update FAQ
[openssl.git] / apps / s_cb.c
1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111
112 #include <stdio.h>
113 #include <stdlib.h>
114 #define USE_SOCKETS
115 #define NON_MAIN
116 #include "apps.h"
117 #undef NON_MAIN
118 #undef USE_SOCKETS
119 #include <openssl/err.h>
120 #include <openssl/rand.h>
121 #include <openssl/x509.h>
122 #include <openssl/ssl.h>
123 #include "s_apps.h"
124
125 #define COOKIE_SECRET_LENGTH    16
126
127 int verify_depth=0;
128 int verify_quiet=0;
129 int verify_error=X509_V_OK;
130 int verify_return_error=0;
131 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
132 int cookie_initialized=0;
133
134 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
135         {
136         X509 *err_cert;
137         int err,depth;
138
139         err_cert=X509_STORE_CTX_get_current_cert(ctx);
140         err=    X509_STORE_CTX_get_error(ctx);
141         depth=  X509_STORE_CTX_get_error_depth(ctx);
142
143         if (!verify_quiet || !ok)
144                 {
145                 BIO_printf(bio_err,"depth=%d ",depth);
146                 if (err_cert)
147                         {
148                         X509_NAME_print_ex(bio_err,
149                                         X509_get_subject_name(err_cert),
150                                         0, XN_FLAG_ONELINE);
151                         BIO_puts(bio_err, "\n");
152                         }
153                 else
154                         BIO_puts(bio_err, "<no cert>\n");
155                 }
156         if (!ok)
157                 {
158                 BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
159                         X509_verify_cert_error_string(err));
160                 if (verify_depth >= depth)
161                         {
162                         if (!verify_return_error)
163                                 ok=1;
164                         verify_error=X509_V_OK;
165                         }
166                 else
167                         {
168                         ok=0;
169                         verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
170                         }
171                 }
172         switch (err)
173                 {
174         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
175                 BIO_puts(bio_err,"issuer= ");
176                 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
177                                         0, XN_FLAG_ONELINE);
178                 BIO_puts(bio_err, "\n");
179                 break;
180         case X509_V_ERR_CERT_NOT_YET_VALID:
181         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
182                 BIO_printf(bio_err,"notBefore=");
183                 ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
184                 BIO_printf(bio_err,"\n");
185                 break;
186         case X509_V_ERR_CERT_HAS_EXPIRED:
187         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
188                 BIO_printf(bio_err,"notAfter=");
189                 ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
190                 BIO_printf(bio_err,"\n");
191                 break;
192         case X509_V_ERR_NO_EXPLICIT_POLICY:
193                 if (!verify_quiet)
194                         policies_print(bio_err, ctx);
195                 break;
196                 }
197         if (err == X509_V_OK && ok == 2 && !verify_quiet)
198                 policies_print(bio_err, ctx);
199         if (ok && !verify_quiet)
200                 BIO_printf(bio_err,"verify return:%d\n",ok);
201         return(ok);
202         }
203
204 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
205         {
206         if (cert_file != NULL)
207                 {
208                 /*
209                 SSL *ssl;
210                 X509 *x509;
211                 */
212
213                 if (SSL_CTX_use_certificate_file(ctx,cert_file,
214                         SSL_FILETYPE_PEM) <= 0)
215                         {
216                         BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
217                         ERR_print_errors(bio_err);
218                         return(0);
219                         }
220                 if (key_file == NULL) key_file=cert_file;
221                 if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
222                         SSL_FILETYPE_PEM) <= 0)
223                         {
224                         BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
225                         ERR_print_errors(bio_err);
226                         return(0);
227                         }
228
229                 /*
230                 In theory this is no longer needed 
231                 ssl=SSL_new(ctx);
232                 x509=SSL_get_certificate(ssl);
233
234                 if (x509 != NULL) {
235                         EVP_PKEY *pktmp;
236                         pktmp = X509_get_pubkey(x509);
237                         EVP_PKEY_copy_parameters(pktmp,
238                                                 SSL_get_privatekey(ssl));
239                         EVP_PKEY_free(pktmp);
240                 }
241                 SSL_free(ssl);
242                 */
243
244                 /* If we are using DSA, we can copy the parameters from
245                  * the private key */
246
247
248                 /* Now we know that a key and cert have been set against
249                  * the SSL context */
250                 if (!SSL_CTX_check_private_key(ctx))
251                         {
252                         BIO_printf(bio_err,"Private key does not match the certificate public key\n");
253                         return(0);
254                         }
255                 }
256         return(1);
257         }
258
259 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
260                        STACK_OF(X509) *chain, int build_chain)
261         {
262         if (cert == NULL)
263                 return 1;
264         if (SSL_CTX_use_certificate(ctx,cert) <= 0)
265                 {
266                 BIO_printf(bio_err,"error setting certificate\n");
267                 ERR_print_errors(bio_err);
268                 return 0;
269                 }
270
271         if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
272                 {
273                 BIO_printf(bio_err,"error setting private key\n");
274                 ERR_print_errors(bio_err);
275                 return 0;
276                 }
277                  
278         /* Now we know that a key and cert have been set against
279          * the SSL context */
280         if (!SSL_CTX_check_private_key(ctx))
281                 {
282                 BIO_printf(bio_err,"Private key does not match the certificate public key\n");
283                 return 0;
284                 }
285         if (chain && !SSL_CTX_set1_chain(ctx, chain))
286                 {
287                 BIO_printf(bio_err,"error setting certificate chain\n");
288                 ERR_print_errors(bio_err);
289                 return 0;
290                 }
291         if (!chain && build_chain && !SSL_CTX_build_cert_chain(ctx, 0))
292                 {
293                 BIO_printf(bio_err,"error building certificate chain\n");
294                 ERR_print_errors(bio_err);
295                 return 0;
296                 }
297         return 1;
298         }
299
300 static void ssl_print_client_cert_types(BIO *bio, SSL *s)
301         {
302         const unsigned char *p;
303         int i;
304         int cert_type_num = SSL_get0_certificate_types(s, &p);
305         if (!cert_type_num)
306                 return;
307         BIO_puts(bio, "Client Certificate Types: ");
308         for (i = 0; i < cert_type_num; i++)
309                 {
310                 unsigned char cert_type = p[i];
311                 char *cname;
312                 switch(cert_type)
313                         {
314                 case TLS_CT_RSA_SIGN:
315                         cname = "RSA sign";
316                         break;
317
318                 case TLS_CT_DSS_SIGN:
319                         cname = "DSA sign";
320                         break;
321
322                 case TLS_CT_RSA_FIXED_DH:
323                         cname = "RSA fixed DH";
324                         break;
325
326                 case TLS_CT_DSS_FIXED_DH:
327                         cname = "DSS fixed DH";
328                         break;
329
330                 case TLS_CT_ECDSA_SIGN:
331                         cname = "ECDSA sign";
332                         break;
333
334                 case TLS_CT_RSA_FIXED_ECDH:
335                         cname = "RSA fixed ECDH";
336                         break;
337
338                 case TLS_CT_ECDSA_FIXED_ECDH:
339                         cname = "ECDSA fixed ECDH";
340                         break;
341
342                 case TLS_CT_GOST94_SIGN:
343                         cname = "GOST94 Sign";
344                         break;
345
346                 case TLS_CT_GOST01_SIGN:
347                         cname = "GOST01 Sign";
348                         break;
349
350                 default:
351                          cname = NULL;
352                         }
353
354                 if (i)
355                         BIO_puts(bio, ", ");
356
357                 if (cname)
358                         BIO_puts(bio, cname);
359                 else
360                         BIO_printf(bio, "UNKNOWN (%d),", cert_type);
361                 }
362         BIO_puts(bio, "\n");
363         }
364
365 static int do_print_sigalgs(BIO *out, SSL *s, int shared)
366         {
367         int i, nsig, client;
368         client = SSL_is_server(s) ? 0 : 1;
369         if (shared)
370                 nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
371                                                         NULL, NULL);
372         else
373                 nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
374         if (nsig == 0)
375                 return 1;
376
377         if (shared)
378                 BIO_puts(out, "Shared ");
379
380         if (client)
381                 BIO_puts(out, "Requested ");
382         BIO_puts(out, "Signature Algorithms: ");
383         for (i = 0; i < nsig; i++)
384                 {
385                 int hash_nid, sign_nid;
386                 unsigned char rhash, rsign;
387                 const char *sstr = NULL;
388                 if (shared)
389                         SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
390                                                         &rsign, &rhash);
391                 else
392                         SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
393                                                         &rsign, &rhash);
394                 if (i)
395                         BIO_puts(out, ":");
396                 if (sign_nid == EVP_PKEY_RSA)
397                         sstr = "RSA";
398                 else if(sign_nid == EVP_PKEY_DSA)
399                         sstr = "DSA";
400                 else if(sign_nid == EVP_PKEY_EC)
401                         sstr = "ECDSA";
402                 if (sstr)
403                         BIO_printf(out,"%s+", sstr);
404                 else
405                         BIO_printf(out,"0x%02X+", (int)rsign);
406                 if (hash_nid != NID_undef)
407                         BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
408                 else
409                         BIO_printf(out,"0x%02X", (int)rhash);
410                 }
411         BIO_puts(out, "\n");
412         return 1;
413         }
414
415 int ssl_print_sigalgs(BIO *out, SSL *s)
416         {
417         int mdnid;
418         if (!SSL_is_server(s))
419                 ssl_print_client_cert_types(out, s);
420         do_print_sigalgs(out, s, 0);
421         do_print_sigalgs(out, s, 1);
422         if (SSL_get_peer_signature_nid(s, &mdnid))
423                 BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
424         return 1;
425         }
426 #ifndef OPENSSL_NO_EC
427 int ssl_print_point_formats(BIO *out, SSL *s)
428         {
429         int i, nformats;
430         const char *pformats;
431         nformats = SSL_get0_ec_point_formats(s, &pformats);
432         if (nformats <= 0)
433                 return 1;
434         BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
435         for (i = 0; i < nformats; i++, pformats++)
436                 {
437                 if (i)
438                         BIO_puts(out, ":");
439                 switch(*pformats)
440                         {
441                 case TLSEXT_ECPOINTFORMAT_uncompressed:
442                         BIO_puts(out, "uncompressed");
443                         break;
444
445                 case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
446                         BIO_puts(out, "ansiX962_compressed_prime");
447                         break;
448
449                 case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
450                         BIO_puts(out, "ansiX962_compressed_char2");
451                         break;
452
453                 default:
454                         BIO_printf(out, "unknown(%d)", (int)*pformats);
455                         break;
456
457                         }
458                 }
459         if (nformats <= 0)
460                 BIO_puts(out, "NONE");
461         BIO_puts(out, "\n");
462         return 1;
463         }
464
465 int ssl_print_curves(BIO *out, SSL *s, int noshared)
466         {
467         int i, ncurves, *curves, nid;
468         const char *cname;
469         ncurves = SSL_get1_curves(s, NULL);
470         if (ncurves <= 0)
471                 return 1;
472         curves = OPENSSL_malloc(ncurves * sizeof(int));
473         SSL_get1_curves(s, curves);
474
475         BIO_puts(out, "Supported Elliptic Curves: ");
476         for (i = 0; i < ncurves; i++)
477                 {
478                 if (i)
479                         BIO_puts(out, ":");
480                 nid = curves[i];
481                 /* If unrecognised print out hex version */
482                 if (nid & TLSEXT_nid_unknown)
483                         BIO_printf(out, "0x%04X", nid & 0xFFFF);
484                 else
485                         {
486                         /* Use NIST name for curve if it exists */
487                         cname = EC_curve_nid2nist(nid);
488                         if (!cname)
489                                 cname = OBJ_nid2sn(nid);
490                         BIO_printf(out, "%s", cname);
491                         }
492                 }
493         if (ncurves == 0)
494                 BIO_puts(out, "NONE");
495         OPENSSL_free(curves);
496         if (noshared)
497                 {
498                 BIO_puts(out, "\n");
499                 return 1;
500                 }
501         BIO_puts(out, "\nShared Elliptic curves: ");
502         ncurves = SSL_get_shared_curve(s, -1);
503         for (i = 0; i < ncurves; i++)
504                 {
505                 if (i)
506                         BIO_puts(out, ":");
507                 nid = SSL_get_shared_curve(s, i);
508                 cname = EC_curve_nid2nist(nid);
509                 if (!cname)
510                         cname = OBJ_nid2sn(nid);
511                 BIO_printf(out, "%s", cname);
512                 }
513         if (ncurves == 0)
514                 BIO_puts(out, "NONE");
515         BIO_puts(out, "\n");
516         return 1;
517         }
518 #endif
519 int ssl_print_tmp_key(BIO *out, SSL *s)
520         {
521         EVP_PKEY *key;
522         if (!SSL_get_server_tmp_key(s, &key))
523                 return 1;
524         BIO_puts(out, "Server Temp Key: ");
525         switch (EVP_PKEY_id(key))
526                 {
527         case EVP_PKEY_RSA:
528                 BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
529                 break;
530
531         case EVP_PKEY_DH:
532                 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
533                 break;
534 #ifndef OPENSSL_NO_ECDH
535         case EVP_PKEY_EC:
536                         {
537                         EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
538                         int nid;
539                         const char *cname;
540                         nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
541                         EC_KEY_free(ec);
542                         cname = EC_curve_nid2nist(nid);
543                         if (!cname)
544                                 cname = OBJ_nid2sn(nid);
545                         BIO_printf(out, "ECDH, %s, %d bits\n",
546                                                 cname, EVP_PKEY_bits(key));
547                         }
548 #endif
549                 }
550         EVP_PKEY_free(key);
551         return 1;
552         }
553                 
554
555 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
556                                    int argi, long argl, long ret)
557         {
558         BIO *out;
559
560         out=(BIO *)BIO_get_callback_arg(bio);
561         if (out == NULL) return(ret);
562
563         if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
564                 {
565                 BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
566                         (void *)bio,argp,(unsigned long)argi,ret,ret);
567                 BIO_dump(out,argp,(int)ret);
568                 return(ret);
569                 }
570         else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
571                 {
572                 BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
573                         (void *)bio,argp,(unsigned long)argi,ret,ret);
574                 BIO_dump(out,argp,(int)ret);
575                 }
576         return(ret);
577         }
578
579 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
580         {
581         const char *str;
582         int w;
583
584         w=where& ~SSL_ST_MASK;
585
586         if (w & SSL_ST_CONNECT) str="SSL_connect";
587         else if (w & SSL_ST_ACCEPT) str="SSL_accept";
588         else str="undefined";
589
590         if (where & SSL_CB_LOOP)
591                 {
592                 BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
593                 }
594         else if (where & SSL_CB_ALERT)
595                 {
596                 str=(where & SSL_CB_READ)?"read":"write";
597                 BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
598                         str,
599                         SSL_alert_type_string_long(ret),
600                         SSL_alert_desc_string_long(ret));
601                 }
602         else if (where & SSL_CB_EXIT)
603                 {
604                 if (ret == 0)
605                         BIO_printf(bio_err,"%s:failed in %s\n",
606                                 str,SSL_state_string_long(s));
607                 else if (ret < 0)
608                         {
609                         BIO_printf(bio_err,"%s:error in %s\n",
610                                 str,SSL_state_string_long(s));
611                         }
612                 }
613         }
614
615
616 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
617         {
618         BIO *bio = arg;
619         const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
620         
621         str_write_p = write_p ? ">>>" : "<<<";
622
623         switch (version)
624                 {
625         case SSL2_VERSION:
626                 str_version = "SSL 2.0";
627                 break;
628         case SSL3_VERSION:
629                 str_version = "SSL 3.0 ";
630                 break;
631         case TLS1_VERSION:
632                 str_version = "TLS 1.0 ";
633                 break;
634         case TLS1_1_VERSION:
635                 str_version = "TLS 1.1 ";
636                 break;
637         case TLS1_2_VERSION:
638                 str_version = "TLS 1.2 ";
639                 break;
640         case DTLS1_VERSION:
641                 str_version = "DTLS 1.0 ";
642                 break;
643         case DTLS1_BAD_VER:
644                 str_version = "DTLS 1.0 (bad) ";
645                 break;
646         default:
647                 str_version = "???";
648                 }
649
650         if (version == SSL2_VERSION)
651                 {
652                 str_details1 = "???";
653
654                 if (len > 0)
655                         {
656                         switch (((const unsigned char*)buf)[0])
657                                 {
658                                 case 0:
659                                         str_details1 = ", ERROR:";
660                                         str_details2 = " ???";
661                                         if (len >= 3)
662                                                 {
663                                                 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
664                                                 
665                                                 switch (err)
666                                                         {
667                                                 case 0x0001:
668                                                         str_details2 = " NO-CIPHER-ERROR";
669                                                         break;
670                                                 case 0x0002:
671                                                         str_details2 = " NO-CERTIFICATE-ERROR";
672                                                         break;
673                                                 case 0x0004:
674                                                         str_details2 = " BAD-CERTIFICATE-ERROR";
675                                                         break;
676                                                 case 0x0006:
677                                                         str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
678                                                         break;
679                                                         }
680                                                 }
681
682                                         break;
683                                 case 1:
684                                         str_details1 = ", CLIENT-HELLO";
685                                         break;
686                                 case 2:
687                                         str_details1 = ", CLIENT-MASTER-KEY";
688                                         break;
689                                 case 3:
690                                         str_details1 = ", CLIENT-FINISHED";
691                                         break;
692                                 case 4:
693                                         str_details1 = ", SERVER-HELLO";
694                                         break;
695                                 case 5:
696                                         str_details1 = ", SERVER-VERIFY";
697                                         break;
698                                 case 6:
699                                         str_details1 = ", SERVER-FINISHED";
700                                         break;
701                                 case 7:
702                                         str_details1 = ", REQUEST-CERTIFICATE";
703                                         break;
704                                 case 8:
705                                         str_details1 = ", CLIENT-CERTIFICATE";
706                                         break;
707                                 }
708                         }
709                 }
710
711         if (version == SSL3_VERSION ||
712             version == TLS1_VERSION ||
713             version == TLS1_1_VERSION ||
714             version == TLS1_2_VERSION ||
715             version == DTLS1_VERSION ||
716             version == DTLS1_BAD_VER)
717                 {
718                 switch (content_type)
719                         {
720                 case 20:
721                         str_content_type = "ChangeCipherSpec";
722                         break;
723                 case 21:
724                         str_content_type = "Alert";
725                         break;
726                 case 22:
727                         str_content_type = "Handshake";
728                         break;
729                         }
730
731                 if (content_type == 21) /* Alert */
732                         {
733                         str_details1 = ", ???";
734                         
735                         if (len == 2)
736                                 {
737                                 switch (((const unsigned char*)buf)[0])
738                                         {
739                                 case 1:
740                                         str_details1 = ", warning";
741                                         break;
742                                 case 2:
743                                         str_details1 = ", fatal";
744                                         break;
745                                         }
746
747                                 str_details2 = " ???";
748                                 switch (((const unsigned char*)buf)[1])
749                                         {
750                                 case 0:
751                                         str_details2 = " close_notify";
752                                         break;
753                                 case 10:
754                                         str_details2 = " unexpected_message";
755                                         break;
756                                 case 20:
757                                         str_details2 = " bad_record_mac";
758                                         break;
759                                 case 21:
760                                         str_details2 = " decryption_failed";
761                                         break;
762                                 case 22:
763                                         str_details2 = " record_overflow";
764                                         break;
765                                 case 30:
766                                         str_details2 = " decompression_failure";
767                                         break;
768                                 case 40:
769                                         str_details2 = " handshake_failure";
770                                         break;
771                                 case 42:
772                                         str_details2 = " bad_certificate";
773                                         break;
774                                 case 43:
775                                         str_details2 = " unsupported_certificate";
776                                         break;
777                                 case 44:
778                                         str_details2 = " certificate_revoked";
779                                         break;
780                                 case 45:
781                                         str_details2 = " certificate_expired";
782                                         break;
783                                 case 46:
784                                         str_details2 = " certificate_unknown";
785                                         break;
786                                 case 47:
787                                         str_details2 = " illegal_parameter";
788                                         break;
789                                 case 48:
790                                         str_details2 = " unknown_ca";
791                                         break;
792                                 case 49:
793                                         str_details2 = " access_denied";
794                                         break;
795                                 case 50:
796                                         str_details2 = " decode_error";
797                                         break;
798                                 case 51:
799                                         str_details2 = " decrypt_error";
800                                         break;
801                                 case 60:
802                                         str_details2 = " export_restriction";
803                                         break;
804                                 case 70:
805                                         str_details2 = " protocol_version";
806                                         break;
807                                 case 71:
808                                         str_details2 = " insufficient_security";
809                                         break;
810                                 case 80:
811                                         str_details2 = " internal_error";
812                                         break;
813                                 case 90:
814                                         str_details2 = " user_canceled";
815                                         break;
816                                 case 100:
817                                         str_details2 = " no_renegotiation";
818                                         break;
819                                 case 110:
820                                         str_details2 = " unsupported_extension";
821                                         break;
822                                 case 111:
823                                         str_details2 = " certificate_unobtainable";
824                                         break;
825                                 case 112:
826                                         str_details2 = " unrecognized_name";
827                                         break;
828                                 case 113:
829                                         str_details2 = " bad_certificate_status_response";
830                                         break;
831                                 case 114:
832                                         str_details2 = " bad_certificate_hash_value";
833                                         break;
834                                 case 115:
835                                         str_details2 = " unknown_psk_identity";
836                                         break;
837                                         }
838                                 }
839                         }
840                 
841                 if (content_type == 22) /* Handshake */
842                         {
843                         str_details1 = "???";
844
845                         if (len > 0)
846                                 {
847                                 switch (((const unsigned char*)buf)[0])
848                                         {
849                                 case 0:
850                                         str_details1 = ", HelloRequest";
851                                         break;
852                                 case 1:
853                                         str_details1 = ", ClientHello";
854                                         break;
855                                 case 2:
856                                         str_details1 = ", ServerHello";
857                                         break;
858                                 case 3:
859                                         str_details1 = ", HelloVerifyRequest";
860                                         break;
861                                 case 11:
862                                         str_details1 = ", Certificate";
863                                         break;
864                                 case 12:
865                                         str_details1 = ", ServerKeyExchange";
866                                         break;
867                                 case 13:
868                                         str_details1 = ", CertificateRequest";
869                                         break;
870                                 case 14:
871                                         str_details1 = ", ServerHelloDone";
872                                         break;
873                                 case 15:
874                                         str_details1 = ", CertificateVerify";
875                                         break;
876                                 case 16:
877                                         str_details1 = ", ClientKeyExchange";
878                                         break;
879                                 case 20:
880                                         str_details1 = ", Finished";
881                                         break;
882                                 case 23:
883                                         str_details1 = ", SupplementalData";
884                                         break;
885                                         }
886                                 }
887                         }
888
889 #ifndef OPENSSL_NO_HEARTBEATS
890                 if (content_type == 24) /* Heartbeat */
891                         {
892                         str_details1 = ", Heartbeat";
893                         
894                         if (len > 0)
895                                 {
896                                 switch (((const unsigned char*)buf)[0])
897                                         {
898                                 case 1:
899                                         str_details1 = ", HeartbeatRequest";
900                                         break;
901                                 case 2:
902                                         str_details1 = ", HeartbeatResponse";
903                                         break;
904                                         }
905                                 }
906                         }
907 #endif
908                 }
909
910         BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
911
912         if (len > 0)
913                 {
914                 size_t num, i;
915                 
916                 BIO_printf(bio, "   ");
917                 num = len;
918 #if 0
919                 if (num > 16)
920                         num = 16;
921 #endif
922                 for (i = 0; i < num; i++)
923                         {
924                         if (i % 16 == 0 && i > 0)
925                                 BIO_printf(bio, "\n   ");
926                         BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
927                         }
928                 if (i < len)
929                         BIO_printf(bio, " ...");
930                 BIO_printf(bio, "\n");
931                 }
932         (void)BIO_flush(bio);
933         }
934
935 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
936                                         unsigned char *data, int len,
937                                         void *arg)
938         {
939         BIO *bio = arg;
940         char *extname;
941
942         switch(type)
943                 {
944                 case TLSEXT_TYPE_server_name:
945                 extname = "server name";
946                 break;
947
948                 case TLSEXT_TYPE_max_fragment_length:
949                 extname = "max fragment length";
950                 break;
951
952                 case TLSEXT_TYPE_client_certificate_url:
953                 extname = "client certificate URL";
954                 break;
955
956                 case TLSEXT_TYPE_trusted_ca_keys:
957                 extname = "trusted CA keys";
958                 break;
959
960                 case TLSEXT_TYPE_truncated_hmac:
961                 extname = "truncated HMAC";
962                 break;
963
964                 case TLSEXT_TYPE_status_request:
965                 extname = "status request";
966                 break;
967
968                 case TLSEXT_TYPE_user_mapping:
969                 extname = "user mapping";
970                 break;
971
972                 case TLSEXT_TYPE_client_authz:
973                 extname = "client authz";
974                 break;
975
976                 case TLSEXT_TYPE_server_authz:
977                 extname = "server authz";
978                 break;
979
980                 case TLSEXT_TYPE_cert_type:
981                 extname = "cert type";
982                 break;
983
984                 case TLSEXT_TYPE_elliptic_curves:
985                 extname = "elliptic curves";
986                 break;
987
988                 case TLSEXT_TYPE_ec_point_formats:
989                 extname = "EC point formats";
990                 break;
991
992                 case TLSEXT_TYPE_srp:
993                 extname = "SRP";
994                 break;
995
996                 case TLSEXT_TYPE_signature_algorithms:
997                 extname = "signature algorithms";
998                 break;
999
1000                 case TLSEXT_TYPE_use_srtp:
1001                 extname = "use SRTP";
1002                 break;
1003
1004                 case TLSEXT_TYPE_heartbeat:
1005                 extname = "heartbeat";
1006                 break;
1007
1008                 case TLSEXT_TYPE_session_ticket:
1009                 extname = "session ticket";
1010                 break;
1011
1012                 case TLSEXT_TYPE_renegotiate: 
1013                 extname = "renegotiation info";
1014                 break;
1015
1016 #ifdef TLSEXT_TYPE_opaque_prf_input
1017                 case TLSEXT_TYPE_opaque_prf_input:
1018                 extname = "opaque PRF input";
1019                 break;
1020 #endif
1021 #ifdef TLSEXT_TYPE_next_proto_neg
1022                 case TLSEXT_TYPE_next_proto_neg:
1023                 extname = "next protocol";
1024                 break;
1025 #endif
1026 #ifdef TLSEXT_TYPE_encrypt_then_mac
1027                 case TLSEXT_TYPE_encrypt_then_mac:
1028                 extname = "encrypt-then-mac";
1029                 break;
1030 #endif
1031
1032                 default:
1033                 extname = "unknown";
1034                 break;
1035
1036                 }
1037         
1038         BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
1039                         client_server ? "server": "client",
1040                         extname, type, len);
1041         BIO_dump(bio, (char *)data, len);
1042         (void)BIO_flush(bio);
1043         }
1044
1045 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
1046         {
1047         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
1048         unsigned int length, resultlength;
1049         union {
1050                 struct sockaddr sa;
1051                 struct sockaddr_in s4;
1052 #if OPENSSL_USE_IPV6
1053                 struct sockaddr_in6 s6;
1054 #endif
1055         } peer;
1056
1057         /* Initialize a random secret */
1058         if (!cookie_initialized)
1059                 {
1060                 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
1061                         {
1062                         BIO_printf(bio_err,"error setting random cookie secret\n");
1063                         return 0;
1064                         }
1065                 cookie_initialized = 1;
1066                 }
1067
1068         /* Read peer information */
1069         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
1070
1071         /* Create buffer with peer's address and port */
1072         length = 0;
1073         switch (peer.sa.sa_family)
1074                 {
1075         case AF_INET:
1076                 length += sizeof(struct in_addr);
1077                 length += sizeof(peer.s4.sin_port);
1078                 break;
1079 #if OPENSSL_USE_IPV6
1080         case AF_INET6:
1081                 length += sizeof(struct in6_addr);
1082                 length += sizeof(peer.s6.sin6_port);
1083                 break;
1084 #endif
1085         default:
1086                 OPENSSL_assert(0);
1087                 break;
1088                 }
1089         buffer = OPENSSL_malloc(length);
1090
1091         if (buffer == NULL)
1092                 {
1093                 BIO_printf(bio_err,"out of memory\n");
1094                 return 0;
1095                 }
1096
1097         switch (peer.sa.sa_family)
1098                 {
1099         case AF_INET:
1100                 memcpy(buffer,
1101                        &peer.s4.sin_port,
1102                        sizeof(peer.s4.sin_port));
1103                 memcpy(buffer + sizeof(peer.s4.sin_port),
1104                        &peer.s4.sin_addr,
1105                        sizeof(struct in_addr));
1106                 break;
1107 #if OPENSSL_USE_IPV6
1108         case AF_INET6:
1109                 memcpy(buffer,
1110                        &peer.s6.sin6_port,
1111                        sizeof(peer.s6.sin6_port));
1112                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1113                        &peer.s6.sin6_addr,
1114                        sizeof(struct in6_addr));
1115                 break;
1116 #endif
1117         default:
1118                 OPENSSL_assert(0);
1119                 break;
1120                 }
1121
1122         /* Calculate HMAC of buffer using the secret */
1123         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1124              buffer, length, result, &resultlength);
1125         OPENSSL_free(buffer);
1126
1127         memcpy(cookie, result, resultlength);
1128         *cookie_len = resultlength;
1129
1130         return 1;
1131         }
1132
1133 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
1134         {
1135         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
1136         unsigned int length, resultlength;
1137         union {
1138                 struct sockaddr sa;
1139                 struct sockaddr_in s4;
1140 #if OPENSSL_USE_IPV6
1141                 struct sockaddr_in6 s6;
1142 #endif
1143         } peer;
1144
1145         /* If secret isn't initialized yet, the cookie can't be valid */
1146         if (!cookie_initialized)
1147                 return 0;
1148
1149         /* Read peer information */
1150         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
1151
1152         /* Create buffer with peer's address and port */
1153         length = 0;
1154         switch (peer.sa.sa_family)
1155                 {
1156         case AF_INET:
1157                 length += sizeof(struct in_addr);
1158                 length += sizeof(peer.s4.sin_port);
1159                 break;
1160 #if OPENSSL_USE_IPV6
1161         case AF_INET6:
1162                 length += sizeof(struct in6_addr);
1163                 length += sizeof(peer.s6.sin6_port);
1164                 break;
1165 #endif
1166         default:
1167                 OPENSSL_assert(0);
1168                 break;
1169                 }
1170         buffer = OPENSSL_malloc(length);
1171         
1172         if (buffer == NULL)
1173                 {
1174                 BIO_printf(bio_err,"out of memory\n");
1175                 return 0;
1176                 }
1177
1178         switch (peer.sa.sa_family)
1179                 {
1180         case AF_INET:
1181                 memcpy(buffer,
1182                        &peer.s4.sin_port,
1183                        sizeof(peer.s4.sin_port));
1184                 memcpy(buffer + sizeof(peer.s4.sin_port),
1185                        &peer.s4.sin_addr,
1186                        sizeof(struct in_addr));
1187                 break;
1188 #if OPENSSL_USE_IPV6
1189         case AF_INET6:
1190                 memcpy(buffer,
1191                        &peer.s6.sin6_port,
1192                        sizeof(peer.s6.sin6_port));
1193                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1194                        &peer.s6.sin6_addr,
1195                        sizeof(struct in6_addr));
1196                 break;
1197 #endif
1198         default:
1199                 OPENSSL_assert(0);
1200                 break;
1201                 }
1202
1203         /* Calculate HMAC of buffer using the secret */
1204         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1205              buffer, length, result, &resultlength);
1206         OPENSSL_free(buffer);
1207
1208         if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
1209                 return 1;
1210
1211         return 0;
1212         }
1213
1214 /* Example of extended certificate handling. Where the standard support
1215  * of one certificate per algorithm is not sufficient an application
1216  * can decide which certificate(s) to use at runtime based on whatever
1217  * criteria it deems appropriate.
1218  */
1219
1220 /* Linked list of certificates, keys and chains */
1221 struct  ssl_excert_st
1222         {
1223         int certform;
1224         const char *certfile;
1225         int keyform;
1226         const char *keyfile;
1227         const char *chainfile;
1228         X509 *cert;
1229         EVP_PKEY *key;
1230         STACK_OF(X509) *chain;
1231         int build_chain;
1232         struct ssl_excert_st *next, *prev;
1233         };
1234
1235 struct chain_flags
1236         {
1237         int flag;
1238         const char *name;
1239         };
1240
1241 struct chain_flags chain_flags_list[] =
1242         {
1243                 {CERT_PKEY_VALID, "Overall Validity"},
1244                 {CERT_PKEY_SIGN,  "Sign with EE key"},
1245                 {CERT_PKEY_EE_SIGNATURE, "EE signature"},
1246                 {CERT_PKEY_CA_SIGNATURE, "CA signature"},
1247                 {CERT_PKEY_EE_PARAM, "EE key parameters"},
1248                 {CERT_PKEY_CA_PARAM, "CA key parameters"},
1249                 {CERT_PKEY_EXPLICIT_SIGN,  "Explicity sign with EE key"},
1250                 {CERT_PKEY_ISSUER_NAME,  "Issuer Name"},
1251                 {CERT_PKEY_CERT_TYPE,  "Certificate Type"},
1252                 {0, NULL}
1253         };
1254
1255
1256 static void print_chain_flags(BIO *out, int flags)
1257         {
1258         struct chain_flags *ctmp = chain_flags_list;
1259         while(ctmp->name)
1260                 {
1261                 BIO_printf(out, "\t%s: %s\n", ctmp->name,
1262                                 flags & ctmp->flag ? "OK" : "NOT OK");
1263                 ctmp++;
1264                 }
1265         }
1266
1267 /* Very basic selection callback: just use any certificate chain
1268  * reported as valid. More sophisticated could prioritise according
1269  * to local policy.
1270  */
1271 static int set_cert_cb(SSL *ssl, void *arg)
1272         {
1273         int i, rv;
1274         SSL_EXCERT *exc = arg;
1275         SSL_certs_clear(ssl);
1276
1277         if (!exc)
1278                 return 1;
1279
1280         /* Go to end of list and traverse backwards since we prepend
1281          * newer entries this retains the original order.
1282          */
1283         while (exc->next)
1284                 exc = exc->next;
1285
1286         i = 0;  
1287
1288         while(exc)
1289                 {
1290                 i++;
1291                 rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
1292                 BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
1293                 X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
1294                                                         XN_FLAG_ONELINE);
1295                 BIO_puts(bio_err, "\n");
1296                 
1297                 print_chain_flags(bio_err, rv);
1298                 if (rv & CERT_PKEY_VALID)
1299                         {
1300                         SSL_use_certificate(ssl, exc->cert);
1301                         SSL_use_PrivateKey(ssl, exc->key);
1302                         /* NB: we wouldn't normally do this as it is
1303                          * not efficient building chains on each connection
1304                          * better to cache the chain in advance.
1305                          */
1306                         if (exc->build_chain)
1307                                 {
1308                                 if (!SSL_build_cert_chain(ssl, 0))
1309                                         return 0;
1310                                 }
1311                         else if (exc->chain)
1312                                 SSL_set1_chain(ssl, exc->chain);
1313                         }
1314                 exc = exc->prev;
1315                 }
1316         return 1;
1317         }
1318
1319 void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
1320         {
1321         SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
1322         }
1323
1324 static int ssl_excert_prepend(SSL_EXCERT **pexc)
1325         {
1326         SSL_EXCERT *exc;
1327         exc = OPENSSL_malloc(sizeof(SSL_EXCERT));
1328         if (!exc)
1329                 return 0;
1330         exc->certfile = NULL;
1331         exc->keyfile = NULL;
1332         exc->chainfile = NULL;
1333         exc->cert = NULL;
1334         exc->key = NULL;
1335         exc->chain = NULL;
1336         exc->prev = NULL;
1337         exc->build_chain = 0;
1338
1339         exc->next = *pexc;
1340         *pexc = exc;
1341                         
1342         if (exc->next)
1343                 {
1344                 exc->certform = exc->next->certform;
1345                 exc->keyform = exc->next->keyform;
1346                 exc->next->prev = exc;
1347                 }
1348         else
1349                 {
1350                 exc->certform = FORMAT_PEM;
1351                 exc->keyform = FORMAT_PEM;
1352                 }
1353         return 1;
1354
1355         }
1356
1357 void ssl_excert_free(SSL_EXCERT *exc)
1358         {
1359         SSL_EXCERT *curr;
1360         while (exc)
1361                 {
1362                 if (exc->cert)
1363                         X509_free(exc->cert);
1364                 if (exc->key)
1365                         EVP_PKEY_free(exc->key);
1366                 if (exc->chain)
1367                         sk_X509_pop_free(exc->chain, X509_free);
1368                 curr = exc;
1369                 exc = exc->next;
1370                 OPENSSL_free(curr);
1371                 }
1372         }
1373
1374 int load_excert(SSL_EXCERT **pexc, BIO *err)
1375         {
1376         SSL_EXCERT *exc = *pexc;
1377         if (!exc)
1378                 return 1;
1379         /* If nothing in list, free and set to NULL */
1380         if (!exc->certfile && !exc->next)
1381                 {
1382                 ssl_excert_free(exc);
1383                 *pexc = NULL;
1384                 return 1;
1385                 }
1386         for(; exc; exc=exc->next)
1387                 {
1388                 if (!exc->certfile)
1389                         {
1390                         BIO_printf(err, "Missing filename\n");
1391                         return 0;
1392                         }
1393                 exc->cert = load_cert(err, exc->certfile, exc->certform,
1394                                         NULL, NULL, "Server Certificate");
1395                 if (!exc->cert)
1396                         return 0;
1397                 if (exc->keyfile)
1398                         exc->keyfile = exc->certfile;
1399                 exc->key = load_key(err, exc->certfile, exc->certform, 0,
1400                                         NULL, NULL, "Server Certificate");
1401                 if (!exc->key)
1402                         return 0;
1403                 if (exc->chainfile)
1404                         {
1405                         exc->chain = load_certs(err,
1406                                                 exc->chainfile, FORMAT_PEM,
1407                                                 NULL, NULL,
1408                                                 "Server Chain");
1409                         if (!exc->chainfile)
1410                                 return 0;
1411                         }
1412                 }
1413         return 1;
1414         }
1415                 
1416
1417 int args_excert(char ***pargs, int *pargc,
1418                         int *badarg, BIO *err, SSL_EXCERT **pexc)
1419         {
1420         char *arg = **pargs, *argn = (*pargs)[1];
1421         SSL_EXCERT *exc = *pexc;
1422         int narg = 2;
1423         if (!exc)
1424                 {
1425                 if (ssl_excert_prepend(&exc))
1426                         *pexc = exc;
1427                 else
1428                         {
1429                         BIO_printf(err, "Error initialising xcert\n");
1430                         *badarg = 1;
1431                         goto err;
1432                         }
1433                 }
1434         if (strcmp(arg, "-xcert") == 0)
1435                 {
1436                 if (!argn)
1437                         {
1438                         *badarg = 1;
1439                         return 1;
1440                         }
1441                 if (exc->certfile && !ssl_excert_prepend(&exc))
1442                         {
1443                         BIO_printf(err, "Error adding xcert\n");
1444                         *badarg = 1;
1445                         goto err;
1446                         }
1447                 exc->certfile = argn;
1448                 }
1449         else if (strcmp(arg,"-xkey") == 0)
1450                 {
1451                 if (!argn)
1452                         {
1453                         *badarg = 1;
1454                         return 1;
1455                         }
1456                 if (exc->keyfile)
1457                         {
1458                         BIO_printf(err, "Key already specified\n");
1459                         *badarg = 1;
1460                         return 1;
1461                         }
1462                 exc->keyfile = argn;
1463                 }
1464         else if (strcmp(arg,"-xchain") == 0)
1465                 {
1466                 if (!argn)
1467                         {
1468                         *badarg = 1;
1469                         return 1;
1470                         }
1471                 if (exc->chainfile)
1472                         {
1473                         BIO_printf(err, "Chain already specified\n");
1474                         *badarg = 1;
1475                         return 1;
1476                         }
1477                 exc->chainfile = argn;
1478                 }
1479         else if (strcmp(arg,"-xchain_build") == 0)
1480                 {
1481                 narg = 1;
1482                 exc->build_chain = 1;
1483                 }
1484         else if (strcmp(arg,"-xcertform") == 0)
1485                 {
1486                 if (!argn)
1487                         {
1488                         *badarg = 1;
1489                         goto err;
1490                         }
1491                 exc->certform = str2fmt(argn);
1492                 }
1493         else if (strcmp(arg,"-xkeyform") == 0)
1494                 {
1495                 if (!argn)
1496                         {
1497                         *badarg = 1;
1498                         goto err;
1499                         }
1500                 exc->keyform = str2fmt(argn);
1501                 }
1502         else
1503                 return 0;
1504
1505         (*pargs) += narg;
1506
1507         if (pargc)
1508                 *pargc -= narg;
1509
1510         *pexc = exc;
1511
1512         return 1;
1513
1514         err:
1515         ERR_print_errors(err);
1516         ssl_excert_free(exc);
1517         *pexc = NULL;
1518         return 1;
1519         }
1520
1521 static void print_raw_cipherlist(BIO *bio, SSL *s)
1522         {
1523         const unsigned char *rlist;
1524         static const unsigned char scsv_id[] = {0, 0, 0xFF};
1525         size_t i, rlistlen, num;
1526         if (!SSL_is_server(s))
1527                 return;
1528         num = SSL_get0_raw_cipherlist(s, NULL);
1529         rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
1530         BIO_puts(bio, "Client cipher list: ");
1531         for (i = 0; i < rlistlen; i += num, rlist += num)
1532                 {
1533                 const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
1534                 if (i)
1535                         BIO_puts(bio, ":");
1536                 if (c)
1537                         BIO_puts(bio, SSL_CIPHER_get_name(c));
1538                 else if (!memcmp(rlist, scsv_id - num + 3, num))
1539                         BIO_puts(bio, "SCSV");
1540                 else
1541                         {
1542                         size_t j;
1543                         BIO_puts(bio, "0x");
1544                         for (j = 0; j < num; j++)
1545                                 BIO_printf(bio, "%02X", rlist[j]);
1546                         }
1547                 }
1548         BIO_puts(bio, "\n");
1549         }
1550         
1551
1552 void print_ssl_summary(BIO *bio, SSL *s)
1553         {
1554         const SSL_CIPHER *c;
1555         X509 *peer;
1556         /*const char *pnam = SSL_is_server(s) ? "client" : "server";*/
1557         BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));
1558         print_raw_cipherlist(bio, s);
1559         c = SSL_get_current_cipher(s);
1560         BIO_printf(bio,"Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
1561         do_print_sigalgs(bio, s, 0);
1562         peer = SSL_get_peer_certificate(s);
1563         if (peer)
1564                 {
1565                 int nid;
1566                 BIO_puts(bio, "Peer certificate: ");
1567                 X509_NAME_print_ex(bio, X509_get_subject_name(peer),
1568                                         0, XN_FLAG_ONELINE);
1569                 BIO_puts(bio, "\n");
1570                 if (SSL_get_peer_signature_nid(s, &nid))
1571                         BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));
1572                 }
1573         else
1574                 BIO_puts(bio, "No peer certificate\n");
1575         if (peer)
1576                 X509_free(peer);
1577 #ifndef OPENSSL_NO_EC
1578         ssl_print_point_formats(bio, s);
1579         if (SSL_is_server(s))
1580                 ssl_print_curves(bio, s, 1);
1581         else
1582                 ssl_print_tmp_key(bio, s);
1583 #else
1584         if (!SSL_is_server(s))
1585                 ssl_print_tmp_key(bio, s);
1586 #endif
1587         }
1588
1589 int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
1590                         int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
1591         {
1592         char *arg = **pargs, *argn = (*pargs)[1];
1593         int rv;
1594
1595         /* Attempt to run SSL configuration command */
1596         rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
1597         /* If parameter not recognised just return */
1598         if (rv == 0)
1599                 return 0;
1600         /* see if missing argument error */
1601         if (rv == -3)
1602                 {
1603                 BIO_printf(err, "%s needs an argument\n", arg);
1604                 *badarg = 1;
1605                 goto end;
1606                 }
1607         /* Check for some other error */
1608         if (rv < 0)
1609                 {
1610                 BIO_printf(err, "Error with command: \"%s %s\"\n",
1611                                                 arg, argn ? argn : "");
1612                 *badarg = 1;
1613                 goto end;
1614                 }
1615         /* Store command and argument */
1616         /* If only one argument processed store value as NULL */
1617         if (rv == 1)
1618                 argn = NULL;
1619         if (!*pstr)
1620                 *pstr = sk_OPENSSL_STRING_new_null();
1621         if (!*pstr || !sk_OPENSSL_STRING_push(*pstr, arg) ||
1622                                 !sk_OPENSSL_STRING_push(*pstr, argn))
1623                 {
1624                 BIO_puts(err, "Memory allocation failure\n");
1625                 goto end;
1626                 }
1627
1628         end:
1629         if (*badarg)
1630                 ERR_print_errors(err);
1631
1632         return 1;
1633         }
1634
1635 int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
1636                 STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
1637         {
1638         int i;
1639         SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
1640         for (i = 0; i < sk_OPENSSL_STRING_num(str); i+= 2)
1641                 {
1642                 const char *param = sk_OPENSSL_STRING_value(str, i);
1643                 const char *value = sk_OPENSSL_STRING_value(str, i + 1);
1644                 /* If no_ecdhe or named curve already specified don't need
1645                  * a default.
1646                  */
1647                 if (!no_ecdhe && !strcmp(param, "-named_curve"))
1648                         no_ecdhe = 1;
1649 #ifndef OPENSSL_NO_JPAKE
1650                 if (!no_jpake && !strcmp(param, "-cipher"))
1651                         {
1652                         BIO_puts(err, "JPAKE sets cipher to PSK\n");
1653                         return 0;
1654                         }
1655 #endif
1656                 if (SSL_CONF_cmd(cctx, param, value) <= 0)
1657                         {
1658                         BIO_printf(err, "Error with command: \"%s %s\"\n",
1659                                                 param, value ? value : "");
1660                         ERR_print_errors(err);
1661                         return 0;
1662                         }
1663                 }
1664         /* This is a special case to keep existing s_server functionality:
1665          * if we don't have any curve specified *and* we haven't disabled
1666          * ECDHE then use P-256.
1667          */
1668         if (!no_ecdhe)
1669                 {
1670                 if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0)
1671                         {
1672                         BIO_puts(err, "Error setting EC curve\n");
1673                         ERR_print_errors(err);
1674                         return 0;
1675                         }
1676                 }
1677 #ifndef OPENSSL_NO_JPAKE
1678         if (!no_jpake)
1679                 {
1680                 if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
1681                         {
1682                         BIO_puts(err, "Error setting cipher to PSK\n");
1683                         ERR_print_errors(err);
1684                         return 0;
1685                         }
1686                 }
1687 #endif
1688         if (!SSL_CONF_CTX_finish(cctx))
1689                 {
1690                 BIO_puts(err, "Error finishing context\n");
1691                 ERR_print_errors(err);
1692                 return 0;
1693                 }
1694         return 1;
1695         }
1696
1697 static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
1698         {
1699         X509_CRL *crl;
1700         int i;
1701         for (i = 0; i < sk_X509_CRL_num(crls); i++)
1702                 {
1703                 crl = sk_X509_CRL_value(crls, i);
1704                 X509_STORE_add_crl(st, crl);
1705                 }
1706         return 1;
1707         }
1708
1709 int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
1710         {
1711         X509_STORE *st;
1712         st = SSL_CTX_get_cert_store(ctx);
1713         add_crls_store(st, crls);
1714         if (crl_download)
1715                 store_setup_crl_download(st);
1716         return 1;
1717         }
1718
1719 int ssl_load_stores(SSL_CTX *ctx,
1720                         const char *vfyCApath, const char *vfyCAfile,
1721                         const char *chCApath, const char *chCAfile,
1722                         STACK_OF(X509_CRL) *crls, int crl_download)
1723         {
1724         X509_STORE *vfy = NULL, *ch = NULL;
1725         int rv = 0;
1726         if (vfyCApath || vfyCAfile)
1727                 {
1728                 vfy = X509_STORE_new();
1729                 if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
1730                         goto err;
1731                 add_crls_store(vfy, crls);
1732                 SSL_CTX_set1_verify_cert_store(ctx, vfy);
1733                 if (crl_download)
1734                         store_setup_crl_download(vfy);
1735                 }
1736         if (chCApath || chCAfile)
1737                 {
1738                 ch = X509_STORE_new();
1739                 if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
1740                         goto err;
1741                 SSL_CTX_set1_chain_cert_store(ctx, ch);
1742                 }
1743         rv = 1;
1744         err:
1745         if (vfy)
1746                 X509_STORE_free(vfy);
1747         if (ch)
1748                 X509_STORE_free(ch);
1749         return rv;
1750         }