static int accept_socket = -1;
#define TEST_CERT "server.pem"
-#ifndef OPENSSL_NO_TLSEXT
-# define TEST_CERT2 "server2.pem"
-#endif
+#define TEST_CERT2 "server2.pem"
extern int verify_depth, verify_return_error, verify_quiet;
static const char *s_cert_file = TEST_CERT, *s_key_file =
NULL, *s_chain_file = NULL;
-#ifndef OPENSSL_NO_TLSEXT
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
-#endif
static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
#ifdef FIONBIO
static int s_nbio = 0;
static int s_nbio_test = 0;
int s_crlf = 0;
static SSL_CTX *ctx = NULL;
-#ifndef OPENSSL_NO_TLSEXT
static SSL_CTX *ctx2 = NULL;
-#endif
static int www = 0;
static BIO *bio_s_out = NULL;
static BIO *bio_s_msg = NULL;
static int s_debug = 0;
-#ifndef OPENSSL_NO_TLSEXT
static int s_tlsextdebug = 0;
static int s_tlsextstatus = 0;
static int cert_status_cb(SSL *s, void *arg);
-#endif
static int no_resume_ephemeral = 0;
static int s_msg = 0;
static int s_quiet = 0;
static int cert_chain = 0;
#endif
-#ifndef OPENSSL_NO_TLSEXT
static BIO *serverinfo_in = NULL;
static const char *s_serverinfo_file = NULL;
-#endif
-
#ifndef OPENSSL_NO_PSK
static char *psk_identity = "Client_identity";
char *psk_key = NULL; /* by default PSK is not used */
s_cert_file = TEST_CERT;
s_key_file = NULL;
s_chain_file = NULL;
-#ifndef OPENSSL_NO_TLSEXT
s_cert_file2 = TEST_CERT2;
s_key_file2 = NULL;
ctx2 = NULL;
-#endif
s_nbio = 0;
s_nbio_test = 0;
ctx = NULL;
}
#endif
-#ifndef OPENSSL_NO_TLSEXT
-
/* This is a context that we pass to callbacks */
typedef struct tlsextctx_st {
char *servername;
goto done;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* This is the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
return SSL_TLSEXT_ERR_OK;
}
-# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
+#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
/* This the context that we pass to alpn_cb */
typedef struct tlsextalpnctx_st {
return SSL_TLSEXT_ERR_OK;
}
-#endif /* ndef OPENSSL_NO_TLSEXT */
static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
{
"Turn on peer certificate verification, must have a cert"},
{"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
{"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"},
-#ifndef OPENSSL_NO_TLSEXT
{"serverinfo", OPT_SERVERINFO, 's',
"PEM serverinfo file for certificate"},
-#endif
{"certform", OPT_CERTFORM, 'F',
"Certificate format (PEM or DER) PEM default"},
{"key", OPT_KEY, '<',
"Generate SSL/TLS session IDs prefixed by arg"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
-#ifndef OPENSSL_NO_TLSEXT
{"servername", OPT_SERVERNAME, 's',
"Servername for HostName TLS extension"},
{"servername_fatal", OPT_SERVERNAME_FATAL, '-',
"-Private Key file to use for servername if not in -cert2"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Set the advertised protocols for the NPN extension (comma-separated list)"},
-# endif
+#endif
{"use_srtp", OPT_SRTP_PROFILES, '<',
"Offer SRTP key management with a colon-separated profile list"},
{"alpn", OPT_ALPN, 's',
"Set the advertised protocols for the ALPN extension (comma-separated list)"},
-#endif
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
unsigned short port = PORT;
unsigned char *context = NULL;
OPTION_CHOICE o;
-#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
tlsextnextprotoctx next_proto = { NULL, 0 };
-# endif
+#endif
const char *alpn_in = NULL;
tlsextalpnctx alpn_ctx = { NULL, 0 };
-#endif
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
static char *psk_identity_hint = NULL;
case OPT_CRL_DOWNLOAD:
crl_download = 1;
break;
-#ifndef OPENSSL_NO_TLSEXT
case OPT_SERVERINFO:
s_serverinfo_file = opt_arg();
break;
-#endif
case OPT_CERTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format))
goto opthelp;
case OPT_DEBUG:
s_debug = 1;
break;
-#ifndef OPENSSL_NO_TLSEXT
case OPT_TLSEXTDEBUG:
s_tlsextdebug = 1;
break;
goto end;
}
break;
-#endif
case OPT_MSG:
s_msg = 1;
break;
case OPT_RAND:
inrand = opt_arg();
break;
-#ifndef OPENSSL_NO_TLSEXT
case OPT_SERVERNAME:
tlsextcbp.servername = opt_arg();
break;
case OPT_KEY2:
s_key_file2 = opt_arg();
break;
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
case OPT_NEXTPROTONEG:
next_proto_neg_in = opt_arg();
break;
-# endif
+#endif
case OPT_ALPN:
alpn_in = opt_arg();
break;
-#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
case OPT_JPAKE:
jpake_secret = opt_arg();
if (s_key_file == NULL)
s_key_file = s_cert_file;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_key_file2 == NULL)
s_key_file2 = s_cert_file2;
-#endif
if (!load_excert(&exc))
goto end;
if (!s_chain)
goto end;
}
-#ifndef OPENSSL_NO_TLSEXT
+
if (tlsextcbp.servername) {
s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e,
"second server certificate private key file");
goto end;
}
}
-#endif /* OPENSSL_NO_TLSEXT */
}
-#if !defined(OPENSSL_NO_TLSEXT)
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto_neg_in) {
unsigned short len;
next_proto.data = next_protos_parse(&len, next_proto_neg_in);
} else {
next_proto.data = NULL;
}
-# endif
+#endif
alpn_ctx.data = NULL;
if (alpn_in) {
unsigned short len;
goto end;
alpn_ctx.len = len;
}
-#endif
if (crl_file) {
X509_CRL *crl;
s_key_file = NULL;
s_dcert_file = NULL;
s_dkey_file = NULL;
-#ifndef OPENSSL_NO_TLSEXT
s_cert_file2 = NULL;
s_key_file2 = NULL;
-#endif
}
ctx = SSL_CTX_new(meth);
ERR_print_errors(bio_err);
goto end;
}
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_cert2) {
ctx2 = SSL_CTX_new(meth);
if (ctx2 == NULL) {
if (!config_ctx(cctx, ssl_args, ctx2, no_ecdhe, jpake_secret == NULL))
goto end;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
&next_proto);
-# endif
+#endif
if (alpn_ctx.data)
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
-#endif
#ifndef OPENSSL_NO_DH
if (!no_dhe) {
DH_free(dh);
goto end;
}
-# ifndef OPENSSL_NO_TLSEXT
+
if (ctx2) {
if (!dhfile) {
DH *dh2 = load_dh_param(s_cert_file2);
goto end;
}
}
-# endif
DH_free(dh);
}
#endif
if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
goto end;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_serverinfo_file != NULL
&& !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) {
ERR_print_errors(bio_err);
goto end;
}
-#endif
-#ifndef OPENSSL_NO_TLSEXT
+
if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
goto end;
-#endif
+
if (s_dcert != NULL) {
if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
goto end;
#ifndef OPENSSL_NO_RSA
if (!no_tmp_rsa) {
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
-# ifndef OPENSSL_NO_TLSEXT
if (ctx2)
SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
-# endif
}
#endif
if (no_resume_ephemeral) {
SSL_CTX_set_not_resumable_session_callback(ctx,
not_resumable_sess_cb);
-#ifndef OPENSSL_NO_TLSEXT
+
if (ctx2)
SSL_CTX_set_not_resumable_session_callback(ctx2,
not_resumable_sess_cb);
-#endif
}
#ifndef OPENSSL_NO_PSK
# ifdef OPENSSL_NO_JPAKE
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
-#ifndef OPENSSL_NO_TLSEXT
if (ctx2) {
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx2,
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
}
-#endif
#ifndef OPENSSL_NO_SRP
if (srp_verifier_file != NULL) {
#endif
if (CAfile != NULL) {
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
-#ifndef OPENSSL_NO_TLSEXT
+
if (ctx2)
SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
-#endif
}
BIO_printf(bio_s_out, "ACCEPT\n");
OPENSSL_free(dpass);
X509_VERIFY_PARAM_free(vpm);
free_sessions();
-#ifndef OPENSSL_NO_TLSEXT
OPENSSL_free(tlscstatp.host);
OPENSSL_free(tlscstatp.port);
OPENSSL_free(tlscstatp.path);
X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_free(serverinfo_in);
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
OPENSSL_free(next_proto.data);
-# endif
- OPENSSL_free(alpn_ctx.data);
#endif
+ OPENSSL_free(alpn_ctx.data);
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
SSL_CONF_CTX_free(cctx);
if (con == NULL) {
con = SSL_new(ctx);
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
}
-#endif
+
if (context
&& !SSL_set_session_id_context(con,
context, strlen((char *)context))) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
}
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
-#endif
width = s + 1;
for (;;) {
X509 *peer;
long verify_error;
char buf[BUFSIZ];
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
const unsigned char *next_proto_neg;
unsigned next_proto_neg_len;
#endif
#endif
BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
if (next_proto_neg) {
BIO_printf(bio_s_out, "NEXTPROTO is ");
if ((con = SSL_new(ctx)) == NULL)
goto err;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
-#endif
+
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context)))
goto err;
if ((con = SSL_new(ctx)) == NULL)
goto err;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
-#endif
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
ERR_print_errors(bio_err);
projects / openssl.git / blobdiff