New -set_serial options to 'req' and 'x509'.

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 7b6a2b0a2d6c3e1715deb41059284d26b4f8b817..86d2ca70c41a08ac343191209f96900d7939fdaf 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -231,6 +231,7 @@ static void sv_usage(void)
        BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
        BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
        BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
+       BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
        BIO_printf(bio_err," -quiet        - No server output\n");
        BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
        BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
@@ -246,6 +247,7 @@ static void sv_usage(void)
        BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
        BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
        BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+       BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
        }
 
 static int local_argc=0;
@@ -416,6 +418,7 @@ int MAIN(int argc, char *argv[])
        int state=0;
        SSL_METHOD *meth=NULL;
        ENGINE *e=NULL;
+       char *inrand=NULL;
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
        meth=SSLv23_server_method();
@@ -508,6 +511,8 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
+               else if (strcmp(*argv,"-serverpref") == 0)
+                       { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -572,6 +577,11 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        engine_id= *(++argv);
                        }
+               else if (strcmp(*argv,"-rand") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       inrand= *(++argv);
+                       }
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -588,7 +598,14 @@ bad:
                goto end;
                }
 
-       app_RAND_load_file(NULL, bio_err, 0);
+       if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+               && !RAND_status())
+               {
+               BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+               }
+       if (inrand != NULL)
+               BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
 
        if (bio_s_out == NULL)
                {
@@ -821,6 +838,13 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 
        if (con == NULL) {
                con=SSL_new(ctx);
+#ifndef NO_KRB5
+               if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+                        {
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+                        }
+#endif /* NO_KRB5 */
                if(context)
                      SSL_set_session_id_context(con, context,
                                                 strlen((char *)context));