static int accept_socket = -1;
#define TEST_CERT "server.pem"
-#ifndef OPENSSL_NO_TLSEXT
-# define TEST_CERT2 "server2.pem"
-#endif
+#define TEST_CERT2 "server2.pem"
extern int verify_depth, verify_return_error, verify_quiet;
static const char *s_cert_file = TEST_CERT, *s_key_file =
NULL, *s_chain_file = NULL;
-#ifndef OPENSSL_NO_TLSEXT
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
-#endif
static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
#ifdef FIONBIO
static int s_nbio = 0;
static int s_nbio_test = 0;
int s_crlf = 0;
static SSL_CTX *ctx = NULL;
-#ifndef OPENSSL_NO_TLSEXT
static SSL_CTX *ctx2 = NULL;
-#endif
static int www = 0;
static BIO *bio_s_out = NULL;
static BIO *bio_s_msg = NULL;
static int s_debug = 0;
-#ifndef OPENSSL_NO_TLSEXT
static int s_tlsextdebug = 0;
static int s_tlsextstatus = 0;
static int cert_status_cb(SSL *s, void *arg);
-#endif
static int no_resume_ephemeral = 0;
static int s_msg = 0;
static int s_quiet = 0;
static int cert_chain = 0;
#endif
-#ifndef OPENSSL_NO_TLSEXT
static BIO *serverinfo_in = NULL;
static const char *s_serverinfo_file = NULL;
-#endif
-
#ifndef OPENSSL_NO_PSK
static char *psk_identity = "Client_identity";
char *psk_key = NULL; /* by default PSK is not used */
s_cert_file = TEST_CERT;
s_key_file = NULL;
s_chain_file = NULL;
-#ifndef OPENSSL_NO_TLSEXT
s_cert_file2 = TEST_CERT2;
s_key_file2 = NULL;
ctx2 = NULL;
-#endif
s_nbio = 0;
s_nbio_test = 0;
ctx = NULL;
}
#endif
-#ifndef OPENSSL_NO_TLSEXT
-
/* This is a context that we pass to callbacks */
typedef struct tlsextctx_st {
char *servername;
goto done;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* This is the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
return SSL_TLSEXT_ERR_OK;
}
-# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
+#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
/* This the context that we pass to alpn_cb */
typedef struct tlsextalpnctx_st {
return SSL_TLSEXT_ERR_OK;
}
-#endif /* ndef OPENSSL_NO_TLSEXT */
static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
{
OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
-#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
-#endif
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN,
OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
OPTIONS s_server_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
-
{"port", OPT_PORT, 'p'},
{"accept", OPT_PORT, 'p',
"TCP/IP port to accept on (default is " PORT_STR ")"},
"Turn on peer certificate verification, must have a cert"},
{"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
{"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"},
-#ifndef OPENSSL_NO_TLSEXT
{"serverinfo", OPT_SERVERINFO, 's',
"PEM serverinfo file for certificate"},
-#endif
{"certform", OPT_CERTFORM, 'F',
"Certificate format (PEM or DER) PEM default"},
{"key", OPT_KEY, '<',
{"dkeyform", OPT_DKEYFORM, 'F',
"Second key format (PEM, DER or ENGINE) PEM default"},
{"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
-#ifdef FIONBIO
- {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
-#endif
{"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
{"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
{"debug", OPT_DEBUG, '-', "Print more output"},
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
{"quiet", OPT_QUIET, '-', "No server output"},
{"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
-#ifndef OPENSSL_NO_PSK
- {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
- {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
-# ifndef OPENSSL_NO_JPAKE
- {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
-# endif
-#endif
-#ifndef OPENSSL_NO_SRP
- {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
- {"srpuserseed", OPT_SRPUSERSEED, 's',
- "A seed string for a default user salt"},
-#endif
-#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
-#endif
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
-#ifndef OPENSSL_NO_DTLS1
- {"dtls", OPT_DTLS, '-'},
- {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
- {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
- {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
- {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
- {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
-#endif
-#ifndef OPENSSL_NO_DH
- {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
-#endif
-#ifndef OPENSSL_NO_EC
- {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
-#endif
{"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
"Disable caching and tickets if ephemeral (EC)DH is used"},
{"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
{"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
- {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
- {"id_prefix", OPT_ID_PREFIX, 's',
- "Generate SSL/TLS session IDs prefixed by arg"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
-#ifndef OPENSSL_NO_TLSEXT
{"servername", OPT_SERVERNAME, 's',
"Servername for HostName TLS extension"},
{"servername_fatal", OPT_SERVERNAME_FATAL, '-',
"-Private Key file to use for servername if not in -cert2"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
-# ifndef OPENSSL_NO_NEXTPROTONEG
- {"nextprotoneg", OPT_NEXTPROTONEG, 's',
- "Set the advertised protocols for the NPN extension (comma-separated list)"},
-# endif
- {"use_srtp", OPT_SRTP_PROFILES, '<',
- "Offer SRTP key management with a colon-separated profile list"},
- {"alpn", OPT_ALPN, 's',
- "Set the advertised protocols for the ALPN extension (comma-separated list)"},
-#endif
+ {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
+ {"id_prefix", OPT_ID_PREFIX, 's',
+ "Generate SSL/TLS session IDs prefixed by arg"},
+ {"rand", OPT_RAND, 's',
+ "Load the file(s) into the random number generator"},
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"brief", OPT_BRIEF, '-'},
{"rev", OPT_REV, '-'},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's'},
-#endif
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
+#ifdef FIONBIO
+ {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+#endif
+#ifndef OPENSSL_NO_PSK
+ {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
+ {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+# ifndef OPENSSL_NO_JPAKE
+ {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
+# endif
+#endif
+#ifndef OPENSSL_NO_SRP
+ {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
+ {"srpuserseed", OPT_SRPUSERSEED, 's',
+ "A seed string for a default user salt"},
+#endif
+#ifndef OPENSSL_NO_SSL3
+ {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ {"dtls", OPT_DTLS, '-'},
+ {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
+ {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
+ {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
+ {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+ {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
+#endif
+#ifndef OPENSSL_NO_DH
+ {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
+#endif
+#ifndef OPENSSL_NO_EC
+ {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+ "Set the advertised protocols for the NPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_SRTP
+ {"use_srtp", OPT_SRTP_PROFILES, '<',
+ "Offer SRTP key management with a colon-separated profile list"},
+ {"alpn", OPT_ALPN, 's',
+ "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's'},
+#endif
{NULL}
};
unsigned short port = PORT;
unsigned char *context = NULL;
OPTION_CHOICE o;
-#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
tlsextnextprotoctx next_proto = { NULL, 0 };
-# endif
+#endif
const char *alpn_in = NULL;
tlsextalpnctx alpn_ctx = { NULL, 0 };
-#endif
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
static char *psk_identity_hint = NULL;
case OPT_CRL_DOWNLOAD:
crl_download = 1;
break;
-#ifndef OPENSSL_NO_TLSEXT
case OPT_SERVERINFO:
s_serverinfo_file = opt_arg();
break;
-#endif
case OPT_CERTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format))
goto opthelp;
case OPT_DEBUG:
s_debug = 1;
break;
-#ifndef OPENSSL_NO_TLSEXT
case OPT_TLSEXTDEBUG:
s_tlsextdebug = 1;
break;
goto end;
}
break;
-#endif
case OPT_MSG:
s_msg = 1;
break;
case OPT_MSGFILE:
bio_s_msg = BIO_new_file(opt_arg(), "w");
break;
-#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
s_msg = 2;
- break;
#else
- case OPT_TRACE:
- goto opthelp;
+ break;
#endif
case OPT_SECURITY_DEBUG:
sdebug = 1;
goto end;
}
break;
+#else
+ case OPT_PSK_HINT:
+ case OPT_PSK:
+ break;
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRPVFILE:
case OPT_HTTP:
www = 3;
break;
-#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_server_method();
- break;
#endif
+ break;
case OPT_TLS1_2:
meth = TLSv1_2_server_method();
break;
case OPT_CHAIN:
cert_chain = 1;
break;
+#else
+ case OPT_DTLS:
+ case OPT_DTLS1:
+ case OPT_DTLS1_2:
+ case OPT_TIMEOUT:
+ case OPT_MTU:
+ case OPT_CHAIN:
+ break;
#endif
case OPT_ID_PREFIX:
session_id_prefix = opt_arg();
case OPT_RAND:
inrand = opt_arg();
break;
-#ifndef OPENSSL_NO_TLSEXT
case OPT_SERVERNAME:
tlsextcbp.servername = opt_arg();
break;
case OPT_KEY2:
s_key_file2 = opt_arg();
break;
-# ifndef OPENSSL_NO_NEXTPROTONEG
case OPT_NEXTPROTONEG:
+# ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_in = opt_arg();
+#endif
break;
-# endif
case OPT_ALPN:
alpn_in = opt_arg();
break;
-#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
case OPT_JPAKE:
jpake_secret = opt_arg();
goto end;
}
+ if (!app_load_modules(NULL))
+ goto end;
+
if (s_key_file == NULL)
s_key_file = s_cert_file;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_key_file2 == NULL)
s_key_file2 = s_cert_file2;
-#endif
if (!load_excert(&exc))
goto end;
if (!s_chain)
goto end;
}
-#ifndef OPENSSL_NO_TLSEXT
+
if (tlsextcbp.servername) {
s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e,
"second server certificate private key file");
goto end;
}
}
-#endif /* OPENSSL_NO_TLSEXT */
}
-#if !defined(OPENSSL_NO_TLSEXT)
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto_neg_in) {
unsigned short len;
next_proto.data = next_protos_parse(&len, next_proto_neg_in);
} else {
next_proto.data = NULL;
}
-# endif
+#endif
alpn_ctx.data = NULL;
if (alpn_in) {
unsigned short len;
goto end;
alpn_ctx.len = len;
}
-#endif
if (crl_file) {
X509_CRL *crl;
s_key_file = NULL;
s_dcert_file = NULL;
s_dkey_file = NULL;
-#ifndef OPENSSL_NO_TLSEXT
s_cert_file2 = NULL;
s_key_file2 = NULL;
-#endif
}
ctx = SSL_CTX_new(meth);
ERR_print_errors(bio_err);
goto end;
}
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_cert2) {
ctx2 = SSL_CTX_new(meth);
if (ctx2 == NULL) {
if (!config_ctx(cctx, ssl_args, ctx2, no_ecdhe, jpake_secret == NULL))
goto end;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
&next_proto);
-# endif
+#endif
if (alpn_ctx.data)
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
-#endif
#ifndef OPENSSL_NO_DH
if (!no_dhe) {
DH_free(dh);
goto end;
}
-# ifndef OPENSSL_NO_TLSEXT
+
if (ctx2) {
if (!dhfile) {
DH *dh2 = load_dh_param(s_cert_file2);
goto end;
}
}
-# endif
DH_free(dh);
}
#endif
if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
goto end;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_serverinfo_file != NULL
&& !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) {
ERR_print_errors(bio_err);
goto end;
}
-#endif
-#ifndef OPENSSL_NO_TLSEXT
+
if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
goto end;
-#endif
+
if (s_dcert != NULL) {
if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
goto end;
#ifndef OPENSSL_NO_RSA
if (!no_tmp_rsa) {
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
-# ifndef OPENSSL_NO_TLSEXT
if (ctx2)
SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
-# endif
}
#endif
if (no_resume_ephemeral) {
SSL_CTX_set_not_resumable_session_callback(ctx,
not_resumable_sess_cb);
-#ifndef OPENSSL_NO_TLSEXT
+
if (ctx2)
SSL_CTX_set_not_resumable_session_callback(ctx2,
not_resumable_sess_cb);
-#endif
}
#ifndef OPENSSL_NO_PSK
# ifdef OPENSSL_NO_JPAKE
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
-#ifndef OPENSSL_NO_TLSEXT
if (ctx2) {
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx2,
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
}
-#endif
#ifndef OPENSSL_NO_SRP
if (srp_verifier_file != NULL) {
#endif
if (CAfile != NULL) {
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
-#ifndef OPENSSL_NO_TLSEXT
+
if (ctx2)
SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
-#endif
}
BIO_printf(bio_s_out, "ACCEPT\n");
OPENSSL_free(dpass);
X509_VERIFY_PARAM_free(vpm);
free_sessions();
-#ifndef OPENSSL_NO_TLSEXT
OPENSSL_free(tlscstatp.host);
OPENSSL_free(tlscstatp.port);
OPENSSL_free(tlscstatp.path);
X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_free(serverinfo_in);
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
OPENSSL_free(next_proto.data);
-# endif
- OPENSSL_free(alpn_ctx.data);
#endif
+ OPENSSL_free(alpn_ctx.data);
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
SSL_CONF_CTX_free(cctx);
if (con == NULL) {
con = SSL_new(ctx);
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
}
-#endif
+
if (context
&& !SSL_set_session_id_context(con,
context, strlen((char *)context))) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
}
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
-#endif
width = s + 1;
for (;;) {
X509 *peer;
long verify_error;
char buf[BUFSIZ];
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
const unsigned char *next_proto_neg;
unsigned next_proto_neg_len;
#endif
{
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
&& SSL_state(con) == SSL3_ST_SR_CLNT_HELLO_C) {
- fprintf(stderr,
- "LOOKUP from certificate callback during accept\n");
+ BIO_printf(bio_err,
+ "LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
}
}
#endif
BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
if (next_proto_neg) {
BIO_printf(bio_s_out, "NEXTPROTO is ");
if ((con = SSL_new(ctx)) == NULL)
goto err;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
-#endif
+
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context)))
goto err;
#ifdef RENEG
total_bytes += i;
- fprintf(stderr, "%d\n", i);
+ BIO_printf(bio_err, "%d\n", i);
if (total_bytes > 3 * 1024) {
total_bytes = 0;
- fprintf(stderr, "RENEGOTIATE\n");
+ BIO_printf(bio_err, "RENEGOTIATE\n");
SSL_renegotiate(con);
}
#endif
if ((con = SSL_new(ctx)) == NULL)
goto err;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
-#endif
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
ERR_print_errors(bio_err);