#endif
#include "internal/sockets.h"
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(SSL_CIPHER)
DEFINE_STACK_OF_STRING()
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
aia = X509_get1_ocsp(x);
if (aia != NULL) {
if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
- &host, &port, &path, &use_ssl)) {
+ &host, &port, NULL, &path, &use_ssl)) {
BIO_puts(bio_err, "cert_status: can't parse AIA URL\n");
goto err;
}
{"Verify", OPT_UPPER_V_VERIFY, 'n',
"Turn on peer certificate verification, must have a cert"},
{"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
- {"cert", OPT_CERT, '<', "Server certificate file to use; default is " TEST_CERT},
+ {"cert", OPT_CERT, '<', "Server certificate file to use; default " TEST_CERT},
{"cert2", OPT_CERT2, '<',
- "Certificate file to use for servername; default is" TEST_CERT2},
+ "Certificate file to use for servername; default " TEST_CERT2},
{"certform", OPT_CERTFORM, 'F',
"Server certificate file format (PEM/DER/P12); has no effect"},
{"cert_chain", OPT_CERT_CHAIN, '<',
{"key2", OPT_KEY2, '<',
"-Private Key file to use for servername if not in -cert2"},
{"keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)"},
- {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+ {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"},
{"dcert", OPT_DCERT, '<',
"Second server certificate file to use (usually for DSA)"},
{"dcertform", OPT_DCERTFORM, 'F',
"Second private key file to use (usually for DSA)"},
{"dkeyform", OPT_DKEYFORM, 'F',
"Second key file format (ENGINE, other values ignored)"},
- {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
+ {"dpass", OPT_DPASS, 's', "Second private key and cert file pass phrase source"},
{"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
{"servername", OPT_SERVERNAME, 's',
"Servername for HostName TLS extension"},
{"servername_fatal", OPT_SERVERNAME_FATAL, '-',
"mismatch send fatal alert (default warning alert)"},
-
{"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
{"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
-
{"quiet", OPT_QUIET, '-', "No server output"},
{"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
"Disable caching and tickets if ephemeral (EC)DH is used"},
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
- "Export len bytes of keying material (default 20)"},
+ "Export len bytes of keying material; default 20"},
{"CRL", OPT_CRL, '<', "CRL file to use"},
{"CRLform", OPT_CRLFORM, 'F', "CRL file format (PEM or DER); default PEM"},
{"crl_download", OPT_CRL_DOWNLOAD, '-',
#ifndef OPENSSL_NO_OCSP
s_tlsextstatus = 1;
if (!OSSL_HTTP_parse_url(opt_arg(),
- &tlscstatp.host, &tlscstatp.port,
+ &tlscstatp.host, &tlscstatp.port, NULL,
&tlscstatp.path, &tlscstatp.use_ssl)) {
BIO_printf(bio_err, "Error parsing URL\n");
goto end;
if (s_key == NULL)
goto end;
- s_cert = load_cert(s_cert_file, s_cert_format,
+ s_cert = load_cert_pass(s_cert_file, s_cert_format, pass,
"server certificate file");
if (s_cert == NULL)
goto end;
if (s_chain_file != NULL) {
- if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
+ if (!load_certs(s_chain_file, &s_chain, NULL,
"server certificate chain"))
goto end;
}
if (s_key2 == NULL)
goto end;
- s_cert2 = load_cert(s_cert_file2, s_cert_format,
+ s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, pass,
"second server certificate file");
if (s_cert2 == NULL)
if (s_dkey == NULL)
goto end;
- s_dcert = load_cert(s_dcert_file, s_dcert_format,
+ s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, dpass,
"second server certificate file");
if (s_dcert == NULL) {
goto end;
}
if (s_dchain_file != NULL) {
- if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
+ if (!load_certs(s_dchain_file, &s_dchain, NULL,
"second server certificate chain"))
goto end;
}
/*
* By default s_server uses an in-memory cache which caches SSL_SESSION
- * structures without any serialisation. This hides some bugs which only
+ * structures without any serialization. This hides some bugs which only
* become apparent in deployed servers. By implementing a basic external
* session cache some issues can be debugged using s_server.
*/
projects / openssl.git / blobdiff