#endif
/*
- * There is really no standard for this, so let's assign some tentative
- * numbers. In any case, these numbers are only for this test
+ * There is really no standard for this, so let's assign something
+ * only for this test
*/
-#define COMP_RLE 255
#define COMP_ZLIB 1
static int verify_callback(int ok, X509_STORE_CTX *ctx);
SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
- if (alpn_selected != NULL) {
- OPENSSL_free(alpn_selected);
- alpn_selected = NULL;
- }
+ OPENSSL_free(alpn_selected);
+ alpn_selected = NULL;
if (client_proto_len != server_proto_len ||
memcmp(client_proto, server_proto, client_proto_len) != 0) {
fprintf(stderr,
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
- fprintf(stderr, " -rle - use rle compression\n");
#ifndef OPENSSL_NO_EC
fprintf(stderr,
" -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
int fips_mode = 0;
#endif
int no_protocol = 0;
+ int n;
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
argv++;
while (argc >= 1) {
- if (!strcmp(*argv, "-F")) {
+ if (strcmp(*argv, "-F") == 0) {
#ifdef OPENSSL_FIPS
fips_mode = 1;
#else
#ifndef OPENSSL_NO_COMP
else if (strcmp(*argv, "-zlib") == 0) {
comp = COMP_ZLIB;
- } else if (strcmp(*argv, "-rle") == 0) {
- comp = COMP_RLE;
}
#endif
else if (strcmp(*argv, "-named_curve") == 0) {
#ifndef OPENSSL_NO_COMP
if (comp == COMP_ZLIB)
cm = COMP_zlib();
- if (comp == COMP_RLE)
- cm = COMP_rle();
if (cm != NULL) {
if (cm->type != NID_undef) {
if (SSL_COMP_add_compression_method(comp, cm) != 0) {
} else {
fprintf(stderr,
"Warning: %s compression not supported\n",
- (comp == COMP_RLE ? "rle" :
- (comp == COMP_ZLIB ? "zlib" : "unknown")));
+ comp == COMP_ZLIB ? "zlib" : "unknown");
ERR_print_errors_fp(stderr);
}
}
ssl_comp_methods = SSL_COMP_get_compression_methods();
- fprintf(stderr, "Available compression methods:");
- {
- int j, n = sk_SSL_COMP_num(ssl_comp_methods);
- if (n == 0)
- fprintf(stderr, " NONE\n");
- else {
- for (j = 0; j < n; j++) {
- SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
- fprintf(stderr, " %s:%d", c->name, c->id);
- }
- fprintf(stderr, "\n");
+ n = sk_SSL_COMP_num(ssl_comp_methods);
+ if (n) {
+ int j;
+ printf("Available compression methods:");
+ for (j = 0; j < n; j++) {
+ SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+ printf(" %s:%d", c->name, c->id);
}
+ printf("\n");
}
#endif
SSL_CTX_set_security_level(s_ctx, 0);
if (cipher != NULL) {
- if(!SSL_CTX_set_cipher_list(c_ctx, cipher)
+ if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
|| !SSL_CTX_set_cipher_list(s_ctx, cipher)) {
ERR_print_errors(bio_err);
goto end;
}
if (client_auth) {
- if(!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM)
+ if (!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM)
|| !SSL_CTX_use_PrivateKey_file(c_ctx,
(client_key ? client_key : client_cert),
SSL_FILETYPE_PEM)) {
}
if (client_auth) {
- BIO_printf(bio_err, "client authentication\n");
+ printf("client authentication\n");
SSL_CTX_set_verify(s_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
&app_verify_arg);
}
if (server_auth) {
- BIO_printf(bio_err, "server authentication\n");
+ printf("server authentication\n");
SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
&app_verify_arg);
{
int session_id_context = 0;
- if(!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
+ if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
sizeof session_id_context)) {
ERR_print_errors(bio_err);
goto end;
#endif
if (serverinfo_sct) {
- if(!SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
+ if (!SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
NULL, NULL, NULL,
serverinfo_cli_parse_cb, NULL)) {
BIO_printf(bio_err, "Error adding SCT extension\n");
}
}
if (serverinfo_tack) {
- if(!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
+ if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
NULL, NULL, NULL,
serverinfo_cli_parse_cb, NULL)) {
BIO_printf(bio_err, "Error adding TACK extension\n");
}
if (custom_ext) {
- if(!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
+ if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
custom_ext_0_cli_add_cb,
NULL, NULL,
custom_ext_0_cli_parse_cb, NULL)
- || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_cli_add_cb,
NULL, NULL,
custom_ext_1_cli_parse_cb, NULL)
- || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_cli_add_cb,
NULL, NULL,
custom_ext_2_cli_parse_cb, NULL)
- || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
custom_ext_3_cli_add_cb,
NULL, NULL,
custom_ext_3_cli_parse_cb, NULL)
- || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
custom_ext_0_srv_add_cb,
NULL, NULL,
custom_ext_0_srv_parse_cb, NULL)
- || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_srv_add_cb,
NULL, NULL,
custom_ext_1_srv_parse_cb, NULL)
- || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_srv_add_cb,
NULL, NULL,
custom_ext_2_srv_parse_cb, NULL)
- || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
custom_ext_3_srv_add_cb,
NULL, NULL,
custom_ext_3_srv_parse_cb, NULL)) {
goto end;
}
/* Returns 0 on success!! */
- if(SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
+ if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
BIO_printf(bio_err, "Error setting ALPN\n");
OPENSSL_free(alpn);
goto end;
}
#endif /* OPENSSL_NO_KRB5 */
+ BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
for (i = 0; i < number; i++) {
if (!reuse) {
- if(!SSL_set_session(c_ssl, NULL)) {
+ if (!SSL_set_session(c_ssl, NULL)) {
BIO_printf(bio_err, "Failed to set session\n");
goto end;
}
if (!verbose) {
print_details(c_ssl, "");
}
- if ((i > 1) || (bytes > 1L))
- BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", i,
- bytes);
if (print_time) {
#ifdef CLOCKS_PER_SEC
/*
SSL_free(c_ssl);
end:
- if (s_ctx != NULL)
- SSL_CTX_free(s_ctx);
- if (c_ctx != NULL)
- SSL_CTX_free(c_ctx);
-
- if (s_cctx)
- SSL_CONF_CTX_free(s_cctx);
- if (c_cctx)
- SSL_CONF_CTX_free(c_cctx);
+ SSL_CTX_free(s_ctx);
+ SSL_CTX_free(c_ctx);
+ SSL_CONF_CTX_free(s_cctx);
+ SSL_CONF_CTX_free(c_cctx);
sk_OPENSSL_STRING_free(conf_args);
BIO_free(bio_stdout);
BIO_free(s_to_c);
BIO_free_all(c_bio);
BIO_free_all(s_bio);
-
- if (cbuf)
- OPENSSL_free(cbuf);
- if (sbuf)
- OPENSSL_free(sbuf);
+ OPENSSL_free(cbuf);
+ OPENSSL_free(sbuf);
return (ret);
}
sizeof buf);
if (s != NULL) {
if (ok)
- fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
+ printf("depth=%d %s\n", ctx->error_depth, buf);
else {
fprintf(stderr, "depth=%d error=%d %s\n",
ctx->error_depth, ctx->error, buf);
}
if (ok == 0) {
- fprintf(stderr, "Error string: %s\n",
- X509_verify_cert_error_string(ctx->error));
switch (ctx->error) {
+ default:
+ fprintf(stderr, "Error string: %s\n",
+ X509_verify_cert_error_string(ctx->error));
+ break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- fprintf(stderr, " ... ignored.\n");
ok = 1;
}
}
* others.
*/
- fprintf(stderr, " Certificate proxy rights = %*.*s", i,
+ printf(" Certificate proxy rights = %*.*s", i,
i, s);
while (i-- > 0) {
int c = *s++;
}
found_any = 0;
- fprintf(stderr, ", resulting proxy rights = ");
+ printf(", resulting proxy rights = ");
for (i = 0; i < 26; i++)
if (letters[i]) {
- fprintf(stderr, "%c", i + 'A');
+ printf("%c", i + 'A');
found_any = 1;
}
if (!found_any)
- fprintf(stderr, "none");
- fprintf(stderr, "\n");
+ printf("none");
+ printf("\n");
PROXY_CERT_INFO_EXTENSION_free(pci);
}
if (cb_arg->app_verify) {
char *s = NULL, buf[256];
- fprintf(stderr, "In app_verify_callback, allowing cert. ");
- fprintf(stderr, "Arg is: %s\n", cb_arg->string);
- fprintf(stderr,
- "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
+ printf("In app_verify_callback, allowing cert. ");
+ printf("Arg is: %s\n", cb_arg->string);
+ printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
(void *)ctx, (void *)ctx->cert);
if (ctx->cert)
s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
if (s != NULL) {
- fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf);
+ printf("cert depth=%d %s\n", ctx->error_depth, buf);
}
return (1);
}
}
}
- fprintf(stderr, " Initial proxy rights = ");
+ printf(" Initial proxy rights = ");
for (i = 0; i < 26; i++)
if (letters[i]) {
- fprintf(stderr, "%c", i + 'A');
+ printf("%c", i + 'A');
found_any = 1;
}
if (!found_any)
- fprintf(stderr, "none");
- fprintf(stderr, "\n");
+ printf("none");
+ printf("\n");
X509_STORE_CTX_set_ex_data(ctx,
get_proxy_auth_ex_data_idx(), letters);
}
if (!ok)
fprintf(stderr,
- "Proxy rights check with condition '%s' proved invalid\n",
+ "Proxy rights check with condition '%s' invalid\n",
cb_arg->proxy_cond);
else
- fprintf(stderr,
- "Proxy rights check with condition '%s' proved valid\n",
+ printf("Proxy rights check with condition '%s' ok\n",
cb_arg->proxy_cond);
}
}
BIO_printf(bio_err, "Memory error...");
goto end;
}
- BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
- (void)BIO_flush(bio_err);
+ printf("Generating temp (%d bit) RSA key...", keylength);
if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
BIO_printf(bio_err, "Error generating key.");
RSA_free(rsa_tmp);
rsa_tmp = NULL;
}
end:
- BIO_printf(bio_err, "\n");
- (void)BIO_flush(bio_err);
+ printf("\n");
}
- if (bn)
- BN_free(bn);
+ BN_free(bn);
return (rsa_tmp);
}
if (!ret) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
pskkey);
- if (bn)
- BN_free(bn);
+ BN_free(bn);
return 0;
}
if (BN_num_bytes(bn) > (int)max_psk_len) {
const SSL_CIPHER *ci, *tci = NULL;
#ifndef OPENSSL_NO_SSL3
- fprintf(stderr, "testing SSLv3 cipher list order: ");
meth = SSLv3_method();
tci = NULL;
while ((ci = meth->get_cipher(i++)) != NULL) {
if (tci != NULL)
if (ci->id >= tci->id) {
+ fprintf(stderr, "testing SSLv3 cipher list order: ");
fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
return 0;
}
tci = ci;
}
- fprintf(stderr, "ok\n");
#endif
- fprintf(stderr, "testing TLSv1 cipher list order: ");
meth = TLSv1_method();
tci = NULL;
while ((ci = meth->get_cipher(i++)) != NULL) {
if (tci != NULL)
if (ci->id >= tci->id) {
+ fprintf(stderr, "testing TLSv1 cipher list order: ");
fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
return 0;
}
tci = ci;
}
- fprintf(stderr, "ok\n");
return 1;
}