#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int naccept);
+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
meth=DTLSv1_client_method();
socket_type=SOCK_DGRAM;
}
+ else if (strcmp(*argv,"-dtls1_2") == 0)
+ {
+ meth=DTLSv1_2_client_method();
+ socket_type=SOCK_DGRAM;
+ }
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts=1;
else if (strcmp(*argv,"-mtu") == 0)
#endif
if (c_Pause & 0x01) SSL_set_debug(con, 1);
- if ( SSL_version(con) == DTLS1_VERSION)
+ if (socket_type == SOCK_DGRAM)
{
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
#endif
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
-static int sv_body(char *hostname, int s, unsigned char *context);
-static int www_body(char *hostname, int s, unsigned char *context);
-static int rev_body(char *hostname, int s, unsigned char *context);
+static int sv_body(char *hostname, int s, int stype, unsigned char *context);
+static int www_body(char *hostname, int s, int stype, unsigned char *context);
+static int rev_body(char *hostname, int s, int stype, unsigned char *context);
static void close_accept_socket(void );
static void sv_usage(void);
static int init_ssl_connection(SSL *s);
BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
+ BIO_printf(bio_err," -dtls1_2 - Just talk DTLSv1.2\n");
BIO_printf(bio_err," -timeout - Enable timeouts\n");
BIO_printf(bio_err," -mtu - Set link layer MTU\n");
BIO_printf(bio_err," -chain - Read a certificate chain\n");
meth=DTLSv1_server_method();
socket_type = SOCK_DGRAM;
}
+ else if (strcmp(*argv,"-dtls1_2") == 0)
+ {
+ meth=DTLSv1_2_server_method();
+ socket_type = SOCK_DGRAM;
+ }
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts = 1;
else if (strcmp(*argv,"-mtu") == 0)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
-static int sv_body(char *hostname, int s, unsigned char *context)
+static int sv_body(char *hostname, int s, int stype, unsigned char *context)
{
char *buf=NULL;
fd_set readfds;
#endif
#endif
- if (SSL_version(con) == DTLS1_VERSION)
+ if (stype == SOCK_DGRAM)
{
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
}
#endif
-static int www_body(char *hostname, int s, unsigned char *context)
+static int www_body(char *hostname, int s, int stype, unsigned char *context)
{
char *buf=NULL;
int ret=1;
return(ret);
}
-static int rev_body(char *hostname, int s, unsigned char *context)
+static int rev_body(char *hostname, int s, int stype, unsigned char *context)
{
char *buf=NULL;
int i;
return(1);
}
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int naccept)
+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept)
{
int sock;
char *name = NULL;
}
else
sock = accept_socket;
- i=(*cb)(name,sock, context);
+ i=(*cb)(name,sock, type, context);
if (name != NULL) OPENSSL_free(name);
if (type==SOCK_STREAM)
SHUTDOWN2(sock);
{
if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
return(DTLSv1_client_method());
+ else if (ver == DTLS1_2_VERSION)
+ return(DTLSv1_2_client_method());
else
return(NULL);
}
dtls1_get_client_method,
DTLSv1_enc_data)
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
+ DTLSv1_2_client_method,
+ ssl_undefined_function,
+ dtls1_connect,
+ dtls1_get_client_method,
+ DTLSv1_2_enc_data)
+
int dtls1_connect(SSL *s)
{
BUF_MEM *buf=NULL;
dtls1_handshake_write
};
+SSL3_ENC_METHOD DTLSv1_2_enc_data={
+ dtls1_enc,
+ tls1_mac,
+ tls1_setup_key_block,
+ tls1_generate_master_secret,
+ tls1_change_cipher_state,
+ tls1_final_finish_mac,
+ TLS1_FINISH_MAC_LENGTH,
+ tls1_cert_verify_mac,
+ TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
+ TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
+ tls1_alert_code,
+ tls1_export_keying_material,
+ SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF,
+ DTLS1_HM_HEADER_LENGTH,
+ dtls1_set_handshake_header,
+ dtls1_handshake_write
+ };
+
long dtls1_default_timeout(void)
{
/* 2 hours, the 24 hours mentioned in the DTLSv1 spec
if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->version=DTLS1_BAD_VER;
else
- s->version=DTLS1_VERSION;
+ s->version=s->method->version;
}
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
{
if (ver == DTLS1_VERSION)
return(DTLSv1_method());
+ else if (ver == DTLS1_2_VERSION)
+ return(DTLSv1_2_method());
else
return(NULL);
}
dtls1_get_method,
DTLSv1_enc_data)
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
+ DTLSv1_2_method,
+ dtls1_accept,
+ dtls1_connect,
+ dtls1_get_method,
+ DTLSv1_2_enc_data)
+
{
if (ver == DTLS1_VERSION)
return(DTLSv1_server_method());
+ else if (ver == DTLS1_2_VERSION)
+ return(DTLSv1_2_server_method());
else
return(NULL);
}
dtls1_get_server_method,
DTLSv1_enc_data)
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
+ DTLSv1_2_server_method,
+ dtls1_accept,
+ ssl_undefined_function,
+ dtls1_get_server_method,
+ DTLSv1_2_enc_data)
+
int dtls1_accept(SSL *s)
{
BUF_MEM *buf;
#define DTLS1_VERSION 0xFEFF
#define DTLS1_BAD_VER 0x0100
+#define DTLS1_2_VERSION 0xFEFD
#if 0
/* this alert description is not specified anywhere... */
if (!ok) return((int)n);
- if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
{
if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
{
const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
+const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */
+const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */
+const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */
+
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
int SSL_do_handshake(SSL *s);
extern SSL3_ENC_METHOD TLSv1_2_enc_data;
extern SSL3_ENC_METHOD SSLv3_enc_data;
extern SSL3_ENC_METHOD DTLSv1_enc_data;
+extern SSL3_ENC_METHOD DTLSv1_2_enc_data;
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth, enc_data) \
ss->ssl_version=DTLS1_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
+ else if (s->version == DTLS1_2_VERSION)
+ {
+ ss->ssl_version=DTLS1_2_VERSION;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
else
{
SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
s="TLSv1";
else if (x->ssl_version == DTLS1_VERSION)
s="DTLSv1";
+ else if (x->ssl_version == DTLS1_2_VERSION)
+ s="DTLSv1.2";
else if (x->ssl_version == DTLS1_BAD_VER)
s="DTLSv1-bad";
else
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
{DTLS1_VERSION, "DTLS 1.0"},
+ {DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
};
projects / openssl.git / commitdiff