- {
- SSL_EXCERT *curr;
- while (exc)
- {
- if (exc->cert)
- X509_free(exc->cert);
- if (exc->key)
- EVP_PKEY_free(exc->key);
- if (exc->chain)
- sk_X509_pop_free(exc->chain, X509_free);
- curr = exc;
- exc = exc->next;
- OPENSSL_free(curr);
- }
- }
-
-int load_excert(SSL_EXCERT **pexc, BIO *err)
- {
- SSL_EXCERT *exc = *pexc;
- if (!exc)
- return 1;
- /* If nothing in list, free and set to NULL */
- if (!exc->certfile && !exc->next)
- {
- ssl_excert_free(exc);
- *pexc = NULL;
- return 1;
- }
- for(; exc; exc=exc->next)
- {
- if (!exc->certfile)
- {
- BIO_printf(err, "Missing filename\n");
- return 0;
- }
- exc->cert = load_cert(err, exc->certfile, exc->certform,
- NULL, NULL, "Server Certificate");
- if (!exc->cert)
- return 0;
- if (exc->keyfile)
- {
- exc->key = load_key(err, exc->keyfile, exc->keyform,
- 0, NULL, NULL, "Server Key");
- }
- else
- {
- exc->key = load_key(err, exc->certfile, exc->certform,
- 0, NULL, NULL, "Server Key");
- }
- if (!exc->key)
- return 0;
- if (exc->chainfile)
- {
- exc->chain = load_certs(err,
- exc->chainfile, FORMAT_PEM,
- NULL, NULL,
- "Server Chain");
- if (!exc->chain)
- return 0;
- }
- }
- return 1;
- }
-
-
-int args_excert(char ***pargs, int *pargc,
- int *badarg, BIO *err, SSL_EXCERT **pexc)
- {
- char *arg = **pargs, *argn = (*pargs)[1];
- SSL_EXCERT *exc = *pexc;
- int narg = 2;
- if (!exc)
- {
- if (ssl_excert_prepend(&exc))
- *pexc = exc;
- else
- {
- BIO_printf(err, "Error initialising xcert\n");
- *badarg = 1;
- goto err;
- }
- }
- if (strcmp(arg, "-xcert") == 0)
- {
- if (!argn)
- {
- *badarg = 1;
- return 1;
- }
- if (exc->certfile && !ssl_excert_prepend(&exc))
- {
- BIO_printf(err, "Error adding xcert\n");
- *badarg = 1;
- goto err;
- }
- exc->certfile = argn;
- }
- else if (strcmp(arg,"-xkey") == 0)
- {
- if (!argn)
- {
- *badarg = 1;
- return 1;
- }
- if (exc->keyfile)
- {
- BIO_printf(err, "Key already specified\n");
- *badarg = 1;
- return 1;
- }
- exc->keyfile = argn;
- }
- else if (strcmp(arg,"-xchain") == 0)
- {
- if (!argn)
- {
- *badarg = 1;
- return 1;
- }
- if (exc->chainfile)
- {
- BIO_printf(err, "Chain already specified\n");
- *badarg = 1;
- return 1;
- }
- exc->chainfile = argn;
- }
- else if (strcmp(arg,"-xchain_build") == 0)
- {
- narg = 1;
- exc->build_chain = 1;
- }
- else if (strcmp(arg,"-xcertform") == 0)
- {
- if (!argn)
- {
- *badarg = 1;
- goto err;
- }
- exc->certform = str2fmt(argn);
- }
- else if (strcmp(arg,"-xkeyform") == 0)
- {
- if (!argn)
- {
- *badarg = 1;
- goto err;
- }
- exc->keyform = str2fmt(argn);
- }
- else
- return 0;
-
- (*pargs) += narg;
-
- if (pargc)
- *pargc -= narg;
-
- *pexc = exc;
-
- return 1;
-
- err:
- ERR_print_errors(err);
- ssl_excert_free(exc);
- *pexc = NULL;
- return 1;
- }
-
-static void print_raw_cipherlist(BIO *bio, SSL *s)
- {
- const unsigned char *rlist;
- static const unsigned char scsv_id[] = {0, 0, 0xFF};
- size_t i, rlistlen, num;
- if (!SSL_is_server(s))
- return;
- num = SSL_get0_raw_cipherlist(s, NULL);
- rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
- BIO_puts(bio, "Client cipher list: ");
- for (i = 0; i < rlistlen; i += num, rlist += num)
- {
- const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
- if (i)
- BIO_puts(bio, ":");
- if (c)
- BIO_puts(bio, SSL_CIPHER_get_name(c));
- else if (!memcmp(rlist, scsv_id - num + 3, num))
- BIO_puts(bio, "SCSV");
- else
- {
- size_t j;
- BIO_puts(bio, "0x");
- for (j = 0; j < num; j++)
- BIO_printf(bio, "%02X", rlist[j]);
- }
- }
- BIO_puts(bio, "\n");
- }
-
-
-void print_ssl_summary(BIO *bio, SSL *s)
- {
- const SSL_CIPHER *c;
- X509 *peer;
- /*const char *pnam = SSL_is_server(s) ? "client" : "server";*/
- BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));
- print_raw_cipherlist(bio, s);
- c = SSL_get_current_cipher(s);
- BIO_printf(bio,"Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
- do_print_sigalgs(bio, s, 0);
- peer = SSL_get_peer_certificate(s);
- if (peer)
- {
- int nid;
- BIO_puts(bio, "Peer certificate: ");
- X509_NAME_print_ex(bio, X509_get_subject_name(peer),
- 0, XN_FLAG_ONELINE);
- BIO_puts(bio, "\n");
- if (SSL_get_peer_signature_nid(s, &nid))
- BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));
- }
- else
- BIO_puts(bio, "No peer certificate\n");
- if (peer)
- X509_free(peer);
+{
+ SSL_EXCERT *curr;
+
+ if (!exc)
+ return;
+ while (exc) {
+ X509_free(exc->cert);
+ EVP_PKEY_free(exc->key);
+ sk_X509_pop_free(exc->chain, X509_free);
+ curr = exc;
+ exc = exc->next;
+ OPENSSL_free(curr);
+ }
+}
+
+int load_excert(SSL_EXCERT **pexc)
+{
+ SSL_EXCERT *exc = *pexc;
+ if (!exc)
+ return 1;
+ /* If nothing in list, free and set to NULL */
+ if (!exc->certfile && !exc->next) {
+ ssl_excert_free(exc);
+ *pexc = NULL;
+ return 1;
+ }
+ for (; exc; exc = exc->next) {
+ if (!exc->certfile) {
+ BIO_printf(bio_err, "Missing filename\n");
+ return 0;
+ }
+ exc->cert = load_cert(exc->certfile, exc->certform,
+ NULL, NULL, "Server Certificate");
+ if (!exc->cert)
+ return 0;
+ if (exc->keyfile) {
+ exc->key = load_key(exc->keyfile, exc->keyform,
+ 0, NULL, NULL, "Server Key");
+ } else {
+ exc->key = load_key(exc->certfile, exc->certform,
+ 0, NULL, NULL, "Server Key");
+ }
+ if (!exc->key)
+ return 0;
+ if (exc->chainfile) {
+ exc->chain = load_certs(exc->chainfile, FORMAT_PEM,
+ NULL, NULL, "Server Chain");
+ if (!exc->chain)
+ return 0;
+ }
+ }
+ return 1;
+}
+
+enum range { OPT_X_ENUM };
+
+int args_excert(int opt, SSL_EXCERT **pexc)
+{
+ SSL_EXCERT *exc = *pexc;
+
+ assert(opt > OPT_X__FIRST);
+ assert(opt < OPT_X__LAST);
+
+ if (exc == NULL) {
+ if (!ssl_excert_prepend(&exc)) {
+ BIO_printf(bio_err, " %s: Error initialising xcert\n",
+ opt_getprog());
+ goto err;
+ }
+ *pexc = exc;
+ }
+
+ switch ((enum range)opt) {
+ case OPT_X__FIRST:
+ case OPT_X__LAST:
+ return 0;
+ case OPT_X_CERT:
+ if (exc->certfile && !ssl_excert_prepend(&exc)) {
+ BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
+ goto err;
+ }
+ exc->certfile = opt_arg();
+ break;
+ case OPT_X_KEY:
+ if (exc->keyfile) {
+ BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
+ goto err;
+ }
+ exc->keyfile = opt_arg();
+ break;
+ case OPT_X_CHAIN:
+ if (exc->chainfile) {
+ BIO_printf(bio_err, "%s: Chain already specified\n",
+ opt_getprog());
+ goto err;
+ }
+ exc->chainfile = opt_arg();
+ break;
+ case OPT_X_CHAIN_BUILD:
+ exc->build_chain = 1;
+ break;
+ case OPT_X_CERTFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform))
+ return 0;
+ break;
+ case OPT_X_KEYFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform))
+ return 0;
+ break;
+ }
+ return 1;
+
+ err:
+ ERR_print_errors(bio_err);
+ ssl_excert_free(exc);
+ *pexc = NULL;
+ return 0;
+}
+
+static void print_raw_cipherlist(SSL *s)
+{
+ const unsigned char *rlist;
+ static const unsigned char scsv_id[] = { 0, 0, 0xFF };
+ size_t i, rlistlen, num;
+ if (!SSL_is_server(s))
+ return;
+ num = SSL_get0_raw_cipherlist(s, NULL);
+ rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
+ BIO_puts(bio_err, "Client cipher list: ");
+ for (i = 0; i < rlistlen; i += num, rlist += num) {
+ const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
+ if (i)
+ BIO_puts(bio_err, ":");
+ if (c)
+ BIO_puts(bio_err, SSL_CIPHER_get_name(c));
+ else if (!memcmp(rlist, scsv_id - num + 3, num))
+ BIO_puts(bio_err, "SCSV");
+ else {
+ size_t j;
+ BIO_puts(bio_err, "0x");
+ for (j = 0; j < num; j++)
+ BIO_printf(bio_err, "%02X", rlist[j]);
+ }
+ }
+ BIO_puts(bio_err, "\n");
+}
+
+void print_ssl_summary(SSL *s)
+{
+ const SSL_CIPHER *c;
+ X509 *peer;
+ /* const char *pnam = SSL_is_server(s) ? "client" : "server"; */
+
+ BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
+ print_raw_cipherlist(s);
+ c = SSL_get_current_cipher(s);
+ BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
+ do_print_sigalgs(bio_err, s, 0);
+ peer = SSL_get_peer_certificate(s);
+ if (peer) {
+ int nid;
+ BIO_puts(bio_err, "Peer certificate: ");
+ X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
+ 0, XN_FLAG_ONELINE);
+ BIO_puts(bio_err, "\n");
+ if (SSL_get_peer_signature_nid(s, &nid))
+ BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
+ } else
+ BIO_puts(bio_err, "No peer certificate\n");
+ X509_free(peer);