#include <openssl/err.h>
#include <openssl/rand.h>
#ifdef WINDOWS
+#include <winsock.h>
#include "../crypto/bio/bss_file.c"
#endif
# define TEST_CLIENT_CERT "../apps/client.pem"
#endif
+/* There is really no standard for this, so let's assign some tentative
+ numbers. In any case, these numbers are only for this test */
+#define COMP_RLE 1
+#define COMP_ZLIB 2
+
static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#ifndef NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
+static void free_tmp_rsa(void);
#endif
#ifndef NO_DH
static DH *get_dh512(void);
fprintf(stderr," -bio_pair - Use BIO pairs\n");
fprintf(stderr," -f - Test even cases that can't work\n");
fprintf(stderr," -time - measure processor time used by client and server\n");
+ fprintf(stderr," -zlib - use zlib compression\n");
+ fprintf(stderr," -time - use rle compression\n");
}
static void print_details(SSL *c_ssl, const char *prefix)
int no_dhe = 0;
int print_time = 0;
clock_t s_time = 0, c_time = 0;
+ int comp = 0;
+ COMP_METHOD *cm = NULL;
verbose = 0;
debug = 0;
{
print_time = 1;
}
+ else if (strcmp(*argv,"-zlib") == 0)
+ {
+ comp = COMP_ZLIB;
+ }
+ else if (strcmp(*argv,"-rle") == 0)
+ {
+ comp = COMP_RLE;
+ }
else
{
fprintf(stderr,"unknown option %s\n",*argv);
SSL_library_init();
SSL_load_error_strings();
+ if (comp == COMP_ZLIB) cm = COMP_zlib();
+ if (comp == COMP_RLE) cm = COMP_rle();
+ if (cm != NULL)
+ {
+ if (cm->type != NID_undef)
+ SSL_COMP_add_compression_method(comp, cm);
+ else
+ {
+ fprintf(stderr,
+ "Warning: %s compression not supported\n",
+ (comp == COMP_RLE ? "rle" :
+ (comp == COMP_ZLIB ? "zlib" :
+ "unknown")));
+ ERR_print_errors_fp(stderr);
+ }
+ }
+
#if !defined(NO_SSL2) && !defined(NO_SSL3)
if (ssl2)
meth=SSLv2_method();
c_ssl=SSL_new(c_ctx);
s_ssl=SSL_new(s_ctx);
+#ifndef NO_KRB5
+ if (c_ssl && c_ssl->kssl_ctx)
+ {
+ char localhost[257];
+
+ if (gethostname(localhost, 256) == 0)
+ {
+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
+ localhost);
+ }
+ }
+#endif /* NO_KRB5 */
+
for (i=0; i<number; i++)
{
if (!reuse) SSL_set_session(c_ssl,NULL);
if (bio_stdout != NULL) BIO_free(bio_stdout);
+#ifndef NO_RSA
+ free_tmp_rsa();
+#endif
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
ret=0;
err:
/* We have to set the BIO's to NULL otherwise they will be
- * Free()ed twice. Once when th s_ssl is SSL_free()ed and
+ * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
* again when c_ssl is SSL_free()ed.
* This is a hack required because s_ssl and c_ssl are sharing the same
* BIO structure and SSL_set_bio() and SSL_free() automatically
}
#ifndef NO_RSA
+static RSA *rsa_tmp=NULL;
+
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
{
- static RSA *rsa_tmp=NULL;
-
if (rsa_tmp == NULL)
{
BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
}
return(rsa_tmp);
}
+
+static void free_tmp_rsa(void)
+ {
+ if (rsa_tmp != NULL)
+ {
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ }
#endif
#ifndef NO_DH
* $ openssl dhparam -C -noout -dsaparam 1024
* (The third function has been renamed to avoid name conflicts.)
*/
-DH *get_dh512()
+static DH *get_dh512()
{
static unsigned char dh512_p[]={
0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
return(dh);
}
-DH *get_dh1024()
+static DH *get_dh1024()
{
static unsigned char dh1024_p[]={
0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
return(dh);
}
-DH *get_dh1024dsa()
+static DH *get_dh1024dsa()
{
static unsigned char dh1024_p[]={
0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,