BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err,
" -trusted_first - Use local CA's first when building trust chain\n");
+ BIO_printf(bio_err,
+ " -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err,
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err,
PW_CB_DATA cb_tmp;
int l;
+ if(!pass) {
+ BIO_printf(bio_err, "Malloc failure\n");
+ return NULL;
+ }
+
cb_tmp.password = (char *)srp_arg->srppassin;
cb_tmp.prompt_info = "SRP user";
if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
if (sdebug)
ssl_ctx_security_debug(ctx, bio_err, sdebug);
- if (vpm)
- SSL_CTX_set1_param(ctx, vpm);
+ if (vpm && !SSL_CTX_set1_param(ctx, vpm)) {
+ BIO_printf(bio_err, "Error setting verify params\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake)) {
ERR_print_errors(bio_err);
}
#endif
#ifndef OPENSSL_NO_SRTP
- if (srtp_profiles != NULL)
- SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+ if (srtp_profiles != NULL) {
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles)) {
+ BIO_printf(bio_err, "Error setting SRTP profile\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
#endif
if (exc)
ssl_ctx_set_excert(ctx, exc);
BIO_printf(bio_err, "Error parsing -alpn argument\n");
goto end;
}
- SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len)) {
+ BIO_printf(bio_err, "Error setting ALPN\n");
+ goto end;
+ }
OPENSSL_free(alpn);
}
#endif
#ifndef OPENSSL_NO_TLSEXT
for (i = 0; i < serverinfo_types_count; i++) {
- SSL_CTX_add_client_custom_ext(ctx,
+ if(!SSL_CTX_add_client_custom_ext(ctx,
serverinfo_types[i],
NULL, NULL, NULL,
- serverinfo_cli_parse_cb, NULL);
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Warning: Unable to add custom extension %u. "
+ "Skipping\n", serverinfo_types[i]);
+ }
}
#endif
if (state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
-#if 0
- else
- SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
-#endif
SSL_CTX_set_verify(ctx, verify, verify_callback);
- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx))) {
- /*
- * BIO_printf(bio_err,"error setting default verify locations\n");
- */
+ if ((CAfile || CApath)
+ && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
ERR_print_errors(bio_err);
- /* goto end; */
}
ssl_ctx_add_crls(ctx, crls, crl_download);
ERR_print_errors(bio_err);
goto end;
}
- SSL_set_session(con, sess);
+ if(!SSL_set_session(con, sess)) {
+ BIO_printf(bio_err, "Can't set session\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
SSL_SESSION_free(sess);
}
SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
-# if 0
- {
- STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
- OCSP_RESPID *id = OCSP_RESPID_new();
- id->value.byKey = ASN1_OCTET_STRING_new();
- id->type = V_OCSP_RESPID_KEY;
- ASN1_STRING_set(id->value.byKey, "Hello World", -1);
- sk_OCSP_RESPID_push(ids, id);
- SSL_set_tlsext_status_ids(con, ids);
- }
-# endif
}
#endif
#ifndef OPENSSL_NO_JPAKE
tty_on = 1;
if (in_init) {
in_init = 0;
-#if 0 /* This test doesn't really work as intended
- * (needs to be fixed) */
-# ifndef OPENSSL_NO_TLSEXT
- if (servername != NULL && !SSL_session_reused(con)) {
- BIO_printf(bio_c_out,
- "Server did %sacknowledge servername extension.\n",
- tlsextcbp.ack ? "" : "not ");
- }
-# endif
-#endif
if (sess_out) {
BIO *stmp = BIO_new_file(sess_out, "w");
if (stmp) {
}
}
#endif
-#if 1
k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
-#else
-/* Demo for pending and peek :-) */
- k = SSL_read(con, sbuf, 16);
- {
- char zbuf[10240];
- printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con),
- SSL_peek(con, zbuf, 10240));
- }
-#endif
switch (SSL_get_error(con, k)) {
case SSL_ERROR_NONE:
X509_free(cert);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
- if (key)
- EVP_PKEY_free(key);
+ EVP_PKEY_free(key);
if (chain)
sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_cleanse(mbuf, BUFSIZZ);
OPENSSL_free(mbuf);
}
- if (bio_c_out != NULL) {
- BIO_free(bio_c_out);
- bio_c_out = NULL;
- }
- if (bio_c_msg != NULL) {
- BIO_free(bio_c_msg);
- bio_c_msg = NULL;
- }
+ BIO_free(bio_c_out);
+ bio_c_out = NULL;
+ BIO_free(bio_c_msg);
+ bio_c_msg = NULL;
apps_shutdown();
OPENSSL_EXIT(ret);
}