BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
return 1;
}
-
+#ifndef OPENSSL_NO_EC
int ssl_print_point_formats(BIO *out, SSL *s)
{
int i, nformats;
BIO_puts(out, "\n");
return 1;
}
-
+#endif
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break;
-
+#ifndef OPENSSL_NO_ECDH
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
BIO_printf(out, "ECDH, %s, %d bits\n",
cname, EVP_PKEY_bits(key));
}
+#endif
}
EVP_PKEY_free(key);
return 1;
case 20:
str_details1 = ", Finished";
break;
+ case 23:
+ str_details1 = ", SupplementalData";
+ break;
}
}
}
extname = "next protocol";
break;
#endif
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+ case TLSEXT_TYPE_encrypt_then_mac:
+ extname = "encrypt-then-mac";
+ break;
+#endif
default:
extname = "unknown";
BIO_puts(bio, "No peer certificate\n");
if (peer)
X509_free(peer);
+#ifndef OPENSSL_NO_EC
ssl_print_point_formats(bio, s);
if (SSL_is_server(s))
ssl_print_curves(bio, s, 1);
else
ssl_print_tmp_key(bio, s);
- }
-
-void print_ssl_cert_checks(BIO *bio, SSL *s,
- const unsigned char *checkhost,
- const unsigned char *checkemail,
- const char *checkip)
- {
- X509 *peer;
- peer = SSL_get_peer_certificate(s);
- if (peer)
- {
- print_cert_checks(bio, peer, checkhost, checkemail, checkip);
- X509_free(peer);
- }
+#else
+ if (!SSL_is_server(s))
+ ssl_print_tmp_key(bio, s);
+#endif
}
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
}
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
- STACK_OF(OPENSSL_STRING) *str, int no_ecdhe)
+ STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
{
int i;
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
*/
if (!no_ecdhe && !strcmp(param, "-named_curve"))
no_ecdhe = 1;
+#ifndef OPENSSL_NO_JPAKE
+ if (!no_jpake && !strcmp(param, "-cipher"))
+ {
+ BIO_puts(err, "JPAKE sets cipher to PSK\n");
+ return 0;
+ }
+#endif
if (SSL_CONF_cmd(cctx, param, value) <= 0)
{
BIO_printf(err, "Error with command: \"%s %s\"\n",
return 0;
}
}
+#ifndef OPENSSL_NO_JPAKE
+ if (!no_jpake)
+ {
+ if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
+ {
+ BIO_puts(err, "Error setting cipher to PSK\n");
+ ERR_print_errors(err);
+ return 0;
+ }
+ }
+#endif
+ if (!SSL_CONF_CTX_finish(cctx))
+ {
+ BIO_puts(err, "Error finishing context\n");
+ ERR_print_errors(err);
+ return 0;
+ }
return 1;
}
{
X509_CRL *crl;
int i;
- if (crls)
+ for (i = 0; i < sk_X509_CRL_num(crls); i++)
{
- for (i = 0; i < sk_X509_CRL_num(crls); i++)
- {
- crl = sk_X509_CRL_value(crls, i);
- X509_STORE_add_crl(st, crl);
- }
+ crl = sk_X509_CRL_value(crls, i);
+ X509_STORE_add_crl(st, crl);
}
return 1;
}
-int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls)
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
{
X509_STORE *st;
- if (crls)
- {
- st = SSL_CTX_get_cert_store(ctx);
- add_crls_store(st, crls);
- }
+ st = SSL_CTX_get_cert_store(ctx);
+ add_crls_store(st, crls);
+ if (crl_download)
+ store_setup_crl_download(st);
return 1;
}
int ssl_load_stores(SSL_CTX *ctx,
const char *vfyCApath, const char *vfyCAfile,
const char *chCApath, const char *chCAfile,
- STACK_OF(X509_CRL) *crls)
+ STACK_OF(X509_CRL) *crls, int crl_download)
{
X509_STORE *vfy = NULL, *ch = NULL;
int rv = 0;
goto err;
add_crls_store(vfy, crls);
SSL_CTX_set1_verify_cert_store(ctx, vfy);
+ if (crl_download)
+ store_setup_crl_download(vfy);
}
if (chCApath || chCAfile)
{
projects / openssl.git / blobdiff