make

[openssl.git] / ssl / ssltest.c
diff --git a/ssl/ssltest.c b/ssl/ssltest.c

index e57a8e7540f8f968f263717478f4afe987276bd4..6949f9696bccc5594d6ef4909036bbe03f590cc0 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -128,7 +128,7 @@
  #define USE_SOCKETS
  #include "e_os.h"
  
  #define USE_SOCKETS
  #include "e_os.h"
  
-#define _XOPEN_SOURCE 1                /* Or isascii won't be declared properly on
+#define _XOPEN_SOURCE 500      /* Or isascii won't be declared properly on
                                    VMS (at least with DECompHP C).  */
  #include <ctype.h>
  
                                    VMS (at least with DECompHP C).  */
  #include <ctype.h>
  
@@ -143,9 +143,15 @@
  #endif
  #include <openssl/err.h>
  #include <openssl/rand.h>
  #endif
  #include <openssl/err.h>
  #include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
  #include <openssl/rsa.h>
  #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
  #include <openssl/dsa.h>
  #include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
  #include <openssl/dh.h>
  #include <openssl/dh.h>
+#endif
  #include <openssl/bn.h>
  
  #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
  #include <openssl/bn.h>
  
  #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
@@ -190,6 +196,7 @@ struct app_verify_arg
         {
         char *string;
         int app_verify;
         {
         char *string;
         int app_verify;
+       int allow_proxy_certs;
         char *proxy_auth;
         char *proxy_cond;
         };
         char *proxy_auth;
         char *proxy_cond;
         };
@@ -223,6 +230,7 @@ static void sv_usage(void)
         fprintf(stderr,"\n");
         fprintf(stderr," -server_auth  - check server certificate\n");
         fprintf(stderr," -client_auth  - do client authentication\n");
         fprintf(stderr,"\n");
         fprintf(stderr," -server_auth  - check server certificate\n");
         fprintf(stderr," -client_auth  - do client authentication\n");
+       fprintf(stderr," -proxy        - allow proxy certificates\n");
         fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
         fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
         fprintf(stderr," -v            - more output\n");
         fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
         fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
         fprintf(stderr," -v            - more output\n");
@@ -383,12 +391,14 @@ int main(int argc, char *argv[])
         int client_auth=0;
         int server_auth=0,i;
         struct app_verify_arg app_verify_arg =
         int client_auth=0;
         int server_auth=0,i;
         struct app_verify_arg app_verify_arg =
-               { APP_CALLBACK_STRING, 0, NULL, NULL };
+               { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
         char *server_cert=TEST_SERVER_CERT;
         char *server_key=NULL;
         char *client_cert=TEST_CLIENT_CERT;
         char *client_key=NULL;
         char *server_cert=TEST_SERVER_CERT;
         char *server_key=NULL;
         char *client_cert=TEST_CLIENT_CERT;
         char *client_key=NULL;
+#ifndef OPENSSL_NO_ECDH
         char *named_curve = NULL;
         char *named_curve = NULL;
+#endif
         SSL_CTX *s_ctx=NULL;
         SSL_CTX *c_ctx=NULL;
         SSL_METHOD *meth=NULL;
         SSL_CTX *s_ctx=NULL;
         SSL_CTX *c_ctx=NULL;
         SSL_METHOD *meth=NULL;
@@ -580,6 +590,10 @@ int main(int argc, char *argv[])
                         {
                         app_verify_arg.app_verify = 1;
                         }
                         {
                         app_verify_arg.app_verify = 1;
                         }
+               else if (strcmp(*argv,"-proxy") == 0)
+                       {
+                       app_verify_arg.allow_proxy_certs = 1;
+                       }
                 else
                         {
                         fprintf(stderr,"unknown option %s\n",*argv);
                 else
                         {
                         fprintf(stderr,"unknown option %s\n",*argv);
@@ -714,36 +728,30 @@ bad:
  #ifndef OPENSSL_NO_ECDH
         if (!no_ecdhe)
                 {
  #ifndef OPENSSL_NO_ECDH
         if (!no_ecdhe)
                 {
-               ecdh = EC_KEY_new();
-               if (ecdh != NULL)
-                       {
-                       if (named_curve)
-                               {
-                               int nid = OBJ_sn2nid(named_curve);
+               int nid;
  
  
-                               if (nid == 0)
-                                       {
-                                       BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
-                                       EC_KEY_free(ecdh);
-                                       goto end;
-                                       }
-
-                               ecdh->group = EC_GROUP_new_by_nid(nid);
-                               if (ecdh->group == NULL)
-                                       {
-                                       BIO_printf(bio_err, "unable to create curve (%s)\n", named_curve);
-                                       EC_KEY_free(ecdh);
-                                       goto end;
-                                       }
+               if (named_curve != NULL)
+                       {
+                       nid = OBJ_sn2nid(named_curve);
+                       if (nid == 0)
+                       {
+                               BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
+                               goto end;
                                 }
                                 }
-                       
-                       if (ecdh->group == NULL)
-                               ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
+                       }
+               else
+                       nid = NID_sect163r2;
  
  
-                       SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
-                       SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
-                       EC_KEY_free(ecdh);
+               ecdh = EC_KEY_new_by_curve_name(nid);
+               if (ecdh == NULL)
+                       {
+                       BIO_printf(bio_err, "unable to create curve\n");
+                       goto end;
                         }
                         }
+
+               SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
+               SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
+               EC_KEY_free(ecdh);
                 }
  #else
         (void)no_ecdhe;
                 }
  #else
         (void)no_ecdhe;
@@ -1606,17 +1614,22 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
                         fprintf(stderr,"depth=%d %s\n",
                                 ctx->error_depth,buf);
                 else
                         fprintf(stderr,"depth=%d %s\n",
                                 ctx->error_depth,buf);
                 else
+                       {
                         fprintf(stderr,"depth=%d error=%d %s\n",
                                 ctx->error_depth,ctx->error,buf);
                         fprintf(stderr,"depth=%d error=%d %s\n",
                                 ctx->error_depth,ctx->error,buf);
+                       }
                 }
  
         if (ok == 0)
                 {
                 }
  
         if (ok == 0)
                 {
+               fprintf(stderr,"Error string: %s\n",
+                       X509_verify_cert_error_string(ctx->error));
                 switch (ctx->error)
                         {
                 case X509_V_ERR_CERT_NOT_YET_VALID:
                 case X509_V_ERR_CERT_HAS_EXPIRED:
                 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
                 switch (ctx->error)
                         {
                 case X509_V_ERR_CERT_NOT_YET_VALID:
                 case X509_V_ERR_CERT_HAS_EXPIRED:
                 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+                       fprintf(stderr,"  ... ignored.\n");
                         ok=1;
                         }
                 }
                         ok=1;
                         }
                 }
@@ -1689,7 +1702,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
                                         fprintf(stderr, "  Certificate proxy rights = %*.*s", i, i, s);
                                         while(i-- > 0)
                                                 {
                                         fprintf(stderr, "  Certificate proxy rights = %*.*s", i, i, s);
                                         while(i-- > 0)
                                                 {
-                                               char c = *s++;
+                                               int c = *s++;
                                                 if (isascii(c) && isalpha(c))
                                                         {
                                                         if (islower(c))
                                                 if (isascii(c) && isalpha(c))
                                                         {
                                                         if (islower(c))
@@ -1750,11 +1763,11 @@ static int process_proxy_cond_adders(unsigned int letters[26],
  static int process_proxy_cond_val(unsigned int letters[26],
         const char *cond, const char **cond_end, int *pos, int indent)
         {
  static int process_proxy_cond_val(unsigned int letters[26],
         const char *cond, const char **cond_end, int *pos, int indent)
         {
-       char c;
+       int c;
         int ok = 1;
         int negate = 0;
  
         int ok = 1;
         int negate = 0;
  
-       while(isspace(*cond))
+       while(isspace((int)*cond))
                 {
                 cond++; (*pos)++;
                 }
                 {
                 cond++; (*pos)++;
                 }
@@ -1769,7 +1782,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
                 {
                 negate = !negate;
                 cond++; (*pos)++;
                 {
                 negate = !negate;
                 cond++; (*pos)++;
-               while(isspace(*cond))
+               while(isspace((int)*cond))
                         {
                         cond++; (*pos)++;
                         }
                         {
                         cond++; (*pos)++;
                         }
@@ -1784,7 +1797,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
                 cond = *cond_end;
                 if (ok < 0)
                         goto end;
                 cond = *cond_end;
                 if (ok < 0)
                         goto end;
-               while(isspace(*cond))
+               while(isspace((int)*cond))
                         {
                         cond++; (*pos)++;
                         }
                         {
                         cond++; (*pos)++;
                         }
@@ -1844,7 +1857,7 @@ static int process_proxy_cond_multipliers(unsigned int letters[26],
  
         while(ok >= 0)
                 {
  
         while(ok >= 0)
                 {
-               while(isspace(*cond))
+               while(isspace((int)*cond))
                         {
                         cond++; (*pos)++;
                         }
                         {
                         cond++; (*pos)++;
                         }
@@ -1911,7 +1924,7 @@ static int process_proxy_cond_adders(unsigned int letters[26],
  
         while(ok >= 0)
                 {
  
         while(ok >= 0)
                 {
-               while(isspace(*cond))
+               while(isspace((int)*cond))
                         {
                         cond++; (*pos)++;
                         }
                         {
                         cond++; (*pos)++;
                         }
@@ -1975,8 +1988,8 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
  
                 fprintf(stderr, "In app_verify_callback, allowing cert. ");
                 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
  
                 fprintf(stderr, "In app_verify_callback, allowing cert. ");
                 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
-               fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
-                       (unsigned int)ctx, (unsigned int)ctx->cert);
+               fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
+                       (void *)ctx, (void *)ctx->cert);
                 if (ctx->cert)
                         s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
                 if (s != NULL)
                 if (ctx->cert)
                         s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
                 if (s != NULL)
@@ -1994,7 +2007,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
                         letters[i] = 0;
                 for(sp = cb_arg->proxy_auth; *sp; sp++)
                         {
                         letters[i] = 0;
                 for(sp = cb_arg->proxy_auth; *sp; sp++)
                         {
-                       char c = *sp;
+                       int c = *sp;
                         if (isascii(c) && isalpha(c))
                                 {
                                 if (islower(c))
                         if (isascii(c) && isalpha(c))
                                 {
                                 if (islower(c))
@@ -2018,6 +2031,10 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
                 X509_STORE_CTX_set_ex_data(ctx,
                         get_proxy_auth_ex_data_idx(),letters);
                 }
                 X509_STORE_CTX_set_ex_data(ctx,
                         get_proxy_auth_ex_data_idx(),letters);
                 }
+       if (cb_arg->allow_proxy_certs)
+               {
+               X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+               }
  
  #ifndef OPENSSL_NO_X509_VERIFY
  # ifdef OPENSSL_FIPS
  
  #ifndef OPENSSL_NO_X509_VERIFY
  # ifdef OPENSSL_FIPS