static char *cipher = NULL;
static int verbose = 0;
static int debug = 0;
-#if 0
-/* Not used yet. */
-# ifdef FIONBIO
-static int s_nbio = 0;
-# endif
-#endif
-
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
clock_t *c_time);
int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
static int do_test_cipherlist(void);
+
static void sv_usage(void)
{
fprintf(stderr, "usage: ssltest [args ...]\n");
" -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr, " -no_dhe - disable DHE\n");
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
#endif
#ifndef OPENSSL_NO_PSK
fprintf(stderr, " -ssl3 - use SSLv3\n");
#endif
fprintf(stderr, " -tls1 - use TLSv1\n");
+#ifndef OPENSSL_NO_DTLS
+ fprintf(stderr, " -dtls1 - use DTLSv1\n");
+ fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
+#endif
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
fprintf(stderr, " -cert arg - Server certificate file\n");
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
fprintf(stderr, " -rle - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
fprintf(stderr,
" -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
" Use \"openssl ecparam -list_curves\" for all names\n"
int badop = 0;
int bio_pair = 0;
int force = 0;
- int tls1 = 0, ssl3 = 0, ret = 1;
+ int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl3 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
char *server_key = NULL;
char *client_cert = TEST_CLIENT_CERT;
char *client_key = NULL;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
char *named_curve = NULL;
#endif
SSL_CTX *s_ctx = NULL;
DH *dh;
int dhe1024 = 0, dhe1024dsa = 0;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL;
#endif
#ifndef OPENSSL_NO_SRP
}
#endif
else if (strcmp(*argv, "-tls1") == 0) {
- no_protocol = 1;
tls1 = 1;
} else if (strcmp(*argv, "-ssl3") == 0) {
#ifdef OPENSSL_NO_SSL3_METHOD
no_protocol = 1;
#endif
ssl3 = 1;
+ } else if (strcmp(*argv, "-dtls1") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls1 = 1;
+ } else if (strcmp(*argv, "-dtls12") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls12 = 1;
} else if (strncmp(*argv, "-num", 4) == 0) {
if (--argc < 1)
goto bad;
else if (strcmp(*argv, "-named_curve") == 0) {
if (--argc < 1)
goto bad;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
named_curve = *(++argv);
#else
fprintf(stderr,
goto end;
}
- if (ssl3 + tls1 > 1) {
- fprintf(stderr, "At most one of -ssl3, or -tls1 should "
+ if (ssl3 + tls1 + dtls1 + dtls12 > 1) {
+ fprintf(stderr, "At most one of -ssl3, -tls1, -dtls1 or -dtls12 should "
"be requested.\n");
EXIT(1);
}
goto end;
}
- if (!ssl3 && !tls1 && number > 1 && !reuse && !force) {
+ if (!ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -ssl3, -tls1, -reuse\n"
+ "or add one of -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
"to avoid protocol mismatch.\n");
EXIT(1);
}
if (ssl3)
meth = SSLv3_method();
else
+#endif
+#ifndef OPENSSL_NO_DTLS
+ if (dtls1)
+ meth = DTLSv1_method();
+ else if (dtls12)
+ meth = DTLSv1_2_method();
+ else
#endif
if (tls1)
meth = TLSv1_method();
SSL_CTX_set_security_level(s_ctx, 0);
if (cipher != NULL) {
- SSL_CTX_set_cipher_list(c_ctx, cipher);
- SSL_CTX_set_cipher_list(s_ctx, cipher);
+ if(!SSL_CTX_set_cipher_list(c_ctx, cipher)
+ || !SSL_CTX_set_cipher_list(s_ctx, cipher)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
/* Process SSL_CONF arguments */
(void)no_dhe;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (!no_ecdhe) {
int nid;
}
if (client_auth) {
- SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM);
- SSL_CTX_use_PrivateKey_file(c_ctx,
+ if(!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM)
+ || !SSL_CTX_use_PrivateKey_file(c_ctx,
(client_key ? client_key : client_cert),
- SSL_FILETYPE_PEM);
+ SSL_FILETYPE_PEM)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
{
int session_id_context = 0;
- SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
- sizeof session_id_context);
+ if(!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
+ sizeof session_id_context)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
/* Use PSK only if PSK key is given */
}
#endif
- if (serverinfo_sct)
- SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
+ if (serverinfo_sct) {
+ if(!SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
NULL, NULL, NULL,
- serverinfo_cli_parse_cb, NULL);
- if (serverinfo_tack)
- SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error adding SCT extension\n");
+ goto end;
+ }
+ }
+ if (serverinfo_tack) {
+ if(!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
NULL, NULL, NULL,
- serverinfo_cli_parse_cb, NULL);
-
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error adding TACK extension\n");
+ goto end;
+ }
+ }
if (serverinfo_file)
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
BIO_printf(bio_err, "missing serverinfo file\n");
}
if (custom_ext) {
- SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
+ if(!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
custom_ext_0_cli_add_cb,
NULL, NULL,
- custom_ext_0_cli_parse_cb, NULL);
- SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_0_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_cli_add_cb,
NULL, NULL,
- custom_ext_1_cli_parse_cb, NULL);
- SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_1_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_cli_add_cb,
NULL, NULL,
- custom_ext_2_cli_parse_cb, NULL);
- SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_2_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
custom_ext_3_cli_add_cb,
NULL, NULL,
- custom_ext_3_cli_parse_cb, NULL);
-
- SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_3_cli_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
custom_ext_0_srv_add_cb,
NULL, NULL,
- custom_ext_0_srv_parse_cb, NULL);
- SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_0_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_srv_add_cb,
NULL, NULL,
- custom_ext_1_srv_parse_cb, NULL);
- SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_1_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_srv_add_cb,
NULL, NULL,
- custom_ext_2_srv_parse_cb, NULL);
- SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_2_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
custom_ext_3_srv_add_cb,
NULL, NULL,
- custom_ext_3_srv_parse_cb, NULL);
+ custom_ext_3_srv_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error setting custom extensions\n");
+ goto end;
+ }
}
if (alpn_server)
BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
goto end;
}
- SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
+ BIO_printf(bio_err, "Error setting ALPN\n");
+ OPENSSL_free(alpn);
+ goto end;
+ }
OPENSSL_free(alpn);
}
#endif /* OPENSSL_NO_KRB5 */
for (i = 0; i < number; i++) {
- if (!reuse)
- SSL_set_session(c_ssl, NULL);
+ if (!reuse) {
+ if(!SSL_set_session(c_ssl, NULL)) {
+ BIO_printf(bio_err, "Failed to set session\n");
+ goto end;
+ }
+ }
if (bio_pair)
ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
else
ret = doit(s_ssl, c_ssl, bytes);
+ if (ret) break;
}
if (!verbose) {
print_details(c_ssl, "");
}
- if ((number > 1) || (bytes > 1L))
- BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number,
+ if ((i > 1) || (bytes > 1L))
+ BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", i,
bytes);
if (print_time) {
#ifdef CLOCKS_PER_SEC
if (!do_client && !do_server) {
fprintf(stdout, "ERROR IN STARTUP\n");
ERR_print_errors(bio_err);
- break;
+ goto err;
}
if (do_client && !(done & C_DONE)) {
if (c_write) {
if (ok == 1) {
X509 *xs = ctx->current_cert;
-#if 0
- X509 *xi = ctx->current_issuer;
-#endif
-
if (xs->ex_flags & EXFLAG_PROXY) {
unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
get_proxy_auth_ex_data_idx