The dtls1_output_cert_chain function no longer exists so remove it from

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index de8fd57e291a64e46ecd1de6e9c17977925c3d3d..504d3d9f0729bd8607d84c08f58e5cd4f3588683 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -451,6 +451,7 @@ static void sv_usage(void)
        BIO_printf(bio_err," -context arg  - set session ID context\n");
        BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
        BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
+       BIO_printf(bio_err," -verify_return_error - return verification errors\n");
        BIO_printf(bio_err," -cert arg     - certificate file to use\n");
        BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
        BIO_printf(bio_err," -naccept arg  - terminate after 'arg' connections\n");
@@ -507,8 +508,9 @@ static void sv_usage(void)
        BIO_printf(bio_err," -srpvfile file      - The verifier file for SRP\n");
        BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
 #endif
-       BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
        BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
+#endif
        BIO_printf(bio_err," -tls1_2       - Just talk TLSv1.2\n");
        BIO_printf(bio_err," -tls1_1       - Just talk TLSv1.1\n");
        BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
@@ -517,7 +519,6 @@ static void sv_usage(void)
        BIO_printf(bio_err," -timeout      - Enable timeouts\n");
        BIO_printf(bio_err," -mtu          - Set link layer MTU\n");
        BIO_printf(bio_err," -chain        - Read a certificate chain\n");
-       BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
        BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
        BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
        BIO_printf(bio_err," -no_tls1_1    - Just disable TLSv1.1\n");
@@ -530,6 +531,7 @@ static void sv_usage(void)
 #endif
        BIO_printf(bio_err, "-no_resume_ephemeral - Disable caching and tickets if ephemeral (EC)DH is used\n");
        BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
+       BIO_printf(bio_err," -hack         - workaround for early Netscape code\n");
        BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
        BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
        BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
@@ -738,7 +740,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
        
        if (servername)
                {
-               if (strcmp(servername,p->servername)) 
+               if (strcasecmp(servername,p->servername)) 
                        return p->extension_error;
                if (ctx2)
                        {
@@ -1402,11 +1404,7 @@ int MAIN(int argc, char *argv[])
                        { www=2; }
                else if (strcmp(*argv,"-HTTP") == 0)
                        { www=3; }
-#ifndef OPENSSL_NO_SSL2
-               else if (strcmp(*argv,"-ssl2") == 0)
-                       { meth=SSLv2_server_method(); }
-#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
                else if (strcmp(*argv,"-ssl3") == 0)
                        { meth=SSLv3_server_method(); }
 #endif
@@ -1530,6 +1528,14 @@ bad:
                sv_usage();
                goto end;
                }
+#ifndef OPENSSL_NO_DTLS1
+       if (www && socket_type == SOCK_DGRAM)
+               {
+               BIO_printf(bio_err,
+                               "Can't use -HTTP, -www or -WWW with DTLS\n");
+               goto end;
+               }
+#endif
 
        if (unix_path && (socket_type != SOCK_STREAM))
                {
@@ -1753,9 +1759,6 @@ bad:
                if(strlen(session_id_prefix) >= 32)
                        BIO_printf(bio_err,
 "warning: id_prefix is too long, only one new session will be possible\n");
-               else if(strlen(session_id_prefix) >= 16)
-                       BIO_printf(bio_err,
-"warning: id_prefix is too long if you use SSLv2\n");
                if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
                        {
                        BIO_printf(bio_err,"error setting 'id_prefix'\n");
@@ -1840,9 +1843,6 @@ bad:
                        if(strlen(session_id_prefix) >= 32)
                                BIO_printf(bio_err,
                                        "warning: id_prefix is too long, only one new session will be possible\n");
-                       else if(strlen(session_id_prefix) >= 16)
-                               BIO_printf(bio_err,
-                                       "warning: id_prefix is too long if you use SSLv2\n");
                        if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id))
                                {
                                BIO_printf(bio_err,"error setting 'id_prefix'\n");
@@ -2287,10 +2287,24 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
                        }
 
-               if (socket_mtu > 28)
+               if (socket_mtu)
                        {
+                       if(socket_mtu < DTLS_get_link_min_mtu(con))
+                               {
+                               BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+                                       DTLS_get_link_min_mtu(con));
+                               ret = -1;
+                               BIO_free(sbio);
+                               goto err;
+                               }
                        SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-                       SSL_set_mtu(con, socket_mtu - 28);
+                       if(!DTLS_set_link_mtu(con, socket_mtu))
+                               {
+                               BIO_printf(bio_err, "Failed to set MTU\n");
+                               ret = -1;
+                               BIO_free(sbio);
+                               goto err;
+                               }
                        }
                else
                        /* want to do MTU discovery */
@@ -2961,7 +2975,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
                                BIO_printf(bio_s_out,"read R BLOCK\n");
 #if defined(OPENSSL_SYS_NETWARE)
             delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
+#elif !defined(OPENSSL_SYS_MSDOS)
                                sleep(1);
 #endif
                                continue;
@@ -3356,7 +3370,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
                                BIO_printf(bio_s_out,"read R BLOCK\n");
 #if defined(OPENSSL_SYS_NETWARE)
             delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
+#elif !defined(OPENSSL_SYS_MSDOS)
                                sleep(1);
 #endif
                                continue;