Updates from 1.0.0-stable

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 277b2f04f24a9205ceab1c886c40065852cb1b1b..6c9e6baba41f178e49db9d0bc950efb7e52d3555 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -298,7 +298,9 @@ static const char *session_id_prefix=NULL;
 
 static int enable_timeouts = 0;
 static long socket_mtu;
+#ifndef OPENSSL_NO_DTLS1
 static int cert_chain = 0;
+#endif
 
 #ifndef OPENSSL_NO_PSK
 static char *psk_identity="Client_identity";
@@ -450,7 +452,7 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_PSK
        BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
        BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
-# ifdef OPENSSL_EXPERIMENTAL_JPAKE
+# ifndef OPENSSL_NO_JPAKE
        BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
 # endif
 #endif
@@ -459,7 +461,7 @@ static void sv_usage(void)
        BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
        BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");
        BIO_printf(bio_err," -timeout      - Enable timeouts\n");
-       BIO_printf(bio_err," -mtu          - Set MTU\n");
+       BIO_printf(bio_err," -mtu          - Set link layer MTU\n");
        BIO_printf(bio_err," -chain        - Read a certificate chain\n");
        BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
        BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
@@ -671,7 +673,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
                        return p->extension_error;
                if (ctx2)
                        {
-                       BIO_printf(p->biodebug,"Swiching server context.\n");
+                       BIO_printf(p->biodebug,"Switching server context.\n");
                        SSL_set_SSL_CTX(s,ctx2);
                        }     
                }
@@ -827,7 +829,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 
 int MAIN(int, char **);
 
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 static char *jpake_secret = NULL;
 #endif
 
@@ -849,9 +851,7 @@ int MAIN(int argc, char *argv[])
        int state=0;
        const SSL_METHOD *meth=NULL;
        int socket_type=SOCK_STREAM;
-#ifndef OPENSSL_NO_ENGINE
        ENGINE *e=NULL;
-#endif
        char *inrand=NULL;
        int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
        char *passarg = NULL, *pass = NULL;
@@ -1189,7 +1189,7 @@ int MAIN(int argc, char *argv[])
                        }
                        
 #endif
-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
                else if (strcmp(*argv,"-jpake") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -1212,7 +1212,7 @@ bad:
                goto end;
                }
 
-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
        if (jpake_secret)
                {
                if (psk_key)
@@ -1222,16 +1222,16 @@ bad:
                        goto end;
                        }
                psk_identity = "JPAKE";
+               if (cipher)
+                       {
+                       BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
+                       goto end;
+                       }
+               cipher = "PSK";
                }
 
-       if (cipher)
-               {
-               BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-               goto end;
-               }
-       cipher = "PSK";
 #endif
-               
+
        SSL_load_error_strings();
        OpenSSL_add_ssl_algorithms();
 
@@ -1616,7 +1616,11 @@ bad:
 #endif
 
 #ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
+       if (psk_key != NULL)
+#else
        if (psk_key != NULL || jpake_secret)
+#endif
                {
                if (s_debug)
                        BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
@@ -1821,10 +1825,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
                        }
 
-               if (socket_mtu > 0)
+               if (socket_mtu > 28)
                        {
                        SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-                       SSL_set_mtu(con, socket_mtu);
+                       SSL_set_mtu(con, socket_mtu - 28);
                        }
                else
                        /* want to do MTU discovery */
@@ -1843,7 +1847,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                test=BIO_new(BIO_f_nbio_test());
                sbio=BIO_push(test,sbio);
                }
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
        if(jpake_secret)
                jpake_server_auth(bio_s_out, sbio, jpake_secret);
 #endif