Move libapps headers into their own directory This got triggered by test/testutil.h including ../apps/opt.h. Some compilers do all inclusions from the directory of the C file being compiled, so when a C file includes a header file with a relative file spec, and that header file also includes another header file with a relative file spec, the compiler no longer follows. As a specific example, test/testutil/basic_output.c included ../testutil.h. Fine so far, but then, test/testutil.h includes ../apps/opt.h, and the compiler ends up trying to include (seen from the source top) test/apps/opt.h rather than apps/opt.h, and fails. The solution could have been to simply add apps/ as an inclusion directory. However, that directory also has header files that have nothing to do with libapps, so we take this a bit further, create apps/include and move libapps specific headers there, and then add apps/include as inclusion directory in the build.info files where needed. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/8210)
Updated test command line parsing to support commmon commands Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6975)
Some code-cleanup/simplification in apps Remove some casts on password callback by adding a wrapper function. Remove level of indent by doing an early-return on failure. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7873)
Following the license change, modify the boilerplates in apps/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
apps: Stop pretending to care about Netscape keys The documentation says some commands care, but the code says differently. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7440)
Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF Also allows the apps to set it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
Revert "Check directory is able to create files for various -out option" This reverts commit 555c94a0db9661428da0a45cb32b9f002324eefd. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6033)
Support "-min_protocol" and "-max_protocol" in s_server and s_client If for nothing else, they are needed when doing a regression test Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
Split configuration of TLSv1.3 ciphers from older ciphers With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
Implement multi-process OCSP responder. With "-multi" the OCSP responder forks multiple child processes, and respawns them as needed. This can be used as a long-running service, not just a demo program. Therefore the index file is automatically re-read when changed. The responder also now optionally times out client requests. Reviewed-by: Matt Caswell <matt@openssl.org>
Prepare to detect index changes in OCSP responder. Retain open file handle and previous stat data for the CA index file, enabling detection and index reload (upcoming commit). Check requirements before entering accept loop. Reviewed-by: Matt Caswell <matt@openssl.org>
Check directory is able to create files for various -out option This is to address issue #3404, only works in Unix-like platforms Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3709)
Make sure that apps/openssl prefixes its output with '# ' during tests The reason to do this is that some output might start with an 'ok', which TAP catches and takes for TAP output. The TAP compatible way is to make all output it shouldn't catch look like comments. We do this by setting the environment variable HARNESS_OSSL_PREFIX during tests. When that is set, apps/openssl uses BIO_f_linebuffer and sets its prefix to the content of that environment variable. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5224)
Add an apps internal BIO filter for prefixing output lines Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5224)
apps: Don't include progs.h in apps.h Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines, but rather the main commands and their options, and there's no reason why the library modules should include it. So, remove the inclusion of progs.h from apps.h and add that inclusion in all command source files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5222)
Enable the cookie callbacks to work even in TLS in the apps Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
Add 'openssl req' option to specify extension values on command line The idea is to be able to add extension value lines directly on the command line instead of through the config file, for example: openssl req -new -extension 'subjectAltName = DNS:dom.ain, DNS:oth.er' \ -extension 'certificatePolicies = 1.2.3.4' Fixes #3311 Thank you Jacob Hoffman-Andrews for the inspiration Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4986)
Implement session id TLSv1.3 middlebox compatibility mode Clients will send a "fake" session id and servers must echo it back. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
Use ChaCha only if prioritized by clnt IFF the client has ChaCha first, and server cipher priority is used, and the new SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE option is used, then reprioritize ChaCha above everything else. This way, A matching ChaCha cipher will be selected if there is a match. If no ChaCha ciphers match, then the other ciphers are used. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4436)
Remove unnecessary #include <openssl/lhash.h> directives. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4431)