif
#endif
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
- BIO_printf(bio_err," -mtu - set the MTU\n");
+ BIO_printf(bio_err," -mtu - set the link layer MTU\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
{
int off=0;
SSL *con=NULL;
- X509_STORE *store = NULL;
int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
int starttls_proto = PROTO_OFF;
- int prexit = 0, vflags = 0;
+ int prexit = 0;
+ X509_VERIFY_PARAM *vpm = NULL;
+ int badarg = 0;
const SSL_METHOD *meth=NULL;
int socket_type=SOCK_STREAM;
BIO *sbio;
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
char *ssl_client_engine_id=NULL;
- ENGINE *e=NULL, *ssl_client_engine=NULL;
+ ENGINE *ssl_client_engine=NULL;
#endif
+ ENGINE *e=NULL;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
struct timeval tv;
#if defined(OPENSSL_SYS_BEOS_R5)
int peerlen = sizeof(peer);
int enable_timeouts = 0 ;
long socket_mtu = 0;
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
char *jpake_secret = NULL;
#endif
if (--argc < 1) goto bad;
cert_format = str2fmt(*(++argv));
}
- else if (strcmp(*argv,"-crl_check") == 0)
- vflags |= X509_V_FLAG_CRL_CHECK;
- else if (strcmp(*argv,"-crl_check_all") == 0)
- vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+ else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
+ {
+ if (badarg)
+ goto bad;
+ continue;
+ }
else if (strcmp(*argv,"-verify_return_error") == 0)
verify_return_error = 1;
else if (strcmp(*argv,"-prexit") == 0)
/* meth=TLSv1_client_method(); */
}
#endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
else if (strcmp(*argv,"-jpake") == 0)
{
if (--argc < 1) goto bad;
goto end;
}
-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
if (jpake_secret)
{
if (psk_key)
goto end;
}
+ if (vpm)
+ SSL_CTX_set1_param(ctx, vpm);
+
#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine)
{
#endif
#ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
+ if (psk_key != NULL)
+#else
if (psk_key != NULL || jpake_secret)
+#endif
{
if (c_debug)
BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
/* goto end; */
}
- store = SSL_CTX_get_cert_store(ctx);
- X509_STORE_set_flags(store, vflags);
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL)
{
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
- if (socket_mtu > 0)
+ if (socket_mtu > 28)
{
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu);
+ SSL_set_mtu(con, socket_mtu - 28);
}
else
/* want to do MTU discovery */
#endif
}
#endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
if (jpake_secret)
jpake_client_auth(bio_c_out, sbio, jpake_secret);
#endif