typedef unsigned int u_int;
#endif
-#include <openssl/lhash.h>
#include <openssl/bn.h>
-#define USE_SOCKETS
#include "apps.h"
#include <openssl/err.h>
#include <openssl/pem.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>
#endif
+#include "internal/sockets.h"
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
static int sv_body(int s, int stype, int prot, unsigned char *context);
if (key_len == EVP_MD_size(EVP_sha256()))
cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
- else if(key_len == EVP_MD_size(EVP_sha384()))
+ else if (key_len == EVP_MD_size(EVP_sha384()))
cipher = SSL_CIPHER_find(ssl, tls13_aes256gcmsha384_id);
if (cipher == NULL) {
if (p->login == NULL && p->user == NULL) {
p->login = SSL_get_srp_username(s);
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
- return (-1);
+ return -1;
}
if (p->user == NULL) {
BIO *next = BIO_next(b);
if (out == NULL || outl == 0)
- return (0);
+ return 0;
if (next == NULL)
- return (0);
+ return 0;
ret = BIO_read(next, out, outl);
if (ret > 0)
int num;
if ((in == NULL) || (inl <= 0))
- return (0);
+ return 0;
if (next == NULL)
return 0;
ret = BIO_write(next, wbuf->buff, inl);
- return (ret);
+ return ret;
}
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO *next = BIO_next(b);
if (next == NULL)
- return (0);
+ return 0;
switch (cmd) {
case BIO_CTRL_DUP:
ret = 0L;
ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
- return (ret);
+ return ret;
}
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
tlsextctx *p = (tlsextctx *) arg;
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (servername != NULL && p->biodebug != NULL)
- BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
- servername);
+
+ if (servername != NULL && p->biodebug != NULL) {
+ const char *cp = servername;
+ unsigned char uc;
+
+ BIO_printf(p->biodebug, "Hostname in TLS extension: \"");
+ while ((uc = *cp++) != 0)
+ BIO_printf(p->biodebug,
+ isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc);
+ BIO_printf(p->biodebug, "\"\n");
+ }
if (p->servername == NULL)
return SSL_TLSEXT_ERR_NOACK;
"PEM serverinfo file for certificate"},
{"certform", OPT_CERTFORM, 'F',
"Certificate format (PEM or DER) PEM default"},
- {"key", OPT_KEY, '<',
+ {"key", OPT_KEY, 's',
"Private Key if not in -cert; default is " TEST_CERT},
{"keyform", OPT_KEYFORM, 'f',
"Key format (PEM, DER or ENGINE) PEM default"},
{"pass", OPT_PASS, 's', "Private key file pass phrase source"},
{"dcert", OPT_DCERT, '<',
"Second certificate file to use (usually for DSA)"},
+ {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
{"dcertform", OPT_DCERTFORM, 'F',
"Second certificate format (PEM or DER) PEM default"},
{"dkey", OPT_DKEY, '<',
#ifdef CHARSET_EBCDIC
BIO_meth_free(methods_ebcdic);
#endif
- return (ret);
+ return ret;
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
BIO_printf(bio_err, "Turned on non blocking io\n");
}
+ con = SSL_new(ctx);
if (con == NULL) {
- con = SSL_new(ctx);
+ ret = -1;
+ goto err;
+ }
- if (s_tlsextdebug) {
- SSL_set_tlsext_debug_callback(con, tlsext_cb);
- SSL_set_tlsext_debug_arg(con, bio_s_out);
- }
+ if (s_tlsextdebug) {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
- if (context
- && !SSL_set_session_id_context(con,
- context, strlen((char *)context))) {
- BIO_printf(bio_err, "Error setting session id context\n");
- ret = -1;
- goto err;
- }
+ if (context != NULL
+ && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
+ BIO_printf(bio_err, "Error setting session id context\n");
+ ret = -1;
+ goto err;
}
+
if (!SSL_clear(con)) {
BIO_printf(bio_err, "Error clearing SSL connection\n");
ret = -1;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
# ifndef OPENSSL_NO_SCTP
- if (prot != IPPROTO_SCTP) {
+ if (prot != IPPROTO_SCTP)
+# endif
/* Turn on cookie exchange. Not necessary for SCTP */
SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
- }
-# endif
} else
#endif
sbio = BIO_new_socket(s, BIO_NOCLOSE);
(void)BIO_flush(bio_s_out);
}
}
- if (write_header)
- BIO_printf(bio_s_out, "No early data received\n");
- else
+ if (write_header) {
+ if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT)
+ BIO_printf(bio_s_out, "No early data received\n");
+ else
+ BIO_printf(bio_s_out, "Early data was rejected\n");
+ } else {
BIO_printf(bio_s_out, "\nEnd of early data\n");
+ }
if (SSL_is_init_finished(con))
print_connection_info(con);
}
if (ret >= 0)
BIO_printf(bio_s_out, "ACCEPT\n");
(void)BIO_flush(bio_s_out);
- return (ret);
+ return ret;
}
static void close_accept_socket(void)
if ((dtlslisten && i == 0)
|| (!dtlslisten && retry)) {
BIO_printf(bio_s_out, "DELAY\n");
- return (1);
+ return 1;
}
BIO_printf(bio_err, "ERROR\n");
}
/* Always print any error messages */
ERR_print_errors(bio_err);
- return (0);
+ return 0;
}
print_connection_info(con);
ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
err:
BIO_free(bio);
- return (ret);
+ return ret;
}
#endif
BIO_printf(bio_s_out, "ACCEPT\n");
OPENSSL_free(buf);
BIO_free_all(io);
- return (ret);
+ return ret;
}
static int rev_body(int s, int stype, int prot, unsigned char *context)
OPENSSL_free(buf);
BIO_free_all(io);
- return (ret);
+ return ret;
}
#define MAX_SESSION_ID_ATTEMPTS 10