int verify_quiet = 0;
int verify_error = X509_V_OK;
int verify_return_error = 0;
-unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
-int cookie_initialized = 0;
+static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
+static int cookie_initialized = 0;
static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
{
{"ECDSA sign", TLS_CT_ECDSA_SIGN},
{"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
{"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
- {"GOST94 Sign", TLS_CT_GOST94_SIGN},
{"GOST01 Sign", TLS_CT_GOST01_SIGN},
{NULL}
};
#endif
#ifdef TLSEXT_TYPE_encrypt_then_mac
{"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
+#endif
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ {"application layer protocol negotiation",
+ TLSEXT_TYPE_application_layer_protocol_negotiation},
+#endif
+#ifdef TLSEXT_TYPE_extended_master_secret
+ {"extended master secret", TLSEXT_TYPE_extended_master_secret},
#endif
{NULL}
};
return 1;
}
-int verify_cookie_callback(SSL *ssl, unsigned char *cookie,
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
{
SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert");
- exc->certfile = NULL;
- exc->keyfile = NULL;
- exc->chainfile = NULL;
- exc->cert = NULL;
- exc->key = NULL;
- exc->chain = NULL;
- exc->prev = NULL;
- exc->build_chain = 0;
+ memset(exc, 0, sizeof(*exc));
exc->next = *pexc;
*pexc = exc;
{
X509_STORE *vfy = NULL, *ch = NULL;
int rv = 0;
- if (vfyCApath || vfyCAfile) {
+ if (vfyCApath != NULL || vfyCAfile != NULL) {
vfy = X509_STORE_new();
+ if (vfy == NULL)
+ goto err;
if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
goto err;
add_crls_store(vfy, crls);
if (crl_download)
store_setup_crl_download(vfy);
}
- if (chCApath || chCAfile) {
+ if (chCApath != NULL || chCAfile != NULL) {
ch = X509_STORE_new();
+ if (ch == NULL)
+ goto err;
if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
goto err;
SSL_CTX_set1_chain_cert_store(ctx, ch);
}
break;
#endif
-
+#ifndef OPENSSL_NO_DH
case SSL_SECOP_OTHER_DH:
{
DH *dh = other;
BIO_printf(sdb->out, "%d", BN_num_bits(dh->p));
break;
}
+#endif
case SSL_SECOP_OTHER_CERT:
{
if (cert_md) {
int sig_nid = X509_get_signature_nid(other);
BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
} else {
- EVP_PKEY *pkey = X509_get_pubkey(other);
+ EVP_PKEY *pkey = X509_get0_pubkey(other);
const char *algname = "";
EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
&algname, EVP_PKEY_get0_asn1(pkey));
BIO_printf(sdb->out, "%s, bits=%d",
algname, EVP_PKEY_bits(pkey));
- EVP_PKEY_free(pkey);
}
break;
}