* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <sys/types.h>
+
#include <sys/stat.h>
#include <openssl/e_os2.h>
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
+#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
+#include <sys/types.h>
+#endif
+
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
#include <openssl/rand.h>
#include "s_apps.h"
-#ifdef OPENSSL_SYS_WINDOWS
-#include <conio.h>
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
#endif
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
static DH *load_dh_param(char *dhfile);
static DH *get_dh512(void);
#endif
+
#ifdef MONOLITH
static void s_server_init(void);
#endif
}
#endif
+
/* static int load_CA(SSL_CTX *ctx, char *file);*/
#undef BUFSIZZ
static BIO *bio_s_out=NULL;
static int s_debug=0;
+static int s_msg=0;
static int s_quiet=0;
static int hack=0;
+#ifndef OPENSSL_NO_ENGINE
static char *engine_id=NULL;
+#endif
static const char *session_id_prefix=NULL;
#ifdef MONOLITH
bio_s_out=NULL;
s_debug=0;
+ s_msg=0;
s_quiet=0;
hack=0;
+#ifndef OPENSSL_NO_ENGINE
engine_id=NULL;
+#endif
}
#endif
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
- BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
+ BIO_printf(bio_err," -cert arg - certificate file to use\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n");
+ BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
+ BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
+ BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
+ BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");
BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
BIO_printf(bio_err," or a default set of parameters is used\n");
+#ifndef OPENSSL_NO_ECDH
+ BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
+ " Use \"openssl ecparam -list_curves\" for all names\n" \
+ " (default is sect163r2).\n");
+#endif
#ifdef FIONBIO
BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
#endif
BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
BIO_printf(bio_err," -debug - Print more output\n");
+ BIO_printf(bio_err," -msg - Show protocol messages\n");
BIO_printf(bio_err," -state - Print the SSL states\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
#ifndef OPENSSL_NO_DH
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+ BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
#endif
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
static int ebcdic_new(BIO *bi);
static int ebcdic_free(BIO *a);
static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, char *str);
+static int ebcdic_puts(BIO *bp, const char *str);
#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
static BIO_METHOD methods_ebcdic=
return(ret);
}
-static int ebcdic_write(BIO *b, char *in, int inl)
+static int ebcdic_write(BIO *b, const char *in, int inl)
{
EBCDIC_OUTBUFF *wbuf;
int ret=0;
return(ret);
}
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret;
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
- int i, ret;
+ int i, ret=0;
if (bp->next_bio == NULL) return(0);
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i=0; i<size-1; ++i)
return (ret < 0 && i == 0) ? ret : i;
}
-static int ebcdic_puts(BIO *bp, char *str)
+static int ebcdic_puts(BIO *bp, const char *str)
{
if (bp->next_bio == NULL) return(0);
return ebcdic_write(bp, str, strlen(str));
char *CApath=NULL,*CAfile=NULL;
char *context = NULL;
char *dhfile = NULL;
+ char *named_curve = NULL;
int badop=0,bugs=0;
int ret=1;
int off=0;
- int no_tmp_rsa=0,no_dhe=0,nocert=0;
+ int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e=NULL;
+#endif
char *inrand=NULL;
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+ char *passarg = NULL, *pass = NULL;
+ char *dpassarg = NULL, *dpass = NULL;
+ int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+ X509 *s_cert = NULL, *s_dcert = NULL;
+ EVP_PKEY *s_key = NULL, *s_dkey = NULL;
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
verify_depth=0;
#ifdef FIONBIO
s_nbio=0;
if (--argc < 1) goto bad;
s_cert_file= *(++argv);
}
+ else if (strcmp(*argv,"-certform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_cert_format = str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
s_key_file= *(++argv);
}
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_key_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-pass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passarg = *(++argv);
+ }
else if (strcmp(*argv,"-dhparam") == 0)
{
if (--argc < 1) goto bad;
dhfile = *(++argv);
}
+#ifndef OPENSSL_NO_ECDH
+ else if (strcmp(*argv,"-named_curve") == 0)
+ {
+ if (--argc < 1) goto bad;
+ named_curve = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-dcertform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_dcert_format = str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-dcert") == 0)
{
if (--argc < 1) goto bad;
s_dcert_file= *(++argv);
}
+ else if (strcmp(*argv,"-dkeyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_dkey_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-dpass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ dpassarg = *(++argv);
+ }
else if (strcmp(*argv,"-dkey") == 0)
{
if (--argc < 1) goto bad;
}
else if (strcmp(*argv,"-debug") == 0)
{ s_debug=1; }
+ else if (strcmp(*argv,"-msg") == 0)
+ { s_msg=1; }
else if (strcmp(*argv,"-hack") == 0)
{ hack=1; }
else if (strcmp(*argv,"-state") == 0)
{ no_tmp_rsa=1; }
else if (strcmp(*argv,"-no_dhe") == 0)
{ no_dhe=1; }
+ else if (strcmp(*argv,"-no_ecdhe") == 0)
+ { no_ecdhe=1; }
else if (strcmp(*argv,"-www") == 0)
{ www=1; }
else if (strcmp(*argv,"-WWW") == 0)
if (--argc < 1) goto bad;
session_id_prefix = *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
goto end;
}
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine_id, 1);
+#endif
+
+ if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+
+ if (s_key_file == NULL)
+ s_key_file = s_cert_file;
+
+ s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
+ "server certificate private key file");
+ if (!s_key)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
+ NULL, e, "server certificate file");
+
+ if (!s_cert)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (s_dcert_file)
+ {
+
+ if (s_dkey_file == NULL)
+ s_dkey_file = s_dcert_file;
+
+ s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
+ 0, dpass, e,
+ "second certificate private key file");
+ if (!s_dkey)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
+ NULL, e, "second server certificate file");
+
+ if (!s_dcert)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ }
+
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
if (bio_s_out == NULL)
{
- if (s_quiet && !s_debug)
+ if (s_quiet && !s_debug && !s_msg)
{
bio_s_out=BIO_new(BIO_s_null());
}
}
}
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
if (nocert)
#endif
{
s_dkey_file=NULL;
}
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
-
- e = setup_engine(bio_err, engine_id, 1);
-
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
DH_free(dh);
}
#endif
+
+#ifndef OPENSSL_NO_ECDH
+ if (!no_ecdhe)
+ {
+ EC_KEY *ecdh=NULL;
+
+ ecdh = EC_KEY_new();
+ if (ecdh == NULL)
+ {
+ BIO_printf(bio_err,"Could not create ECDH struct.\n");
+ goto end;
+ }
+
+ if (named_curve)
+ {
+ int nid = OBJ_sn2nid(named_curve);
+
+ if (nid == 0)
+ {
+ BIO_printf(bio_err, "unknown curve name (%s)\n",
+ named_curve);
+ goto end;
+ }
+
+ ecdh->group = EC_GROUP_new_by_nid(nid);
+ if (ecdh->group == NULL)
+ {
+ BIO_printf(bio_err, "unable to create curve (%s)\n",
+ named_curve);
+ goto end;
+ }
+ }
+
+ if (ecdh->group != NULL)
+ {
+ BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
+ }
+ else
+ {
+ BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
+ ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
+ if (ecdh->group == NULL)
+ {
+ BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
+ goto end;
+ }
+ }
+ (void)BIO_flush(bio_s_out);
+
+ SSL_CTX_set_tmp_ecdh(ctx,ecdh);
+ EC_KEY_free(ecdh);
+ }
+#endif
- if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
+ if (!set_cert_key_stuff(ctx,s_cert,s_key))
goto end;
- if (s_dcert_file != NULL)
+ if (s_dcert != NULL)
{
- if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
+ if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
goto end;
}
ret=0;
end:
if (ctx != NULL) SSL_CTX_free(ctx);
+ if (s_cert)
+ X509_free(s_cert);
+ if (s_dcert)
+ X509_free(s_dcert);
+ if (s_key)
+ EVP_PKEY_free(s_key);
+ if (s_dkey)
+ EVP_PKEY_free(s_dkey);
+ if (pass)
+ OPENSSL_free(pass);
+ if (dpass)
+ OPENSSL_free(dpass);
if (bio_s_out != NULL)
{
BIO_free(bio_s_out);
bio_s_out=NULL;
}
apps_shutdown();
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
{
BIO_printf(bio,"%4ld items in the session cache\n",
SSL_CTX_sess_number(ssl_ctx));
- BIO_printf(bio,"%4d client connects (SSL_connect())\n",
+ BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
SSL_CTX_sess_connect(ssl_ctx));
- BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
+ BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
SSL_CTX_sess_connect_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4d client connects that finished\n",
+ BIO_printf(bio,"%4ld client connects that finished\n",
SSL_CTX_sess_connect_good(ssl_ctx));
- BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
+ BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
SSL_CTX_sess_accept(ssl_ctx));
- BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
+ BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
SSL_CTX_sess_accept_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4d server accepts that finished\n",
+ BIO_printf(bio,"%4ld server accepts that finished\n",
SSL_CTX_sess_accept_good(ssl_ctx));
- BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
- BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
- BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
- BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
- BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
+ BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
+ BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
+ BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
+ BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+ BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
SSL_CTX_sess_cache_full(ssl_ctx),
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
unsigned long l;
SSL *con=NULL;
BIO *sbio;
-#ifdef OPENSSL_SYS_WINDOWS
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
#endif
if (s_debug)
{
con->debug=1;
- BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
}
+ if (s_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_s_out);
+ }
width=s+1;
for (;;)
if (!read_from_sslcon)
{
FD_ZERO(&readfds);
-#ifndef OPENSSL_SYS_WINDOWS
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
FD_SET(fileno(stdin),&readfds);
#endif
FD_SET(s,&readfds);
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
-#ifdef OPENSSL_SYS_WINDOWS
- /* Under Windows we can't select on stdin: only
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
if (buf != NULL)
{
- memset(buf,0,bufsize);
+ OPENSSL_cleanse(buf,bufsize);
OPENSSL_free(buf);
}
if (ret >= 0)
{
BIO_printf(bio_s_out,"Client certificate\n");
PEM_write_bio_X509(bio_s_out,peer);
- X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
+ X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
BIO_printf(bio_s_out,"subject=%s\n",buf);
- X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
+ X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
BIO_printf(bio_s_out,"issuer=%s\n",buf);
X509_free(peer);
}
- if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
+ if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
-
+#ifndef OPENSSL_NO_KRB5
+ if (con->kssl_ctx->client_princ != NULL)
+ {
+ BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
+ con->kssl_ctx->client_princ);
+ }
+#endif /* OPENSSL_NO_KRB5 */
return(1);
}
if (s_debug)
{
con->debug=1;
- BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
}
+ if (s_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_s_out);
+ }
blank=0;
for (;;)
else
{
BIO_printf(bio_s_out,"read R BLOCK\n");
-#ifndef OPENSSL_SYS_MSDOS
+#if defined(OPENSSL_SYS_NETWARE)
+ delay(1000);
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
sleep(1);
#endif
continue;
#ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
{
+ BIGNUM *bn = NULL;
static RSA *rsa_tmp=NULL;
- if (rsa_tmp == NULL)
+ if (!rsa_tmp && ((bn = BN_new()) == NULL))
+ BIO_printf(bio_err,"Allocation error in generating RSA key\n");
+ if (!rsa_tmp && bn)
{
if (!s_quiet)
{
BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
(void)BIO_flush(bio_err);
}
- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+ if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
+ !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
+ {
+ if(rsa_tmp) RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
if (!s_quiet)
{
BIO_printf(bio_err,"\n");
(void)BIO_flush(bio_err);
}
+ BN_free(bn);
}
return(rsa_tmp);
}
projects / openssl.git / blobdiff