Print CA names in s_server, add -requestCAfile to s_client

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 57bae82990271e7f481a8f3c969ac612d18985ec..4bd2620c9fa71b4b502519ca27ef51e9f31b11a9 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -106,8 +106,6 @@ static DH *load_dh_param(const char *dhfile);
 #endif
 static void print_connection_info(SSL *con);
 
-/* static int load_CA(SSL_CTX *ctx, char *file);*/
-
 static const int bufsize = 16 * 1024;
 static int accept_socket = -1;
 
@@ -140,16 +138,20 @@ static const char *session_id_prefix = NULL;
 #ifndef OPENSSL_NO_DTLS
 static int enable_timeouts = 0;
 static long socket_mtu;
-
 #endif
+
+/*
+ * We define this but make it always be 0 in no-dtls builds to simplify the
+ * code.
+ */
 static int dtlslisten = 0;
 
+static int early_data = 0;
+
 #ifndef OPENSSL_NO_PSK
-static char *psk_identity = "Client_identity";
+static const char psk_identity[] = "Client_identity";
 char *psk_key = NULL;           /* by default PSK is not used */
 
-static int early_data = 0;
-
 static unsigned int psk_server_cb(SSL *ssl, const char *identity,
                                   unsigned char *psk,
                                   unsigned int max_psk_len)
@@ -452,7 +454,6 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg)
 }
 
 /* Structure passed to cert status callback */
-
 typedef struct tlsextstatusctx_st {
     int timeout;
     /* File to load OCSP Response from (or NULL if no file) */
@@ -632,7 +633,7 @@ static int cert_status_cb(SSL *s, void *arg)
 /* This is the context that we pass to next_proto_cb */
 typedef struct tlsextnextprotoctx_st {
     unsigned char *data;
-    unsigned int len;
+    size_t len;
 } tlsextnextprotoctx;
 
 static int next_proto_cb(SSL *s, const unsigned char **data,
@@ -978,7 +979,7 @@ int s_server_main(int argc, char *argv[])
     tlsextalpnctx alpn_ctx = { NULL, 0 };
 #ifndef OPENSSL_NO_PSK
     /* by default do not send a PSK identity hint */
-    static char *psk_identity_hint = NULL;
+    char *psk_identity_hint = NULL;
     char *p;
 #endif
 #ifndef OPENSSL_NO_SRP
@@ -1606,22 +1607,16 @@ int s_server_main(int argc, char *argv[])
     }
 #if !defined(OPENSSL_NO_NEXTPROTONEG)
     if (next_proto_neg_in) {
-        size_t len;
-        next_proto.data = next_protos_parse(&len, next_proto_neg_in);
+        next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
         if (next_proto.data == NULL)
             goto end;
-        next_proto.len = len;
-    } else {
-        next_proto.data = NULL;
     }
 #endif
     alpn_ctx.data = NULL;
     if (alpn_in) {
-        size_t len;
-        alpn_ctx.data = next_protos_parse(&len, alpn_in);
+        alpn_ctx.data = next_protos_parse(&alpn_ctx.len, alpn_in);
         if (alpn_ctx.data == NULL)
             goto end;
-        alpn_ctx.len = len;
     }
 
     if (crl_file) {
@@ -2709,6 +2704,7 @@ static void print_connection_info(SSL *con)
     ssl_print_point_formats(bio_s_out, con);
     ssl_print_groups(bio_s_out, con, 0);
 #endif
+    print_ca_names(bio_s_out, con);
     BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
 
 #if !defined(OPENSSL_NO_NEXTPROTONEG)
@@ -2995,6 +2991,7 @@ static int www_body(int s, int stype, unsigned char *context)
 #ifndef OPENSSL_NO_EC
             ssl_print_groups(io, con, 0);
 #endif
+            print_ca_names(io, con);
             BIO_printf(io, (SSL_session_reused(con)
                             ? "---\nReused, " : "---\nNew, "));
             c = SSL_get_current_cipher(con);