X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_server.c;h=b6cc5eecb711c8dbce609bee6af8bd40f8b48990;hp=a7a728c268978df397fadf0a46186ba472c39a4b;hb=e39acc1c90f5a41916d857ace42c7b9a47f8e7a6;hpb=51e00db226cab1d69d464e03996a554afbce800a

diff --git a/apps/s_server.c b/apps/s_server.c
index a7a728c268..b6cc5eecb7 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -302,7 +302,7 @@ static int cert_chain = 0;
 
 #ifndef OPENSSL_NO_PSK
 static char *psk_identity="Client_identity";
-static char *psk_key=NULL; /* by default PSK is not used */
+char *psk_key=NULL; /* by default PSK is not used */
 
 static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 	unsigned char *psk, unsigned int max_psk_len)
@@ -325,7 +325,9 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 	/* here we could lookup the given identity e.g. from a database */
   	if (strcmp(identity, psk_identity) != 0)
 		{
-                BIO_printf(bio_s_out, "PSK error: client identity not found\n");
+                BIO_printf(bio_s_out, "PSK error: client identity not found"
+			   " (got '%s' expected '%s')\n", identity,
+			   psk_identity);
 		goto out_err;
                 }
 	if (s_debug)
@@ -448,6 +450,9 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_PSK
 	BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
 	BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
+# ifndef OPENSSL_NO_JPAKE
+	BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
+# endif
 #endif
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
@@ -705,7 +710,7 @@ static int cert_status_cb(SSL *s, void *arg)
 	int use_ssl;
 	unsigned char *rspder = NULL;
 	int rspderlen;
-	STACK *aia = NULL;
+	STACK_OF(STRING) *aia = NULL;
 	X509 *x = NULL;
 	X509_STORE_CTX inctx;
 	X509_OBJECT obj;
@@ -727,7 +732,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 	aia = X509_get1_ocsp(x);
 	if (aia)
 		{
-		if (!OCSP_parse_url(sk_value(aia, 0),
+		if (!OCSP_parse_url(sk_STRING_value(aia, 0),
 			&host, &port, &path, &use_ssl))
 			{
 			BIO_puts(err, "cert_status: can't parse AIA URL\n");
@@ -735,7 +740,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 			}
 		if (srctx->verbose)
 			BIO_printf(err, "cert_status: AIA URL: %s\n",
-					sk_value(aia, 0));
+					sk_STRING_value(aia, 0));
 		}
 	else
 		{
@@ -822,6 +827,10 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 
 int MAIN(int, char **);
 
+#ifndef OPENSSL_NO_JPAKE
+static char *jpake_secret = NULL;
+#endif
+
 int MAIN(int argc, char *argv[])
 	{
 	X509_STORE *store = NULL;
@@ -840,9 +849,7 @@ int MAIN(int argc, char *argv[])
 	int state=0;
 	const SSL_METHOD *meth=NULL;
 	int socket_type=SOCK_STREAM;
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e=NULL;
-#endif
 	char *inrand=NULL;
 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
 	char *passarg = NULL, *pass = NULL;
@@ -854,7 +861,6 @@ int MAIN(int argc, char *argv[])
 	EVP_PKEY *s_key2 = NULL;
 	X509 *s_cert2 = NULL;
 #endif
-
 #ifndef OPENSSL_NO_TLSEXT
         tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
 #endif
@@ -1179,6 +1185,14 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			s_key_file2= *(++argv);
 			}
+			
+#endif
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+		else if (strcmp(*argv,"-jpake") == 0)
+			{
+			if (--argc < 1) goto bad;
+			jpake_secret = *(++argv);
+			}
 #endif
 		else
 			{
@@ -1196,6 +1210,26 @@ bad:
 		goto end;
 		}
 
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+	if (jpake_secret)
+		{
+		if (psk_key)
+			{
+			BIO_printf(bio_err,
+				   "Can't use JPAKE and PSK together\n");
+			goto end;
+			}
+		psk_identity = "JPAKE";
+		if (cipher)
+			{
+			BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
+			goto end;
+			}
+		cipher = "PSK";
+		}
+
+#endif
+
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 
@@ -1580,10 +1614,14 @@ bad:
 #endif
 
 #ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
 	if (psk_key != NULL)
+#else
+	if (psk_key != NULL || jpake_secret)
+#endif
 		{
 		if (s_debug)
-			BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
+			BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
 		SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
 		}
 
@@ -1807,6 +1845,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		test=BIO_new(BIO_f_nbio_test());
 		sbio=BIO_push(test,sbio);
 		}
+#ifndef OPENSSL_NO_JPAKE
+	if(jpake_secret)
+		jpake_server_auth(bio_s_out, sbio, jpake_secret);
+#endif
+
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_accept_state(con);
 	/* SSL_set_fd(con,s); */
@@ -2182,7 +2225,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 	int ret=1;
 	int i,j,k,blank,dot;
 	SSL *con;
-	SSL_CIPHER *c;
+	const SSL_CIPHER *c;
 	BIO *io,*ssl_bio,*sbio;
 	long total_bytes;