return 0;
}
-/* Four test cases for custom extensions:
+/*-
+ * Four test cases for custom extensions:
* 0 - no ClientHello extension or ServerHello response
* 1 - ClientHello with "abc", no response
* 2 - ClientHello with "abc", empty response
fprintf(stderr," -srpuser user - SRP username to use\n");
fprintf(stderr," -srppass arg - password for 'user'\n");
#endif
-#ifndef OPENSSL_NO_SSL2
- fprintf(stderr," -ssl2 - use SSLv2\n");
-#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
fprintf(stderr," -ssl3 - use SSLv3\n");
#endif
#ifndef OPENSSL_NO_TLS1
fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
}
+static void print_key_details(BIO *out, EVP_PKEY *key)
+ {
+ int keyid = EVP_PKEY_id(key);
+#ifndef OPENSSL_NO_EC
+ if (keyid == EVP_PKEY_EC)
+ {
+ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+ int nid;
+ const char *cname;
+ nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ EC_KEY_free(ec);
+ cname = EC_curve_nid2nist(nid);
+ if (!cname)
+ cname = OBJ_nid2sn(nid);
+ BIO_printf(out, "%d bits EC (%s)",
+ EVP_PKEY_bits(key), cname);
+ }
+ else
+#endif
+ {
+ const char *algname;
+ switch (keyid)
+ {
+ case EVP_PKEY_RSA:
+ algname = "RSA";
+ break;
+ case EVP_PKEY_DSA:
+ algname = "DSA";
+ break;
+ case EVP_PKEY_DH:
+ algname = "DH";
+ break;
+ default:
+ algname = OBJ_nid2sn(keyid);
+ break;
+ }
+ BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
+ }
+ }
+
static void print_details(SSL *c_ssl, const char *prefix)
{
const SSL_CIPHER *ciph;
+ int mdnid;
X509 *cert;
+ EVP_PKEY *pkey;
ciph=SSL_get_current_cipher(c_ssl);
BIO_printf(bio_stdout,"%s%s, cipher %s %s",
cert=SSL_get_peer_certificate(c_ssl);
if (cert != NULL)
{
- EVP_PKEY *pkey = X509_get_pubkey(cert);
+ pkey = X509_get_pubkey(cert);
if (pkey != NULL)
{
- if (0)
- ;
-#ifndef OPENSSL_NO_RSA
- else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
- && pkey->pkey.rsa->n != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit RSA",
- BN_num_bits(pkey->pkey.rsa->n));
- }
-#endif
-#ifndef OPENSSL_NO_DSA
- else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
- && pkey->pkey.dsa->p != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit DSA",
- BN_num_bits(pkey->pkey.dsa->p));
- }
-#endif
+ BIO_puts(bio_stdout, ", ");
+ print_key_details(bio_stdout, pkey);
EVP_PKEY_free(pkey);
}
X509_free(cert);
}
- /* The SSL API does not allow us to look at temporary RSA/DH keys,
- * otherwise we should print their lengths too */
+ if (SSL_get_server_tmp_key(c_ssl, &pkey))
+ {
+ BIO_puts(bio_stdout, ", temp key: ");
+ print_key_details(bio_stdout, pkey);
+ EVP_PKEY_free(pkey);
+ }
+ if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
+ BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
BIO_printf(bio_stdout,"\n");
}
int badop=0;
int bio_pair=0;
int force=0;
- int tls1=0,ssl2=0,ssl3=0,ret=1;
+ int tls1=0,ssl3=0,ret=1;
int client_auth=0;
int server_auth=0,i;
struct app_verify_arg app_verify_arg =
tls1=1;
}
#endif
- else if (strcmp(*argv,"-ssl2") == 0)
- {
-#ifdef OPENSSL_NO_SSL2
- no_protocol = 1;
-#endif
- ssl2 = 1;
- }
else if (strcmp(*argv,"-tls1") == 0)
{
#ifdef OPENSSL_NO_TLS1
}
else if (strcmp(*argv,"-ssl3") == 0)
{
-#ifdef OPENSSL_NO_SSL3
+#ifdef OPENSSL_NO_SSL3_METHOD
no_protocol = 1;
#endif
ssl3 = 1;
goto end;
}
- if (ssl2 + ssl3 + tls1 > 1)
+ if (ssl3 + tls1 > 1)
{
- fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should "
+ fprintf(stderr, "At most one of -ssl3, or -tls1 should "
"be requested.\n");
EXIT(1);
}
/*
- * Testing was requested for a compiled-out protocol (e.g. SSLv2).
+ * Testing was requested for a compiled-out protocol (e.g. SSLv3).
* Ideally, we would error out, but the generic test wrapper can't know
* when to expect failure. So we do nothing and return success.
*/
goto end;
}
- if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
+ if (!ssl3 && !tls1 && number > 1 && !reuse && !force)
{
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+ "or add one of -ssl3, -tls1, -reuse\n"
"to avoid protocol mismatch.\n");
EXIT(1);
}
}
#endif
-/* At this point, ssl2/ssl3/tls1 is only set if the protocol is available.
+/* At this point, ssl3/tls1 is only set if the protocol is available.
* (Otherwise we exit early.)
* However the compiler doesn't know this, so we ifdef. */
-#ifndef OPENSSL_NO_SSL2
- if (ssl2)
- meth=SSLv2_method();
- else
-#endif
#ifndef OPENSSL_NO_SSL3
if (ssl3)
meth=SSLv3_method();
(double)s_time/CLOCKS_PER_SEC,
(double)c_time/CLOCKS_PER_SEC);
#else
- /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
- * -- cc on NeXTstep/OpenStep */
BIO_printf(bio_stdout,
"Approximate total server time: %6.2f units\n"
"Approximate total client time: %6.2f units\n",
do
{
- /* c_ssl_bio: SSL filter BIO
+ /*-
+ * c_ssl_bio: SSL filter BIO
*
* client: pseudo-I/O for SSL library
*
if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
{
fprintf(stderr, "ERROR: got stuck\n");
- if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
- {
- fprintf(stderr, "This can happen for SSL2 because "
- "CLIENT-FINISHED and SERVER-VERIFY are written \n"
- "concurrently ...");
- if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
- && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
- {
- fprintf(stderr, " ok.\n");
- goto end;
- }
- }
fprintf(stderr, " ERROR.\n");
goto err;
}
vfprintf(stderr, my_format, args);
va_end(args);
}
-/* Priority levels:
- 0 [!]var, ()
- 1 & ^
- 2 |
-*/
+/*-
+ * Priority levels:
+ * 0 [!]var, ()
+ * 1 & ^
+ * 2 |
+ */
static int process_proxy_cond_adders(unsigned int letters[26],
const char *cond, const char **cond_end, int *pos, int indent);
static int process_proxy_cond_val(unsigned int letters[26],
#endif
#ifndef OPENSSL_NO_DH
-/* These DH parameters have been generated as follows:
+/*-
+ * These DH parameters have been generated as follows:
* $ openssl dhparam -C -noout 512
* $ openssl dhparam -C -noout 1024
* $ openssl dhparam -C -noout -dsaparam 1024
const SSL_METHOD *meth;
const SSL_CIPHER *ci, *tci = NULL;
-#ifndef OPENSSL_NO_SSL2
- fprintf(stderr, "testing SSLv2 cipher list order: ");
- meth = SSLv2_method();
- while ((ci = meth->get_cipher(i++)) != NULL)
- {
- if (tci != NULL)
- if (ci->id >= tci->id)
- {
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
- fprintf(stderr, "ok\n");
-#endif
#ifndef OPENSSL_NO_SSL3
fprintf(stderr, "testing SSLv3 cipher list order: ");
meth = SSLv3_method();