Don't stop -cipher from working.

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 1bf649b710fa633516de18bd18b58c20ffd4bfb5..12d39c35bb166b858da231dd4f3ecdb6042a5b08 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -302,7 +302,7 @@ static int cert_chain = 0;
 
 #ifndef OPENSSL_NO_PSK
 static char *psk_identity="Client_identity";
-static char *psk_key=NULL; /* by default PSK is not used */
+char *psk_key=NULL; /* by default PSK is not used */
 
 static unsigned int psk_server_cb(SSL *ssl, const char *identity,
        unsigned char *psk, unsigned int max_psk_len)
@@ -325,7 +325,9 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
        /* here we could lookup the given identity e.g. from a database */
        if (strcmp(identity, psk_identity) != 0)
                {
-                BIO_printf(bio_s_out, "PSK error: client identity not found\n");
+                BIO_printf(bio_s_out, "PSK error: client identity not found"
+                          " (got '%s' expected '%s')\n", identity,
+                          psk_identity);
                goto out_err;
                 }
        if (s_debug)
@@ -448,6 +450,9 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_PSK
        BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
        BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
+# ifndef OPENSSL_NO_JPAKE
+       BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
+# endif
 #endif
        BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
        BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
@@ -822,7 +827,9 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 
 int MAIN(int, char **);
 
+#ifndef OPENSSL_NO_JPAKE
 static char *jpake_secret = NULL;
+#endif
 
 int MAIN(int argc, char *argv[])
        {
@@ -1182,11 +1189,13 @@ int MAIN(int argc, char *argv[])
                        }
                        
 #endif
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
                else if (strcmp(*argv,"-jpake") == 0)
                        {
                        if (--argc < 1) goto bad;
                        jpake_secret = *(++argv);
                        }
+#endif
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -1203,6 +1212,26 @@ bad:
                goto end;
                }
 
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+       if (jpake_secret)
+               {
+               if (psk_key)
+                       {
+                       BIO_printf(bio_err,
+                                  "Can't use JPAKE and PSK together\n");
+                       goto end;
+                       }
+               psk_identity = "JPAKE";
+               if (cipher)
+                       {
+                       BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
+                       goto end;
+                       }
+               cipher = "PSK";
+               }
+
+#endif
+
        SSL_load_error_strings();
        OpenSSL_add_ssl_algorithms();
 
@@ -1587,10 +1616,14 @@ bad:
 #endif
 
 #ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
        if (psk_key != NULL)
+#else
+       if (psk_key != NULL || jpake_secret)
+#endif
                {
                if (s_debug)
-                       BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
+                       BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
                SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
                }
 
@@ -1814,9 +1847,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                test=BIO_new(BIO_f_nbio_test());
                sbio=BIO_push(test,sbio);
                }
-
+#ifndef OPENSSL_NO_JPAKE
        if(jpake_secret)
                jpake_server_auth(bio_s_out, sbio, jpake_secret);
+#endif
 
        SSL_set_bio(con,sbio,sbio);
        SSL_set_accept_state(con);