#ifndef OPENSSL_NO_PSK
static char *psk_identity="Client_identity";
-static char *psk_key=NULL; /* by default PSK is not used */
+char *psk_key=NULL; /* by default PSK is not used */
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk, unsigned int max_psk_len)
/* here we could lookup the given identity e.g. from a database */
if (strcmp(identity, psk_identity) != 0)
{
- BIO_printf(bio_s_out, "PSK error: client identity not found\n");
+ BIO_printf(bio_s_out, "PSK error: client identity not found"
+ " (got '%s' expected '%s')\n", identity,
+ psk_identity);
goto out_err;
}
if (s_debug)
#ifndef OPENSSL_NO_PSK
BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
+# ifdef OPENSSL_EXPERIMENTAL_JPAKE
+ BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
+# endif
#endif
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
}
#endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
else if (strcmp(*argv,"-jpake") == 0)
{
if (--argc < 1) goto bad;
goto end;
}
+#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+ if (jpake_secret)
+ {
+ if (psk_key)
+ {
+ BIO_printf(bio_err,
+ "Can't use JPAKE and PSK together\n");
+ goto end;
+ }
+ psk_identity = "JPAKE";
+ }
+
+ if (cipher)
+ {
+ BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
+ goto end;
+ }
+ cipher = "PSK";
+#endif
+
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
#endif
#ifndef OPENSSL_NO_PSK
- if (psk_key != NULL)
+ if (psk_key != NULL || jpake_secret)
{
if (s_debug)
- BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
+ BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
}
projects / openssl.git / blobdiff