#ifndef OPENSSL_NO_TLSEXT
static int c_tlsextdebug=0;
static int c_status_req=0;
+static int c_proof_debug=0;
#endif
static int c_msg=0;
static int c_showcerts=0;
static void print_stuff(BIO *berr,SSL *con,int full);
#ifndef OPENSSL_NO_TLSEXT
static int ocsp_resp_cb(SSL *s, void *arg);
+static int audit_proof_cb(SSL *s, void *arg);
#endif
static BIO *bio_c_out=NULL;
+static BIO *bio_c_msg=NULL;
static int c_quiet=0;
static int c_ign_eof=0;
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err," -status - request certificate status from server\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err," -proof_debug - request an audit proof and print its hex dump\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
# endif
#ifndef OPENSSL_NO_TLSEXT
char *servername = NULL;
char *curves=NULL;
+ char *sigalgs=NULL;
+ char *client_sigalgs=NULL;
tlsextctx tlsextcbp =
{NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
c_tlsextdebug=1;
else if (strcmp(*argv,"-status") == 0)
c_status_req=1;
+ else if (strcmp(*argv,"-proof_debug") == 0)
+ c_proof_debug=1;
#endif
#ifdef WATT32
else if (strcmp(*argv,"-wdebug") == 0)
#endif
else if (strcmp(*argv,"-msg") == 0)
c_msg=1;
+ else if (strcmp(*argv,"-msgfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ bio_c_msg = BIO_new_file(*(++argv), "w");
+ }
+#ifndef OPENSSL_NO_SSL_TRACE
+ else if (strcmp(*argv,"-trace") == 0)
+ c_msg=2;
+#endif
else if (strcmp(*argv,"-showcerts") == 0)
c_showcerts=1;
else if (strcmp(*argv,"-nbio_test") == 0)
if (--argc < 1) goto bad;
curves= *(++argv);
}
+ else if (strcmp(*argv,"-sigalgs") == 0)
+ {
+ if (--argc < 1) goto bad;
+ sigalgs= *(++argv);
+ }
+ else if (strcmp(*argv,"-client_sigalgs") == 0)
+ {
+ if (--argc < 1) goto bad;
+ client_sigalgs= *(++argv);
+ }
#endif
#ifndef OPENSSL_NO_JPAKE
else if (strcmp(*argv,"-jpake") == 0)
#endif
SSL_CTX_set_verify(ctx,verify,verify_callback);
- if (!set_cert_key_stuff(ctx,cert,key))
+ if (!set_cert_key_stuff(ctx,cert,key, NULL))
goto end;
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
ERR_print_errors(bio_err);
goto end;
}
+ if (sigalgs != NULL)
+ if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs)) {
+ BIO_printf(bio_err,"error setting signature algorithms list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (client_sigalgs != NULL)
+ if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) {
+ BIO_printf(bio_err,"error setting client signature algorithms list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if (servername != NULL)
{
tlsextcbp.biodebug = bio_err;
}
#endif
+ if (c_proof_debug)
+ SSL_CTX_set_tlsext_authz_server_audit_proof_cb(ctx,
+ audit_proof_cb);
#endif
con=SSL_new(ctx);
}
if (c_msg)
{
- SSL_set_msg_callback(con, msg_cb);
- SSL_set_msg_callback_arg(con, bio_c_out);
+#ifndef OPENSSL_NO_SSL_TRACE
+ if (c_msg == 2)
+ SSL_set_msg_callback(con, SSL_trace);
+ else
+#endif
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out);
}
#ifndef OPENSSL_NO_TLSEXT
if (c_tlsextdebug)
BIO_free(bio_c_out);
bio_c_out=NULL;
}
+ if (bio_c_msg != NULL)
+ {
+ BIO_free(bio_c_msg);
+ bio_c_msg=NULL;
+ }
apps_shutdown();
OPENSSL_EXIT(ret);
}
BIO_write(bio,"\n",1);
}
- ssl_print_sigalgs(bio, s);
+ ssl_print_sigalgs(bio, s, 1);
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),
BIO_printf(bio,"Expansion: %s\n",
expansion ? SSL_COMP_get_name(expansion) : "NONE");
#endif
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
- if (next_proto.status != -1) {
- const unsigned char *proto;
- unsigned int proto_len;
- SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
- BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
- BIO_write(bio, proto, proto_len);
- BIO_write(bio, "\n", 1);
- }
-#endif
-
+
#ifdef SSL_DEBUG
{
/* Print out local port of connection: useful for debugging */
}
#endif
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ if (next_proto.status != -1) {
+ const unsigned char *proto;
+ unsigned int proto_len;
+ SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
+ BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
+ BIO_write(bio, proto, proto_len);
+ BIO_write(bio, "\n", 1);
+ }
+#endif
+
{
SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
return 1;
}
+static int audit_proof_cb(SSL *s, void *arg)
+ {
+ const unsigned char *proof;
+ size_t proof_len;
+ size_t i;
+ SSL_SESSION *sess = SSL_get_session(s);
+
+ proof = SSL_SESSION_get_tlsext_authz_server_audit_proof(sess,
+ &proof_len);
+ if (proof != NULL)
+ {
+ BIO_printf(bio_c_out, "Audit proof: ");
+ for (i = 0; i < proof_len; ++i)
+ BIO_printf(bio_c_out, "%02X", proof[i]);
+ BIO_printf(bio_c_out, "\n");
+ }
+ else
+ {
+ BIO_printf(bio_c_out, "No audit proof found.\n");
+ }
+ return 1;
+ }
#endif
projects / openssl.git / blobdiff