static int s_server_session_id_context = 1; /* anything will do */
static const char *s_cert_file = TEST_CERT, *s_key_file =
NULL, *s_chain_file = NULL;
-static const char *krb5svc = NULL;
-static const char *krb5tab = NULL;
+
#ifndef OPENSSL_NO_TLSEXT
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
#endif
if (!ret) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
psk_key);
- if (bn)
- BN_free(bn);
+ BN_free(bn);
return 0;
}
if (BN_num_bytes(bn) > (int)max_psk_len) {
{
EBCDIC_OUTBUFF *wbuf;
- wbuf = app_malloc(sizeof(EBCDIC_OUTBUFF) + 1024, "ebcdef wbuf");
+ wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf");
wbuf->alloced = 1024;
wbuf->buff[0] = '\0';
{
if (a == NULL)
return (0);
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
+ OPENSSL_free(a->ptr);
a->ptr = NULL;
a->init = 0;
a->flags = 0;
num = num + num; /* double the size */
if (num < inl)
num = inl;
- wbuf = app_malloc(sizeof(EBCDIC_OUTBUFF) + num, "grow ebcdic wbuf");
+ wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf");
OPENSSL_free(b->ptr);
wbuf->alloced = num;
static int cert_status_cb(SSL *s, void *arg)
{
tlsextstatusctx *srctx = arg;
- char *host, *port, *path;
+ char *host = NULL, *port = NULL, *path = NULL;
int use_ssl;
unsigned char *rspder = NULL;
int rspderlen;
OPENSSL_free(port);
X509_email_free(aia);
}
- if (id)
- OCSP_CERTID_free(id);
- if (req)
- OCSP_REQUEST_free(req);
- if (resp)
- OCSP_RESPONSE_free(resp);
+ OCSP_CERTID_free(id);
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
return ret;
err:
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_S_ENUM,
OPT_V_ENUM,
- OPT_X_ENUM,
- OPT_KRB5SVC, OPT_KRBTAB
+ OPT_X_ENUM
} OPTION_CHOICE;
OPTIONS s_server_options[] = {
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
- {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
- {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"},
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
ENGINE *e = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
SSL_CONF_CTX *cctx = NULL;
- const SSL_METHOD *meth = SSLv23_server_method();
+ const SSL_METHOD *meth = TLS_server_method();
SSL_EXCERT *exc = NULL;
STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
char *dhfile = NULL, *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
- char *crl_file = NULL, *prog, *p;
+ char *crl_file = NULL, *prog;
+#ifndef OPENSSL_NO_PSK
+ char *p;
+#endif
const char *unix_path = NULL;
#ifndef NO_SYS_UN_H
int unlink_unix_path = 0;
prog = opt_init(argc, argv, s_server_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
+#ifdef OPENSSL_NO_PSK
+ case OPT_PSK_HINT:
+ case OPT_PSK:
+#endif
+#ifdef OPENSSL_NO_DTLS1
+ case OPT_DTLS:
+ case OPT_DTLS1:
+ case OPT_DTLS1_2:
+ case OPT_TIMEOUT:
+ case OPT_MTU:
+ case OPT_CHAIN:
+#endif
case OPT_EOF:
case OPT_ERR:
opthelp:
srpuserseed = opt_arg();
meth = TLSv1_server_method();
break;
+#else
+ case OPT_SRPVFILE:
+ case OPT_SRPUSERSEED:
+ break;
#endif
case OPT_REV:
rev = 1;
break;
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
- meth = SSLv3_client_method();
+ meth = SSLv3_server_method();
break;
#endif
case OPT_TLS1_2:
- meth = TLSv1_2_client_method();
+ meth = TLSv1_2_server_method();
break;
case OPT_TLS1_1:
- meth = TLSv1_1_client_method();
+ meth = TLSv1_1_server_method();
break;
case OPT_TLS1:
- meth = TLSv1_client_method();
+ meth = TLSv1_server_method();
break;
#ifndef OPENSSL_NO_DTLS1
case OPT_DTLS:
- meth = DTLS_client_method();
+ meth = DTLS_server_method();
socket_type = SOCK_DGRAM;
break;
case OPT_DTLS1:
- meth = DTLSv1_client_method();
+ meth = DTLSv1_server_method();
socket_type = SOCK_DGRAM;
break;
case OPT_DTLS1_2:
- meth = DTLSv1_2_client_method();
+ meth = DTLSv1_2_server_method();
socket_type = SOCK_DGRAM;
break;
case OPT_TIMEOUT:
case OPT_JPAKE:
goto opthelp;
#endif
- case OPT_KRB5SVC:
- krb5svc = opt_arg();
- break;
- case OPT_KRBTAB:
- krb5tab = opt_arg();
- break;
case OPT_SRTP_PROFILES:
srtp_profiles = opt_arg();
break;
EVP_PKEY_free(s_dkey);
sk_X509_pop_free(s_chain, X509_free);
sk_X509_pop_free(s_dchain, X509_free);
- if (pass)
- OPENSSL_free(pass);
- if (dpass)
- OPENSSL_free(dpass);
+ OPENSSL_free(pass);
+ OPENSSL_free(dpass);
X509_VERIFY_PARAM_free(vpm);
free_sessions();
#ifndef OPENSSL_NO_TLSEXT
- if (tlscstatp.host)
- OPENSSL_free(tlscstatp.host);
- if (tlscstatp.port)
- OPENSSL_free(tlscstatp.port);
- if (tlscstatp.path)
- OPENSSL_free(tlscstatp.path);
- if (ctx2 != NULL)
+ OPENSSL_free(tlscstatp.host);
+ OPENSSL_free(tlscstatp.port);
+ OPENSSL_free(tlscstatp.path);
SSL_CTX_free(ctx2);
X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_free(serverinfo_in);
# ifndef OPENSSL_NO_NEXTPROTONEG
- if (next_proto.data)
- OPENSSL_free(next_proto.data);
+ OPENSSL_free(next_proto.data);
# endif
- if (alpn_ctx.data)
- OPENSSL_free(alpn_ctx.data);
+ OPENSSL_free(alpn_ctx.data);
#endif
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
SSL_CONF_CTX_free(cctx);
-#ifndef OPENSSL_NO_JPAKE
- if (jpake_secret && psk_key)
- OPENSSL_free(psk_key);
-#endif
BIO_free(bio_s_out);
bio_s_out = NULL;
BIO_free(bio_s_msg);
unsigned long l;
SSL *con = NULL;
BIO *sbio;
-#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kctx;
-#endif
struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
}
#endif
-#ifndef OPENSSL_NO_KRB5
- if ((kctx = kssl_ctx_new()) != NULL) {
- SSL_set0_kssl_ctx(con, kctx);
- kssl_ctx_setstring(kctx, KSSL_SERVICE,
- krb5svc ? krb5svc : KRB5SVC);
- if (krb5tab)
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, krb5tab);
- }
-#endif /* OPENSSL_NO_KRB5 */
if (context
&& !SSL_set_session_id_context(con,
context, strlen((char *)context))) {
ret = 1;
goto err;
}
- l += k;
- i -= k;
+ if (k > 0) {
+ l += k;
+ i -= k;
+ }
if (i <= 0)
break;
}
SSL_free(con);
}
BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
- if (buf != NULL) {
- OPENSSL_cleanse(buf, bufsize);
- OPENSSL_free(buf);
- }
+ OPENSSL_clear_free(buf, bufsize);
if (ret >= 0)
BIO_printf(bio_s_out, "ACCEPT\n");
(void)BIO_flush(bio_s_out);
X509 *peer;
long verify_error;
char buf[BUFSIZ];
-#ifndef OPENSSL_NO_KRB5
- char *client_princ;
-#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
const unsigned char *next_proto_neg;
unsigned next_proto_neg_len;
if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
- client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
- if (client_princ != NULL) {
- BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
- client_princ);
- }
-#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
if (keymatexportlabel != NULL) {
SSL *con;
const SSL_CIPHER *c;
BIO *io, *ssl_bio, *sbio;
-#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kctx;
-#endif
#ifdef RENEG
int total_bytes = 0;
#endif
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
#endif
-#ifndef OPENSSL_NO_KRB5
- if ((kctx = kssl_ctx_new()) != NULL) {
- kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context)))
goto err;
err:
if (ret >= 0)
BIO_printf(bio_s_out, "ACCEPT\n");
- if (buf != NULL)
- OPENSSL_free(buf);
+ OPENSSL_free(buf);
BIO_free_all(io);
return (ret);
}
int ret = 1;
SSL *con;
BIO *io, *ssl_bio, *sbio;
-#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kctx;
-#endif
buf = app_malloc(bufsize, "server rev buffer");
io = BIO_new(BIO_f_buffer());
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
#endif
-#ifndef OPENSSL_NO_KRB5
- if ((kctx = kssl_ctx_new()) != NULL) {
- kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
ERR_print_errors(bio_err);
p--;
i--;
}
- if (!s_ign_eof && i == 5 && !strncmp(buf, "CLOSE", 5)) {
+ if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) {
ret = 1;
BIO_printf(bio_err, "CONNECTION CLOSED\n");
goto end;
err:
- if (buf != NULL)
- OPENSSL_free(buf);
+ OPENSSL_free(buf);
BIO_free_all(io);
return (ret);
}
static int add_session(SSL *ssl, SSL_SESSION *session)
{
- simple_ssl_session *sess = app_malloc(sizeof *sess, "get session");
+ simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session");
unsigned char *p;
SSL_SESSION_get_id(session, &sess->idlen);