static int s_server_session_id_context = 1; /* anything will do */
static const char *s_cert_file = TEST_CERT, *s_key_file =
NULL, *s_chain_file = NULL;
-static const char *krb5svc = NULL;
-static const char *krb5tab = NULL;
+
#ifndef OPENSSL_NO_TLSEXT
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
#endif
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_S_ENUM,
OPT_V_ENUM,
- OPT_X_ENUM,
- OPT_KRB5SVC, OPT_KRBTAB
+ OPT_X_ENUM
} OPTION_CHOICE;
OPTIONS s_server_options[] = {
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
- {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
- {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"},
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
ENGINE *e = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
SSL_CONF_CTX *cctx = NULL;
- const SSL_METHOD *meth = SSLv23_server_method();
+ const SSL_METHOD *meth = TLS_server_method();
SSL_EXCERT *exc = NULL;
STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
srpuserseed = opt_arg();
meth = TLSv1_server_method();
break;
+#else
+ case OPT_SRPVFILE:
+ case OPT_SRPUSERSEED:
+ break;
#endif
case OPT_REV:
rev = 1;
case OPT_JPAKE:
goto opthelp;
#endif
- case OPT_KRB5SVC:
- krb5svc = opt_arg();
- break;
- case OPT_KRBTAB:
- krb5tab = opt_arg();
- break;
case OPT_SRTP_PROFILES:
srtp_profiles = opt_arg();
break;
unsigned long l;
SSL *con = NULL;
BIO *sbio;
-#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kctx;
-#endif
struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
}
#endif
-#ifndef OPENSSL_NO_KRB5
- if ((kctx = kssl_ctx_new()) != NULL) {
- SSL_set0_kssl_ctx(con, kctx);
- kssl_ctx_setstring(kctx, KSSL_SERVICE,
- krb5svc ? krb5svc : KRB5SVC);
- if (krb5tab)
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, krb5tab);
- }
-#endif /* OPENSSL_NO_KRB5 */
if (context
&& !SSL_set_session_id_context(con,
context, strlen((char *)context))) {
ret = 1;
goto err;
}
- l += k;
- i -= k;
+ if (k > 0) {
+ l += k;
+ i -= k;
+ }
if (i <= 0)
break;
}
X509 *peer;
long verify_error;
char buf[BUFSIZ];
-#ifndef OPENSSL_NO_KRB5
- char *client_princ;
-#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
const unsigned char *next_proto_neg;
unsigned next_proto_neg_len;
if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
- client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
- if (client_princ != NULL) {
- BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
- client_princ);
- }
-#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
if (keymatexportlabel != NULL) {
SSL *con;
const SSL_CIPHER *c;
BIO *io, *ssl_bio, *sbio;
-#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kctx;
-#endif
#ifdef RENEG
int total_bytes = 0;
#endif
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
#endif
-#ifndef OPENSSL_NO_KRB5
- if ((kctx = kssl_ctx_new()) != NULL) {
- kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context)))
goto err;
int ret = 1;
SSL *con;
BIO *io, *ssl_bio, *sbio;
-#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kctx;
-#endif
buf = app_malloc(bufsize, "server rev buffer");
io = BIO_new(BIO_f_buffer());
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
#endif
-#ifndef OPENSSL_NO_KRB5
- if ((kctx = kssl_ctx_new()) != NULL) {
- kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
ERR_print_errors(bio_err);
p--;
i--;
}
- if (!s_ign_eof && i == 5 && !strncmp(buf, "CLOSE", 5)) {
+ if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) {
ret = 1;
BIO_printf(bio_err, "CONNECTION CLOSED\n");
goto end;