static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
#ifndef OPENSSL_NO_TLSEXT
static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
+static char *curves=NULL;
#endif
static char *s_dcert_file=NULL,*s_dkey_file=NULL;
#ifdef FIONBIO
s_cert_file=TEST_CERT;
s_key_file=NULL;
#ifndef OPENSSL_NO_TLSEXT
+ curves=NULL;
s_cert_file2=TEST_CERT2;
s_key_file2=NULL;
ctx2=NULL;
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
# endif
- BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
+ BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
- meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
- meth=SSLv2_server_method();
-#elif !defined(OPENSSL_NO_TLS1)
- meth=TLSv1_server_method();
-#else
- /* #error no SSL version enabled */
-#endif
local_argc=argc;
local_argv=argv;
goto bad;
}
}
+ else if (strcmp(*argv,"-curves") == 0)
+ {
+ if (--argc < 1) goto bad;
+ curves= *(++argv);
+ }
#endif
else if (strcmp(*argv,"-msg") == 0)
{ s_msg=1; }
psk_key=*(++argv);
for (i=0; i<strlen(psk_key); i++)
{
- if (isxdigit((int)psk_key[i]))
+ if (isxdigit((unsigned char)psk_key[i]))
continue;
BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
goto bad;
{
EC_KEY *ecdh=NULL;
- if (named_curve)
+ if (named_curve && strcmp(named_curve, "auto"))
{
- int nid = OBJ_sn2nid(named_curve);
-
+ int nid = EC_curve_nist2nid(named_curve);
+ if (nid == NID_undef)
+ nid = OBJ_sn2nid(named_curve);
if (nid == 0)
{
BIO_printf(bio_err, "unknown curve name (%s)\n",
{
BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
}
+ else if (named_curve)
+ SSL_CTX_set_ecdh_auto(ctx, 1);
else
{
BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
}
#endif
}
+#ifndef OPENSSL_NO_TLSEXT
+ if (curves)
+ {
+ if(!SSL_CTX_set1_curves_list(ctx,curves))
+ {
+ BIO_printf(bio_err,"error setting curves list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if(ctx2 && !SSL_CTX_set1_curves_list(ctx2,curves))
+ {
+ BIO_printf(bio_err,"error setting curves list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
sizeof s_server_session_id_context);
{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
#endif
k=SSL_write(con,&(buf[l]),(unsigned int)i);
+#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP renego during write\n");
BIO_printf(bio_s_out,"LOOKUP not successful\n");
k=SSL_write(con,&(buf[l]),(unsigned int)i);
}
+#endif
switch (SSL_get_error(con,k))
{
case SSL_ERROR_NONE:
{
again:
i=SSL_read(con,(char *)buf,bufsize);
+#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP renego during read\n");
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_read(con,(char *)buf,bufsize);
}
+#endif
switch (SSL_get_error(con,i))
{
case SSL_ERROR_NONE:
i=SSL_accept(con);
+#ifndef OPENSSL_NO_SRP
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_accept(con);
}
+#endif
if (i <= 0)
{
if (BIO_sock_should_retry(i))
if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+ ssl_print_sigalgs(bio_s_out, con);
+ ssl_print_curves(bio_s_out, con);
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
if (next_proto_neg)
#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
- if (keymatexportlabel != NULL) {
- BIO_printf(bio_s_out, "Keying material exporter:\n");
- BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
- BIO_printf(bio_s_out, " Length: %i bytes\n",
+ if (keymatexportlabel != NULL)
+ {
+ BIO_printf(bio_s_out, "Keying material exporter:\n");
+ BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
+ BIO_printf(bio_s_out, " Length: %i bytes\n",
keymatexportlen);
- exportedkeymat = OPENSSL_malloc(keymatexportlen);
- if (exportedkeymat != NULL) {
- i = SSL_export_keying_material(con, exportedkeymat,
- keymatexportlen,
- keymatexportlabel,
- strlen(keymatexportlabel),
- NULL, 0, 0);
- if (i != keymatexportlen) {
- BIO_printf(bio_s_out,
- " Error: return value %i\n", i);
- } else {
- BIO_printf(bio_s_out, " Keying material: ");
- for (i=0; i<keymatexportlen; i++)
- BIO_printf(bio_s_out, "%02X",
+ exportedkeymat = OPENSSL_malloc(keymatexportlen);
+ if (exportedkeymat != NULL)
+ {
+ if (!SSL_export_keying_material(con, exportedkeymat,
+ keymatexportlen,
+ keymatexportlabel,
+ strlen(keymatexportlabel),
+ NULL, 0, 0))
+ {
+ BIO_printf(bio_s_out, " Error\n");
+ }
+ else
+ {
+ BIO_printf(bio_s_out, " Keying material: ");
+ for (i=0; i<keymatexportlen; i++)
+ BIO_printf(bio_s_out, "%02X",
exportedkeymat[i]);
- BIO_printf(bio_s_out, "\n");
- }
- OPENSSL_free(exportedkeymat);
- }
- }
+ BIO_printf(bio_s_out, "\n");
+ }
+ OPENSSL_free(exportedkeymat);
+ }
+ }
return(1);
}
if (hack)
{
i=SSL_accept(con);
+#ifndef OPENSSL_NO_SRP
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_accept(con);
}
-
+#endif
switch (SSL_get_error(con,i))
{
case SSL_ERROR_NONE:
}
BIO_puts(io,"\n");
}
+ ssl_print_sigalgs(io, con);
+ ssl_print_curves(io, con);
BIO_printf(io,(SSL_cache_hit(con)
?"---\nReused, "
:"---\nNew, "));
projects / openssl.git / blobdiff