/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
return 0;
}
- if (key_len == EVP_MD_size(EVP_sha256()))
- cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
- else if (key_len == EVP_MD_size(EVP_sha384()))
- cipher = SSL_CIPHER_find(ssl, tls13_aes256gcmsha384_id);
-
+ /* We default to SHA256 */
+ cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
if (cipher == NULL) {
- /* Doesn't look like a suitable TLSv1.3 key. Ignore it */
- OPENSSL_free(key);
+ BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
return 0;
}
SRP_VBASE *vb;
SRP_user_pwd *user;
} srpsrvparm;
+static srpsrvparm srp_callback_parm;
/*
* This callback pretends to require some asynchronous logic in order to
return is_forward_secure;
}
-#ifndef OPENSSL_NO_SRP
-static srpsrvparm srp_callback_parm;
-#endif
-#ifndef OPENSSL_NO_SRTP
-static char *srtp_profiles = NULL;
-#endif
-
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
#endif
+ char *srtp_profiles = NULL;
int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
int s_server_verify = SSL_VERIFY_NONE;
int s_server_session_id_context = 1; /* anything will do */
alpn_in = opt_arg();
break;
case OPT_SRTP_PROFILES:
-#ifndef OPENSSL_NO_SRTP
srtp_profiles = opt_arg();
-#endif
break;
case OPT_KEYMATEXPORT:
keymatexportlabel = opt_arg();
break;
case OPT_EARLY_DATA:
early_data = 1;
+ if (max_early_data == -1)
+ max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
break;
}
}
}
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
+
+ if (!config_ctx(cctx, ssl_args, ctx))
+ goto end;
+
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
goto end;
}
}
- if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+ if (min_version != 0
+ && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
- if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+ if (max_version != 0
+ && SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (session_id_prefix) {
}
ssl_ctx_add_crls(ctx, crls, 0);
- if (!config_ctx(cctx, ssl_args, ctx))
- goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) {
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
+ /* Set TLS1.3 cookie generation and verification callbacks */
+ SSL_CTX_set_stateless_cookie_generate_cb(ctx, generate_stateless_cookie_callback);
+ SSL_CTX_set_stateless_cookie_verify_cb(ctx, verify_stateless_cookie_callback);
+
if (ctx2 != NULL) {
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx2,
printf("SSL_do_handshake -> %d\n", i);
i = 0; /* 13; */
continue;
- /*
- * strcpy(buf,"server side RE-NEGOTIATE\n");
- */
}
if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
SSL_set_verify(con,
printf("SSL_do_handshake -> %d\n", i);
i = 0; /* 13; */
continue;
- /*
- * strcpy(buf,"server side RE-NEGOTIATE asking for client
- * cert\n");
- */
}
if ((buf[0] == 'K' || buf[0] == 'k')
&& ((buf[1] == '\n') || (buf[1] == '\r'))) {
printf("SSL_do_handshake -> %d\n", i);
i = 0;
continue;
- /*
- * strcpy(buf,"server side RE-NEGOTIATE asking for client
- * cert\n");
- */
+ }
+ if (buf[0] == 'c' && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+ SSL_set_verify(con, SSL_VERIFY_PEER, NULL);
+ i = SSL_verify_client_post_handshake(con);
+ if (i == 0) {
+ printf("Failed to initiate request\n");
+ ERR_print_errors(bio_err);
+ } else {
+ i = SSL_do_handshake(con);
+ printf("SSL_do_handshake -> %d\n", i);
+ i = 0;
+ }
+ continue;
}
if (buf[0] == 'P') {
static const char *str = "Lets print some clear text\n";